public IActionResult GetMyFriends()
        {
            var userId  = _userIdentity.GetUserId(User);
            var friends = _friendsManager.GetFriends(userId);

            return(Ok(friends));
        }
        public IHttpActionResult Get()
        {
            SkyberryUser user   = UOW.SkyberryUsers.GetDashboardInfo(UserIdentity.GetUserId());
            UserVM       userVM = ModelFactory.CreateUserVM(user, UserRoles);

            return(new SkyApiPayload <UserVM>(Request, userVM));
        }
Пример #3
0
        public ActionResult Log(int id)
        {
            var isAdmin       = UserIdentity.IsUserInRole(this, "Admin");
            var currentUserId = UserIdentity.GetUserId(this);
            var users         = _context.User
                                .Include("UserLogs")
                                .Where(u => u.Id == id && (u.Id == currentUserId || isAdmin));

            if (users.ToList().Count == 0)
            {
                return(new HttpNotFoundResult());
            }
            var user      = users.Single();
            var requester = UserIdentity.GetRequester(this);

            // SECURE: Check user should have access to this account
            if (!UserIdentity.IsUserInRole(this, "Admin") && UserIdentity.GetUserId(this) != user.Id)
            {
                Logger.Information("Failed User Log Get, access not permitted by requester {@requester}", requester);
                return(new HttpNotFoundResult());
            }

            ViewBag.UserName = user.UserName;
            return(View(new UserLogViewModel(user)));
        }
Пример #4
0
        public HttpResponseMessage Add(PatientDto newPatientDto)
        {
            var userId = UserIdentity.GetUserId((ClaimsIdentity)User.Identity);
            var result = _services.Add(newPatientDto, userId);

            return(Request.CreateResponse(HttpStatusCode.OK, result));
        }
        public HttpResponseMessage Update(InsuranceDto oldInsuranceDto)
        {
            var userId = UserIdentity.GetUserId((ClaimsIdentity)User.Identity);
            var result = _services.Update(oldInsuranceDto, userId);

            return(Request.CreateResponse(HttpStatusCode.OK, result));
        }
        public ActionResult RemoveAdmin(int id, FormCollection collection)
        {
            var user = _context.User.Include("UserRoles").SingleOrDefault(u => u.Id == id);

            if (user == null)
            {
                return(new HttpNotFoundResult());
            }
            if (user.UserRoles.All(a => a.RoleId != Consts.Roles.Admin))
            {
                return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
            }
            var userRole     = user.UserRoles.Single(a => a.RoleId == Consts.Roles.Admin);
            var isOwnProfile = id == UserIdentity.GetUserId(this);

            user.UserLogs.Add(new UserLog {
                Description = $"User had administrator privileges removed by {UserIdentity.GetUserName(this)}"
            });
            _context.SetDeleted(userRole);
            _context.SaveChanges();
            if (isOwnProfile)
            {
                _userManager.SignOut();
                return(RedirectToAction("Logon", "Account"));
            }
            return(RedirectToAction("Edit", "User", new { id }));
        }
Пример #7
0
        public JsonResult Disable(int id, FormCollection collection)
        {
            if (id == 0)
            {
                return(Json(new { success = false, message = "unable to locate user id" }));
            }
            var requester = UserIdentity.GetRequester(this);
            var user      = _context.User.FirstOrDefault(u => u.Id == id);

            if (user == null)
            {
                Logger.Information("Failed User Disable Post for id {id}, user did not exist by requester {@requester}",
                                   id, requester);
                return(Json(new { success = false, message = "unable to locate user" }));
            }

            if (user.Id == UserIdentity.GetUserId(this))
            {
                return(Json(new { success = false, message = "You cannot disable your own account" }));
            }
            user.Enabled = false;
            _context.SaveChanges();
            Logger.Information("User Disable Post for id {id} suceeded, by requester {@requester}", id, requester);
            return(Json(new { success = true, message = "" }));
        }
        public ActionResult Delete(int id, FormCollection collection)
        {
            var isOwnProfile = UserIdentity.GetUserId(this) == id;

            ViewBag.Message = "";
            var user = _context.User
                       .Include("PreviousPasswords")
                       .Include("UserLogs")
                       .Include("UserRoles")
                       .SingleOrDefault(a => a.Id == id && !isOwnProfile);

            if (user == null)
            {
                return(new HttpNotFoundResult());
            }
            if (!user.CanBeDeleted)
            {
                ViewBag.Message = "This user has data associated with it and cannot be deleted";
                return(View("Delete", user));
            }
            Logger.Warning($"User {user.UserName} was deleted by user {UserIdentity.GetUserName(this)}");
            user.PreviousPasswords.ToList().ForEach(a => { _context.SetDeleted(a); });
            user.UserLogs.ToList().ForEach(a => { _context.SetDeleted(a); });
            user.UserRoles.ToList().ForEach(a => { _context.SetDeleted(a); });
            _context.SetDeleted(user);
            _context.SaveChanges();
            return(RedirectToAction("Index", "User"));
        }
Пример #9
0
        public async Task <ActionResult> ChangeEmailAddressAsync(ChangeEmailAddressViewModel model)
        {
            var userId = UserIdentity.GetUserId(this);
            var user   = _context.User.FirstOrDefault(u => u.Id == userId && u.Enabled && u.EmailVerified && u.Approved);

            AppSensor.ValidateFormData(this, new List <string> {
                "NewEmailAddress", "Password"
            });
            if (user == null)
            {
                return(HttpNotFound());
            }
            if (ModelState.IsValid)
            {
                if (_context.User.Any(a => a.Id != user.Id && model.NewEmailAddress == a.UserName))
                {
                    ModelState.AddModelError("NewEmailAddress", "This email address is already in use");
                    Logger.Information("Failed Account ChangeEmailAddress Post, Username already exists");
                }
                else
                {
                    var logonResult = await _userManager.TryLogOnAsync(UserIdentity.GetUserName(this), model.Password);

                    if (logonResult.Success)
                    {
                        user.NewEmailAddressToken = Guid.NewGuid().ToString().Replace("-", "");
                        user.NewEmailAddressRequestExpiryDateUtc = DateTime.UtcNow.AddMinutes(15);
                        user.NewEmailAddress = model.NewEmailAddress;
                        // Send change username with link to recover password form
                        string emailBody = EmailTemplates.ChangeEmailAddressPendingBodyText(user.FirstName, user.LastName,
                                                                                            _configuration.ApplicationName, _configuration.WebsiteBaseUrl, user.NewEmailAddressToken);
                        string emailSubject = $"{_configuration.ApplicationName} - Complete the change email address process";
                        _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string>()
                        {
                            user.UserName
                        }, null, null,
                                            emailSubject, emailBody, true);
                        user.UserLogs.Add(new UserLog
                        {
                            Description = $"Change email address request started to change from {user.UserName} to {user.NewEmailAddress}"
                        });
                        await _context.SaveChangesAsync();

                        return(View("ChangeEmailAddressPending"));
                    }
                    else
                    {
                        Logger.Information("Failed Account ChangeEmailAddress Post, Password incorrect by requester {@requester}",
                                           UserIdentity.GetRequester(this, AppSensorDetectionPointKind.Ae1));
                        ModelState.AddModelError("Password", "The password is not correct");
                    }
                }
            }
            else
            {
                AppSensor.InspectModelStateErrors(this);
            }
            return(View("ChangeEmailAddress", new ChangeEmailAddressViewModel(user.UserName, user.NewEmailAddress, user.NewEmailAddressRequestExpiryDateUtc)));
        }
Пример #10
0
        public async Task <ActionResult> ChangePasswordAsync(ChangePasswordViewModel model)
        {
            ViewBag.ReturnUrl = Url.Action("ChangePassword");
            var requester        = UserIdentity.GetRequester(this);
            var recaptchaSuccess = true;

            if (_configuration.HasRecaptcha)
            {
                recaptchaSuccess = _recaptcha.ValidateRecaptcha(this);
            }
            AppSensor.ValidateFormData(this, new List <string> {
                "ConfirmPassword", "OldPassword", "NewPassword"
            });
            if (recaptchaSuccess)
            {
                var userId = UserIdentity.GetUserId(this);
                var user   = _context.User.FirstOrDefault(u => u.Id == userId);
                if (user != null)
                {
                    var result = await _userManager.ChangePasswordAsync(UserIdentity.GetUserId(this), model.OldPassword,
                                                                        model.NewPassword);

                    if (result.Succeeded)
                    {
                        // Email recipient with password change acknowledgement
                        var emailBody = EmailTemplates.ChangePasswordCompletedBodyText(user.FirstName, user.LastName,
                                                                                       _configuration.ApplicationName);
                        var emailSubject = $"{_configuration.ApplicationName} - Password change confirmation";
                        _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> {
                            user.UserName
                        },
                                            null, null, emailSubject, emailBody, true);
                        _context.SaveChanges();
                        _formsAuth.SignOut();
                        _userManager.SignOut();
                        _httpCache.RemoveFromCache($"MustChangePassword-{userId}");
                        Session.Abandon();
                        Logger.Debug("Account Logoff due to password change");
                        return(View("ChangePasswordSuccess"));
                    }

                    Logger.Information("Failed Account ChangePassword Post by requester {@requester}", requester);
                    AddErrors(result);
                }
                else
                {
                    return(HttpNotFound());
                }
            }
            else
            {
                Logger.Information("Failed Account Change Password Post Recaptcha failed by requester {@requester}",
                                   requester);
            }

            return(View("ChangePassword", model));
        }
Пример #11
0
        public IHttpActionResult GetAccounts(string id)
        {
            if (id != UserIdentity.GetUserId() && !UserRoles.Contains("Admin"))
            {
                return(new SkyApiNotFound(Request));
            }

            List <Account>   accounts   = UOW.Accounts.GetByUserId(id);
            List <AccountVM> accountVMs = accounts.Select(e => ModelFactory.CreateAccountVM(e)).ToList();

            return(new SkyApiPayload <List <AccountVM> >(Request, accountVMs));
        }
        public ActionResult Delete(int id)
        {
            var isOwnProfile = UserIdentity.GetUserId(this) == id;

            ViewBag.Message = "";
            var user = _context.User
                       .SingleOrDefault(a => a.Id == id && !isOwnProfile);

            if (user == null)
            {
                return(new HttpNotFoundResult());
            }
            return(View(user));
        }
        public ActionResult RemoveAdmin(int id)
        {
            ViewBag.StatusMessage = "";
            var user = _context.User.Include("UserRoles").SingleOrDefault(u => u.Id == id);

            if (user == null)
            {
                return(new HttpNotFoundResult());
            }
            if (user.UserRoles.All(a => a.RoleId != Consts.Roles.Admin))
            {
                return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
            }
            var isOwnProfile = id == UserIdentity.GetUserId(this);

            return(View("RemoveAdmin", new RemoveRoleViewModel(user, isOwnProfile)));
        }
Пример #14
0
        public ActionResult ChangeEmailAddress()
        {
            var userId = UserIdentity.GetUserId(this);
            var users  = _context.User.Where(u => u.Id == userId);

            if (users.ToList().Count == 0)
            {
                return(new HttpNotFoundResult());
            }
            var user = users.Single();

            // SECURE: Check user should have access to this account
            if (!UserIdentity.IsUserInRole(this, "Admin") && UserIdentity.GetUserId(this) != user.Id)
            {
                return(new HttpNotFoundResult());
            }
            return(View(new ChangeEmailAddressViewModel(user.UserName, user.NewEmailAddress, user.NewEmailAddressRequestExpiryDateUtc)));
        }
Пример #15
0
        public IHttpActionResult Get(string id)
        {
            if (id != UserIdentity.GetUserId() && !UserRoles.Contains("Admin"))
            {
                return(new SkyApiNotFound(Request));
            }

            SkyberryUser user = UOW.SkyberryUsers.GetDashboardInfo(id);

            if (user == null)
            {
                return(new SkyApiNotFound(Request));
            }

            UserVM userVM = ModelFactory.CreateUserVM(user, UserRoles);

            return(new SkyApiPayload <UserVM>(Request, userVM));
        }
        public ActionResult Edit(int id)
        {
            ViewBag.StatusMessage = "";
            var isAdmin       = UserIdentity.IsUserInRole(this, "Admin");
            var currentUserId = UserIdentity.GetUserId(this);
            var users         = _context.User
                                .Include("UserRoles")
                                .Where(u => u.Id == id);
            var user      = users.Single();
            var requester = UserIdentity.GetRequester(this);

            // SECURE: Check user should have access to this account
            if (!isAdmin && currentUserId != user.Id)
            {
                Logger.Information("Failed User Edit Get, user modification was not permitted for access rights by requester {@requester}", requester);
                return(new HttpNotFoundResult());
            }
            return(View(new UserViewModel(currentUserId, isAdmin, user)));
        }
Пример #17
0
        public IHttpActionResult UpdatePassword([FromBody] UpdatePasswordBM model)
        {
            SkyberryUser user = UOW.SkyberryUsers.GetById(UserIdentity.GetUserId());

            if (user == null)
            {
                return(new SkyApiNotFound(Request));
            }
            if (!UserManager.CheckPassword(user, model.OldPass))
            {
                ModelState.AddModelError("oldPass", "Current password is incorrect.");
                return(new SkyApiBadRequest(Request, new SkyModelStateError(ModelState)));
            }

            user.PasswordHash = UserManager.PasswordHasher.HashPassword(model.NewPass);
            UOW.Commit();

            return(new SkyApiOkeydoke(Request));
        }
Пример #18
0
        public IHttpActionResult UpdateUsername([FromBody] UpdateUsernameBM model)
        {
            SkyberryUser user = UOW.SkyberryUsers.GetById(UserIdentity.GetUserId());

            if (user == null)
            {
                return(new SkyApiNotFound(Request));
            }

            user.UserName = model.NewUsername;
            UOW.Commit();

            UpdateUsernameVM payload = new UpdateUsernameVM
            {
                Username = user.UserName,
            };

            return(new SkyApiPayload <UpdateUsernameVM>(Request, payload));
        }
Пример #19
0
        public IHttpActionResult UpdateEmail([FromBody] UpdateEmailBM model)
        {
            SkyberryUser user = UOW.SkyberryUsers.GetById(UserIdentity.GetUserId());

            if (user == null)
            {
                return(new SkyApiNotFound(Request));
            }

            user.Email = model.NewEmail;
            UOW.Commit();

            UpdateEmailVM payload = new UpdateEmailVM
            {
                Email = user.Email,
            };

            return(new SkyApiPayload <UpdateEmailVM>(Request, payload));
        }
Пример #20
0
        public ActionResult Landing()
        {
            var currentUserId = UserIdentity.GetUserId(this);
            var users         = _context.User.Where(u => u.Id == currentUserId);

            // Usually means user is not logged on
            if (users.ToList().Count == 0)
            {
                return(RedirectToAction("Index", "Home"));
            }
            var     user                = users.Single();
            var     activityLogs        = user.UserLogs.OrderByDescending(d => d.CreatedDateUtc).ToList();
            UserLog lastAccountActivity = null;

            if (activityLogs.Count > 1)
            {
                lastAccountActivity = activityLogs.Skip(1).FirstOrDefault();
            }
            return(View(new LandingViewModel(user.FirstName, lastAccountActivity, currentUserId)));
        }
        public ActionResult Edit(int id, FormCollection collection)
        {
            var isAdmin       = UserIdentity.IsUserInRole(this, "Admin");
            var currentUserId = UserIdentity.GetUserId(this);
            var isOwnProfile  = currentUserId == id;
            var users         = _context.User.Where(u => u.Id == id);

            if (users.ToList().Count == 0)
            {
                return(new HttpNotFoundResult());
            }
            var user = users.Single();

            ViewBag.StatusMessage = "";
            var requester = UserIdentity.GetRequester(this);

            // SECURE: Check user should have access to this account
            if (!isAdmin && !isOwnProfile)
            {
                Logger.Information("Failed User Edit Post, user modification was not permitted for access rights by requester {@requester}", requester);
                return(new HttpNotFoundResult());
            }
            ViewBag.StatusMessage = "";
            var previousUserName   = user.UserName;
            var propertiesToUpdate = new List <string>
            {
                "FirstName", "LastName", "TelNoHome", "TelNoMobile", "TelNoWork", "Title",
                "Town", "Postcode", "SkypeName"
            };
            var expectedFields = new List <string> {
                "IsAccessingUserAnAdmin", "IsOwnProfile", "IsCurrentUserAnAdmin", "User.Id"
            };

            if (isAdmin)
            {
                if (currentUserId != user.Id)
                {
                    // Otherwise these fields will be disabled on the front page
                    propertiesToUpdate.AddRange(new List <string> {
                        "Approved", "EmailVerified", "Enabled"
                    });
                }
                propertiesToUpdate.AddRange(new List <string> {
                    "UserName"
                });
            }
            propertiesToUpdate.ForEach(a => expectedFields.Add(a));
            AppSensor.ValidateFormData(this, expectedFields);
            if (TryUpdateModel(user, "User", propertiesToUpdate.ToArray(), collection))
            {
                if (_context.User.Any(a => a.Id != user.Id && user.UserName == a.UserName))
                {
                    ModelState.AddModelError("User.UserName", "This username is already in use");
                }
                else
                {
                    if (user.UserName != previousUserName)
                    {
                        user.UserLogs.Add(new UserLog
                        {
                            Description = $"Username/Email was changed from {previousUserName} by {UserIdentity.GetUserName(this)}"
                        });
                        string emailSubject = $"{_configuration.ApplicationName} - Change email address process completed";
                        string emailBody    = EmailTemplates.ChangeEmailAddressCompletedBodyText(user.FirstName, user.LastName, _configuration.ApplicationName, previousUserName, user.UserName);
                        _services.SendEmail(_configuration.DefaultFromEmailAddress, new List <string> {
                            user.UserName
                        }, null, null, emailSubject, emailBody, true);
                    }
                    _context.SaveChanges();
                    if (!isOwnProfile && isAdmin)
                    {
                        return(RedirectToAction("Index", "User"));
                    }
                    ViewBag.StatusMessage = "Your account information has been saved";
                }
            }
            else
            {
                AppSensor.InspectModelStateErrors(this);
            }

            return(View("Edit", new UserViewModel(UserIdentity.GetUserId(this), isAdmin, user)));
        }
 public ActionResult EditCurrent()
 {
     return(RedirectToAction("Edit", "User", new { Id = UserIdentity.GetUserId(this) }));
 }
 public ActionResult Index(int page = 1)
 {
     return(View("Index", new UsersViewModel(UserIdentity.GetUserId(this))));
 }