public async Task <IActionResult> UpdateAsync(Guid id, [FromBody] Dto.UpdateAsync.RequestDto dto)
{
try
{
var user = await _userService.UpdateAsync(id, _authHelper.GetUserId(this), dto);
return(CreatedAtAction(nameof(GetDetailsAsync), new { id = user.Id }, user));
}
catch (ForbiddenException ex)
{
return(StatusCode((int)HttpStatusCode.Forbidden, new ResponseMessage {
Message = ex.Message
}));
}
catch (EmailNotSentException ex)
{
return(StatusCode((int)HttpStatusCode.BadGateway, new ResponseMessage {
Message = ex.Message
}));
}
catch (AppException ex)
{
return(BadRequest(new ResponseMessage {
Message = ex.Message
}));
}
}
/// <inheritdoc />
public async Task <Dto.GetDetailsAsync.ResponseDto> UpdateAsync(Guid id, Guid userId,
Dto.UpdateAsync.RequestDto dto)
{
if (userId != id)
{
throw new ForbiddenException();
}
var user = await _db.Users.Include(x => x.Role).FirstOrDefaultAsync(x => x.Id == id);
if (user == null)
{
throw new EntityNotFoundException(_l["User not found."]);
}
var isExternalUser = user.ExternalId != null;
// Update username if it has changed.
if (dto.Username != null && dto.Username.NewValue != user.Username)
{
if (isExternalUser)
{
throw new UpdateReadOnlyPropertyException(_l["Cannot update username."]);
}
// Throw error if the new username is already taken.
if (_db.Users.Any(x => x.Username == dto.Username.NewValue))
{
throw new UsernameTakenException(string.Format(
_l["Username '{0}' is already taken."], dto.Username.NewValue));
}
user.Username = dto.Username.NewValue;
}
// Update user properties if provided.
if (dto.GivenName != null)
{
if (isExternalUser)
{
throw new UpdateReadOnlyPropertyException(_l["Cannot update given name."]);
}
user.GivenName = dto.GivenName.NewValue;
}
if (dto.FamilyName != null)
{
if (isExternalUser)
{
throw new UpdateReadOnlyPropertyException(_l["Cannot update family name."]);
}
user.FamilyName = dto.FamilyName.NewValue;
}
// Update password if provided.
if (dto.Password != null)
{
if (isExternalUser)
{
throw new UpdateReadOnlyPropertyException(_l["Cannot update password."]);
}
var(passwordHash, passwordSalt) = _passwordHelper.CreateHash(dto.Password.NewValue);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
}
// Update email if provided.
if (dto.Email != null)
{
if (isExternalUser)
{
throw new UpdateReadOnlyPropertyException(_l["Cannot update email."]);
}
var emailSuccess = await ChangeEmailAsync(user, dto.Email.NewValue);
if (!emailSuccess)
{
throw new EmailNotSentException(_l["Sending of confirmation email failed."]);
}
}
user.UpdatedAt = DateTime.UtcNow;
user.UpdatedById = userId;
await _db.SaveChangesAsync();
return(new Dto.GetDetailsAsync.ResponseDto
{
Id = user.Id,
Username = user.Username,
GivenName = user.GivenName,
FamilyName = user.FamilyName,
Email = user.Email,
CreatedAt = user.CreatedAt,
UpdatedAt = user.UpdatedAt,
LastLoginAt = user.LastLoginAt,
IsActive = user.IsActive,
Role = user.Role == null
? null
: new DtoRole.GetAllAsync.ResponseDto
{
Id = user.Role.Id, Name = user.Role.Name
}
});
}
