public RegisterAuditMessage(User user)
{
AffectedEntity = new Entity
{
Type = UserTypeName,
Id = user.Id
};
Category = "CREATED";
Description = $"User registered with email address {user.Email}";
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString(nameof(user.FirstName), user.FirstName),
PropertyUpdate.FromString(nameof(user.LastName), user.LastName),
PropertyUpdate.FromString(nameof(user.Email), user.Email),
PropertyUpdate.FromString(nameof(user.Password), PasswordAuditValue),
PropertyUpdate.FromString(nameof(user.Salt), SaltAuditValue),
PropertyUpdate.FromString(nameof(user.PasswordProfileId), user.PasswordProfileId),
PropertyUpdate.FromBool(nameof(user.IsActive), user.IsActive)
};
for (var i = 0; i < user.SecurityCodes.Length; i++)
{
var code = user.SecurityCodes[i];
ChangedProperties.Add(PropertyUpdate.FromString($"{nameof(user.SecurityCodes)}[{i}].{nameof(code.Code)}", code.Code));
ChangedProperties.Add(PropertyUpdate.FromString($"{nameof(user.SecurityCodes)}[{i}].{nameof(code.CodeType)}", code.CodeType.ToString()));
ChangedProperties.Add(PropertyUpdate.FromDateTime($"{nameof(user.SecurityCodes)}[{i}].{nameof(code.ExpiryTime)}", code.ExpiryTime));
}
}
private async Task AddAuditEntry(AddPayeToAccountCommand message, long accountId)
{
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "CREATED",
Description = $"Paye scheme {message.Empref} added to account {accountId}",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString("Ref", message.Empref),
PropertyUpdate.FromString("AccessToken", message.AccessToken),
PropertyUpdate.FromString("RefreshToken", message.RefreshToken),
PropertyUpdate.FromString("Name", message.EmprefName),
PropertyUpdate.FromString("Aorn", message.Aorn)
},
RelatedEntities = new List <Entity> {
new Entity {
Id = accountId.ToString(), Type = "Account"
}
},
AffectedEntity = new Entity {
Type = "Paye", Id = message.Empref
}
}
});
}
private async Task CreateAuditEntries(CreateUserAccountCommand message, CreateUserAccountResult returnValue, string hashedAccountId, User user)
{
//Account
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "CREATED",
Description = $"Account {message.OrganisationName} created with id {returnValue.AccountId}",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromLong("AccountId", returnValue.AccountId),
PropertyUpdate.FromString("HashedId", hashedAccountId),
PropertyUpdate.FromString("Name", message.OrganisationName),
PropertyUpdate.FromDateTime("CreatedDate", DateTime.UtcNow),
},
AffectedEntity = new Entity {
Type = "Account", Id = returnValue.AccountId.ToString()
},
RelatedEntities = new List <Entity>()
}
});
//Membership Account
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "CREATED",
Description = $"User {message.ExternalUserId} added to account {returnValue.AccountId} as owner",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromLong("AccountId", returnValue.AccountId),
PropertyUpdate.FromString("UserId", message.ExternalUserId),
PropertyUpdate.FromString("Role", Role.Owner.ToString()),
PropertyUpdate.FromDateTime("CreatedDate", DateTime.UtcNow)
},
RelatedEntities = new List <Entity>
{
new Entity {
Id = returnValue.AccountId.ToString(), Type = "Account"
},
new Entity {
Id = user.Id.ToString(), Type = "User"
}
},
AffectedEntity = new Entity {
Type = "Membership", Id = message.ExternalUserId
}
}
});
}
public MessageQueueDeleteAuditMessage(IEnumerable <string> ids)
{
AffectedEntity = new Entity
{
Type = "QueueMessages",
Id = Guid.NewGuid().ToString()
};
Category = "DELETE_QUEUE_MESSAGES";
Description = $"Delete queue messages";
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString("ids", JsonConvert.SerializeObject(ids))
};
}
public MessageQueueReplayAuditMessage(QueueMessage message)
{
AffectedEntity = new Entity
{
Type = "QueueMessage",
Id = message.Id
};
Category = "REPLAY_QUEUE_MESSAGE";
Description = $"Replay queue message of id : {message.Id} with CorrelationId : {message.OriginalMessage.CorrelationId}";
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString("meessage", JsonConvert.SerializeObject(message.OriginalMessage?.UserProperties))
};
}
public CompleteChangeEmailAuditMessage(User user, string oldEmail)
{
AffectedEntity = new Entity
{
Type = UserTypeName,
Id = user.Id
};
Category = "UPDATE";
Description = $"User {user.Email} completed changing their email address from {oldEmail}";
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString(nameof(user.Email), user.Email)
};
}
public PasswordResetAuditMessage(User user)
{
Category = "PASSWORD_RESET";
AffectedEntity = new Entity
{
Type = UserTypeName,
Id = user.Id
};
Description = $"User {user.Email} (id: {user.Id}) has reset their password";
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString(nameof(user.Password), PasswordAuditValue),
PropertyUpdate.FromString(nameof(user.Salt), SaltAuditValue)
};
}
public RequestChangeEmailAuditMessage(User user, SecurityCode code)
{
AffectedEntity = new Entity
{
Type = UserTypeName,
Id = user.Id
};
Category = "CHANGE_EMAIL";
Description = $"User {user.Email} (id: {user.Id}) has requested to change their email to {code.PendingValue}. They have been issued code {code.Code}";
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString("SecurityCodes.Code", code.Code),
PropertyUpdate.FromDateTime("SecurityCodes.ExpiryTime", code.ExpiryTime)
};
}
public ResendActivationCodeAuditMessage(User user)
{
var activationCode = user.SecurityCodes.Where(x => x.CodeType == SecurityCodeType.AccessCode)
.OrderByDescending(x => x.ExpiryTime)
.FirstOrDefault();
AffectedEntity = new Entity
{
Type = UserTypeName,
Id = user.Id
};
Category = "RESEND_ACTIVATION_CODE";
Description = $"User {user.Email} (id: {user.Id}) has request activation code {activationCode?.Code} be resent";
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString(nameof(user.SecurityCodes), activationCode?.Code)
};
}
public PasswordResetCodeAuditMessage(User user)
{
//Get the latest security code
var securityCode = user.SecurityCodes.Where(x => x.CodeType == SecurityCodeType.PasswordResetCode)
.OrderByDescending(x => x.ExpiryTime)
.FirstOrDefault();
Category = "PASSWORD_RESET_CODE";
AffectedEntity = new Entity
{
Type = UserTypeName,
Id = user.Id
};
Description = $"User {user.Email} (id: {user.Id}) has reset their security code";
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString("SecurityCode", securityCode?.Code)
};
}
private async Task CreateAuditEntry(AcceptInvitationCommand message, User user, Invitation existing)
{
await _auditService.SendAuditMessage(new EasAuditMessage
{
Category = "UPDATED",
Description =
$"Member {user.Email} has accepted and invitation to account {existing.AccountId} as {existing.Role}",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString("Status", InvitationStatus.Accepted.ToString())
},
RelatedEntities = new List <Entity>
{
new Entity {
Id = $"Account Id [{existing.AccountId}], User Id [{user.Id}]", Type = "Membership"
}
},
AffectedEntity = new Entity {
Type = "Invitation", Id = message.Id.ToString()
}
});
}
private async Task AddAuditEntry(long accountId, string employerAgreementId)
{
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "UPDATED",
Description = $"EmployerAgreement {employerAgreementId} removed from account {accountId}",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString("Status", EmployerAgreementStatus.Removed.ToString())
},
RelatedEntities = new List <Entity> {
new Entity {
Id = accountId.ToString(), Type = "Account"
}
},
AffectedEntity = new Entity {
Type = "EmployerAgreement", Id = employerAgreementId
}
}
});
}
private async Task AddAuditEntry(SignEmployerAgreementCommand message, long accountId, long agreementId)
{
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "UPDATED",
Description = $"Agreement {agreementId} added to account {accountId}",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString("UserId", message.ExternalUserId),
PropertyUpdate.FromString("SignedDate", message.SignedDate.ToString("U"))
},
RelatedEntities = new List <Entity> {
new Entity {
Id = accountId.ToString(), Type = "Account"
}
},
AffectedEntity = new Entity {
Type = "Agreement", Id = agreementId.ToString()
}
}
});
}
private async Task CreateAuditEntries(CreateAccountCommand message, CreateAccountResult returnValue, string hashedAccountId, User user)
{
//Account
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "CREATED",
Description = $"Account {message.OrganisationName} created with id {returnValue.AccountId}",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromLong("AccountId", returnValue.AccountId),
PropertyUpdate.FromString("HashedId", hashedAccountId),
PropertyUpdate.FromString("Name", message.OrganisationName),
PropertyUpdate.FromDateTime("CreatedDate", DateTime.UtcNow),
},
AffectedEntity = new Entity {
Type = "Account", Id = returnValue.AccountId.ToString()
},
RelatedEntities = new List <Entity>()
}
});
//LegalEntity
var changedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromLong("Id", returnValue.LegalEntityId),
PropertyUpdate.FromString("Name", message.OrganisationName),
PropertyUpdate.FromString("Code", message.OrganisationReferenceNumber),
PropertyUpdate.FromString("RegisteredAddress", message.OrganisationAddress),
PropertyUpdate.FromString("OrganisationType", message.OrganisationType.ToString()),
PropertyUpdate.FromString("PublicSectorDataSource", message.PublicSectorDataSource.ToString()),
PropertyUpdate.FromString("Sector", message.Sector)
};
if (message.OrganisationDateOfInception != null)
{
changedProperties.Add(PropertyUpdate.FromDateTime("DateOfIncorporation", message.OrganisationDateOfInception.Value));
}
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "CREATED",
Description = $"Legal Entity {message.OrganisationName} created of type {message.OrganisationType} with id {returnValue.LegalEntityId}",
ChangedProperties = changedProperties,
AffectedEntity = new Entity {
Type = "LegalEntity", Id = returnValue.LegalEntityId.ToString()
},
RelatedEntities = new List <Entity>()
}
});
//EmployerAgreement
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "CREATED",
Description = $"Employer Agreement Created for {message.OrganisationName} legal entity id {returnValue.LegalEntityId}",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromLong("Id", returnValue.EmployerAgreementId),
PropertyUpdate.FromLong("LegalEntityId", returnValue.LegalEntityId),
PropertyUpdate.FromString("TemplateId", hashedAccountId),
PropertyUpdate.FromInt("StatusId", 2),
},
RelatedEntities = new List <Entity> {
new Entity {
Id = returnValue.EmployerAgreementId.ToString(), Type = "LegalEntity"
}
},
AffectedEntity = new Entity {
Type = "EmployerAgreement", Id = returnValue.EmployerAgreementId.ToString()
}
}
});
//AccountEmployerAgreement Account Employer Agreement
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "CREATED",
Description = $"Employer Agreement Created for {message.OrganisationName} legal entity id {returnValue.LegalEntityId}",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromLong("AccountId", returnValue.AccountId),
PropertyUpdate.FromLong("EmployerAgreementId", returnValue.EmployerAgreementId),
},
RelatedEntities = new List <Entity>
{
new Entity {
Id = returnValue.EmployerAgreementId.ToString(), Type = "LegalEntity"
},
new Entity {
Id = returnValue.AccountId.ToString(), Type = "Account"
}
},
AffectedEntity = new Entity {
Type = "AccountEmployerAgreement", Id = returnValue.EmployerAgreementId.ToString()
}
}
});
//Paye
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "CREATED",
Description = $"Paye scheme {message.PayeReference} added to account {returnValue.AccountId}",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString("Ref", message.PayeReference),
PropertyUpdate.FromString("AccessToken", message.AccessToken),
PropertyUpdate.FromString("RefreshToken", message.RefreshToken),
PropertyUpdate.FromString("Name", message.EmployerRefName)
},
RelatedEntities = new List <Entity> {
new Entity {
Id = returnValue.AccountId.ToString(), Type = "Account"
}
},
AffectedEntity = new Entity {
Type = "Paye", Id = message.PayeReference
}
}
});
//Membership Account
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "CREATED",
Description = $"User {message.ExternalUserId} added to account {returnValue.AccountId} as owner",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromLong("AccountId", returnValue.AccountId),
PropertyUpdate.FromString("UserId", message.ExternalUserId),
PropertyUpdate.FromString("RoleId", Role.Owner.ToString()),
PropertyUpdate.FromDateTime("CreatedDate", DateTime.UtcNow)
},
RelatedEntities = new List <Entity>
{
new Entity {
Id = returnValue.AccountId.ToString(), Type = "Account"
},
new Entity {
Id = user.Id.ToString(), Type = "User"
}
},
AffectedEntity = new Entity {
Type = "Membership", Id = message.ExternalUserId
}
}
});
}
protected override async Task HandleCore(CreateInvitationCommand message)
{
var validationResult = await _validator.ValidateAsync(message);
if (!validationResult.IsValid())
{
throw new InvalidRequestException(validationResult.ValidationDictionary);
}
if (validationResult.IsUnauthorized)
{
throw new UnauthorizedAccessException();
}
var caller = await _membershipRepository.GetCaller(message.HashedAccountId, message.ExternalUserId);
////Verify the email is not used by an existing invitation for the account
var existingInvitation = await _invitationRepository.Get(caller.AccountId, message.EmailOfPersonBeingInvited);
if (existingInvitation != null && existingInvitation.Status != InvitationStatus.Deleted && existingInvitation.Status != InvitationStatus.Accepted)
{
throw new InvalidRequestException(new Dictionary <string, string> {
{ "ExistingMember", $"{message.EmailOfPersonBeingInvited} is already invited" }
});
}
var expiryDate = DateTimeProvider.Current.UtcNow.Date.AddDays(8);
var invitationId = 0L;
if (existingInvitation == null)
{
invitationId = await _invitationRepository.Create(new Invitation
{
AccountId = caller.AccountId,
Email = message.EmailOfPersonBeingInvited,
Name = message.NameOfPersonBeingInvited,
Role = message.RoleOfPersonBeingInvited,
Status = InvitationStatus.Pending,
ExpiryDate = expiryDate
});
}
else
{
existingInvitation.Name = message.NameOfPersonBeingInvited;
existingInvitation.Role = message.RoleOfPersonBeingInvited;
existingInvitation.Status = InvitationStatus.Pending;
existingInvitation.ExpiryDate = expiryDate;
await _invitationRepository.Resend(existingInvitation);
invitationId = existingInvitation.Id;
}
var existingUser = await _userRepository.Get(message.EmailOfPersonBeingInvited);
await _mediator.SendAsync(new CreateAuditCommand
{
EasAuditMessage = new EasAuditMessage
{
Category = "CREATED",
Description = $"Member {message.EmailOfPersonBeingInvited} added to account {caller.AccountId} as {message.RoleOfPersonBeingInvited}",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString("AccountId", caller.AccountId.ToString()),
PropertyUpdate.FromString("Email", message.EmailOfPersonBeingInvited),
PropertyUpdate.FromString("Name", message.NameOfPersonBeingInvited),
PropertyUpdate.FromString("Role", message.RoleOfPersonBeingInvited.ToString()),
PropertyUpdate.FromString("Status", InvitationStatus.Pending.ToString()),
PropertyUpdate.FromDateTime("ExpiryDate", expiryDate)
},
RelatedEntities = new List <Entity> {
new Entity {
Id = caller.AccountId.ToString(), Type = "Account"
}
},
AffectedEntity = new Entity {
Type = "Invitation", Id = invitationId.ToString()
}
}
});
await _mediator.SendAsync(new SendNotificationCommand
{
Email = new Email
{
RecipientsAddress = message.EmailOfPersonBeingInvited,
TemplateId = existingUser?.UserRef != null ? "InvitationExistingUser" : "InvitationNewUser",
ReplyToAddress = "*****@*****.**",
Subject = "x",
SystemId = "x",
Tokens = new Dictionary <string, string> {
{ "account_name", caller.AccountName },
{ "first_name", message.NameOfPersonBeingInvited },
{ "inviter_name", $"{caller.FirstName} {caller.LastName}" },
{ "base_url", _employerApprenticeshipsServiceConfiguration.DashboardUrl },
{ "expiry_date", expiryDate.ToString("dd MMM yyy") }
}
}
});
var callerExternalUserId = Guid.Parse(caller.UserRef);
await PublishUserInvitedEvent(caller.AccountId, message.NameOfPersonBeingInvited, caller.FullName(), callerExternalUserId);
}
protected override async Task HandleCore(AcceptInvitationCommand message)
{
var validationResult = _validator.Validate(message);
if (!validationResult.IsValid())
{
throw new InvalidRequestException(validationResult.ValidationDictionary);
}
var existing = await _invitationRepository.Get(message.Id);
if (existing == null)
{
throw new InvalidRequestException(new Dictionary <string, string> {
{ "Invitation", "Invitation not found" }
});
}
var user = await _userAccountRepository.Get(existing.Email);
if (user == null)
{
throw new InvalidRequestException(new Dictionary <string, string> {
{ "User", "User not found" }
});
}
var membership = await _membershipRepository.GetCaller(existing.AccountId, user.UserRef);
if (membership != null)
{
throw new InvalidRequestException(new Dictionary <string, string> {
{ "Membership", "User already member of Account" }
});
}
if (existing.Status != InvitationStatus.Pending)
{
throw new InvalidRequestException(new Dictionary <string, string> {
{ "Invitation", "Invitation is not pending" }
});
}
if (existing.ExpiryDate < DateTimeProvider.Current.UtcNow)
{
throw new InvalidRequestException(new Dictionary <string, string> {
{ "Invitation", "Invitation has expired" }
});
}
await _invitationRepository.Accept(existing.Email, existing.AccountId, (short)existing.RoleId);
await _auditService.SendAuditMessage(new EasAuditMessage
{
Category = "UPDATED",
Description = $"Member {user.Email} has accepted and invitation to account {existing.AccountId} as {existing.RoleId}",
ChangedProperties = new List <PropertyUpdate>
{
PropertyUpdate.FromString("Status", InvitationStatus.Accepted.ToString())
},
RelatedEntities = new List <Entity> {
new Entity {
Id = $"Account Id [{existing.AccountId}], User Id [{user.Id}]", Type = "Membership"
}
},
AffectedEntity = new Entity {
Type = "Invitation", Id = message.Id.ToString()
}
});
}