public static UserDto ToDto(this UserWithPasswordHash model)
{
var dto = (model as User).ToDto();
dto.PasswordHash = model.PasswordHash;
return(dto);
}
public async Task <IActionResult> Migrate([FromBody] MigrationModel model)
{
if (model.Membership == null)
{
throw ErtisAuthException.ValidationError(new[] { "membership is required" });
}
if (model.User == null)
{
throw ErtisAuthException.ValidationError(new[] { "user is required" });
}
if (!this.Request.Headers.ContainsKey("ConnectionString"))
{
throw ErtisAuthException.ValidationError(new[] { "ConnectionString must be post in header" });
}
var connectionString = this.Request.Headers["ConnectionString"];
var membership = new Membership
{
Name = model.Membership.Name,
ExpiresIn = model.Membership.ExpiresIn,
RefreshTokenExpiresIn = model.Membership.RefreshTokenExpiresIn,
HashAlgorithm = model.Membership.HashAlgorithm,
DefaultEncoding = model.Membership.DefaultEncoding,
SecretKey = model.Membership.SecretKey,
};
var user = new UserWithPasswordHash
{
Username = model.User.Username,
EmailAddress = model.User.EmailAddress,
FirstName = model.User.FirstName,
LastName = model.User.LastName,
PasswordHash = model.User.Password,
Role = model.User.Role,
Forbidden = model.User.Forbidden,
Permissions = model.User.Permissions
};
Application application = null;
if (model.Application != null)
{
application = new Application
{
Name = model.Application.Name,
Role = model.Application.Role
};
}
this.Request.HttpContext.Items.Add("SysUtilizer", "migration");
var migrationResult = await this.migrationService.MigrateAsync(connectionString, membership, user, application);
return(this.Ok(migrationResult));
}
public async ValueTask <dynamic> MigrateAsync(string connectionString, Membership _membership, UserWithPasswordHash _user, Application _application)
{
// Validation
var databaseInformation = Ertis.MongoDB.Helpers.ConnectionStringHelper.ParseConnectionString(connectionString);
var connectionString1 = Ertis.MongoDB.Helpers.ConnectionStringHelper.GenerateConnectionString(this.databaseSettings);
var connectionString2 = Ertis.MongoDB.Helpers.ConnectionStringHelper.GenerateConnectionString(databaseInformation);
if (connectionString1 != connectionString2)
{
throw ErtisAuthException.MigrationRejected("Connection string could not validated");
}
// 1. Membership
var membership = await this.membershipService.CreateAsync(new Membership
{
Name = _membership.Name,
DefaultEncoding = _membership.DefaultEncoding,
HashAlgorithm = _membership.HashAlgorithm,
ExpiresIn = _membership.ExpiresIn,
RefreshTokenExpiresIn = _membership.RefreshTokenExpiresIn,
SecretKey = string.IsNullOrEmpty(_membership.SecretKey) ? GenerateRandomSecretKey(32) : _membership.SecretKey
});
// Utilizer
var utilizer = new Utilizer
{
Username = "******",
Role = ReservedRoles.Administrator,
Type = Utilizer.UtilizerType.System,
MembershipId = membership.Id
};
// 2. Role
Role adminRole;
var currentAdminRole = await this.roleService.GetByNameAsync(ReservedRoles.Administrator, membership.Id);
if (currentAdminRole == null)
{
adminRole = await this.roleService.CreateAsync(utilizer, membership.Id, new Role
{
Name = ReservedRoles.Administrator,
Description = "Administrator",
MembershipId = membership.Id,
Permissions = RoleHelper.AssertAdminPermissionsForReservedResources()
});
}
else
{
adminRole = currentAdminRole;
}
// 3. User (admin)
var adminUser = await this.userService.CreateAsync(utilizer, membership.Id, new UserWithPasswordHash
{
Username = _user.Username,
FirstName = _user.FirstName,
LastName = _user.LastName,
EmailAddress = _user.EmailAddress,
Role = adminRole.Name,
MembershipId = membership.Id,
PasswordHash = this.cryptographyService.CalculatePasswordHash(membership, _user.PasswordHash)
});
// 4. Application
if (_application != null)
{
var application = await this.applicationService.CreateAsync(utilizer, membership.Id, new Application
{
Name = _application.Name,
Role = _application.Role,
MembershipId = membership.Id
});
return(new
{
membership,
user = adminUser,
role = adminRole,
application
});
}
return(new
{
membership,
user = adminUser,
role = adminRole
});
}
