public async Task <IActionResult> GetCurrentUserId()
{
if (!_userManager.Users.Any())
{
return(Ok(ApiModel.AsError <string>("setup", "no users in DB")));
}
var username = HttpContext.User.Identity.Name;
if (string.IsNullOrEmpty(username))
{
return(Ok(ApiModel.AsError <AccountDto>(null, "no user claims in request, did you forget to set the auth header ?")));
}
var user = await _userManager.FindByNameAsync(username);
if (user == null)
{
return(Ok(ApiModel.AsError <AccountDto>(null, $"impossible to find a user with the username '{username}'")));
}
var resultDto = _mapper.Map <AccountDto>(user);
resultDto.IsAuthenticated = true;
return(Ok(ApiModel.AsSuccess(resultDto)));
}
public async Task <IActionResult> Register([FromBody] RegisterViewModel model, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
var user = new ApplicationUser {
UserName = model.Email, Email = model.Email
};
var result = await _userManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
// For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=532713
// Send an email with this link
//var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
//var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme);
//await _emailSender.SendEmailAsync(model.Email, "Confirm your account",
// $"Please confirm your account by clicking this link: <a href='{callbackUrl}'>link</a>");
await _signInManager.SignInAsync(user, isPersistent : true);
_logger.LogInformation(3, "User created a new account with password.");
return(Ok(ApiModel.AsSuccess())); // RedirectToLocal(returnUrl);
}
AddErrors(result);
}
// If we got this far, something failed, redisplay form
return(BadRequest(ApiModel.AsError("Error"))); // TODO: map modelerrors
}
public async Task <IActionResult> Login([FromBody] LoginInputModel model)
{
// Hack to work around rc1 bug
await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
if (ModelState.IsValid)
{
var result = await this.signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberLogin, lockoutOnFailure : true);
if (result.Succeeded)
{
this.logger.LogInformation(1, "User logged in.");
return(Ok(new LoginResponseModel {
Result = ApiResult.AsSuccess()
}));
}
else
{
this.logger.LogWarning(2, "User login failed.");
var response = new LoginResponseModel
{
IsLockedOut = result.IsLockedOut,
IsNotAllowed = result.IsNotAllowed,
RequiresTwoFactor = result.RequiresTwoFactor,
Result = ApiResult.AsError("Login Failed")
};
return(BadRequest(response));
}
}
else
{
return(BadRequest(ApiModel.AsError("model validation failed (TODO add the errors)")));
}
}
public async Task <IActionResult> Login([FromBody] LoginInputModel model)
{
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberLogin, lockoutOnFailure : true);
if (result.Succeeded)
{
logger.LogInformation(1, "User logged in.");
// because we are logging in through an api, we need to generate and send back a new XsrfToken
return(Ok(new LoginResponseModel()));
}
else
{
logger.LogWarning(2, "User login failed.");
var response = new LoginResponseModel
{
IsLockedOut = result.IsLockedOut,
IsNotAllowed = result.IsNotAllowed,
RequiresTwoFactor = result.RequiresTwoFactor,
Result = ApiResult.AsError("Login Failed")
};
return(BadRequest(response));
}
}
else
{
return(BadRequest(ApiModel.AsError("model validation failed (TODO add the errors)")));
}
}
public async Task <IActionResult> Login([FromBody] LoginModel model)
{
// Hack to work around rc1 bug
await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
if (!ModelState.IsValid)
{
return(BadRequest(this.ModelState.AsApiModel(model)));
}
var result = await this.signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberLogin, lockoutOnFailure : true);
if (result.Succeeded)
{
this.logger.LogInformation(1, "User logged in.");
return(Ok(ApiModel.AsSuccess(model)));
}
else
{
this.logger.LogWarning(2, "User login failed.");
model.IsLockedOut = result.IsLockedOut;
model.IsNotAllowed = result.IsNotAllowed;
model.RequiresTwoFactor = result.RequiresTwoFactor;
return(this.BadRequest(ApiModel.AsError(model, "Login failed")));
}
}
// [ValidateAntiForgeryToken]
public async Task <IActionResult> PatchAsync([FromBody] JsonPatchDocument <UserDto> patch, CancellationToken cancellationToken = default(CancellationToken))
{
var patched = _mapper.Map <JsonPatchDocument <User> >(patch);
var username = HttpContext.User.Identity.Name;
if (string.IsNullOrEmpty(username))
{
return(Ok(ApiModel.AsError <AccountDto>(null, "no user claims in request, did you forget to set the auth header ?")));
}
var user = await _userManager.FindByNameAsync(username);
if (user == null)
{
return(Ok(ApiModel.AsError <AccountDto>(null, $"impossible to find a user with the username '{username}'")));
}
patched.ApplyTo(user);
await _userManager.UpdateAsync(user);
var dto = _mapper.Map <UserDto>(user);
return(Ok(ApiModel.AsSuccess(dto)));
}
public async Task <IActionResult> ChargeAsync([FromServices] PayPalPaymentProvider provider, [FromBody] PayPalChargeBindings bindings, CancellationToken cancellationToken = default(CancellationToken))
{
try
{
var order = await provider.ChargeAsync(bindings, cancellationToken);
return(Ok(ApiModel.AsSuccess(order.Payments)));
}
catch (AppException AppException)
{
return(Ok(ApiModel.AsError(AppException)));
}
}
public ActionResult XsrfRefresh()
{
var tokens = this.antiForgery.GetAndStoreTokens(this.HttpContext);
if (string.IsNullOrWhiteSpace(tokens.RequestToken))
{
return(BadRequest(ApiModel.AsError(new XsrfModel {
XsrfToken = null
}, "Error getting XSRF token")));
}
return(Ok(ApiModel.AsSuccess(new XsrfModel {
XsrfToken = tokens.RequestToken
})));
}
public async Task <ActionResult> Action([FromBody] dynamic actionData)
{
var action = ActionHelper.ConstructTypedAction(actionData);
if (action != null)
{
// We can send the action directly, or send it via a stream
var grain = this.grainClient.GetGrain <ICounterGrain>(this.sessionId);
await grain.Process(action);
return(this.Ok());
}
return(this.BadRequest(ApiModel.AsError("invalid action")));
}
// [ValidateAntiForgeryToken]
public virtual async Task <IActionResult> PatchAsync(string id, [FromBody] JsonPatchDocument <TModelDto> patch, CancellationToken cancellationToken = default(CancellationToken))
{
var patched = _mapper.Map <JsonPatchDocument <TModel> >(patch);
var result = await service.GetByIdAsync(id, cancellationToken);
if (result == null)
{
return(Ok(ApiModel.AsError(id, $"impossible to find ${typeof(TModel).Name} width id: ${id}")));
}
patched.ApplyTo(result);
await service.UpdateAsync(result, cancellationToken);
var dto = _mapper.Map <TModelDto>(result);
return(Ok(ApiModel.AsSuccess(dto)));
}
// [ValidateAntiForgeryToken]
public async Task <IActionResult> BalanceAsync([FromRoute] string id, CancellationToken cancellationToken = default(CancellationToken))
{
var username = HttpContext.User.Identity.Name;
if (string.IsNullOrEmpty(username))
{
return(Ok(ApiModel.AsError <AccountDto>(null, "no user claims in request, did you forget to set the auth header ?")));
}
var user = await userManager.FindByNameAsync(username);
if (user == null)
{
return(Ok(ApiModel.AsError <AccountDto>(null, $"impossible to find a user with the username '{username}'")));
}
var filter = Filter.And(Filter.Eq("Archived", false), Filter.Eq("ShopId", id));
var results = await service.FindAsync(filter, cancellationToken : cancellationToken);
foreach (var group in results.GroupBy(m => m.Currency))
{
var amount = -group.Sum(m => m.Amount);
if (amount == 0)
{
continue;
}
var result = await service.NewAsync(cancellationToken);
result.UserId = user.Id;
result.User = user.Preview();
result.Currency = group.Key;
result.ShopId = id;
result.Amount = -group.Sum(m => m.Amount);
result.Archived = true;
await service.CreateAsync(result, cancellationToken);
foreach (var m in group)
{
m.Archived = true;
await service.UpdateAsync(m, cancellationToken);
}
}
return(Ok(ApiModel.AsSuccess(new { archived = results.Count() })));
}
public async Task <IActionResult> SetupAsync([FromServices] User user, [FromBody] SetupBindings bindings, CancellationToken cancellationToken = default(CancellationToken))
{
if (_userManager.Users.Any())
{
return(Ok(ApiModel.AsError <string>("setup", "setup only available when no users in DB")));
}
user.UserName = bindings.UserName;
user.Roles = new string[] { RoleStore.ADMIN };
if (bindings.Patch != null)
{
var patched = _mapper.Map <JsonPatchDocument <User> >(bindings.Patch);
patched.ApplyTo(user);
}
var result = await _userManager.CreateAsync(user, bindings.Password);
// TODO: do we have to log ?
return(Ok(ApiModel.FromIdentityResult <UserDto>(result.Succeeded ? _mapper.Map <UserDto>(user) : null, result)));
}
// [ValidateAntiForgeryToken]
public override async Task <IActionResult> PostAsync([FromBody] MovementDto modelDto, CancellationToken cancellationToken = default(CancellationToken))
{
var username = HttpContext.User.Identity.Name;
if (string.IsNullOrEmpty(username))
{
return(Ok(ApiModel.AsError <AccountDto>(null, "no user claims in request, did you forget to set the auth header ?")));
}
var user = await userManager.FindByNameAsync(username);
if (user == null)
{
return(Ok(ApiModel.AsError <AccountDto>(null, $"impossible to find a user with the username '{username}'")));
}
modelDto.UserId = user.Id;
modelDto.User = user.Preview();
return(await base.PostAsync(modelDto, cancellationToken));
}
// [ValidateAntiForgeryToken]
public async Task <IActionResult> AuthenticateAsync([FromBody] AuthenticateBindings userDto, string returnUrl = null)
{
var username = _userManager.NormalizeKey(userDto.UserName);
var result = await _signInManager.PasswordSignInAsync(username,
userDto.Password, userDto.RememberMe, lockoutOnFailure : false);
if (result.Succeeded)
{
var user = await _userManager.FindByNameAsync(username);
if (user == null)
{
throw new AppException($"impossible to find the user {userDto.UserName} after successfull login using this username");
}
_logger.LogInformation("User logged in.");
var resultDto = _mapper.Map <AccountDto>(user);
resultDto.Token = await _GenerateTokenAsync(user);
resultDto.IsAuthenticated = true;
return(Ok(ApiModel.AsSuccess(resultDto)));
}
if (result.RequiresTwoFactor)
{
return(RedirectToAction(nameof(LoginWith2fa), new { returnUrl, userDto.RememberMe }));
}
if (result.IsLockedOut)
{
_logger.LogWarning("User account locked out.");
return(Ok(ApiModel.AsError(userDto, "User account locked out.")));
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return(Ok(ApiModel.AsError(userDto, "Invalid login attempt.")));
}
}
// [AllowAnonymous]
// [ValidateAntiForgeryToken]
public async Task <IActionResult> ResetPassword([FromBody] ResetPasswordBindings bindings)
{
var id = bindings.Id;
var resetFormURL = bindings.resetFormURL ?? "";
// TODO: validate model here or with a filter ?
// TODO: do we really need the email confirmation ?
var user = await _userManager.FindByIdAsync(id);
if (user == null) // || !(await _userManager.IsEmailConfirmedAsync(user))
{
_logger.LogWarning("Invalid forgot password attempt.");
// Don't reveal that the user does not exist or is not confirmed
return(Ok(ApiModel.AsError <string>(null, "user does not exist")));
}
// For more information on how to enable account confirmation and password reset please
// visit https://go.microsoft.com/fwlink/?LinkID=532713
var code = await _userManager.GeneratePasswordResetTokenAsync(user);
var values = new { id = user.Id, code = code };
var callbackUrl = Url.Action(
action: nameof(AccountController.ResetPassword),
controller: nameof(AccountController).ToLowerInvariant().Replace("controller", ""),
values: values,
protocol: Request.Scheme,
host: Request.Host.Value);
var encodedCallback = WebUtility.UrlEncode(callbackUrl);
var link = $"{resetFormURL}?action={encodedCallback}";
var result = new ResetPasswordResult {
Id = id, Code = code, Link = link, Username = user.UserName
};
result.sent = bindings.email && await _emailSender.SendEmailAsync(user.Email, "Reset Password",
$"Please reset your password by clicking here: <a href='{link}'>link</a>");
return(Ok(ApiModel.AsSuccess <ResetPasswordResult>(result)));
}
// [ValidateAntiForgeryToken]
public async Task <IActionResult> ForgotPassword([FromBody] ForgotPasswordBindings bindings, [FromQuery] string resetFormURL = "")
{
// TODO: validate model here or with a filter ?
// TODO: do we really need the email confirmation ?
var user = await _userManager.FindByNameAsync(bindings.UserName);
if (user == null) // || !(await _userManager.IsEmailConfirmedAsync(user))
{
_logger.LogWarning("Invalid forgot password attempt.");
// Don't reveal that the user does not exist or is not confirmed
return(Ok(ApiModel.AsSuccess <UserDto>(null)));
}
// For more information on how to enable account confirmation and password reset please
// visit https://go.microsoft.com/fwlink/?LinkID=532713
var code = await _userManager.GeneratePasswordResetTokenAsync(user);
var callbackUrl = Url.Action(
action: nameof(AccountController.ResetPassword),
controller: nameof(AccountController).ToLowerInvariant().Replace("controller", ""),
values: new { id = user.Id, code = code },
protocol: Request.Scheme,
host: Request.Host.Value);
var encodedCallback = WebUtility.UrlEncode(callbackUrl);
var sendResult = await _emailSender.SendEmailAsync(user.Email, "Reset Password",
$"Please reset your password by clicking here: <a href='{resetFormURL}?action={encodedCallback}'>link</a>");
if (sendResult)
{
return(Ok(ApiModel.AsSuccess <UserDto>(null)));
}
else
{
return(Ok(ApiModel.AsError <UserDto>(null, "impossible to send reset password link by email")));
}
}
// [ValidateAntiForgeryToken]
public async Task <IActionResult> ChangePassword([FromBody] ChangePasswordBindings bindings)
{
var username = HttpContext.User.Identity.Name;
if (string.IsNullOrEmpty(username))
{
return(Ok(ApiModel.AsError <AccountDto>(null, "no user claims in request, did you forget to set the auth header ?")));
}
var user = await _userManager.FindByNameAsync(username);
if (user == null)
{
return(Ok(ApiModel.AsError <AccountDto>(null, $"impossible to find a user with the username '{username}'")));
}
var result = await _userManager.ChangePasswordAsync(user, bindings.currentPassword, bindings.newPassword);
var userDto = _mapper.Map <AccountDto>(user);
return(Ok(ApiModel.FromIdentityResult <AccountDto>(userDto, result)));
}
// [ValidateAntiForgeryToken]
public async Task <IActionResult> ResetPassword(
[FromQuery] string id,
[FromQuery] string code,
[FromQuery] string password
)
{
// TODO: validate model here or with a filter ?
var user = await _userManager.FindByIdAsync(id);
if (user == null)
{
_logger.LogWarning("Invalid reset password attempt.");
// Don't reveal that the user does not exist or is not confirmed
return(Ok(ApiModel.AsError <UserDto>(null)));
}
var result = await _userManager.ResetPasswordAsync(user, code, password);
return(Ok(ApiModel.FromIdentityResult <UserDto>(result.Succeeded ? _mapper.Map <UserDto>(user) : null, result)));
}
public async Task <IActionResult> RegisterAsync([FromServices] UserManager userManager, [FromBody] RegisterBindings bindings, CancellationToken cancellationToken = default(CancellationToken))
{
var order = await this.orderService.GetByIdAsync(bindings.OrderID, cancellationToken);
var toPay = order.Total - order.PaidAmount;
var rateAmount = order.Currency == bindings.AmountCurrency ? 1 : configuration.GetRate(bindings.AmountCurrency, order.Currency);
var rateChange = order.Currency == bindings.ChangeCurrency ? 1 : configuration.GetRate(bindings.ChangeCurrency, order.Currency);
var amount = bindings.Amount * rateAmount;
var change = bindings.Change * rateChange;
var payment = new Payment()
{
Title = "Cash Payment",
Provider = Name,
Reference = $"{User.Identity.Name}",
Status = PaymentStatus.Paid,
Date = DateTime.UtcNow,
Method = PaymentMethod.Cash,
Details = $"Payment Order #{order.Reference}",
Currency = bindings.AmountCurrency,
Amount = amount - change
};
var username = HttpContext.User.Identity.Name;
if (string.IsNullOrEmpty(username))
{
return(Ok(ApiModel.AsError <ChangeResponse>(null, "no user claims in request, did you forget to set the auth header ?")));
}
var user = await userManager.FindByNameAsync(username);
if (user == null)
{
return(Ok(ApiModel.AsError <ChangeResponse>(null, $"impossible to find a user with the username '{username}'")));
}
await orderService.AddPayment(order, payment, cancellationToken);
if (bindings.Change != 0)
{
await movementService.CreateAsync(new Movement()
{
Currency = bindings.ChangeCurrency,
Amount = -1 * bindings.Change,
User = user.Preview(),
UserId = user.Id,
Date = DateTime.UtcNow,
ShopId = order.ShopId
},
cancellationToken);
}
if (bindings.Amount != 0)
{
await movementService.CreateAsync(new Movement()
{
Currency = bindings.AmountCurrency,
Amount = bindings.Amount,
User = user.Preview(),
UserId = user.Id,
Date = DateTime.UtcNow,
ShopId = order.ShopId
},
cancellationToken);
}
return(Ok(ApiModel.AsSuccess(
payment
)));
}
