public BaseResponseModel Delete(int id) { var vm = new BaseResponseModel(); // Get existing user var user = UserService.GetUserById(id); if (user == null) { throw new HttpException(404, "User not found."); } // Check permissions if (!CurrentUser.HasPermission(Permission.EditUsers)) { throw new HttpException(401, "You do not have permissions to complete this action."); } UserService.DeleteUser(user); LogService.CreateLog(new Log { Category = LogCategory.Application, IpAddress = GetClientIp(ControllerContext.Request), User = CurrentUser, Level = LogLevel.Info, Message = "User " + user.Email + " (ID #" + user.Id + ") was deleted." }); return new BaseResponseModel { Success = true }; }
public BaseResponseModel ForgotPassword(ForgotPasswordInputModel inputModel) { // Get existing user var vm = new BaseResponseModel(); var user = UserService.GetUserByEmail(inputModel.Email); if (user != null) { UserService.GenerateResetRequest(user); vm.Success = true; } return vm; }
public BaseResponseModel Update(UpdateUserInputModel inputModel) { var vm = new BaseResponseModel(); // Validate request var validationState = new ValidationDictionary(); inputModel.ValidateRequest(validationState); // Get existing user var user = UserService.GetUserById(inputModel.UserId); if (user == null) { throw new HttpException(404, "User not found."); } // Do not allow editing of users other than yourself if you // don't have permissions if (!CurrentUser.HasPermission(Permission.EditUsers) && user.Id != CurrentUser.Id) { throw new HttpException(401, "You do not have permissions to complete this action."); } // Copy properties bool emailChanged = user.Email != inputModel.Email; user.Email = inputModel.Email; string newPass = String.IsNullOrWhiteSpace(inputModel.Password) ? null : inputModel.Password; // Additional properties for admin users if (CurrentUser.HasPermission(Permission.EditUsers)) { if (inputModel.Role.HasValue) user.Role = inputModel.Role.Value; } if (UserService.ValidateUser(user, validationState)) { UserService.UpdateUser(user, newPass); if (emailChanged) { ReAuthorizeUser(inputModel.Email); } LogService.CreateLog(new Log { Category = LogCategory.Application, IpAddress = GetClientIp(ControllerContext.Request), Level = LogLevel.Info, Message = "User " + inputModel.Email + " (ID #" + user.Id + ") was updated.", User = CurrentUser }); vm.Success = true; } vm.Errors = validationState.Errors; return vm; }
public BaseResponseModel SignOut() { _auth.SignOut(); // @todo - API is not stateless. // The below implementation prevents the API from being // stateless. A better implementation would be OAuth or some other // kerberos/token method, however for the time being... // clear authentication cookie var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, ""); authCookie.Expires = DateTime.Now.AddYears(-1); HttpContext.Current.Response.Cookies.Add(authCookie); // clear session cookie var sessionCookie = new HttpCookie("ASP.NET_SessionId", ""); sessionCookie.Expires = DateTime.Now.AddYears(-1); HttpContext.Current.Response.Cookies.Add(sessionCookie); var vm = new BaseResponseModel { Success = true }; return vm; }
public BaseResponseModel ResetPassword(ResetPasswordInputModel inputModel) { // Get existing user var vm = new BaseResponseModel(); var validationState = new ValidationDictionary(); inputModel.ValidateRequest(validationState); if (validationState.IsValid) { var user = UserService.GetUserByResetToken(inputModel.ResetToken); if (user != null) { UserService.ResetPassword(user, inputModel.Password); vm.Success = true; } else { validationState.AddError("ResetToken", "Invalid reset token."); } } vm.Errors = validationState.Errors; return vm; }
public BaseResponseModel Update(UpdateResourceInputModel inputModel) { var vm = new BaseResponseModel(); // Validate request var validationState = new ValidationDictionary(); // Get existing resource var resource = _resourceService.GetResourceById(inputModel.ResourceId); if (resource == null) { throw new HttpException(404, "Resource not found."); } // Do not allow editing of resources other than yourself if you // don't have permissions if (!CurrentUser.HasPermission(Permission.EditResources)) { throw new HttpException(401, "You do not have permissions to complete this action."); } // Copy properties resource.Value = inputModel.Value; if (_resourceService.ValidateResource(resource, validationState)) { _resourceService.UpdateResource(resource); LogService.CreateLog(new Log { Category = LogCategory.Application, IpAddress = GetClientIp(ControllerContext.Request), Level = LogLevel.Info, Message = "Resource " + resource.Name + " (ID #" + resource.Id + ") was updated.", User = CurrentUser }); vm.Success = true; } vm.Errors = validationState.Errors; return vm; }