public EditUserRoleModule()
{
// add an after hook to send the user to access denied if they are NOT admin
After += context =>
{
if (context.Response.StatusCode == HttpStatusCode.Forbidden)
context.Response = this.Response.AsRedirect("/denied");
};
this.RequiresAnyClaim(new[] { "admin" });
// show the edit user form
Get["/EditUserRole/{Guid}"] = parameters =>
{
this.RequiresAuthentication();
// get the user row to be edit and send it to the View
var userRow = UserDatabase.GetUserByGuid(parameters.Guid);
// get the users role guid and put into the model
var urGuid = UserDatabase.GetRoleGuidForUser(parameters.Guid);
userRow.RoleGuid = urGuid.RoleGuid;
return View["Views/User/EditUserRole", userRow];
};
Post["/EditUserRole/{Guid}"] = parameters =>
{
var model = new Users();
this.BindTo(model);
var email = (string)Request.Form.Email;
string r = null;
try
{
// create an instance of the RolesInsert and fill the data
var ur = new UserRolesInsert { RoleGuid = model.RoleGuid, UserGuid = model.Guid };
// open db and clear out old role and add new
var db = Database.Open();
db.UserRoles.DeleteByUserGuid(model.Guid);
db.UserRoles.Insert(ur);
r = "<strong>Success:</strong> " +
"user: <em>" + email +
"</em> role was updated. <a href=\"/users \"> return to users</a> ";
}
catch (Exception e)
{
r = "<strong>Error:</strong> " +
" guid: something went wrong and the update failed!: " + e + " <a href=\"/users \"> return to users</a> ";
}
return Response.AsText(r);
};
}
public AddUserModule()
{
// add an after hook to send the user to access denied if they are NOT admin
After += context =>
{
if (context.Response.StatusCode == HttpStatusCode.Forbidden)
context.Response = this.Response.AsRedirect("/denied");
};
this.RequiresAnyClaim(new[] { "admin" });
// show the add user form
Get["/adduser"] = _ =>
{
this.RequiresAuthentication();
return View["Views/User/AddUser"];
};
// receive the posted add form data
Post["/adduser"] = parameters =>
{
// create an instance of the expected model and bind it to this (the posted form)
var model = new Users();
this.BindTo(model);
var db = Database.Open(); // open db with Simple.Data
// check if username/email already exists
int uCount = Database.Open().Users.GetCount(db.Users.Email == Request.Form.Email);
if (uCount > 0)
return Response.AsJson("<strong>Error:</strong> The email already exists and cannot be used!");
// get the pwd because it is not going in the table and therefore NOT in the model
var pwd = (string)Request.Form.Password;
// create the BCrypt hash + salt
string theSalt = BCrypt.Net.BCrypt.GenerateSalt();
// GenerateSalt(50); increase the value in there to increase work factor
string theHash = BCrypt.Net.BCrypt.HashPassword(pwd, theSalt);
// nb: pwd is NOT saved in the DB, only the hash
model.CreateDate = DateTime.Now;
model.LastUpdated = DateTime.Now;
model.LastUpdatedBy = Context.CurrentUser.UserName;
model.Hash = theHash;
model.Guid = Guid.NewGuid();
db.Users.Insert(model);
return Response.AsJson("<strong>Success:</strong> user <em>" + model.Email + "</em> was added.");
};
}
public EditUserModule()
{
// add an after hook to send the user to access denied if they are NOT admin
After += context =>
{
if (context.Response.StatusCode == HttpStatusCode.Forbidden)
context.Response = this.Response.AsRedirect("/denied");
};
this.RequiresAnyClaim(new[] { "admin" });
// show the edit user form
Get["/EditUser/{Guid}"] = parameters =>
{
this.RequiresAuthentication();
// get the user row to be edit and send it to the View
var userRow = UserDatabase.GetUserByGuid(parameters.Guid);
return View["Views/User/EditUser", userRow];
};
Post["/EditUser/{Guid}"] = parameters =>
{
var model = new Users();
this.BindTo(model);
string r;
var email = (string) Request.Form.Email;
var pwd = (string) Request.Form.Password;
var theSalt = BCrypt.Net.BCrypt.GenerateSalt();
var thenewHash = BCrypt.Net.BCrypt.HashPassword(pwd, theSalt);
// create a subset of the user model so that we are only updating the fields
// we see on the form
var user = new EditUser()
{
Guid=model.Guid,
FirstName = model.FirstName,
LastName = model.LastName,
LastUpdated = DateTime.Now,
LastUpdatedBy = Context.CurrentUser.UserName,
Hash = thenewHash
};
try
{
var db = Database.Open();
db.Users.Update(user);
r = "<strong>Success:</strong> " +
"user: <em>" + email +
"</em> was updated. <a href=\"/users \"> return to users</a> ";
}
catch (Exception e)
{
r = "<strong>Error:</strong> " +
" guid: something went wrong and the update failed!: " + e +" <a href=\"/users \"> return to users</a> ";
}
return Response.AsText(r);
};
}
