public async Task ChangeUserToAdminWhenNoAdminPresent()
{
await using var context = new WebApiContext(_seeder.DbContextOptions);
var controller = CreateController(context);
await foreach (var user in context.Users)
{
user.GroupId = _userGroup.Id;
context.Entry(user).State = EntityState.Modified;
}
await context.SaveChangesAsync();
var userToChange = await context.Users.FirstAsync();
var changes = new UserPutDto
{
Id = userToChange.Id,
Login = "******",
GroupId = _adminGroup.Id,
};
var result = await controller.PutUser(userToChange.Id, changes);
result.ShouldBeAssignableTo <OkResult>();
var changedUser = await context.Users.FindAsync(userToChange.Id);
changedUser.Login.ShouldBe(changes.Login);
changedUser.GroupId.ShouldBe(changes.GroupId);
}
public async Task ChangeUserToAdminWhenAdminPresentFails()
{
await using var context = new WebApiContext(_seeder.DbContextOptions);
var controller = CreateController(context);
var users = context.Users.ToList();
foreach (var user in users)
{
user.GroupId = _userGroup.Id;
context.Entry(user).State = EntityState.Modified;
}
users[new Random().Next(users.Count)].GroupId = _adminGroup.Id;
await context.SaveChangesAsync();
var userToChange = await context.Users.FirstAsync(u => u.Group.Code != UserGroupCode.Admin);
var oldData = new { userToChange.Login, userToChange.GroupId };
var changes = new UserPutDto
{
Id = userToChange.Id,
Login = "******",
GroupId = _adminGroup.Id,
};
var result = await controller.PutUser(userToChange.Id, changes);
result.ShouldBeAssignableTo <BadRequestResult>();
userToChange.Login.ShouldBe(oldData.Login);
userToChange.GroupId.ShouldBe(oldData.GroupId);
}
public async Task ChangeAdminUserToAdminGroup()
{
await using var context = new WebApiContext(_seeder.DbContextOptions);
var controller = CreateController(context);
var users = context.Users.ToList();
foreach (var user in users)
{
user.GroupId = _userGroup.Id;
context.Entry(user).State = EntityState.Modified;
}
var admin = users[new Random().Next(users.Count)];
admin.GroupId = _adminGroup.Id;
await context.SaveChangesAsync();
var changes = new UserPutDto
{
Id = admin.Id,
Login = "******",
GroupId = _adminGroup.Id,
};
var result = await controller.PutUser(admin.Id, changes);
result.ShouldBeAssignableTo <OkResult>();
var changedUser = await context.Users.FindAsync(admin.Id);
changedUser.Login.ShouldBe(changes.Login);
changedUser.GroupId.ShouldBe(changes.GroupId);
}
public async Task <IHttpActionResult> PutUser(string username, UserPutDto userPutDto)
{
var isAllowed = ClaimsAuthorization.CheckAccess("Put", "User", username);
if (!isAllowed)
{
return(StatusCode(HttpStatusCode.Unauthorized));
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!username.Equals(userPutDto.Username))
{
return(BadRequest());
}
var userModel = Mapper.Map <UserPutDto, UserModel>(userPutDto);
var result = await _repo.UpdateUser(userModel);
if (result.Succeeded)
{
var user = Mapper.Map <UserPutDto, UserDto>(userPutDto);
await _userService.UpdateAsync(user);
}
IHttpActionResult errorResult = GetErrorResult(result);
if (errorResult != null)
{
return(errorResult);
}
return(StatusCode(HttpStatusCode.NoContent));
}
public async Task ChangeToInvalidGroupFails()
{
await using var context = new WebApiContext(_seeder.DbContextOptions);
var controller = CreateController(context);
var userToChange = await context.Users.FirstAsync();
var maxGroupId = await context.UserGroups.MaxAsync(g => g.Id);
var oldData = new UserPutDto
{
Id = userToChange.Id,
Login = userToChange.Login,
GroupId = userToChange.GroupId
};
var changes = new UserPutDto
{
Id = userToChange.Id,
Login = "******",
GroupId = maxGroupId + 1
};
var result = await controller.PutUser(changes.Id, changes);
result.ShouldBeAssignableTo <BadRequestResult>();
userToChange.Login.ShouldBe(oldData.Login);
userToChange.GroupId.ShouldBe(oldData.GroupId);
}
public async Task AddUserToUserGroupAndModifyUsingNotMatchingId()
{
await using var context = new WebApiContext(_seeder.DbContextOptions);
var controller = CreateController(context);
var userToAdd = new UserPostDto
{
Login = "******",
Password = "******",
GroupId = _userGroup.Id
};
var postResult = await controller.PostUser(userToAdd);
postResult.Result.ShouldBeAssignableTo <CreatedAtActionResult>();
var createdUser = (UserGetDto)((CreatedAtActionResult)postResult.Result).Value;
var changes = new UserPutDto
{
Id = createdUser.Id,
Login = "******",
GroupId = _userGroup.Id,
};
var putResult = await controller.PutUser(createdUser.Id + 1, changes);
putResult.ShouldBeAssignableTo <BadRequestResult>();
var user = await context.Users.FindAsync(createdUser.Id);
context.Users.Remove(user);
await context.SaveChangesAsync();
}
private void SetupUserPutDto()
{
userPutDto = new UserPutDto
{
Email = email,
Password = password
};
}
public IActionResult Put([FromBody] UserPutDto dto)
{
_userAppService.Update(new User
{
Id = dto.Id,
Name = dto.Name,
Gender = dto.Gender
});
return(NoContent());
}
public void Execute(UserPutDto request)
{
_validator.ValidateAndThrow(request);
var user = _context.Users.Find(request.Id);
user.FirstName = request.FirstName;
user.LastName = request.LastName;
user.Email = request.Email;
_context.SaveChanges();
}
public async Task <IActionResult> UpdateUser(long id, [FromBody] UserPutDto userPutDto)
{
if (!await IsRequestorAdmin())
{
return(Forbid());
}
if (userPutDto == null)
{
return(BadRequest());
}
if (string.IsNullOrEmpty(userPutDto.Email))
{
ModelState.AddModelError("Email", "Email is required");
}
if (string.IsNullOrEmpty(userPutDto.FirstName))
{
ModelState.AddModelError("FirstName", "First name is required");
}
if (string.IsNullOrEmpty(userPutDto.Role))
{
ModelState.AddModelError("Role", "Role is required");
}
var existingUser = await _unitOfWork.Users.SingleOrDefaultAsync(u => u.Id == id);
if (existingUser == null)
{
return(NotFound());
}
if (existingUser.Email != userPutDto.Email && await _unitOfWork.Users.Exists(u => u.Email == userPutDto.Email))
{
ModelState.AddModelError("Email", "The provided email address is already in use by another user.");
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
Mapper.Map(userPutDto, existingUser);
if (await _unitOfWork.Complete() <= 0)
{
return(StatusCode(304));
}
return(Ok(Mapper.Map <UserGetDto>(existingUser)));
}
public async Task <IActionResult> PutAsync([FromBody] UserPutDto dto)
{
await _userAppService.UpdateAsync(new User
{
Id = dto.Id,
Name = dto.Name,
Gender = dto.Gender
});
return(NoContent());
}
public async Task <IActionResult> Edit([FromQuery] Guid id, [FromBody] UserPutDto userPutDto)
{
if (id != userPutDto.Id)
{
return(BadRequest());
}
var authorizationResult = await authorizationService
.AuthorizeAsync(User, "EditPolicy");
await userService.UpdateAsync(userPutDto);
return(NoContent());
}
public async Task <IActionResult> PutUser(int id, UserPutDto user)
{
if (id != user.Id)
{
return(BadRequest());
}
await using var transaction = await _context.Database.BeginTransactionAsync(IsolationLevel.Serializable);
try
{
var entity = await _context.GetActiveUsers()
.FirstOrDefaultAsync(u => u.Id == user.Id);
if (entity == null)
{
return(NotFound());
}
if (await _context.UserGroups.FindAsync(user.GroupId) == null)
{
return(BadRequest());
}
if (!await _adminElevation.CanEnterGroup(user.GroupId, user.Id))
{
return(BadRequest());
}
entity.Login = user.Login;
entity.GroupId = user.GroupId;
_context.Entry(entity).State = EntityState.Modified;
await _context.SaveChangesAsync();
await transaction.CommitAsync();
return(Ok());
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(id))
{
return(NotFound());
}
return(Conflict());
}
}
public async Task <bool> UpdateAsync(UserPutDto entity)
{
var exists = await _repository.GetByIdAsync(entity.Id);
if (exists == null)
{
return(false);
}
else
{
await _repository.UpdateAsync(mapper.Map <User>(entity));
return(true);
}
}
public async Task <IActionResult> Update([FromRoute] string id, [FromBody] UserPutDto model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!id.Equals(model.Id))
{
return(BadRequest($"Route id {id} doesn't match ApplicationUser id {model.Id}"));
}
var user = await _userManager.FindByIdAsync(id);
if (user == null)
{
return(BadRequest($"User with id {id} does not exist"));
}
if (!user.Email.Equals(model.Email))
{
var emailToken = await _userManager.GenerateChangeEmailTokenAsync(user, model.Email);
var emailResult = await _userManager.ChangeEmailAsync(user, model.Email, emailToken);
if (!emailResult.Succeeded)
{
return(BadRequest("Email could not be changed"));
}
}
user.PhoneNumber = model.PhoneNumber;
var result = await _userManager.UpdateAsync(user);
if (!result.Succeeded)
{
return(BadRequest("User could not be updated"));
}
var dtoToReturn = await ReturnUserFromRoleAsync(user);
return(dtoToReturn == null
? (IActionResult)BadRequest($"User with id {user.Id} could not be updated")
: Ok(dtoToReturn));
}
public async Task AddUserToUserGroupAndModifyUsingMatchingId()
{
await using var context = new WebApiContext(_seeder.DbContextOptions);
var controller = CreateController(context);
var userToAdd = new UserPostDto
{
Login = "******",
Password = "******",
GroupId = _userGroup.Id
};
var postResult = await controller.PostUser(userToAdd);
postResult.Result.ShouldBeAssignableTo <CreatedAtActionResult>();
var createdUser = (UserGetDto)((CreatedAtActionResult)postResult.Result).Value;
var changes = new UserPutDto
{
Id = createdUser.Id,
Login = "******",
GroupId = _userGroup.Id,
};
var putResult = await controller.PutUser(createdUser.Id, changes);
putResult.ShouldBeAssignableTo <OkResult>();
var getResult = await controller.GetUser(createdUser.Id);
getResult.Result.ShouldBeAssignableTo <OkResult>();
var changedUser = getResult.Value;
changedUser.Id.ShouldBe(createdUser.Id);
changedUser.Login.ShouldBe(changes.Login);
changedUser.State.ShouldBeEquivalentTo(_activeState);
changedUser.Group.ShouldBeEquivalentTo(_userGroup);
changedUser.CreatedDate.ShouldBe(createdUser.CreatedDate);
var user = await context.Users.FindAsync(createdUser.Id);
context.Users.Remove(user);
await context.SaveChangesAsync();
}
public async Task <IActionResult> AddUser([FromBody] UserPutDto newUser)
{
if (newUser == null)
{
return(BadRequest());
}
if (string.IsNullOrEmpty(newUser.Email) ||
string.IsNullOrEmpty(newUser.Password))
{
return(UnprocessableEntity());
}
var result = _mapper.Map <UserGetDto>(await _repo.NewUser(_mapper.Map <UserPutModel>(newUser)));
if (result == null)
{
return(NotFound());
}
return(Ok(result));
}
public async void Put_InvalidId_ReturnsNotFound_WithMessage()
{
const string id = "31588e97-5c6b-48dd-89a1-edd92deb3bca";
var path = $"{BaseUri}/update/{id}";
var dto = new UserPutDto()
{
Id = id,
Email = "*****@*****.**",
PhoneNumber = "+32496304944"
};
var json = JsonConvert.SerializeObject(dto);
var body = new StringContent(json, Encoding.UTF8, "application/json");
var response = await _client.PutAsync(path, body);
var responseString = await response.Content.ReadAsStringAsync();
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
Assert.Equal($"User with id {id} does not exist", responseString);
}
public async void Put_ValidModel_ReturnsOk_ReturnsUser()
{
const string id = "31588e97-5c6b-48dd-89a1-edd92deb3bcb";
var path = $"{BaseUri}/update/{id}";
var dto = new UserPutDto()
{
Id = id,
Email = "*****@*****.**",
PhoneNumber = "+32496304944"
};
var json = JsonConvert.SerializeObject(dto);
var body = new StringContent(json, Encoding.UTF8, "application/json");
var response = await _client.PutAsync(path, body);
var content = await response.Content.ReadAsStringAsync();
var returnedUserDto = JsonConvert.DeserializeObject <UserDto>(content);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(dto.PhoneNumber, returnedUserDto.PhoneNumber);
}
public async Task <IActionResult> UpdateUser([FromRoute] string userId,
[FromBody] UserPutDto updatedUser)
{
if (string.IsNullOrEmpty(userId) || updatedUser == null)
{
return(BadRequest());
}
if (string.IsNullOrEmpty(updatedUser.Email) ||
string.IsNullOrEmpty(updatedUser.Password))
{
return(UnprocessableEntity());
}
var user = _mapper.Map <UserGetDto>(await _repo.GetUser(userId));
if (user == null || !await _repo.EditUser(_mapper.Map <UserPutModel>(updatedUser), userId))
{
return(NotFound());
}
user.Email = updatedUser.Email;
user.UserName = updatedUser.Email;
user.Roles = await _repo.GetRoles(userId);
return(Ok(user));
}
public void Put([FromBody] UserPutDto dto, [FromServices] IUpdateUserCommand command)
{
executor.ExecuteCommand(command, dto);
}
public async Task <IActionResult> UpdateUser([FromRoute] string userId,
[FromBody] UserPutDto updatedUser)
{
if (string.IsNullOrEmpty(userId) || updatedUser == null)
{
return(BadRequest());
}
var user = await UserManager.FindByIdAsync(userId);
if (user == null)
{
return(NotFound());
}
foreach (var tUser in UserManager.Users) // for all users
{
if (tUser.Id != user.Id) // not the same user
{
// tUser no number, skip
if (tUser.PhoneNumber == null)
{
continue;
}
// if the user has the same phone number as the request update to the current user then badrequest
// as two members cannot have the same number in this system.
if (tUser.PhoneNumber.Equals(updatedUser.PhoneNumber))
{
return(BadRequest());
}
}
}
user.Email = updatedUser.Email ?? user.Email;
// Craig Martin 04-12-19 -- Altering username on update, and phone number
user.UserName = updatedUser.Email ?? user.Email;
user.PhoneNumber = updatedUser.PhoneNumber ?? user.PhoneNumber;
user.FullName = updatedUser.FullName ?? user.FullName;
await UserManager.UpdateAsync(user);
if (!string.IsNullOrEmpty(updatedUser.Password))
{
await UserManager.RemovePasswordAsync(user);
await UserManager.AddPasswordAsync(user, updatedUser.Password);
}
var roles = await UserManager.GetRolesAsync(user);
var rolesToAdd = updatedUser.Roles.Where(r => !roles.Contains(r));
await UserManager.AddToRolesAsync(user, rolesToAdd);
var rolesToRemove = roles.Where(r => !updatedUser.Roles.Contains(r));
await UserManager.RemoveFromRolesAsync(user, rolesToRemove);
roles = await UserManager.GetRolesAsync(user);
var dto = new UserGetDto
{
Id = user.Id,
UserName = user.UserName,
Email = user.Email,
PhoneNumber = user.PhoneNumber,
FullName = user.FullName,
Roles = roles
};
return(Ok(dto));
}
public async Task <IActionResult> AddUser([FromBody] UserPutDto newUser)
{
if (newUser == null)
{
return(BadRequest());
}
// CRAIG MARTIN - check if the phone number is already in the system, if so then BadRequest
if (UserManager.Users.Any(x => x.PhoneNumber.Equals(newUser.PhoneNumber)))
{
return(BadRequest());
}
var user = new AppUser
{
Email = newUser.Email,
FullName = newUser.FullName,
UserName = newUser.Email,
PhoneNumber = newUser.PhoneNumber // Craig Martin - Added phone number
};
var result = await UserManager.CreateAsync(user, newUser.Password);
if (!result.Succeeded)
{
return(BadRequest());
}
// CRAIG MARTIN - Generate email confirmation token
string token = await UserManager.GenerateEmailConfirmationTokenAsync(user);
string confirmationLink = Url.Action("ConfirmEmail", "EmailConfirmation", new
{
userId = user.Id,
token = token
},
Request.Scheme);
//Send email with confirmationn link.
EmailSender emailSender = new EmailSender();
emailSender.SendEmail(user, configuration, confirmationLink, "Three Amigos -- Confirm Email");
user = await UserManager.FindByEmailAsync(newUser.Email);
await UserManager.AddToRolesAsync(user, newUser.Roles);
var roles = await UserManager.GetRolesAsync(user);
var dto = new UserGetDto
{
Id = user.Id,
UserName = user.UserName,
Email = user.Email,
PhoneNumber = user.PhoneNumber, // Craig Martin - Added phone number
FullName = user.FullName,
Roles = roles
};
return(Ok(dto));
}
