private async Task <IActionResult> RegisterUser(RegisterViewModel model, string returnUrl, bool useAP) { //Create the user object and validate it before calling Fraud Protection var user = new ApplicationUser { UserName = model.User.Email, Email = model.User.Email, FirstName = model.User.FirstName, LastName = model.User.LastName, PhoneNumber = model.User.Phone, Address1 = model.Address.Address1, Address2 = model.Address.Address2, City = model.Address.City, State = model.Address.State, ZipCode = model.Address.ZipCode, CountryRegion = model.Address.CountryRegion }; foreach (var v in _userManager.UserValidators) { var validationResult = await v.ValidateAsync(_userManager, user); if (!validationResult.Succeeded) { AddErrors(validationResult); } } ; foreach (var v in _userManager.PasswordValidators) { var validationResult = await v.ValidateAsync(_userManager, user, model.Password); if (!validationResult.Succeeded) { AddErrors(validationResult); } } ; if (ModelState.ErrorCount > 0) { return(View("Register", model)); } #region Fraud Protection Service var correlationId = _fraudProtectionService.NewCorrelationId; // Ask Fraud Protection to assess this signup/registration before registering the user in our database, etc. if (useAP) { AccountProtection.SignUp signupEvent = CreateSignupAPEvent(model); var signupAssessment = await _fraudProtectionService.PostSignupAP(signupEvent, correlationId); //Track Fraud Protection request/response for display only var fraudProtectionIO = new FraudProtectionIOModel(correlationId, signupEvent, signupAssessment, "Signup"); TempData.Put(FraudProtectionIOModel.TempDataKey, fraudProtectionIO); bool rejectSignup = false; if (signupAssessment is AccountProtection.ResponseSuccess signupResponse) { rejectSignup = signupResponse.ResultDetails.FirstOrDefault()?.Decision != AccountProtection.DecisionName.Approve; } if (rejectSignup) { ModelState.AddModelError("", "Signup rejected by Fraud Protection. You can try again as it has a random likelihood of happening in this sample site."); return(View("Register", model)); } } else { SignUp signupEvent = CreateSignupEvent(model); var signupAssessment = await _fraudProtectionService.PostSignup(signupEvent, correlationId); //Track Fraud Protection request/response for display only var fraudProtectionIO = new FraudProtectionIOModel(correlationId, signupEvent, signupAssessment, "Signup"); //2 out of 3 signups will succeed on average. Adjust if you want more or less signups blocked for tesing purposes. var rejectSignup = new Random().Next(0, 3) != 0; var signupStatusType = rejectSignup ? SignupStatusType.Rejected.ToString() : SignupStatusType.Approved.ToString(); var signupStatus = new SignupStatusEvent { SignUpId = signupEvent.SignUpId, StatusType = signupStatusType, StatusDate = DateTimeOffset.Now, Reason = "User is " + signupStatusType }; if (!rejectSignup) { signupStatus.User = new SignupStatusUser { UserId = model.User.Email }; } var signupStatusResponse = await _fraudProtectionService.PostSignupStatus(signupStatus, correlationId); fraudProtectionIO.Add(signupStatus, signupStatusResponse, "Signup Status"); TempData.Put(FraudProtectionIOModel.TempDataKey, fraudProtectionIO); if (rejectSignup) { ModelState.AddModelError("", "Signup rejected by Fraud Protection. You can try again as it has a random likelihood of happening in this sample site."); return(View("Register", model)); } } #endregion var result = await _userManager.CreateAsync(user, model.Password); if (!result.Succeeded) { AddErrors(result); return(View("Register", model)); } await _signInManager.SignInAsync(user, isPersistent : false); await TransferBasketToEmailAsync(user.Email); return(RedirectToLocal(returnUrl)); }
public async Task <FraudProtectionResponse> PostSignupStatus(SignupStatusEvent signupStatus, string correlationId, string envId) { var response = await PostAsync(_settings.Endpoints.SignupStatus, signupStatus, correlationId, envId); return(await Read <FraudProtectionResponse>(response)); }