public async Task ExecuteAsync(UpdateUserCommand command, IExecutionContext executionContext)
{
// Get User
var user = await _dbContext
.Users
.FilterCanLogIn()
.FilterById(command.UserId)
.SingleOrDefaultAsync();
EntityNotFoundException.ThrowIfNull(user, command.UserId);
// Validate
var userArea = _userAreaRepository.GetByCode(user.UserAreaCode);
ValidatePermissions(userArea, executionContext);
ValidateCommand(command, userArea);
await ValidateIsUnique(command, userArea);
// Role
if (command.RoleId != user.RoleId)
{
user.Role = await _userCommandPermissionsHelper.GetAndValidateNewRoleAsync(command.RoleId, user.UserAreaCode, executionContext);
}
// Map
Map(command, user, userArea);
// Save
await _dbContext.SaveChangesAsync();
}
private void ValidateUserArea(string userAreaCode)
{
var userArea = _userAreaRepository.GetByCode(userAreaCode);
if (!userArea.AllowPasswordLogin)
{
throw new InvalidOperationException("Cannot reset the password because the " + userArea.Name + " user area does not allow password logins.");
}
}
public void Execute(AddUserCommand command, IExecutionContext executionContext)
{
var userArea = _userAreaRepository.GetByCode(command.UserAreaCode);
var dbUserArea = QueryUserArea(userArea).SingleOrDefault();
dbUserArea = AddUserAreaIfNotExists(userArea, dbUserArea);
ValidateCommand(command, userArea);
var isUnique = _queryExecutor.Execute(GetUniqueQuery(command, userArea), executionContext);
ValidateIsUnique(isUnique, userArea);
var newRole = _userCommandPermissionsHelper.GetAndValidateNewRole(command.RoleId, command.UserAreaCode, executionContext);
var user = MapAndAddUser(command, executionContext, newRole, userArea, dbUserArea);
_dbContext.SaveChanges();
command.OutputUserId = user.UserId;
}
public void ValidatePermissions(User user, IExecutionContext executionContext)
{
var userArea = _userAreaRepository.GetByCode(user.UserAreaCode);
if (userArea is CofoundryAdminUserArea)
{
_permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext);
}
else
{
_permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext);
}
}
public UserContext Map(User dbUser)
{
if (dbUser == null)
{
return(null);
}
var cx = _mapper.Map <UserContext>(dbUser);
cx.UserArea = _userAreaRepository.GetByCode(dbUser.UserAreaCode);
return(cx);
}
public async Task ExecuteAsync(EnsureUserAreaExistsCommand command, IExecutionContext executionContext)
{
var userArea = _userAreaRepository.GetByCode(command.UserAreaCode);
EntityNotFoundException.ThrowIfNull(userArea, command.UserAreaCode);
var dbUserArea = await _dbContext
.UserAreas
.SingleOrDefaultAsync(a => a.UserAreaCode == userArea.UserAreaCode);
if (dbUserArea == null)
{
dbUserArea = new UserArea();
dbUserArea.UserAreaCode = userArea.UserAreaCode;
dbUserArea.Name = userArea.Name;
_dbContext.UserAreas.Add(dbUserArea);
}
}
private PasswordResetRequestAuthenticationResult ValidatePasswordRequest(UserPasswordResetRequest request, ValidatePasswordResetRequestQuery query, IExecutionContext executionContext)
{
if (request == null || request.Token != query.Token)
{
throw new InvalidOperationException("Invalid password request - Id: " + query.UserPasswordResetRequestId + " Token: " + request.Token);
}
if (request.User.UserAreaCode != query.UserAreaCode)
{
throw new InvalidOperationException("Request received through an invalid route");
}
if (request.User.IsDeleted || request.User.IsSystemAccount)
{
throw new InvalidOperationException("User not permitted to change password");
}
var userArea = _userAreaRepository.GetByCode(request.User.UserAreaCode);
if (!userArea.AllowPasswordLogin)
{
throw new InvalidOperationException("Cannot update the password to account in a user area that does not allow password logins.");
}
var result = new PasswordResetRequestAuthenticationResult();
result.IsValid = true;
if (request.IsComplete)
{
result.IsValid = false;
result.ValidationErrorMessage = "The password recovery request is no longer valid.";
}
if (!IsPasswordRecoveryDateValid(request.CreateDate, executionContext))
{
result.IsValid = false;
result.ValidationErrorMessage = "The password recovery request has expired.";
}
return(result);
}
private void UpdatePassword(UpdateCurrentUserUserPasswordCommand command, IExecutionContext executionContext, User user)
{
EntityNotFoundException.ThrowIfNull(user, executionContext.UserContext.UserId);
var userArea = _userAreaRepository.GetByCode(user.UserAreaCode);
if (!userArea.AllowPasswordLogin)
{
throw new InvalidOperationException("Cannot update the password to account in a user area that does not allow password logins.");
}
if (!_userAuthenticationHelper.IsPasswordCorrect(user, command.OldPassword))
{
throw new PropertyValidationException("Incorrect password", "OldPassword");
}
user.RequirePasswordChange = false;
user.LastPasswordChangeDate = executionContext.ExecutionDate;
var hashResult = _passwordCryptographyService.CreateHash(command.NewPassword);
user.Password = hashResult.Hash;
user.PasswordEncryptionVersion = (int)hashResult.EncryptionVersion;
}
public bool IsPasswordCorrect(User user, string password)
{
if (user == null)
{
return(false);
}
var userArea = _userAreaRepository.GetByCode(user.UserAreaCode);
if (!userArea.AllowPasswordLogin)
{
throw new InvalidOperationException("This user is not permitted to log in with a password.");
}
if (String.IsNullOrWhiteSpace(user.Password) || !user.PasswordEncryptionVersion.HasValue)
{
throw new InvalidOperationException("Cannot authenticate via password because the specified account does not have a password set.");
}
bool result = _cryptographyService.Verify(password, user.Password, (PasswordEncryptionVersion)user.PasswordEncryptionVersion.Value);
return(result);
}
private async Task UpdateEmail(UpdateCurrentUserAccountCommand command, int userId, User user)
{
var userArea = _userAreaRepository.GetByCode(user.UserAreaCode);
if (userArea.UseEmailAsUsername && user.Username != command.Email)
{
var uniqueQuery = new IsUsernameUniqueQuery()
{
Username = command.Email,
UserId = userId,
UserAreaCode = CofoundryAdminUserArea.AreaCode
};
if (!await _queryExecutor.ExecuteAsync(uniqueQuery))
{
throw new PropertyValidationException("This email is already registered", "Email");
}
user.Username = command.Email;
}
user.Email = command.Email;
}
