public void VerifyMobile(Guid candidateId, string verificationCode)
{
var candidate = _candidateReadRepository.Get(candidateId);
if (!candidate.MobileVerificationRequired())
{
var message = string.Format("The mobile number associated with candidate Id: {0} does not require verification.", candidate.EntityId);
throw new CustomException(message, Domain.Entities.ErrorCodes.EntityStateError);
}
if (candidate.CommunicationPreferences.MobileVerificationCode == verificationCode)
{
candidate.CommunicationPreferences.MobileVerificationCode = string.Empty;
candidate.CommunicationPreferences.MobileVerificationCodeDateCreated = null;
candidate.CommunicationPreferences.VerifiedMobile = true;
_candidateWriteRepository.Save(candidate);
_serviceBus.PublishMessage(new CandidateUserUpdate(candidate.EntityId, CandidateUserUpdateType.Update));
_auditRepository.Audit(candidate, AuditEventTypes.CandidateVerifiedMobileNumber, candidate.EntityId);
}
else
{
var errorMessage = string.Format("Mobile verification code {0} is invalid for candidate {1} with mobile number {2}", verificationCode, candidateId, candidate.RegistrationDetails.PhoneNumber);
throw new CustomException(errorMessage, Interfaces.Users.ErrorCodes.MobileCodeVerificationFailed);
}
}
public void ResetForgottenPassword(string username, string passwordCode, string newPassword)
{
var user = _userReadRepository.Get(username);
var candidate = _candidateReadRepository.Get(user.EntityId);
if (user.PasswordResetCode != null && user.PasswordResetCode.Equals(passwordCode, StringComparison.CurrentCultureIgnoreCase))
{
if (user.PasswordResetCodeExpiry != null && DateTime.UtcNow > user.PasswordResetCodeExpiry)
{
throw new CustomException("Password reset code has expired.", Interfaces.Users.ErrorCodes.UserPasswordResetCodeExpiredError);
}
_authenticationService.ResetUserPassword(user.EntityId, newPassword);
user.SetStateActive();
user.LastLogin = DateTime.UtcNow;
_userWriteRepository.Save(user);
_serviceBus.PublishMessage(new CandidateUserUpdate(user.EntityId, CandidateUserUpdateType.Update));
_auditRepository.Audit(user, AuditEventTypes.UserResetPassword, user.EntityId);
SendPasswordResetConfirmationMessage(candidate);
}
else
{
RegisterFailedPasswordReset(user);
throw new CustomException("Password reset code \"{0}\" is invalid for user \"{1}\"", Interfaces.Users.ErrorCodes.UserPasswordResetCodeIsInvalid, passwordCode, username);
}
}
private void Audit(Guid entityId, User user, Candidate candidate, IList <SavedSearch> savedSearches, IList <ApprenticeshipApplicationSummary> apprenticeshipApplications, IList <TraineeshipApplicationSummary> traineeshipApplications)
{
var candidateUser = new
{
User = user,
Candidate = candidate,
SavedSearches = savedSearches,
ApprenticeshipApplications = apprenticeshipApplications,
TraineeshipApplications = traineeshipApplications
};
_auditRepository.Audit(candidateUser, AuditEventTypes.HardDeleteCandidateUser, entityId);
}
private bool SetUserStatusPendingDeletion(User user)
{
_logService.Info("Setting User: {0} Status to PendingDeletion", user.EntityId);
_auditRepository.Audit(user, AuditEventTypes.UserSoftDelete, user.EntityId);
user.Status = UserStatuses.PendingDeletion;
_userWriteRepository.Save(user);
_serviceBus.PublishMessage(new CandidateUserUpdate(user.EntityId, CandidateUserUpdateType.Update));
_logService.Info("Set User: {0} Status to PendingDeletion", user.EntityId);
return(true);
}
public bool SetUserStatusPendingDeletion(User user)
{
_logService.Info("Setting User: {0} Status to PendingDeletion", user.EntityId);
_auditRepository.Audit(user, AuditEventTypes.UserSoftDelete, user.EntityId);
user.Status = UserStatuses.PendingDeletion;
var deletedUserId = _userWriteRepository.SoftDelete(user);
_serviceBus.PublishMessage(new CandidateUserUpdate(user.EntityId, CandidateUserUpdateType.Update));
if (deletedUserId != Guid.Empty)
{
_serviceBus.PublishMessage(new CandidateUserUpdate(deletedUserId, CandidateUserUpdateType.Delete));
}
_logService.Info("Set User: {0} Status to PendingDeletion", user.EntityId);
return(true);
}
public void Activate(Guid id, string activationCode)
{
var user = _userReadRepository.Get(id);
user.AssertState("Activate user", UserStatuses.PendingActivation);
if (!user.ActivationCode.Equals(activationCode, StringComparison.InvariantCultureIgnoreCase))
{
throw new CustomException("Invalid activation code \"{0}\" for user with id \"{1}\"", ErrorCodes.UserActivationCodeError, activationCode, id);
}
user.SetStateActive();
user.ActivationDate = DateTime.UtcNow;
user.LastLogin = DateTime.UtcNow;
_userWriteRepository.Save(user);
_serviceBus.PublishMessage(new CandidateUserUpdate(user.EntityId, CandidateUserUpdateType.Update));
_auditRepository.Audit(user, AuditEventTypes.UserActivatedAccount, user.EntityId);
}
public void UpdateUsername(Guid userId, string verfiyCode, string password)
{
var user = _userReadRepository.Get(userId);
if (!verfiyCode.Equals(user.PendingUsernameCode, StringComparison.InvariantCultureIgnoreCase))
{
_logService.Debug("UpdateUsername failed to validate PendingUsernameCode: {0} for userId: {1}", verfiyCode, userId);
throw new CustomException(ErrorCodes.InvalidUpdateUsernameCode);
}
if (!_userDirectoryProvider.AuthenticateUser(userId.ToString(), password))
{
_logService.Debug("UpdateUsername failed to autheticate userId: {0}", userId);
throw new CustomException(ErrorCodes.UserPasswordError);
}
var pendingActivationUser = _userReadRepository.Get(user.PendingUsername, false);
if (pendingActivationUser != null && pendingActivationUser.Status != UserStatuses.PendingDeletion)
{
//Delete any user with username = user.PendingUsername - they must be PendingActivation
if (pendingActivationUser.Status != UserStatuses.PendingActivation)
{
_logService.Error("UpdateUsername error, existing userId ({0}) to pending username ({1}) failed as username already exists and is not in PendingActivation state", userId, user.PendingUsername);
throw new CustomException(ErrorCodes.UsernameExistsAndNotInPendingActivationState);
}
_userWriteRepository.Delete(pendingActivationUser.EntityId);
_authenticationRepository.Delete(pendingActivationUser.EntityId);
}
_logService.Info("UpdateUsername updating from '{0}' to '{1}'", user.Username, user.PendingUsername);
_auditRepository.Audit(user, AuditEventTypes.UsernameChanged, user.EntityId);
user.Username = user.PendingUsername;
user.PendingUsername = null;
user.PendingUsernameCode = null;
_userWriteRepository.Save(user);
_logService.Info("UpdateUsername updated to '{0}'", user.Username);
}
protected void SetAccountDormant(User user, Candidate candidate, DateTime lastLogin)
{
_logService.Info("Setting User with Id: {0} to Dormant and disabling comms", user.EntityId);
var candidateUser = new
{
User = user,
Candidate = candidate
};
_auditRepository.Audit(candidateUser, AuditEventTypes.CandidateUserMakeDormant, user.EntityId);
if (!user.LastLogin.HasValue)
{
user.LastLogin = lastLogin;
}
user.Status = UserStatuses.Dormant;
_userWriteRepository.Save(user);
candidate.DisableAllOptionalCommunications();
_candidateWriteRepository.Save(candidate);
_logService.Info("Set User with Id: {0} to Dormant and disabled comms", user.EntityId);
}
public int Audit([FromBody] string json)
{
AuditauditDto appractivity = Newtonsoft.Json.JsonConvert.DeserializeObject <AuditauditDto> (json);
return(_iauditRepository.Audit(appractivity));
}
