private User MapAndAddUser(AddUserCommand command, IExecutionContext executionContext, Role role, IUserAreaDefinition userArea, UserArea dbUserArea)
{
var user = new User();
user.FirstName = command.FirstName.Trim();
user.LastName = command.LastName.Trim();
user.Email = command.Email;
user.RequirePasswordChange = command.RequirePasswordChange;
user.LastPasswordChangeDate = executionContext.ExecutionDate;
user.CreateDate = executionContext.ExecutionDate;
user.Role = role;
user.UserArea = dbUserArea;
if (userArea.AllowPasswordLogin)
{
var password = command.GeneratePassword ? _passwordGenerationService.Generate() : command.Password;
var hashResult = _passwordCryptographyService.CreateHash(password);
user.Password = hashResult.Hash;
user.PasswordEncryptionVersion = hashResult.HashVersion;
}
if (userArea.UseEmailAsUsername)
{
user.Username = command.Email;
}
else
{
user.Username = command.Username.Trim();
}
_dbContext.Users.Add(user);
return(user);
}
private AddUserCommand MapCommand(AddUserWithTemporaryPasswordCommand command)
{
// The password policy should be configured with the definitive min-length
// as an attribute, but otherwise fall-back to the configured option
var passwordPolicy = _passwordPolicyService.GetDescription(command.UserAreaCode);
var minLengthAttribute = passwordPolicy.Attributes.GetOrDefault(PasswordPolicyAttributes.MinLength);
var options = _userAreaDefinitionRepository.GetOptionsByCode(command.UserAreaCode);
var minLength = IntParser.ParseOrDefault(minLengthAttribute, options.Password.MinLength);
var newUserCommand = new AddUserCommand()
{
FirstName = command.FirstName,
LastName = command.LastName,
DisplayName = command.DisplayName,
Email = command.Email,
Username = command.Username,
Password = _passwordGenerationService.Generate(minLength),
RequirePasswordChange = true,
UserAreaCode = command.UserAreaCode,
RoleId = command.RoleId,
RoleCode = command.RoleCode
};
return(newUserCommand);
}
public async Task ExecuteAsync(ResetUserPasswordCommand command, IExecutionContext executionContext)
{
var user = await GetUserAsync(command.UserId);
await ValidatePermissionsAsync(user, executionContext);
ValidateUserArea(user.UserAreaCode);
var options = _userAreaDefinitionRepository.GetOptionsByCode(user.UserAreaCode);
var temporaryPassword = _passwordGenerationService.Generate(options.Password.MinLength);
var hashResult = _passwordCryptographyService.CreateHash(temporaryPassword);
user.Password = hashResult.Hash;
user.PasswordHashVersion = hashResult.HashVersion;
user.RequirePasswordChange = true;
user.LastPasswordChangeDate = executionContext.ExecutionDate;
_userSecurityStampUpdateHelper.Update(user);
using (var scope = _domainRepository.Transactions().CreateScope())
{
await _dbContext.SaveChangesAsync();
await SendNotificationAsync(user, temporaryPassword, executionContext);
scope.QueueCompletionTask(() => OnTransactionComplete(user));
await scope.CompleteAsync();
}
}
/// <summary>
/// Generates a unique and random security token that can be used to verify
/// a request without a username and password, e.g. for a password reset link
/// </summary>
public string Generate()
{
// Get a little uniquess
var guid = Guid.NewGuid().ToString().Replace("-", string.Empty);
// Sprinkle some random padding
var randomString = _passwordGenerationService.Generate(20);
// Encrypt the lot to obfuscate it
var token = Defuse.PasswordCryptographyV2.CreateHash(guid + randomString);
return(token);
}
/// <summary>
/// Initializes the ViewModel with the specified clipboard access.
/// </summary>
public PasswordGenViewModel(IPasswordGenerationService passwordService, ISensitiveClipboardService clipboardService)
{
ClipboardCopyCommand = new ActionCommand(
async() =>
{
clipboardService.CopyCredential(
await passwordService.Generate(GetCurrentRecipe()),
ClipboardOperationType.Password
);
}
);
}
private AddUserCommand MapCommand(AddCofoundryUserCommand command, IExecutionContext executionContext)
{
var newUserCommand = new AddUserCommand();
newUserCommand.FirstName = command.FirstName;
newUserCommand.LastName = command.LastName;
newUserCommand.Email = command.Email;
newUserCommand.Password = _passwordGenerationService.Generate();
newUserCommand.RequirePasswordChange = true;
newUserCommand.UserAreaCode = CofoundryAdminUserArea.AreaCode;
newUserCommand.RoleId = command.RoleId;
return(newUserCommand);
}
