public async Task <IActionResult> ChangePassword(UserModel model)
{
if (!await _permissionService.AuthorizeAsync(StandardPermissionProvider.ManageUsers))
{
return(AccessDeniedView());
}
var user = await _userService.GetUserByIdAsync(model.Id);
if (user == null)
{
return(RedirectToAction("Index"));
}
//ensure that the current user cannot delete "Administrators" if he's not an admin himself
if (user.IsAdmin() && !_workContext.CurrentUser.IsAdmin())
{
_notificationService.ErrorNotification("You're not allowed to delete administrators. Only administrators can do it.");
return(RedirectToAction("Edit", new { id = user.Id }));
}
if (!ModelState.IsValid)
{
return(RedirectToAction("Edit", new { id = user.Id }));
}
var changePassRequest = new ChangePasswordRequest(model.Email, false, _userSettings.DefaultPasswordFormat, model.Password);
var changePassResult = await _userRegistrationService.ChangePasswordAsync(changePassRequest);
if (changePassResult.Success)
{
_notificationService.SuccessNotification("The password has been changed successfully.");
}
else
{
foreach (var error in changePassResult.Errors)
{
_notificationService.ErrorNotification(error);
}
}
return(RedirectToAction("Edit", new { id = user.Id }));
}
public async Task <IActionResult> FirstTimeLogin(FirstTimeLoginViewModel model, string returnUrl)
{
if (!model.Id.HasValue)
{
throw new DefaultException("First time login failed");
}
if (ModelState.IsValid)
{
var user = await _userService.GetUserByIdAsync(model.Id.Value);
if (user != null)
{
var changePasswordRequest = new ChangePasswordRequest(user.Email, true,
_userSettings.DefaultPasswordFormat, model.NewPassword, model.CurrentPassword);
var changePasswordResult = await _userRegistrationService.ChangePasswordAsync(changePasswordRequest);
if (changePasswordResult.Success)
{
//update login details
user.FailedLoginAttempts = 0;
user.CannotLoginUntilDateUtc = null;
user.LastLoginDateUtc = DateTime.UtcNow;
user.RegisteredInTenantId = _tenantContext.CurrentTenant.Id;
//add to 'Registered' role
var registeredRole = _userService.GetRoleBySystemName(UserDefaults.RegisteredRoleName);
if (registeredRole == null)
{
throw new DefaultException("'Registered' role could not be loaded");
}
user.AddUserRole(new UserRole {
Role = registeredRole
});
//remove from 'Guests' role
var guestRole = user.Roles.FirstOrDefault(r => r.SystemName == UserDefaults.GuestsRoleName);
if (guestRole != null)
{
user.RemoveUserRole(user.UserRoles.FirstOrDefault(mapping => mapping.RoleId == guestRole.Id));
}
await _userService.UpdateUserAsync(user);
//activity log
await _userActivityService.InsertActivityAsync(user, "FirstTimeLogin", $"First time login ('{user.Username}')", user);
//succeed notification
_notificationService.SuccessNotification("First time login succeed");
if (string.IsNullOrEmpty(returnUrl) || !Url.IsLocalUrl(returnUrl))
{
return(RedirectToRoute("Login"));
}
return(Redirect(returnUrl));
}
//errors
foreach (var error in changePasswordResult.Errors)
{
ModelState.AddModelError("", error);
}
}
}
//If we got this far, something failed, redisplay form
return(View(model));
}