/// <summary>
/// Creates a restriction on accounts with the specified e-mail address indication that the user is not allowed to log in while their account is being reset.
/// </summary>
/// <param name="accounts">A list of user accounts associated with the e-mail address</param>
/// <param name="emailAddress">The e-mail address entered from the Reset page</param>
/// <param name="haveUsername">If the username has also been forgotten or a normal reset where the user knows their username</param>
/// <returns></returns>
private string CreateRestriction(IEnumerable <UserEntity> accounts, string emailAddress, bool haveUsername)
{
var restrictionKey = EpicMembershipProvider.CreateSalt(16);
var accountRestriction = new AccountRestrictionEntity
{
AccountRestrictionType = haveUsername ? AccountRestrictionType.PasswordReset : AccountRestrictionType.LostUsername,
RestrictionKey = restrictionKey,
EmailAddress = emailAddress,
IPAddress = Request.ServerVariables["REMOTE_ADDR"]
};
foreach (var account in accounts)
{
// If account is already restricted, don't create a new restriction.
// It could be restricted because it's a new account or due to a prior
// password reset.
if (account.UserAccountRestrictions.Count == 0)
{
var restriction = accountRestriction.UserAccountRestrictions.AddNew();
restriction.UserId = account.UserId;
}
}
accountRestriction.Save(true);
return(restrictionKey);
}
protected override void TestCleanup()
{
new LinqMetaData().User
.Where(x => x.FirstName == "UserTest" || x.FirstName == "UserTest1")
.ToList().ForEach(x =>
{
var ars = x.UserAccountRestrictions.Select(y => y.AccountRestriction).ToList();
x.UserAccountRestrictions.DeleteMulti();
ars.ForEach(y => y.Delete());
x.Delete();
});
// delete restrictions on epic admin
var user = TestData.OrgAdminUser;
Assert.IsNotNull(user);
var adminArs = user.UserAccountRestrictions.Select(y => y.AccountRestriction).ToList();
user.UserAccountRestrictions.DeleteMulti();
adminArs.ForEach(y => y.Delete());
var transaction = new Transaction(IsolationLevel.ReadCommitted, "reset");
EpicMembershipProvider.SetPassword(user, TestData.OrgAdminPassword, transaction);
transaction.Add(user);
user.Save();
transaction.Commit();
base.TestCleanup();
}
/// <summary>
/// Sets the password for a user, not typically allowed by MembershipProvider.
/// </summary>
/// <param name="user"></param>
/// <param name="password"></param>
/// <returns></returns>
public static bool SetPassword(this MembershipUser user, string password)
{
Transaction transaction = new Transaction(System.Data.IsolationLevel.ReadCommitted, "password change");
try
{
int userId = user.GetUserId().Id;
UserEntity userEntity = new UserEntity(userId);
if (!userEntity.IsNew)
{
transaction.Add(userEntity);
EpicMembershipProvider.SetPassword(userEntity, password, transaction);
userEntity.Save();
transaction.Commit();
return(true);
}
else
{
return(false);
}
}
catch
{
transaction.Rollback();
return(false);
}
finally
{
transaction.Dispose();
}
}
private static void Cleanup()
{
var user = new LinqMetaData().User.FirstOrDefault(x => x.Username == TestData.OrgAdminUsername);
var transaction = new Transaction(IsolationLevel.ReadCommitted, "reset");
EpicMembershipProvider.SetPassword(user, TestData.OrgAdminPassword, transaction);
transaction.Add(user);
user.Save();
transaction.Commit();
}
private static void Cleanup()
{
var user = TestData.OrgAdminUser;
var transaction = new Transaction(IsolationLevel.ReadCommitted, "reset");
EpicMembershipProvider.SetPassword(user, TestData.OrgAdminPassword, transaction);
transaction.Add(user);
user.Save();
transaction.Commit();
}
public ActionResult Add(int organizationId, AddUserModel model)
{
var organization = new OrganizationEntity(organizationId);
if (organization.IsNew)
{
throw new HttpException(404, SharedRes.Error.NotFound_Organization);
}
var restrictionKey = EpicMembershipProvider.CreateSalt(16);
if (ModelState.IsValid)
{
if (!Permissions.UserHasPermission("Edit", organization))
{
throw new HttpException(401, SharedRes.Error.Unauthorized_OrganizationEdit);
}
// Validate submitted role.
if (!model.Role.HasValue || !(OrganizationUtils.GetAllowedRoles(organizationId).Any(r => r.RoleId == model.Role)))
{
throw new HttpException(417, ControllerRes.Account.Invalid_RoleSpecified);
}
// Locations are only valid for non-admin users.
bool isAdmin = RoleUtils.IsRoleForAdmin(model.Role.Value);
if (!isAdmin)
{
// Validate submitted locations are locations of the organization.
if (model.Locations.Except(new LinqMetaData().Location.Where(l => l.OrganizationId == organizationId).Select(l => l.LocationId).ToList()).Any())
{
throw new HttpException(404, SharedRes.Error.NotFound_Location);
}
}
Transaction transaction = new Transaction(IsolationLevel.ReadCommitted, "user add");
try
{
UserEntity user = new UserEntity
{
OrganizationId = organizationId,
FirstName = model.FirstName,
LastName = model.LastName,
EmailAddress = model.EmailAddress,
Username = string.Empty,
Password = string.Empty
};
transaction.Add(user);
// If role is non-admin, set up locations.
if (!isAdmin)
{
foreach (var loc in model.Locations)
{
var assignedLocation = user.UserAssignedLocations.AddNew();
assignedLocation.LocationId = loc;
}
}
var userRole = user.Roles.AddNew();
userRole.RoleId = model.Role.Value;
var accountRestriction = new AccountRestrictionEntity
{
AccountRestrictionType = AccountRestrictionType.NewUser,
RestrictionKey = restrictionKey,
EmailAddress = model.EmailAddress,
Parameters = string.IsNullOrWhiteSpace(model.Pin) ? string.Empty : model.Pin,
CreatedBy = Membership.GetUser().GetUserId().Id,
IPAddress = Request.ServerVariables["REMOTE_ADDR"]
};
transaction.Add(accountRestriction);
accountRestriction.Save();
var userRestriction = user.UserAccountRestrictions.AddNew();
userRestriction.AccountRestrictionId = accountRestriction.AccountRestrictionId;
// Save recursively ... so assigned locations, role and restriction are saved, too.
user.Save(true);
transaction.Commit();
}
catch (Exception)
{
transaction.Rollback();
throw new HttpException(500, SharedRes.Error.Error_DatabaseUnknown);
}
finally
{
transaction.Dispose();
}
// Send email for registration validation.
SendRegistrationEmail(model, restrictionKey);
// Add user complete. Modal dialog will close, so no response except "success".
return(new EmptyResult());
}
Response.StatusCode = 417;
Response.TrySkipIisCustomErrors = true;
return(PartialView(model));
}
