示例#1
0
        public async Task <ActionResult> UpdateUserEasyPassword(
            [FromRoute, Required] Guid userId,
            [FromBody, Required] UpdateUserEasyPassword request)
        {
            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true).ConfigureAwait(false))
            {
                return(StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the easy password."));
            }

            var user = _userManager.GetUserById(userId);

            if (user == null)
            {
                return(NotFound("User not found"));
            }

            if (request.ResetPassword)
            {
                await _userManager.ResetEasyPassword(user).ConfigureAwait(false);
            }
            else
            {
                await _userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword).ConfigureAwait(false);
            }

            return(NoContent());
        }
示例#2
0
        public async Task <ActionResult> UpdateUser(
            [FromRoute, Required] Guid userId,
            [FromBody] UserDto updateUser)
        {
            if (updateUser == null)
            {
                return(BadRequest());
            }

            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false))
            {
                return(Forbid("User update not allowed."));
            }

            var user = _userManager.GetUserById(userId);

            if (string.Equals(user.Username, updateUser.Name, StringComparison.Ordinal))
            {
                await _userManager.UpdateUserAsync(user).ConfigureAwait(false);

                _userManager.UpdateConfiguration(user.Id, updateUser.Configuration);
            }
            else
            {
                await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);

                _userManager.UpdateConfiguration(updateUser.Id, updateUser.Configuration);
            }

            return(NoContent());
        }
示例#3
0
        public ActionResult UpdateUserEasyPassword(
            [FromRoute, Required] Guid userId,
            [FromBody] UpdateUserEasyPassword request)
        {
            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
            {
                return(Forbid("User is not allowed to update the easy password."));
            }

            var user = _userManager.GetUserById(userId);

            if (user == null)
            {
                return(NotFound("User not found"));
            }

            if (request.ResetPassword)
            {
                _userManager.ResetEasyPassword(user);
            }
            else
            {
                _userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword);
            }

            return(NoContent());
        }
示例#4
0
        public async Task <ActionResult> UpdateUserConfiguration(
            [FromRoute, Required] Guid userId,
            [FromBody, Required] UserConfiguration userConfig)
        {
            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false).ConfigureAwait(false))
            {
                return(StatusCode(StatusCodes.Status403Forbidden, "User configuration update not allowed"));
            }

            await _userManager.UpdateConfigurationAsync(userId, userConfig).ConfigureAwait(false);

            return(NoContent());
        }
示例#5
0
        public ActionResult UpdateUserConfiguration(
            [FromRoute, Required] Guid userId,
            [FromBody] UserConfiguration userConfig)
        {
            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false))
            {
                return(Forbid("User configuration update not allowed"));
            }

            _userManager.UpdateConfiguration(userId, userConfig);

            return(NoContent());
        }
示例#6
0
        public async Task<ActionResult> UpdateUserPassword(
            [FromRoute, Required] Guid userId,
            [FromBody, Required] UpdateUserPassword request)
        {
            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true).ConfigureAwait(false))
            {
                return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the password.");
            }

            var user = _userManager.GetUserById(userId);

            if (user == null)
            {
                return NotFound("User not found");
            }

            if (request.ResetPassword)
            {
                await _userManager.ResetPassword(user).ConfigureAwait(false);
            }
            else
            {
                if (!HttpContext.User.IsInRole(UserRoles.Administrator))
                {
                    var success = await _userManager.AuthenticateUser(
                        user.Username,
                        request.CurrentPw,
                        request.CurrentPw,
                        HttpContext.GetNormalizedRemoteIp().ToString(),
                        false).ConfigureAwait(false);

                    if (success == null)
                    {
                        return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
                    }
                }

                await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);

                var currentToken = (await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false)).Token;

                await _sessionManager.RevokeUserTokens(user.Id, currentToken).ConfigureAwait(false);
            }

            return NoContent();
        }
示例#7
0
        public async Task <ActionResult> UpdateUserPassword(
            [FromRoute, Required] Guid userId,
            [FromBody] UpdateUserPassword request)
        {
            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
            {
                return(Forbid("User is not allowed to update the password."));
            }

            var user = _userManager.GetUserById(userId);

            if (user == null)
            {
                return(NotFound("User not found"));
            }

            if (request.ResetPassword)
            {
                await _userManager.ResetPassword(user).ConfigureAwait(false);
            }
            else
            {
                var success = await _userManager.AuthenticateUser(
                    user.Username,
                    request.CurrentPw,
                    request.CurrentPw,
                    HttpContext.GetNormalizedRemoteIp(),
                    false).ConfigureAwait(false);

                if (success == null)
                {
                    return(Forbid("Invalid user or password entered."));
                }

                await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);

                var currentToken = _authContext.GetAuthorizationInfo(Request).Token;

                _sessionManager.RevokeUserTokens(user.Id, currentToken);
            }

            return(NoContent());
        }
示例#8
0
        public async Task <ActionResult> UpdateUser(
            [FromRoute, Required] Guid userId,
            [FromBody, Required] UserDto updateUser)
        {
            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false).ConfigureAwait(false))
            {
                return(StatusCode(StatusCodes.Status403Forbidden, "User update not allowed."));
            }

            var user = _userManager.GetUserById(userId);

            if (!string.Equals(user.Username, updateUser.Name, StringComparison.Ordinal))
            {
                await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
            }

            await _userManager.UpdateConfigurationAsync(user.Id, updateUser.Configuration).ConfigureAwait(false);

            return(NoContent());
        }