public EditUserRoleModule()
        {
            // add an after hook to send the user to access denied if they are NOT admin
            After += context =>
            {
                if (context.Response.StatusCode == HttpStatusCode.Forbidden)
                    context.Response = this.Response.AsRedirect("/denied");
            };

            this.RequiresAnyClaim(new[] { "admin" });

            // show the edit user form
            Get["/EditUserRole/{Guid}"] = parameters =>
            {
                this.RequiresAuthentication();

                // get the user row to be edit and send it to the View
                var userRow = UserDatabase.GetUserByGuid(parameters.Guid);

                // get the users role guid and put into the model
                var urGuid = UserDatabase.GetRoleGuidForUser(parameters.Guid);
                userRow.RoleGuid = urGuid.RoleGuid;

                return View["Views/User/EditUserRole", userRow];

            };
            Post["/EditUserRole/{Guid}"] = parameters =>
            {
                var model = new Users();
                this.BindTo(model);
                var email = (string)Request.Form.Email;

                string r = null;

                try
                {
                    // create an instance of the RolesInsert and fill the data
                    var ur = new UserRolesInsert { RoleGuid = model.RoleGuid, UserGuid = model.Guid };

                    // open db and clear out old role and add new
                    var db = Database.Open();
                    db.UserRoles.DeleteByUserGuid(model.Guid);
                    db.UserRoles.Insert(ur);

                    r = "<strong>Success:</strong> " +
                           "user: <em>" + email +
                           "</em> role was updated.  <a href=\"/users \"> return to users</a> ";
                }
                catch (Exception e)
                {
                    r = "<strong>Error:</strong> " +
                            " guid: something went wrong and the update failed!: " + e + " <a href=\"/users \"> return to users</a> ";
                }

                return Response.AsText(r);
            };
        }
示例#2
0
        public AddUserModule()
        {
            // add an after hook to send the user to access denied if they are NOT admin
            After += context =>
            {
                if (context.Response.StatusCode == HttpStatusCode.Forbidden)
                    context.Response = this.Response.AsRedirect("/denied");
            };
            this.RequiresAnyClaim(new[] { "admin" });

            // show the add user form
            Get["/adduser"] = _ =>
            {
                this.RequiresAuthentication();
                return View["Views/User/AddUser"];
            };

            // receive the posted add form data

            Post["/adduser"] = parameters =>
            {
                // create an instance of the expected model and bind it to this (the posted form)
                var model = new Users();
                this.BindTo(model);

                var db = Database.Open(); // open db with Simple.Data

                // check if username/email already exists
                int uCount = Database.Open().Users.GetCount(db.Users.Email == Request.Form.Email);
                if (uCount > 0)
                    return Response.AsJson("<strong>Error:</strong> The email already exists and cannot be used!");

                // get the pwd because it is not going in the table and therefore NOT in the model
                var pwd = (string)Request.Form.Password;

                // create the BCrypt hash + salt
                string theSalt = BCrypt.Net.BCrypt.GenerateSalt();
                // GenerateSalt(50); increase the value in there to increase work factor
                string theHash = BCrypt.Net.BCrypt.HashPassword(pwd, theSalt);
                // nb: pwd is NOT saved in the DB, only the hash

                model.CreateDate = DateTime.Now;
                model.LastUpdated = DateTime.Now;
                model.LastUpdatedBy = Context.CurrentUser.UserName;
                model.Hash = theHash;
                model.Guid = Guid.NewGuid();

                db.Users.Insert(model);
                return Response.AsJson("<strong>Success:</strong> user <em>" + model.Email + "</em> was added.");
            };
        }
示例#3
0
        public EditUserModule()
        {
            // add an after hook to send the user to access denied if they are NOT admin
            After += context =>
            {
                if (context.Response.StatusCode == HttpStatusCode.Forbidden)
                    context.Response = this.Response.AsRedirect("/denied");
            };
            this.RequiresAnyClaim(new[] { "admin" });

            // show the edit user form
            Get["/EditUser/{Guid}"] = parameters =>
            {
                this.RequiresAuthentication();

                // get the user row to be edit and send it to the View
                var userRow = UserDatabase.GetUserByGuid(parameters.Guid);
                return View["Views/User/EditUser", userRow];

            };

            Post["/EditUser/{Guid}"] = parameters =>
            {
                var model = new Users();
                this.BindTo(model);
                string r;

                var email = (string) Request.Form.Email;
                var pwd = (string) Request.Form.Password;
                var theSalt = BCrypt.Net.BCrypt.GenerateSalt();
                var thenewHash = BCrypt.Net.BCrypt.HashPassword(pwd, theSalt);

                // create a subset of the user model so that we are only updating the fields
                // we see on the form
                var user = new EditUser()
                {
                    Guid=model.Guid,
                    FirstName = model.FirstName,
                    LastName = model.LastName,
                    LastUpdated = DateTime.Now,
                    LastUpdatedBy = Context.CurrentUser.UserName,
                    Hash = thenewHash
                };

                try
                {
                    var db = Database.Open();
                    db.Users.Update(user);
                    r = "<strong>Success:</strong> " +
                           "user: <em>" + email +
                           "</em> was updated.  <a href=\"/users \"> return to users</a> ";
                }
                catch (Exception e)
                {
                    r = "<strong>Error:</strong> " +
                            " guid: something went wrong and the update failed!: " + e +" <a href=\"/users \"> return to users</a> ";
                }

                return Response.AsText(r);
            };
        }