public IActionResult ChangePassword(UserRegistrationModel existingUser)
{
//hash and store the password
existingUser.HashedPassword = _passwordHelper.Hash(existingUser.Password);
existingUser.RefreshMetadata(existingUser.UserName);
//validate input model
ModelState.Clear();
TryValidateModel(existingUser);
if (!ModelState.IsValid)
{
//if invalid, return validation errors
ModelState.AddModelError("", "Invalid input detected");
existingUser.Password = "";
existingUser.HashedPassword = "";
return(View("ManageAccount", existingUser));
}
// Look for the user
var user = _dbContext.Users.SingleOrDefault(x => x.UserName == HttpContext.User.Identity.Name);
//sanity checks
if (existingUser.UserName != user.UserName)
{
//if invalid, return validation errors
ModelState.AddModelError("UserName", "You can't change another user's password!");
existingUser.Password = "";
existingUser.HashedPassword = "";
existingUser.UserName = user.UserName;
return(View("ManageAccount", existingUser));
}
//update metadata and password on DB copy of data (so we dont risk a request being allowed to update random unrelated fields!)
user.RefreshMetadata(existingUser.UserName);
user.HashedPassword = existingUser.HashedPassword;//already computed, so no need to do so again
//persist to database
_dbContext.Users.Update(user);
_dbContext.SaveChanges();
//refresh the page
existingUser.Password = "";
existingUser.HashedPassword = "";
existingUser.StatusMessage = "Password successfully changed!";
return(View("ManageAccount", existingUser));
}
public async Task <IActionResult> RegisterNewUserAsync(UserRegistrationModel newUser)
{
var adminNewUserSetupMode = ViewBag.IsAdmin ?? false;
//update metadata
newUser.RefreshMetadata(newUser.UserName);
//hash and store the password
newUser.HashedPassword = _passwordHelper.Hash(newUser.Password);
//mark the user as active by default
newUser.IsActive = true;
//validate input model
ModelState.Clear();
TryValidateModel(newUser);
if (!ModelState.IsValid)
{
//if invalid, return validation errors
ModelState.AddModelError("", "Invalid input detected");
newUser.Password = "";
newUser.HashedPassword = "";
return(View("Register", newUser));
}
//if another user with the same user name exists, add a validation message and return the validation message to the page
if (_dbContext.Users.Any(x => x.UserName == newUser.UserName))
{
ModelState.AddModelError("UserName", "User Name already exists - please pick a different user name.");
newUser.Password = "";
newUser.HashedPassword = "";
return(View("Register", newUser));
}
//if this is the only user in the system, make them an admin
if (_dbContext.Users.Where(x => x.IsActive).Count() == 0)
{
newUser.IsAdmin = true;
}
else
{
newUser.IsAdmin = false;
}
//persist to database
_dbContext.Users.Add(newUser);
_dbContext.SaveChanges();
if (adminNewUserSetupMode)
{
//redirect back to user management screen
return(RedirectToAction("ManageUsers", "Admin"));
}
else
{
//log in the user
await LoginUserAsync(newUser.UserName, newUser.RememberMe);
//redirect to the home page
return(RedirectToAction("Index", "Inventory"));
}
}