private UserDto GetOrCreateUserLogin(UserDto userDto) { using (var db = new BgDbContext()) { var dbUser = db.Users.SingleOrDefault(user => user.SocialProvider.Equals(userDto.socialProvider) && user.ProviderId.Equals(userDto.socialProviderId) ); // todo: is this safe or should email be checked instead or also? if (dbUser != null) { return(dbUser.ToDto()); } else { dbUser = new User { Id = Guid.NewGuid(), Email = userDto.email?.ToLower(), Name = userDto.name, PhotoUrl = userDto.photoUrl, ShowPhoto = true, ProviderId = userDto.socialProviderId, SocialProvider = userDto.socialProvider, Elo = 1200, Registered = DateTime.Now, Admin = false, EmailNotifications = true, EmailUnsubscribeId = Guid.NewGuid(), Theme = "dark", PreferredLanguage = "en", Gold = 200, LastFreeGold = DateTime.Now, PassHash = userDto.passHash, LocalLogin = userDto.localLoginName }; db.Users.Add(dbUser); // Give new users a prompt message to share the site. var admin = db.Users.First(u => u.Admin); dbUser.ReceivedMessages.Add(new Message { Text = "", Type = MessageType.SharePrompt, Sender = admin, Sent = DateTime.Now }); db.SaveChanges(); // The id will not be set until the save is successfull. userDto.id = dbUser.Id.ToString(); var created = dbUser.ToDto(); created.createdNew = true; return(created); } } }