public IActionResult GetMyFriends()
{
var userId = _userIdentity.GetUserId(User);
var friends = _friendsManager.GetFriends(userId);
return(Ok(friends));
}
public IHttpActionResult Get()
{
SkyberryUser user = UOW.SkyberryUsers.GetDashboardInfo(UserIdentity.GetUserId());
UserVM userVM = ModelFactory.CreateUserVM(user, UserRoles);
return(new SkyApiPayload <UserVM>(Request, userVM));
}
public ActionResult Log(int id)
{
var isAdmin = UserIdentity.IsUserInRole(this, "Admin");
var currentUserId = UserIdentity.GetUserId(this);
var users = _context.User
.Include("UserLogs")
.Where(u => u.Id == id && (u.Id == currentUserId || isAdmin));
if (users.ToList().Count == 0)
{
return(new HttpNotFoundResult());
}
var user = users.Single();
var requester = UserIdentity.GetRequester(this);
// SECURE: Check user should have access to this account
if (!UserIdentity.IsUserInRole(this, "Admin") && UserIdentity.GetUserId(this) != user.Id)
{
Logger.Information("Failed User Log Get, access not permitted by requester {@requester}", requester);
return(new HttpNotFoundResult());
}
ViewBag.UserName = user.UserName;
return(View(new UserLogViewModel(user)));
}
public HttpResponseMessage Add(PatientDto newPatientDto)
{
var userId = UserIdentity.GetUserId((ClaimsIdentity)User.Identity);
var result = _services.Add(newPatientDto, userId);
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
public HttpResponseMessage Update(InsuranceDto oldInsuranceDto)
{
var userId = UserIdentity.GetUserId((ClaimsIdentity)User.Identity);
var result = _services.Update(oldInsuranceDto, userId);
return(Request.CreateResponse(HttpStatusCode.OK, result));
}
public ActionResult RemoveAdmin(int id, FormCollection collection)
{
var user = _context.User.Include("UserRoles").SingleOrDefault(u => u.Id == id);
if (user == null)
{
return(new HttpNotFoundResult());
}
if (user.UserRoles.All(a => a.RoleId != Consts.Roles.Admin))
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
var userRole = user.UserRoles.Single(a => a.RoleId == Consts.Roles.Admin);
var isOwnProfile = id == UserIdentity.GetUserId(this);
user.UserLogs.Add(new UserLog {
Description = $"User had administrator privileges removed by {UserIdentity.GetUserName(this)}"
});
_context.SetDeleted(userRole);
_context.SaveChanges();
if (isOwnProfile)
{
_userManager.SignOut();
return(RedirectToAction("Logon", "Account"));
}
return(RedirectToAction("Edit", "User", new { id }));
}
public JsonResult Disable(int id, FormCollection collection)
{
if (id == 0)
{
return(Json(new { success = false, message = "unable to locate user id" }));
}
var requester = UserIdentity.GetRequester(this);
var user = _context.User.FirstOrDefault(u => u.Id == id);
if (user == null)
{
Logger.Information("Failed User Disable Post for id {id}, user did not exist by requester {@requester}",
id, requester);
return(Json(new { success = false, message = "unable to locate user" }));
}
if (user.Id == UserIdentity.GetUserId(this))
{
return(Json(new { success = false, message = "You cannot disable your own account" }));
}
user.Enabled = false;
_context.SaveChanges();
Logger.Information("User Disable Post for id {id} suceeded, by requester {@requester}", id, requester);
return(Json(new { success = true, message = "" }));
}
public ActionResult Delete(int id, FormCollection collection)
{
var isOwnProfile = UserIdentity.GetUserId(this) == id;
ViewBag.Message = "";
var user = _context.User
.Include("PreviousPasswords")
.Include("UserLogs")
.Include("UserRoles")
.SingleOrDefault(a => a.Id == id && !isOwnProfile);
if (user == null)
{
return(new HttpNotFoundResult());
}
if (!user.CanBeDeleted)
{
ViewBag.Message = "This user has data associated with it and cannot be deleted";
return(View("Delete", user));
}
Logger.Warning($"User {user.UserName} was deleted by user {UserIdentity.GetUserName(this)}");
user.PreviousPasswords.ToList().ForEach(a => { _context.SetDeleted(a); });
user.UserLogs.ToList().ForEach(a => { _context.SetDeleted(a); });
user.UserRoles.ToList().ForEach(a => { _context.SetDeleted(a); });
_context.SetDeleted(user);
_context.SaveChanges();
return(RedirectToAction("Index", "User"));
}
public async Task <ActionResult> ChangeEmailAddressAsync(ChangeEmailAddressViewModel model)
{
var userId = UserIdentity.GetUserId(this);
var user = _context.User.FirstOrDefault(u => u.Id == userId && u.Enabled && u.EmailVerified && u.Approved);
AppSensor.ValidateFormData(this, new List <string> {
"NewEmailAddress", "Password"
});
if (user == null)
{
return(HttpNotFound());
}
if (ModelState.IsValid)
{
if (_context.User.Any(a => a.Id != user.Id && model.NewEmailAddress == a.UserName))
{
ModelState.AddModelError("NewEmailAddress", "This email address is already in use");
Logger.Information("Failed Account ChangeEmailAddress Post, Username already exists");
}
else
{
var logonResult = await _userManager.TryLogOnAsync(UserIdentity.GetUserName(this), model.Password);
if (logonResult.Success)
{
user.NewEmailAddressToken = Guid.NewGuid().ToString().Replace("-", "");
user.NewEmailAddressRequestExpiryDateUtc = DateTime.UtcNow.AddMinutes(15);
user.NewEmailAddress = model.NewEmailAddress;
// Send change username with link to recover password form
string emailBody = EmailTemplates.ChangeEmailAddressPendingBodyText(user.FirstName, user.LastName,
_configuration.ApplicationName, _configuration.WebsiteBaseUrl, user.NewEmailAddressToken);
string emailSubject = $"{_configuration.ApplicationName} - Complete the change email address process";
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string>()
{
user.UserName
}, null, null,
emailSubject, emailBody, true);
user.UserLogs.Add(new UserLog
{
Description = $"Change email address request started to change from {user.UserName} to {user.NewEmailAddress}"
});
await _context.SaveChangesAsync();
return(View("ChangeEmailAddressPending"));
}
else
{
Logger.Information("Failed Account ChangeEmailAddress Post, Password incorrect by requester {@requester}",
UserIdentity.GetRequester(this, AppSensorDetectionPointKind.Ae1));
ModelState.AddModelError("Password", "The password is not correct");
}
}
}
else
{
AppSensor.InspectModelStateErrors(this);
}
return(View("ChangeEmailAddress", new ChangeEmailAddressViewModel(user.UserName, user.NewEmailAddress, user.NewEmailAddressRequestExpiryDateUtc)));
}
public async Task <ActionResult> ChangePasswordAsync(ChangePasswordViewModel model)
{
ViewBag.ReturnUrl = Url.Action("ChangePassword");
var requester = UserIdentity.GetRequester(this);
var recaptchaSuccess = true;
if (_configuration.HasRecaptcha)
{
recaptchaSuccess = _recaptcha.ValidateRecaptcha(this);
}
AppSensor.ValidateFormData(this, new List <string> {
"ConfirmPassword", "OldPassword", "NewPassword"
});
if (recaptchaSuccess)
{
var userId = UserIdentity.GetUserId(this);
var user = _context.User.FirstOrDefault(u => u.Id == userId);
if (user != null)
{
var result = await _userManager.ChangePasswordAsync(UserIdentity.GetUserId(this), model.OldPassword,
model.NewPassword);
if (result.Succeeded)
{
// Email recipient with password change acknowledgement
var emailBody = EmailTemplates.ChangePasswordCompletedBodyText(user.FirstName, user.LastName,
_configuration.ApplicationName);
var emailSubject = $"{_configuration.ApplicationName} - Password change confirmation";
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> {
user.UserName
},
null, null, emailSubject, emailBody, true);
_context.SaveChanges();
_formsAuth.SignOut();
_userManager.SignOut();
_httpCache.RemoveFromCache($"MustChangePassword-{userId}");
Session.Abandon();
Logger.Debug("Account Logoff due to password change");
return(View("ChangePasswordSuccess"));
}
Logger.Information("Failed Account ChangePassword Post by requester {@requester}", requester);
AddErrors(result);
}
else
{
return(HttpNotFound());
}
}
else
{
Logger.Information("Failed Account Change Password Post Recaptcha failed by requester {@requester}",
requester);
}
return(View("ChangePassword", model));
}
public IHttpActionResult GetAccounts(string id)
{
if (id != UserIdentity.GetUserId() && !UserRoles.Contains("Admin"))
{
return(new SkyApiNotFound(Request));
}
List <Account> accounts = UOW.Accounts.GetByUserId(id);
List <AccountVM> accountVMs = accounts.Select(e => ModelFactory.CreateAccountVM(e)).ToList();
return(new SkyApiPayload <List <AccountVM> >(Request, accountVMs));
}
public ActionResult Delete(int id)
{
var isOwnProfile = UserIdentity.GetUserId(this) == id;
ViewBag.Message = "";
var user = _context.User
.SingleOrDefault(a => a.Id == id && !isOwnProfile);
if (user == null)
{
return(new HttpNotFoundResult());
}
return(View(user));
}
public ActionResult RemoveAdmin(int id)
{
ViewBag.StatusMessage = "";
var user = _context.User.Include("UserRoles").SingleOrDefault(u => u.Id == id);
if (user == null)
{
return(new HttpNotFoundResult());
}
if (user.UserRoles.All(a => a.RoleId != Consts.Roles.Admin))
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
var isOwnProfile = id == UserIdentity.GetUserId(this);
return(View("RemoveAdmin", new RemoveRoleViewModel(user, isOwnProfile)));
}
public ActionResult ChangeEmailAddress()
{
var userId = UserIdentity.GetUserId(this);
var users = _context.User.Where(u => u.Id == userId);
if (users.ToList().Count == 0)
{
return(new HttpNotFoundResult());
}
var user = users.Single();
// SECURE: Check user should have access to this account
if (!UserIdentity.IsUserInRole(this, "Admin") && UserIdentity.GetUserId(this) != user.Id)
{
return(new HttpNotFoundResult());
}
return(View(new ChangeEmailAddressViewModel(user.UserName, user.NewEmailAddress, user.NewEmailAddressRequestExpiryDateUtc)));
}
public IHttpActionResult Get(string id)
{
if (id != UserIdentity.GetUserId() && !UserRoles.Contains("Admin"))
{
return(new SkyApiNotFound(Request));
}
SkyberryUser user = UOW.SkyberryUsers.GetDashboardInfo(id);
if (user == null)
{
return(new SkyApiNotFound(Request));
}
UserVM userVM = ModelFactory.CreateUserVM(user, UserRoles);
return(new SkyApiPayload <UserVM>(Request, userVM));
}
public ActionResult Edit(int id)
{
ViewBag.StatusMessage = "";
var isAdmin = UserIdentity.IsUserInRole(this, "Admin");
var currentUserId = UserIdentity.GetUserId(this);
var users = _context.User
.Include("UserRoles")
.Where(u => u.Id == id);
var user = users.Single();
var requester = UserIdentity.GetRequester(this);
// SECURE: Check user should have access to this account
if (!isAdmin && currentUserId != user.Id)
{
Logger.Information("Failed User Edit Get, user modification was not permitted for access rights by requester {@requester}", requester);
return(new HttpNotFoundResult());
}
return(View(new UserViewModel(currentUserId, isAdmin, user)));
}
public IHttpActionResult UpdatePassword([FromBody] UpdatePasswordBM model)
{
SkyberryUser user = UOW.SkyberryUsers.GetById(UserIdentity.GetUserId());
if (user == null)
{
return(new SkyApiNotFound(Request));
}
if (!UserManager.CheckPassword(user, model.OldPass))
{
ModelState.AddModelError("oldPass", "Current password is incorrect.");
return(new SkyApiBadRequest(Request, new SkyModelStateError(ModelState)));
}
user.PasswordHash = UserManager.PasswordHasher.HashPassword(model.NewPass);
UOW.Commit();
return(new SkyApiOkeydoke(Request));
}
public IHttpActionResult UpdateUsername([FromBody] UpdateUsernameBM model)
{
SkyberryUser user = UOW.SkyberryUsers.GetById(UserIdentity.GetUserId());
if (user == null)
{
return(new SkyApiNotFound(Request));
}
user.UserName = model.NewUsername;
UOW.Commit();
UpdateUsernameVM payload = new UpdateUsernameVM
{
Username = user.UserName,
};
return(new SkyApiPayload <UpdateUsernameVM>(Request, payload));
}
public IHttpActionResult UpdateEmail([FromBody] UpdateEmailBM model)
{
SkyberryUser user = UOW.SkyberryUsers.GetById(UserIdentity.GetUserId());
if (user == null)
{
return(new SkyApiNotFound(Request));
}
user.Email = model.NewEmail;
UOW.Commit();
UpdateEmailVM payload = new UpdateEmailVM
{
Email = user.Email,
};
return(new SkyApiPayload <UpdateEmailVM>(Request, payload));
}
public ActionResult Landing()
{
var currentUserId = UserIdentity.GetUserId(this);
var users = _context.User.Where(u => u.Id == currentUserId);
// Usually means user is not logged on
if (users.ToList().Count == 0)
{
return(RedirectToAction("Index", "Home"));
}
var user = users.Single();
var activityLogs = user.UserLogs.OrderByDescending(d => d.CreatedDateUtc).ToList();
UserLog lastAccountActivity = null;
if (activityLogs.Count > 1)
{
lastAccountActivity = activityLogs.Skip(1).FirstOrDefault();
}
return(View(new LandingViewModel(user.FirstName, lastAccountActivity, currentUserId)));
}
public ActionResult Edit(int id, FormCollection collection)
{
var isAdmin = UserIdentity.IsUserInRole(this, "Admin");
var currentUserId = UserIdentity.GetUserId(this);
var isOwnProfile = currentUserId == id;
var users = _context.User.Where(u => u.Id == id);
if (users.ToList().Count == 0)
{
return(new HttpNotFoundResult());
}
var user = users.Single();
ViewBag.StatusMessage = "";
var requester = UserIdentity.GetRequester(this);
// SECURE: Check user should have access to this account
if (!isAdmin && !isOwnProfile)
{
Logger.Information("Failed User Edit Post, user modification was not permitted for access rights by requester {@requester}", requester);
return(new HttpNotFoundResult());
}
ViewBag.StatusMessage = "";
var previousUserName = user.UserName;
var propertiesToUpdate = new List <string>
{
"FirstName", "LastName", "TelNoHome", "TelNoMobile", "TelNoWork", "Title",
"Town", "Postcode", "SkypeName"
};
var expectedFields = new List <string> {
"IsAccessingUserAnAdmin", "IsOwnProfile", "IsCurrentUserAnAdmin", "User.Id"
};
if (isAdmin)
{
if (currentUserId != user.Id)
{
// Otherwise these fields will be disabled on the front page
propertiesToUpdate.AddRange(new List <string> {
"Approved", "EmailVerified", "Enabled"
});
}
propertiesToUpdate.AddRange(new List <string> {
"UserName"
});
}
propertiesToUpdate.ForEach(a => expectedFields.Add(a));
AppSensor.ValidateFormData(this, expectedFields);
if (TryUpdateModel(user, "User", propertiesToUpdate.ToArray(), collection))
{
if (_context.User.Any(a => a.Id != user.Id && user.UserName == a.UserName))
{
ModelState.AddModelError("User.UserName", "This username is already in use");
}
else
{
if (user.UserName != previousUserName)
{
user.UserLogs.Add(new UserLog
{
Description = $"Username/Email was changed from {previousUserName} by {UserIdentity.GetUserName(this)}"
});
string emailSubject = $"{_configuration.ApplicationName} - Change email address process completed";
string emailBody = EmailTemplates.ChangeEmailAddressCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName, previousUserName, user.UserName);
_services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> {
user.UserName
}, null, null, emailSubject, emailBody, true);
}
_context.SaveChanges();
if (!isOwnProfile && isAdmin)
{
return(RedirectToAction("Index", "User"));
}
ViewBag.StatusMessage = "Your account information has been saved";
}
}
else
{
AppSensor.InspectModelStateErrors(this);
}
return(View("Edit", new UserViewModel(UserIdentity.GetUserId(this), isAdmin, user)));
}
public ActionResult EditCurrent()
{
return(RedirectToAction("Edit", "User", new { Id = UserIdentity.GetUserId(this) }));
}
public ActionResult Index(int page = 1)
{
return(View("Index", new UsersViewModel(UserIdentity.GetUserId(this))));
}
