public UserDto Add(UserDto dto, string initialPassword, int?byUserId = null) { try { _unitOfWork.Begin(); var user = new User(); pushUpdatableUserProfileToModel(user, dto); validatePassword(initialPassword); // these properties are only set once upon user creation user.CreatedAt = DateTime.UtcNow; user.Salt = _cipherService.GenerateSalt(); user.PasswordHash = _cipherService.ComputeSHA256Hash(initialPassword, user.Salt); // default to just a viewer dto.Roles = new List <TypeOfUserRole>() { TypeOfUserRole.Viewer }; validateUserModel(user, dto.Roles); if (UserExists(dto.Username)) { throw new ApplicationException($"The username {dto.Username} has already been taken. Please either register with another username or login if you have already registered."); } user = _userRepository.Add(user); setUserRoles(user, dto.Roles); var newUserDto = _mapper.Map <User, UserDto>(user); _unitOfWork.Commit(); // _userRepository.AddSystemLogEntry(byUserId, "Created user " + newUserDto.FullName); return(newUserDto); } catch (Exception ex) { _unitOfWork.Rollback(); // _logger.Error("Error during user addition", ex); throw; } }