public virtual async Task <IScimResponse <ScimUser> > UpdateUser(ScimUser user)
{
return(await(await RetrieveUser(user.Id))
.BindAsync <ScimUser, ScimUser>(async userRecord =>
{
user.Groups = userRecord.Groups; // user.Groups is readOnly and used here only for resource versioning
user.Meta = new ResourceMetadata(ScimConstants.ResourceTypes.User)
{
Created = userRecord.Meta.Created,
};
_CanonicalizationService.Canonicalize(user, ServerConfiguration.GetScimTypeDefinition(user.GetType()));
var validator = await _ResourceValidatorFactory.CreateValidator(user);
var validationResult = (await validator.ValidateUpdateAsync(user, userRecord)).ToScimValidationResult();
if (!validationResult)
{
return new ScimErrorResponse <ScimUser>(validationResult.Errors.First());
}
// check if we're changing a password
if (_PasswordManager.PasswordIsDifferent(user.Password, userRecord.Password))
{
if (!ServerConfiguration.GetFeature(ScimFeatureType.ChangePassword).Supported)
{
return new ScimErrorResponse <ScimUser>(
new ScimError(
HttpStatusCode.BadRequest,
ScimErrorType.InvalidValue,
"Password change is not supported."));
}
// if we're not setting password to null, then hash the plainText
if (user.Password != null)
{
user.Password = _PasswordManager.CreateHash(user.Password);
}
}
SetResourceVersion(user);
// if both versions are equal, bypass persistence
if (string.Equals(user.Meta.Version, userRecord.Meta.Version))
{
return new ScimDataResponse <ScimUser>(userRecord);
}
var updatedUser = await _UserRepository.UpdateUser(user);
// set version of updated entity returned by repository
SetResourceVersion(updatedUser);
return new ScimDataResponse <ScimUser>(updatedUser);
}));
}
protected override void ConfigureUpdateRuleSet()
{
RuleFor(user => user.Id)
.Immutable(() => ExistingRecord.Id, StringComparer.OrdinalIgnoreCase)
.WithState(u =>
new ScimError(
HttpStatusCode.BadRequest,
ScimErrorType.Mutability,
ScimErrorDetail.AttributeImmutable("id")));
// Updating a username validation
When(user =>
user.UserName != null &&
!user.UserName.Equals(ExistingRecord.UserName, StringComparison.OrdinalIgnoreCase),
() =>
{
RuleFor(user => user.UserName)
.MustAsync(async(user, userName, token) => await _UserRepository.IsUserNameAvailable(userName))
.WithState(user =>
new ScimError(
HttpStatusCode.Conflict,
ScimErrorType.Uniqueness,
ScimErrorDetail.AttributeUnique("userName")));
});
// Updating a user password
When(user => user.Password != null && _PasswordManager.PasswordIsDifferent(user.Password, ExistingRecord.Password),
() =>
{
RuleFor(user => user.Password)
.MustAsync(async(password, token) => await _PasswordManager.MeetsRequirements(password))
.WithState(u =>
new ScimError(
HttpStatusCode.BadRequest,
ScimErrorType.InvalidValue,
"The attribute 'password' does not meet the security requirements set by the provider."));
});
}
