public ActionResult Edit(UserModel model, bool continueEditing, FormCollection form) { if (!_permissionService.Authorize(StandardPermissionProvider.ManageUsers)) return AccessDeniedView(); var user = _userService.GetUserById(model.Id); if (user == null || user.Deleted) //No customer found with the specified id return RedirectToAction("List"); //validate customer roles var allUserRoles = _userService.GetAllUserRoles(true); var newUserRoles = new List<UserRole>(); foreach (var userRole in allUserRoles) if (model.SelectedUserRoleIds != null && model.SelectedUserRoleIds.Contains(userRole.Id)) newUserRoles.Add(userRole); var userRolesError = ValidateUserRoles(newUserRoles); if (!String.IsNullOrEmpty(userRolesError)) { ModelState.AddModelError("", userRolesError); ErrorNotification(userRolesError, false); } if (ModelState.IsValid) { try { user.AdminComment = model.AdminComment; user.Active = model.Active; //email if (!String.IsNullOrWhiteSpace(model.Email)) { _userRegistrationService.SetEmail(user, model.Email); } else { user.Email = model.Email; } //username if (!String.IsNullOrWhiteSpace(model.Username)) { _userRegistrationService.SetUsername(user, model.Username); } else { user.Username = model.Username; } //customer roles foreach (var userRole in allUserRoles) { //ensure that the current customer cannot add/remove to/from "Administrators" system role //if he's not an admin himself if (userRole.SystemName == SystemUserRoleNames.Administrators && !_workContext.CurrentUser.IsAdmin()) continue; if (model.SelectedUserRoleIds != null && model.SelectedUserRoleIds.Contains(userRole.Id)) { //new role if (user.UserRoles.Count(cr => cr.Id == userRole.Id) == 0) user.UserRoles.Add(userRole); } else { //remove role if (user.UserRoles.Count(cr => cr.Id == userRole.Id) > 0) user.UserRoles.Remove(userRole); } } _userService.UpdateUser(user); //password if (!String.IsNullOrWhiteSpace(model.Password)) { var changePassRequest = new ChangePasswordRequest(model.Username, false, PasswordFormat.Hashed, model.Password); var changePassResult = _userRegistrationService.ChangePassword(changePassRequest); if (!changePassResult.Success) { foreach (var changePassError in changePassResult.Errors) ErrorNotification(changePassError); } } //activity log //_customerActivityService.InsertActivity("EditCustomer", _localizationService.GetResource("ActivityLog.EditCustomer"), user.Id); SuccessNotification(_localizationService.GetResource("Admin.Customers.Customers.Updated")); if (continueEditing) { return RedirectToAction("Edit", new { id = user.Id }); } return RedirectToAction("List"); } catch (Exception exc) { ErrorNotification(exc.Message, false); } } //If we got this far, something failed, redisplay form PrepareUserModel(model, user, true); return View(model); }
/// <summary> /// Change password /// </summary> /// <param name="request">Request</param> /// <returns>Result</returns> public virtual ChangePasswordResult ChangePassword(ChangePasswordRequest request) { if (request == null) throw new ArgumentNullException("request"); var result = new ChangePasswordResult(); if (String.IsNullOrWhiteSpace(request.Username)) { result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.EmailIsNotProvided")); return result; } if (String.IsNullOrWhiteSpace(request.NewPassword)) { result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.PasswordIsNotProvided")); return result; } var user = _userService.GetUserByUsername(request.Username); if (user == null) { result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.UsernameNotFound")); return result; } var requestIsValid = false; if (request.ValidateRequest) { //password string oldPwd = ""; switch (user.PasswordFormat) { case PasswordFormat.Encrypted: oldPwd = _encryptionService.EncryptText(request.OldPassword); break; case PasswordFormat.Hashed: oldPwd = _encryptionService.CreatePasswordHash(request.OldPassword, user.PasswordSalt); break; default: oldPwd = request.OldPassword; break; } bool oldPasswordIsValid = oldPwd == user.Password; if (!oldPasswordIsValid) result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.OldPasswordDoesntMatch")); if (oldPasswordIsValid) requestIsValid = true; } else requestIsValid = true; //at this point request is valid if (requestIsValid) { switch (request.NewPasswordFormat) { case PasswordFormat.Clear: { user.Password = request.NewPassword; } break; case PasswordFormat.Encrypted: { user.Password = _encryptionService.EncryptText(request.NewPassword); } break; case PasswordFormat.Hashed: { string saltKey = _encryptionService.CreateSaltKey(5); user.PasswordSalt = saltKey; user.Password = _encryptionService.CreatePasswordHash(request.NewPassword, saltKey); } break; default: break; } user.PasswordFormat = request.NewPasswordFormat; _userService.UpdateUser(user); var userContext = new UserContext { User = user, Cancel = false }; foreach (var userEventHandler in _userEventHandlers) { userEventHandler.ChangePassword(userContext); } } return result; }
public ActionResult Create(UserModel model, bool continueEditing, FormCollection form) { if (!_permissionService.Authorize(StandardPermissionProvider.ManageUsers)) return AccessDeniedView(); if (!String.IsNullOrWhiteSpace(model.Username)) { var cust2 = _userService.GetUserByUsername(model.Username); if (cust2 != null) ModelState.AddModelError("", "Username is already registered"); } //validate customer roles var allUserRoles = _userService.GetAllUserRoles(true); var newUserRoles = new List<UserRole>(); foreach (var customerRole in allUserRoles) if (model.SelectedUserRoleIds != null && model.SelectedUserRoleIds.Contains(customerRole.Id)) newUserRoles.Add(customerRole); var userRolesError = ValidateUserRoles(newUserRoles); if (!String.IsNullOrEmpty(userRolesError)) { ModelState.AddModelError("", userRolesError); ErrorNotification(userRolesError, false); } if (ModelState.IsValid) { var user = new User { UserGuid = Guid.NewGuid(), Email = model.Email, Username = model.Username, AdminComment = model.AdminComment, Active = model.Active, Deleted = model.Deleted, DepartmentId = model.DepartmentId, CreatedOnUtc = DateTime.UtcNow, LastActivityDateUtc = DateTime.UtcNow, }; _userService.InsertUser(user); //password if (!String.IsNullOrWhiteSpace(model.Password)) { var changePassRequest = new ChangePasswordRequest(model.Username, false, PasswordFormat.Hashed, model.Password); var changePassResult = _userRegistrationService.ChangePassword(changePassRequest); if (!changePassResult.Success) { foreach (var changePassError in changePassResult.Errors) ErrorNotification(changePassError); } } //customer roles foreach (var userRole in newUserRoles) { //ensure that the current customer cannot add to "Administrators" system role if he's not an admin himself if (userRole.SystemName == SystemUserRoleNames.Administrators && !_workContext.CurrentUser.IsAdmin()) continue; user.UserRoles.Add(userRole); } _userService.UpdateUser(user); //activity log // _customerActivityService.InsertActivity("AddNewCustomer", _localizationService.GetResource("ActivityLog.AddNewCustomer"), user.Id); SuccessNotification(_localizationService.GetResource("Admin.Customers.Customers.Added")); return continueEditing ? RedirectToAction("Edit", new { id = user.Id }) : RedirectToAction("List"); } //If we got this far, something failed, redisplay form PrepareUserModel(model, null, true); return View(model); }