2020-12-04 02:21:21 +11:00
|
|
|
using System;
|
2017-09-12 16:22:16 +02:00
|
|
|
using System.Collections.Generic;
|
2021-03-15 09:01:10 +00:00
|
|
|
using System.ComponentModel.DataAnnotations;
|
2021-01-18 15:40:22 +01:00
|
|
|
using System.Globalization;
|
2017-09-12 16:22:16 +02:00
|
|
|
using System.IO;
|
|
|
|
|
using System.Linq;
|
|
|
|
|
using System.Net;
|
|
|
|
|
using System.Runtime.Serialization;
|
2019-10-23 17:19:49 +02:00
|
|
|
using System.Security.Cryptography;
|
2021-01-18 15:40:22 +01:00
|
|
|
using System.Threading;
|
2017-09-12 16:22:16 +02:00
|
|
|
using System.Threading.Tasks;
|
2020-12-04 02:21:21 +11:00
|
|
|
using Microsoft.AspNetCore.Authorization;
|
2020-06-22 10:08:08 +02:00
|
|
|
using Microsoft.AspNetCore.Http;
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
|
using Microsoft.AspNetCore.Routing;
|
2020-09-21 09:52:58 +02:00
|
|
|
using Microsoft.Extensions.Logging;
|
2020-12-04 02:21:21 +11:00
|
|
|
using Microsoft.Extensions.Options;
|
2021-02-09 10:22:42 +01:00
|
|
|
using Umbraco.Cms.Core;
|
|
|
|
|
using Umbraco.Cms.Core.Cache;
|
|
|
|
|
using Umbraco.Cms.Core.Configuration.Models;
|
|
|
|
|
using Umbraco.Cms.Core.Editors;
|
|
|
|
|
using Umbraco.Cms.Core.Hosting;
|
|
|
|
|
using Umbraco.Cms.Core.IO;
|
|
|
|
|
using Umbraco.Cms.Core.Mail;
|
|
|
|
|
using Umbraco.Cms.Core.Mapping;
|
|
|
|
|
using Umbraco.Cms.Core.Media;
|
|
|
|
|
using Umbraco.Cms.Core.Models;
|
|
|
|
|
using Umbraco.Cms.Core.Models.ContentEditing;
|
2021-06-04 09:50:49 +02:00
|
|
|
using Umbraco.Cms.Core.Models.Email;
|
2021-02-09 10:22:42 +01:00
|
|
|
using Umbraco.Cms.Core.Models.Membership;
|
|
|
|
|
using Umbraco.Cms.Core.Security;
|
|
|
|
|
using Umbraco.Cms.Core.Services;
|
|
|
|
|
using Umbraco.Cms.Core.Strings;
|
2021-02-15 13:14:07 +01:00
|
|
|
using Umbraco.Cms.Infrastructure;
|
2021-02-12 13:36:50 +01:00
|
|
|
using Umbraco.Cms.Infrastructure.Persistence;
|
2021-02-10 11:11:18 +01:00
|
|
|
using Umbraco.Cms.Web.BackOffice.ActionResults;
|
|
|
|
|
using Umbraco.Cms.Web.BackOffice.Extensions;
|
|
|
|
|
using Umbraco.Cms.Web.BackOffice.Filters;
|
|
|
|
|
using Umbraco.Cms.Web.BackOffice.ModelBinders;
|
|
|
|
|
using Umbraco.Cms.Web.BackOffice.Security;
|
2021-02-10 11:42:04 +01:00
|
|
|
using Umbraco.Cms.Web.Common.ActionsResults;
|
|
|
|
|
using Umbraco.Cms.Web.Common.Attributes;
|
|
|
|
|
using Umbraco.Cms.Web.Common.Authorization;
|
2021-02-26 14:21:23 +00:00
|
|
|
using Umbraco.Cms.Web.Common.Security;
|
2020-05-18 13:00:32 +01:00
|
|
|
using Umbraco.Extensions;
|
2021-02-09 10:22:42 +01:00
|
|
|
using Constants = Umbraco.Cms.Core.Constants;
|
2020-06-22 10:08:08 +02:00
|
|
|
|
2021-02-10 11:11:18 +01:00
|
|
|
namespace Umbraco.Cms.Web.BackOffice.Controllers
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2020-08-04 12:27:21 +10:00
|
|
|
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
2020-11-19 22:17:42 +11:00
|
|
|
[Authorize(Policy = AuthorizationPolicies.SectionAccessUsers)]
|
2017-09-12 16:22:16 +02:00
|
|
|
[PrefixlessBodyModelValidator]
|
|
|
|
|
[IsCurrentUserModelFilter]
|
|
|
|
|
public class UsersController : UmbracoAuthorizedJsonController
|
|
|
|
|
{
|
2021-04-27 09:52:17 +02:00
|
|
|
private readonly MediaFileManager _mediaFileManager;
|
2020-08-20 22:18:50 +01:00
|
|
|
private readonly ContentSettings _contentSettings;
|
2020-04-03 11:03:06 +11:00
|
|
|
private readonly IHostingEnvironment _hostingEnvironment;
|
2020-02-10 11:23:23 +01:00
|
|
|
private readonly ISqlContext _sqlContext;
|
2020-02-11 11:43:54 -08:00
|
|
|
private readonly IImageUrlGenerator _imageUrlGenerator;
|
2020-08-20 22:18:50 +01:00
|
|
|
private readonly SecuritySettings _securitySettings;
|
2020-05-20 11:42:23 +02:00
|
|
|
private readonly IEmailSender _emailSender;
|
2021-02-26 14:52:54 +00:00
|
|
|
private readonly IBackOfficeSecurityAccessor _backofficeSecurityAccessor;
|
2020-06-22 10:08:08 +02:00
|
|
|
private readonly AppCaches _appCaches;
|
|
|
|
|
private readonly IShortStringHelper _shortStringHelper;
|
|
|
|
|
private readonly IUserService _userService;
|
|
|
|
|
private readonly ILocalizedTextService _localizedTextService;
|
2021-04-20 19:34:18 +02:00
|
|
|
private readonly IUmbracoMapper _umbracoMapper;
|
2020-08-21 14:52:47 +01:00
|
|
|
private readonly GlobalSettings _globalSettings;
|
2020-10-23 14:18:53 +11:00
|
|
|
private readonly IBackOfficeUserManager _userManager;
|
2020-09-21 09:52:58 +02:00
|
|
|
private readonly ILoggerFactory _loggerFactory;
|
2020-06-22 10:08:08 +02:00
|
|
|
private readonly LinkGenerator _linkGenerator;
|
2020-10-23 14:18:53 +11:00
|
|
|
private readonly IBackOfficeExternalLoginProviders _externalLogins;
|
2020-11-19 23:53:04 +11:00
|
|
|
private readonly UserEditorAuthorizationHelper _userEditorAuthorizationHelper;
|
2021-02-20 19:16:31 +00:00
|
|
|
private readonly IPasswordChanger<BackOfficeIdentityUser> _passwordChanger;
|
2020-10-23 14:18:53 +11:00
|
|
|
private readonly ILogger<UsersController> _logger;
|
2019-12-18 18:55:00 +01:00
|
|
|
|
|
|
|
|
public UsersController(
|
2021-04-27 09:52:17 +02:00
|
|
|
MediaFileManager mediaFileManager,
|
2020-08-23 23:36:48 +02:00
|
|
|
IOptions<ContentSettings> contentSettings,
|
2020-04-03 11:03:06 +11:00
|
|
|
IHostingEnvironment hostingEnvironment,
|
2020-06-22 10:08:08 +02:00
|
|
|
ISqlContext sqlContext,
|
2020-02-14 13:04:49 +01:00
|
|
|
IImageUrlGenerator imageUrlGenerator,
|
2020-08-23 23:36:48 +02:00
|
|
|
IOptions<SecuritySettings> securitySettings,
|
2020-06-22 10:08:08 +02:00
|
|
|
IEmailSender emailSender,
|
2020-10-21 16:51:00 +11:00
|
|
|
IBackOfficeSecurityAccessor backofficeSecurityAccessor,
|
2020-06-22 10:08:08 +02:00
|
|
|
AppCaches appCaches,
|
|
|
|
|
IShortStringHelper shortStringHelper,
|
|
|
|
|
IUserService userService,
|
|
|
|
|
ILocalizedTextService localizedTextService,
|
2021-04-20 19:34:18 +02:00
|
|
|
IUmbracoMapper umbracoMapper,
|
2020-08-23 23:36:48 +02:00
|
|
|
IOptions<GlobalSettings> globalSettings,
|
2020-09-22 14:44:41 +02:00
|
|
|
IBackOfficeUserManager backOfficeUserManager,
|
2020-09-21 09:52:58 +02:00
|
|
|
ILoggerFactory loggerFactory,
|
2020-10-23 14:18:53 +11:00
|
|
|
LinkGenerator linkGenerator,
|
2020-11-19 23:53:04 +11:00
|
|
|
IBackOfficeExternalLoginProviders externalLogins,
|
2021-02-20 19:16:31 +00:00
|
|
|
UserEditorAuthorizationHelper userEditorAuthorizationHelper,
|
|
|
|
|
IPasswordChanger<BackOfficeIdentityUser> passwordChanger)
|
2019-02-01 15:24:07 +11:00
|
|
|
{
|
2021-04-27 09:52:17 +02:00
|
|
|
_mediaFileManager = mediaFileManager;
|
2020-08-20 22:18:50 +01:00
|
|
|
_contentSettings = contentSettings.Value;
|
2020-04-03 11:03:06 +11:00
|
|
|
_hostingEnvironment = hostingEnvironment;
|
2020-02-10 11:23:23 +01:00
|
|
|
_sqlContext = sqlContext;
|
2020-02-11 11:43:54 -08:00
|
|
|
_imageUrlGenerator = imageUrlGenerator;
|
2020-08-20 22:18:50 +01:00
|
|
|
_securitySettings = securitySettings.Value;
|
2020-05-20 11:42:23 +02:00
|
|
|
_emailSender = emailSender;
|
2021-02-26 14:52:54 +00:00
|
|
|
_backofficeSecurityAccessor = backofficeSecurityAccessor;
|
2020-06-22 10:08:08 +02:00
|
|
|
_appCaches = appCaches;
|
|
|
|
|
_shortStringHelper = shortStringHelper;
|
|
|
|
|
_userService = userService;
|
|
|
|
|
_localizedTextService = localizedTextService;
|
|
|
|
|
_umbracoMapper = umbracoMapper;
|
2020-08-21 14:52:47 +01:00
|
|
|
_globalSettings = globalSettings.Value;
|
2020-10-23 14:18:53 +11:00
|
|
|
_userManager = backOfficeUserManager;
|
2020-09-21 09:52:58 +02:00
|
|
|
_loggerFactory = loggerFactory;
|
2020-06-22 10:08:08 +02:00
|
|
|
_linkGenerator = linkGenerator;
|
2020-10-23 14:18:53 +11:00
|
|
|
_externalLogins = externalLogins;
|
2020-11-19 23:53:04 +11:00
|
|
|
_userEditorAuthorizationHelper = userEditorAuthorizationHelper;
|
2021-02-20 19:16:31 +00:00
|
|
|
_passwordChanger = passwordChanger;
|
2020-10-23 14:18:53 +11:00
|
|
|
_logger = _loggerFactory.CreateLogger<UsersController>();
|
2019-02-01 15:24:07 +11:00
|
|
|
}
|
|
|
|
|
|
2017-09-12 16:22:16 +02:00
|
|
|
/// <summary>
|
2020-10-05 20:48:38 +02:00
|
|
|
/// Returns a list of the sizes of gravatar URLs for the user or null if the gravatar server cannot be reached
|
2017-09-12 16:22:16 +02:00
|
|
|
/// </summary>
|
|
|
|
|
/// <returns></returns>
|
2020-12-22 16:36:07 +01:00
|
|
|
public ActionResult<string[]> GetCurrentUserAvatarUrls()
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2021-04-27 09:52:17 +02:00
|
|
|
var urls = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser.GetUserAvatarUrls(_appCaches.RuntimeCache, _mediaFileManager, _imageUrlGenerator);
|
2017-09-12 16:22:16 +02:00
|
|
|
if (urls == null)
|
2021-01-13 11:29:56 +01:00
|
|
|
return new ValidationErrorResult("Could not access Gravatar endpoint");
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
return urls;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[AppendUserModifiedHeader("id")]
|
2020-11-19 23:53:04 +11:00
|
|
|
[Authorize(Policy = AuthorizationPolicies.AdminUserEditsRequireAdmin)]
|
2021-01-12 16:15:19 +01:00
|
|
|
public IActionResult PostSetAvatar(int id, IList<IFormFile> file)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2021-04-27 09:52:17 +02:00
|
|
|
return PostSetAvatarInternal(file, _userService, _appCaches.RuntimeCache, _mediaFileManager, _shortStringHelper, _contentSettings, _hostingEnvironment, _imageUrlGenerator, id);
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2021-04-27 09:52:17 +02:00
|
|
|
internal static IActionResult PostSetAvatarInternal(IList<IFormFile> files, IUserService userService, IAppCache cache, MediaFileManager mediaFileManager, IShortStringHelper shortStringHelper, ContentSettings contentSettings, IHostingEnvironment hostingEnvironment, IImageUrlGenerator imageUrlGenerator, int id)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
if (files is null)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2021-01-12 14:00:14 +01:00
|
|
|
return new UnsupportedMediaTypeResult();
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2020-05-04 14:40:11 +02:00
|
|
|
var root = hostingEnvironment.MapPathContentRoot(Constants.SystemDirectories.TempFileUploads);
|
2017-09-12 16:22:16 +02:00
|
|
|
//ensure it exists
|
|
|
|
|
Directory.CreateDirectory(root);
|
|
|
|
|
|
|
|
|
|
//must have a file
|
2020-06-22 10:08:08 +02:00
|
|
|
if (files.Count == 0)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
return new NotFoundResult();
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var user = userService.GetUserById(id);
|
|
|
|
|
if (user == null)
|
2020-06-22 10:08:08 +02:00
|
|
|
return new NotFoundResult();
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
if (files.Count > 1)
|
2020-12-22 16:36:07 +01:00
|
|
|
return new ValidationErrorResult("The request was not formatted correctly, only one file can be attached to the request");
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
//get the file info
|
2020-06-22 10:08:08 +02:00
|
|
|
var file = files.First();
|
|
|
|
|
var fileName = file.FileName.Trim(new[] { '\"' }).TrimEnd();
|
2019-12-18 18:55:00 +01:00
|
|
|
var safeFileName = fileName.ToSafeFileName(shortStringHelper);
|
2017-09-12 16:22:16 +02:00
|
|
|
var ext = safeFileName.Substring(safeFileName.LastIndexOf('.') + 1).ToLower();
|
|
|
|
|
|
2020-03-12 15:30:22 +01:00
|
|
|
if (contentSettings.DisallowedUploadFiles.Contains(ext) == false)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
|
|
|
|
//generate a path of known data, we don't want this path to be guessable
|
2019-10-23 17:19:49 +02:00
|
|
|
user.Avatar = "UserAvatars/" + (user.Id + safeFileName).GenerateHash<SHA1>() + "." + ext;
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
using (var fs = file.OpenReadStream())
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2021-04-27 09:52:17 +02:00
|
|
|
mediaFileManager.FileSystem.AddFile(user.Avatar, fs, true);
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userService.Save(user);
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-27 09:52:17 +02:00
|
|
|
return new OkObjectResult(user.GetUserAvatarUrls(cache, mediaFileManager, imageUrlGenerator));
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[AppendUserModifiedHeader("id")]
|
2020-11-19 23:53:04 +11:00
|
|
|
[Authorize(Policy = AuthorizationPolicies.AdminUserEditsRequireAdmin)]
|
2020-06-22 10:08:08 +02:00
|
|
|
public ActionResult<string[]> PostClearAvatar(int id)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
var found = _userService.GetUserById(id);
|
2017-09-12 16:22:16 +02:00
|
|
|
if (found == null)
|
2020-06-22 10:08:08 +02:00
|
|
|
return NotFound();
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
var filePath = found.Avatar;
|
|
|
|
|
|
|
|
|
|
//if the filePath is already null it will mean that the user doesn't have a custom avatar and their gravatar is currently
|
2017-09-19 15:51:47 +02:00
|
|
|
//being used (if they have one). This means they want to remove their gravatar too which we can do by setting a special value
|
2017-09-12 16:22:16 +02:00
|
|
|
//for the avatar.
|
|
|
|
|
if (filePath.IsNullOrWhiteSpace() == false)
|
|
|
|
|
{
|
|
|
|
|
found.Avatar = null;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
//set a special value to indicate to not have any avatar
|
|
|
|
|
found.Avatar = "none";
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
_userService.Save(found);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
if (filePath.IsNullOrWhiteSpace() == false)
|
|
|
|
|
{
|
2021-04-27 09:52:17 +02:00
|
|
|
if (_mediaFileManager.FileSystem.FileExists(filePath))
|
|
|
|
|
_mediaFileManager.FileSystem.DeleteFile(filePath);
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2021-04-27 09:52:17 +02:00
|
|
|
return found.GetUserAvatarUrls(_appCaches.RuntimeCache, _mediaFileManager, _imageUrlGenerator);
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Gets a user by Id
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="id"></param>
|
|
|
|
|
/// <returns></returns>
|
2020-12-02 14:21:05 +00:00
|
|
|
[OutgoingEditorModelEvent]
|
2020-11-19 23:53:04 +11:00
|
|
|
[Authorize(Policy = AuthorizationPolicies.AdminUserEditsRequireAdmin)]
|
2020-12-22 16:36:07 +01:00
|
|
|
public ActionResult<UserDisplay> GetById(int id)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
var user = _userService.GetUserById(id);
|
2017-09-12 16:22:16 +02:00
|
|
|
if (user == null)
|
|
|
|
|
{
|
2021-01-12 14:00:14 +01:00
|
|
|
return NotFound();
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
2020-06-22 10:08:08 +02:00
|
|
|
var result = _umbracoMapper.Map<IUser, UserDisplay>(user);
|
2017-09-19 15:51:47 +02:00
|
|
|
return result;
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2020-08-26 08:05:15 +02:00
|
|
|
/// <summary>
|
|
|
|
|
/// Get users by integer ids
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="ids"></param>
|
|
|
|
|
/// <returns></returns>
|
2020-12-02 14:21:05 +00:00
|
|
|
[OutgoingEditorModelEvent]
|
2020-11-19 23:53:04 +11:00
|
|
|
[Authorize(Policy = AuthorizationPolicies.AdminUserEditsRequireAdmin)]
|
2020-12-22 16:36:07 +01:00
|
|
|
public ActionResult<IEnumerable<UserDisplay>> GetByIds([FromJsonPath]int[] ids)
|
2020-08-26 08:05:15 +02:00
|
|
|
{
|
|
|
|
|
if (ids == null)
|
|
|
|
|
{
|
2021-01-12 14:00:14 +01:00
|
|
|
return NotFound();
|
2020-08-26 08:05:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ids.Length == 0)
|
2020-12-22 16:36:07 +01:00
|
|
|
return Enumerable.Empty<UserDisplay>().ToList();
|
2020-08-26 08:05:15 +02:00
|
|
|
|
|
|
|
|
var users = _userService.GetUsersById(ids);
|
|
|
|
|
if (users == null)
|
|
|
|
|
{
|
2021-01-12 14:00:14 +01:00
|
|
|
return NotFound();
|
2020-08-26 08:05:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var result = _umbracoMapper.MapEnumerable<IUser, UserDisplay>(users);
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-12 16:22:16 +02:00
|
|
|
/// <summary>
|
|
|
|
|
/// Returns a paged users collection
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="pageNumber"></param>
|
|
|
|
|
/// <param name="pageSize"></param>
|
|
|
|
|
/// <param name="orderBy"></param>
|
|
|
|
|
/// <param name="orderDirection"></param>
|
|
|
|
|
/// <param name="userGroups"></param>
|
|
|
|
|
/// <param name="userStates"></param>
|
|
|
|
|
/// <param name="filter"></param>
|
|
|
|
|
/// <returns></returns>
|
|
|
|
|
public PagedUserResult GetPagedUsers(
|
|
|
|
|
int pageNumber = 1,
|
|
|
|
|
int pageSize = 10,
|
|
|
|
|
string orderBy = "username",
|
|
|
|
|
Direction orderDirection = Direction.Ascending,
|
2020-06-22 10:08:08 +02:00
|
|
|
[FromQuery]string[] userGroups = null,
|
|
|
|
|
[FromQuery]UserState[] userStates = null,
|
2017-09-12 16:22:16 +02:00
|
|
|
string filter = "")
|
|
|
|
|
{
|
2017-09-19 15:51:47 +02:00
|
|
|
//following the same principle we had in previous versions, we would only show admins to admins, see
|
|
|
|
|
// https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadUsers.cs#L91
|
|
|
|
|
// so to do that here, we'll need to check if this current user is an admin and if not we should exclude all user who are
|
|
|
|
|
// also admins
|
|
|
|
|
|
2020-10-21 16:51:00 +11:00
|
|
|
var hideDisabledUsers = _securitySettings.HideDisabledUsersInBackOffice;
|
2017-09-19 15:51:47 +02:00
|
|
|
var excludeUserGroups = new string[0];
|
2021-02-26 14:52:54 +00:00
|
|
|
var isAdmin = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser.IsAdmin();
|
2017-09-19 15:51:47 +02:00
|
|
|
if (isAdmin == false)
|
|
|
|
|
{
|
2019-01-26 10:52:19 -05:00
|
|
|
//this user is not an admin so in that case we need to exclude all admin users
|
2017-09-19 15:51:47 +02:00
|
|
|
excludeUserGroups = new[] {Constants.Security.AdminGroupAlias};
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-10 11:23:23 +01:00
|
|
|
var filterQuery = _sqlContext.Query<IUser>();
|
2017-09-19 15:51:47 +02:00
|
|
|
|
2021-02-26 14:52:54 +00:00
|
|
|
if (!_backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser.IsSuper())
|
2017-09-19 15:51:47 +02:00
|
|
|
{
|
2019-01-21 15:57:48 +01:00
|
|
|
// only super can see super - but don't use IsSuper, cannot be mapped to SQL
|
2018-03-16 09:06:44 +01:00
|
|
|
//filterQuery.Where(x => !x.IsSuper());
|
2018-05-31 23:05:35 +10:00
|
|
|
filterQuery.Where(x => x.Id != Constants.Security.SuperUserId);
|
2017-09-19 15:51:47 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (filter.IsNullOrWhiteSpace() == false)
|
|
|
|
|
{
|
|
|
|
|
filterQuery.Where(x => x.Name.Contains(filter) || x.Username.Contains(filter));
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-05 21:07:12 +01:00
|
|
|
if (hideDisabledUsers)
|
2018-06-28 19:54:42 +01:00
|
|
|
{
|
2018-08-02 21:55:04 +01:00
|
|
|
if (userStates == null || userStates.Any() == false)
|
|
|
|
|
{
|
2018-08-02 22:01:45 +01:00
|
|
|
userStates = new[] { UserState.Active, UserState.Invited, UserState.LockedOut, UserState.Inactive };
|
2018-08-02 21:55:04 +01:00
|
|
|
}
|
2018-06-28 19:54:42 +01:00
|
|
|
}
|
|
|
|
|
|
2017-09-12 16:22:16 +02:00
|
|
|
long pageIndex = pageNumber - 1;
|
|
|
|
|
long total;
|
2020-06-22 10:08:08 +02:00
|
|
|
var result = _userService.GetAll(pageIndex, pageSize, out total, orderBy, orderDirection, userStates, userGroups, excludeUserGroups, filterQuery);
|
2017-09-19 15:51:47 +02:00
|
|
|
|
2017-09-12 16:22:16 +02:00
|
|
|
var paged = new PagedUserResult(total, pageNumber, pageSize)
|
|
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
Items = _umbracoMapper.MapEnumerable<IUser, UserBasic>(result),
|
|
|
|
|
UserStates = _userService.GetUserStates()
|
2017-09-12 16:22:16 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
return paged;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Creates a new user
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="userSave"></param>
|
|
|
|
|
/// <returns></returns>
|
2020-12-22 16:36:07 +01:00
|
|
|
public async Task<ActionResult<UserDisplay>> PostCreateUser(UserInvite userSave)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
|
|
|
|
if (userSave == null) throw new ArgumentNullException("userSave");
|
|
|
|
|
|
|
|
|
|
if (ModelState.IsValid == false)
|
|
|
|
|
{
|
2021-01-12 16:15:19 +01:00
|
|
|
return new ValidationErrorResult(new SimpleValidationModel(ModelState.ToErrorDictionary()));
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2020-03-12 14:36:25 +01:00
|
|
|
if (_securitySettings.UsernameIsEmail)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2017-09-19 15:51:47 +02:00
|
|
|
//ensure they are the same if we're using it
|
|
|
|
|
userSave.Username = userSave.Email;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
//first validate the username if were showing it
|
|
|
|
|
CheckUniqueUsername(userSave.Username, null);
|
|
|
|
|
}
|
|
|
|
|
CheckUniqueEmail(userSave.Email, null);
|
|
|
|
|
|
2021-01-12 16:15:19 +01:00
|
|
|
if (ModelState.IsValid == false)
|
|
|
|
|
{
|
|
|
|
|
return new ValidationErrorResult(new SimpleValidationModel(ModelState.ToErrorDictionary()));
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-19 15:51:47 +02:00
|
|
|
//Perform authorization here to see if the current user can actually save this user with the info being requested
|
2021-02-26 14:52:54 +00:00
|
|
|
var canSaveUser = _userEditorAuthorizationHelper.IsAuthorized(_backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser, null, null, null, userSave.UserGroups);
|
2017-09-19 15:51:47 +02:00
|
|
|
if (canSaveUser == false)
|
|
|
|
|
{
|
2021-01-12 14:00:14 +01:00
|
|
|
return Unauthorized(canSaveUser.Result);
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//we want to create the user with the UserManager, this ensures the 'empty' (special) password
|
|
|
|
|
//format is applied without us having to duplicate that logic
|
2020-06-22 10:08:08 +02:00
|
|
|
var identityUser = BackOfficeIdentityUser.CreateNew(_globalSettings, userSave.Username, userSave.Email, _globalSettings.DefaultUILanguage);
|
2017-09-12 16:22:16 +02:00
|
|
|
identityUser.Name = userSave.Name;
|
|
|
|
|
|
2020-10-23 14:18:53 +11:00
|
|
|
var created = await _userManager.CreateAsync(identityUser);
|
2017-09-12 16:22:16 +02:00
|
|
|
if (created.Succeeded == false)
|
|
|
|
|
{
|
2020-12-22 16:36:07 +01:00
|
|
|
return ValidationErrorResult.CreateNotificationValidationErrorResult(created.Errors.ToErrorMessage());
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2020-03-16 13:53:03 +00:00
|
|
|
string resetPassword;
|
2020-10-23 14:18:53 +11:00
|
|
|
var password = _userManager.GeneratePassword();
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2020-10-23 14:18:53 +11:00
|
|
|
var result = await _userManager.AddPasswordAsync(identityUser, password);
|
2020-03-16 13:53:03 +00:00
|
|
|
if (result.Succeeded == false)
|
|
|
|
|
{
|
2020-12-22 16:36:07 +01:00
|
|
|
return ValidationErrorResult.CreateNotificationValidationErrorResult(created.Errors.ToErrorMessage());
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2020-03-16 13:53:03 +00:00
|
|
|
resetPassword = password;
|
|
|
|
|
|
2017-09-12 16:22:16 +02:00
|
|
|
//now re-look the user back up which will now exist
|
2020-06-22 10:08:08 +02:00
|
|
|
var user = _userService.GetByEmail(userSave.Email);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
//map the save info over onto the user
|
2020-06-22 10:08:08 +02:00
|
|
|
user = _umbracoMapper.Map(userSave, user);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
//since the back office user is creating this user, they will be set to approved
|
|
|
|
|
user.IsApproved = true;
|
|
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
_userService.Save(user);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
var display = _umbracoMapper.Map<UserDisplay>(user);
|
2017-09-12 16:22:16 +02:00
|
|
|
display.ResetPasswordValue = resetPassword;
|
|
|
|
|
return display;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Invites a user
|
|
|
|
|
/// </summary>
|
2017-09-19 15:51:47 +02:00
|
|
|
/// <param name="userSave"></param>
|
2017-09-12 16:22:16 +02:00
|
|
|
/// <returns></returns>
|
|
|
|
|
/// <remarks>
|
|
|
|
|
/// This will email the user an invite and generate a token that will be validated in the email
|
|
|
|
|
/// </remarks>
|
2020-10-23 14:18:53 +11:00
|
|
|
public async Task<ActionResult<UserDisplay>> PostInviteUser(UserInvite userSave)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
|
|
|
|
if (userSave == null) throw new ArgumentNullException("userSave");
|
|
|
|
|
|
|
|
|
|
if (userSave.Message.IsNullOrWhiteSpace())
|
|
|
|
|
ModelState.AddModelError("Message", "Message cannot be empty");
|
|
|
|
|
|
2017-09-19 15:51:47 +02:00
|
|
|
IUser user;
|
2020-03-12 14:36:25 +01:00
|
|
|
if (_securitySettings.UsernameIsEmail)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2017-09-19 15:51:47 +02:00
|
|
|
//ensure it's the same
|
|
|
|
|
userSave.Username = userSave.Email;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
//first validate the username if we're showing it
|
2021-01-14 19:41:32 +01:00
|
|
|
var userResult = CheckUniqueUsername(userSave.Username, u => u.LastLoginDate != default || u.EmailConfirmedDate.HasValue);
|
|
|
|
|
if (!(userResult.Result is null))
|
|
|
|
|
{
|
|
|
|
|
return userResult.Result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user = userResult.Value;
|
2020-10-23 10:10:02 +11:00
|
|
|
}
|
|
|
|
|
user = CheckUniqueEmail(userSave.Email, u => u.LastLoginDate != default || u.EmailConfirmedDate.HasValue);
|
|
|
|
|
|
2021-01-12 16:15:19 +01:00
|
|
|
if (ModelState.IsValid == false)
|
|
|
|
|
{
|
|
|
|
|
return new ValidationErrorResult(new SimpleValidationModel(ModelState.ToErrorDictionary()));
|
|
|
|
|
}
|
2020-10-23 10:10:02 +11:00
|
|
|
|
2021-02-26 16:37:34 +01:00
|
|
|
if (!_emailSender.CanSendRequiredEmail())
|
2020-10-23 10:10:02 +11:00
|
|
|
{
|
2020-10-23 14:18:53 +11:00
|
|
|
return new ValidationErrorResult("No Email server is configured");
|
2017-09-19 15:51:47 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Perform authorization here to see if the current user can actually save this user with the info being requested
|
2021-02-26 14:52:54 +00:00
|
|
|
var canSaveUser = _userEditorAuthorizationHelper.IsAuthorized(_backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser, user, null, null, userSave.UserGroups);
|
2017-09-19 15:51:47 +02:00
|
|
|
if (canSaveUser == false)
|
|
|
|
|
{
|
2020-10-23 14:18:53 +11:00
|
|
|
return new ValidationErrorResult(canSaveUser.Result, StatusCodes.Status401Unauthorized);
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (user == null)
|
|
|
|
|
{
|
|
|
|
|
//we want to create the user with the UserManager, this ensures the 'empty' (special) password
|
|
|
|
|
//format is applied without us having to duplicate that logic
|
2020-06-22 10:08:08 +02:00
|
|
|
var identityUser = BackOfficeIdentityUser.CreateNew(_globalSettings, userSave.Username, userSave.Email, _globalSettings.DefaultUILanguage);
|
2017-09-12 16:22:16 +02:00
|
|
|
identityUser.Name = userSave.Name;
|
|
|
|
|
|
2020-10-23 14:18:53 +11:00
|
|
|
var created = await _userManager.CreateAsync(identityUser);
|
2017-09-12 16:22:16 +02:00
|
|
|
if (created.Succeeded == false)
|
|
|
|
|
{
|
2020-10-23 14:18:53 +11:00
|
|
|
return ValidationErrorResult.CreateNotificationValidationErrorResult(created.Errors.ToErrorMessage());
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//now re-look the user back up
|
2020-06-22 10:08:08 +02:00
|
|
|
user = _userService.GetByEmail(userSave.Email);
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//map the save info over onto the user
|
2020-06-22 10:08:08 +02:00
|
|
|
user = _umbracoMapper.Map(userSave, user);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
//ensure the invited date is set
|
|
|
|
|
user.InvitedDate = DateTime.Now;
|
|
|
|
|
|
2020-10-23 10:10:02 +11:00
|
|
|
//Save the updated user (which will process the user groups too)
|
2020-06-22 10:08:08 +02:00
|
|
|
_userService.Save(user);
|
|
|
|
|
var display = _umbracoMapper.Map<UserDisplay>(user);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2021-02-26 16:37:34 +01:00
|
|
|
//send the email
|
|
|
|
|
await SendUserInviteEmailAsync(display, _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser.Name, _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser.Email, user, userSave.Message);
|
2020-10-23 10:10:02 +11:00
|
|
|
|
|
|
|
|
display.AddSuccessNotification(_localizedTextService.Localize("speechBubbles/resendInviteHeader"), _localizedTextService.Localize("speechBubbles/resendInviteSuccess", new[] { user.Name }));
|
2017-09-12 16:22:16 +02:00
|
|
|
return display;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-19 15:51:47 +02:00
|
|
|
private IUser CheckUniqueEmail(string email, Func<IUser, bool> extraCheck)
|
|
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
var user = _userService.GetByEmail(email);
|
2017-09-19 15:51:47 +02:00
|
|
|
if (user != null && (extraCheck == null || extraCheck(user)))
|
|
|
|
|
{
|
|
|
|
|
ModelState.AddModelError("Email", "A user with the email already exists");
|
|
|
|
|
}
|
|
|
|
|
return user;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-22 16:36:07 +01:00
|
|
|
private ActionResult<IUser> CheckUniqueUsername(string username, Func<IUser, bool> extraCheck)
|
2017-09-19 15:51:47 +02:00
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
var user = _userService.GetByUsername(username);
|
2017-09-19 15:51:47 +02:00
|
|
|
if (user != null && (extraCheck == null || extraCheck(user)))
|
|
|
|
|
{
|
|
|
|
|
ModelState.AddModelError(
|
2020-03-12 14:36:25 +01:00
|
|
|
_securitySettings.UsernameIsEmail ? "Email" : "Username",
|
2017-09-19 15:51:47 +02:00
|
|
|
"A user with the username already exists");
|
2021-01-13 11:29:56 +01:00
|
|
|
return new ValidationErrorResult(new SimpleValidationModel(ModelState.ToErrorDictionary()));
|
2017-09-19 15:51:47 +02:00
|
|
|
}
|
2020-12-22 16:36:07 +01:00
|
|
|
|
|
|
|
|
return new ActionResult<IUser>(user);
|
2017-09-19 15:51:47 +02:00
|
|
|
}
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2018-03-27 10:04:07 +02:00
|
|
|
private async Task SendUserInviteEmailAsync(UserBasic userDisplay, string from, string fromEmail, IUser to, string message)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2020-10-23 14:18:53 +11:00
|
|
|
var user = await _userManager.FindByIdAsync(((int) userDisplay.Id).ToString());
|
|
|
|
|
var token = await _userManager.GenerateEmailConfirmationTokenAsync(user);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
var inviteToken = string.Format("{0}{1}{2}",
|
|
|
|
|
(int)userDisplay.Id,
|
|
|
|
|
WebUtility.UrlEncode("|"),
|
|
|
|
|
token.ToUrlBase64());
|
|
|
|
|
|
2020-10-05 20:48:38 +02:00
|
|
|
// Get an mvc helper to get the URL
|
2021-01-12 16:15:19 +01:00
|
|
|
var action = _linkGenerator.GetPathByAction(
|
|
|
|
|
nameof(BackOfficeController.VerifyInvite),
|
|
|
|
|
ControllerExtensions.GetControllerName<BackOfficeController>(),
|
|
|
|
|
new
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2021-01-12 16:15:19 +01:00
|
|
|
area = Constants.Web.Mvc.BackOfficeArea,
|
2017-09-12 16:22:16 +02:00
|
|
|
invite = inviteToken
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Construct full URL using configured application URL (which will fall back to request)
|
2021-02-08 11:00:15 +01:00
|
|
|
var applicationUri = _hostingEnvironment.ApplicationMainUrl;
|
2017-09-12 16:22:16 +02:00
|
|
|
var inviteUri = new Uri(applicationUri, action);
|
|
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
var emailSubject = _localizedTextService.Localize("user/inviteEmailCopySubject",
|
2017-09-12 16:22:16 +02:00
|
|
|
//Ensure the culture of the found user is used for the email!
|
2020-06-22 10:08:08 +02:00
|
|
|
UmbracoUserExtensions.GetUserCulture(to.Language, _localizedTextService, _globalSettings));
|
|
|
|
|
var emailBody = _localizedTextService.Localize("user/inviteEmailCopyFormat",
|
2017-09-12 16:22:16 +02:00
|
|
|
//Ensure the culture of the found user is used for the email!
|
2020-06-22 10:08:08 +02:00
|
|
|
UmbracoUserExtensions.GetUserCulture(to.Language, _localizedTextService, _globalSettings),
|
2018-03-27 10:04:07 +02:00
|
|
|
new[] { userDisplay.Name, from, message, inviteUri.ToString(), fromEmail });
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2020-10-23 12:37:23 +02:00
|
|
|
var mailMessage = new EmailMessage(fromEmail, to.Email, emailSubject, emailBody, true);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2021-06-01 06:41:56 +02:00
|
|
|
await _emailSender.SendAsync(mailMessage, true);
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Saves a user
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="userSave"></param>
|
|
|
|
|
/// <returns></returns>
|
2020-12-02 14:21:05 +00:00
|
|
|
[OutgoingEditorModelEvent]
|
2020-12-22 16:36:07 +01:00
|
|
|
public ActionResult<UserDisplay> PostSaveUser(UserSave userSave)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
if (userSave == null) throw new ArgumentNullException(nameof(userSave));
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
if (ModelState.IsValid == false)
|
|
|
|
|
{
|
2021-01-13 11:29:56 +01:00
|
|
|
return new ValidationErrorResult(new SimpleValidationModel(ModelState.ToErrorDictionary()));
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var intId = userSave.Id.TryConvertTo<int>();
|
|
|
|
|
if (intId.Success == false)
|
2021-01-13 08:53:41 +01:00
|
|
|
return NotFound();
|
2020-12-22 16:36:07 +01:00
|
|
|
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
var found = _userService.GetUserById(intId.Result);
|
2017-09-12 16:22:16 +02:00
|
|
|
if (found == null)
|
2021-01-12 14:00:14 +01:00
|
|
|
return NotFound();
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2017-09-19 15:51:47 +02:00
|
|
|
//Perform authorization here to see if the current user can actually save this user with the info being requested
|
2021-02-26 14:52:54 +00:00
|
|
|
var canSaveUser = _userEditorAuthorizationHelper.IsAuthorized(_backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser, found, userSave.StartContentIds, userSave.StartMediaIds, userSave.UserGroups);
|
2017-09-19 15:51:47 +02:00
|
|
|
if (canSaveUser == false)
|
|
|
|
|
{
|
2021-01-12 14:00:14 +01:00
|
|
|
return Unauthorized(canSaveUser.Result);
|
2017-09-19 15:51:47 +02:00
|
|
|
}
|
|
|
|
|
|
2017-09-12 16:22:16 +02:00
|
|
|
var hasErrors = false;
|
|
|
|
|
|
2020-10-23 10:10:02 +11:00
|
|
|
// we need to check if there's any Deny Local login providers present, if so we need to ensure that the user's email address cannot be changed
|
2020-10-23 14:18:53 +11:00
|
|
|
var hasDenyLocalLogin = _externalLogins.HasDenyLocalLogin();
|
2020-10-23 10:10:02 +11:00
|
|
|
if (hasDenyLocalLogin)
|
|
|
|
|
{
|
|
|
|
|
userSave.Email = found.Email; // it cannot change, this would only happen if people are mucking around with the request
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
var existing = _userService.GetByEmail(userSave.Email);
|
2017-09-12 16:22:16 +02:00
|
|
|
if (existing != null && existing.Id != userSave.Id)
|
|
|
|
|
{
|
|
|
|
|
ModelState.AddModelError("Email", "A user with the email already exists");
|
|
|
|
|
hasErrors = true;
|
|
|
|
|
}
|
2020-06-22 10:08:08 +02:00
|
|
|
existing = _userService.GetByUsername(userSave.Username);
|
2017-09-12 16:22:16 +02:00
|
|
|
if (existing != null && existing.Id != userSave.Id)
|
|
|
|
|
{
|
|
|
|
|
ModelState.AddModelError("Username", "A user with the username already exists");
|
|
|
|
|
hasErrors = true;
|
|
|
|
|
}
|
|
|
|
|
// going forward we prefer to align usernames with email, so we should cross-check to make sure
|
|
|
|
|
// the email or username isn't somehow being used by anyone.
|
2020-06-22 10:08:08 +02:00
|
|
|
existing = _userService.GetByEmail(userSave.Username);
|
2017-09-12 16:22:16 +02:00
|
|
|
if (existing != null && existing.Id != userSave.Id)
|
|
|
|
|
{
|
|
|
|
|
ModelState.AddModelError("Username", "A user using this as their email already exists");
|
|
|
|
|
hasErrors = true;
|
|
|
|
|
}
|
2020-06-22 10:08:08 +02:00
|
|
|
existing = _userService.GetByUsername(userSave.Email);
|
2017-09-12 16:22:16 +02:00
|
|
|
if (existing != null && existing.Id != userSave.Id)
|
|
|
|
|
{
|
|
|
|
|
ModelState.AddModelError("Email", "A user using this as their username already exists");
|
|
|
|
|
hasErrors = true;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-30 22:26:21 +01:00
|
|
|
// if the found user has their email for username, we want to keep this synced when changing the email.
|
2017-09-12 16:22:16 +02:00
|
|
|
// we have already cross-checked above that the email isn't colliding with anything, so we can safely assign it here.
|
2020-03-12 14:36:25 +01:00
|
|
|
if (_securitySettings.UsernameIsEmail && found.Username == found.Email && userSave.Username != userSave.Email)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
|
|
|
|
userSave.Username = userSave.Email;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (hasErrors)
|
2021-01-13 11:29:56 +01:00
|
|
|
return new ValidationErrorResult(new SimpleValidationModel(ModelState.ToErrorDictionary()));
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
//merge the save data onto the user
|
2020-06-22 10:08:08 +02:00
|
|
|
var user = _umbracoMapper.Map(userSave, found);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
_userService.Save(user);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
var display = _umbracoMapper.Map<UserDisplay>(user);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2021-01-18 15:40:22 +01:00
|
|
|
// determine if the user has changed their own language;
|
2021-02-26 14:52:54 +00:00
|
|
|
var currentUser = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser;
|
2021-01-18 15:40:22 +01:00
|
|
|
var userHasChangedOwnLanguage =
|
|
|
|
|
user.Id == currentUser.Id && currentUser.Language != user.Language;
|
|
|
|
|
|
|
|
|
|
var textToLocalise = userHasChangedOwnLanguage ? "speechBubbles/operationSavedHeaderReloadUser" : "speechBubbles/operationSavedHeader";
|
|
|
|
|
var culture = userHasChangedOwnLanguage
|
|
|
|
|
? CultureInfo.GetCultureInfo(user.Language)
|
|
|
|
|
: Thread.CurrentThread.CurrentUICulture;
|
|
|
|
|
display.AddSuccessNotification(_localizedTextService.Localize(textToLocalise, culture), _localizedTextService.Localize("speechBubbles/editUserSaved", culture));
|
2017-09-12 16:22:16 +02:00
|
|
|
return display;
|
2017-09-19 15:51:47 +02:00
|
|
|
}
|
2017-09-12 16:22:16 +02:00
|
|
|
|
2020-01-27 15:29:04 +10:00
|
|
|
/// <summary>
|
2020-01-29 09:17:08 +01:00
|
|
|
///
|
2020-01-27 15:29:04 +10:00
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="changingPasswordModel"></param>
|
|
|
|
|
/// <returns></returns>
|
2020-12-22 16:36:07 +01:00
|
|
|
public async Task<ActionResult<ModelWithNotifications<string>>> PostChangePassword(ChangingPasswordModel changingPasswordModel)
|
2020-01-27 15:29:04 +10:00
|
|
|
{
|
2020-01-29 09:17:08 +01:00
|
|
|
changingPasswordModel = changingPasswordModel ?? throw new ArgumentNullException(nameof(changingPasswordModel));
|
2020-01-27 15:29:04 +10:00
|
|
|
|
|
|
|
|
if (ModelState.IsValid == false)
|
|
|
|
|
{
|
2021-01-13 11:29:56 +01:00
|
|
|
return new ValidationErrorResult(new SimpleValidationModel(ModelState.ToErrorDictionary()));
|
2020-01-27 15:29:04 +10:00
|
|
|
}
|
|
|
|
|
|
2021-02-20 19:16:31 +00:00
|
|
|
Attempt<int> intId = changingPasswordModel.Id.TryConvertTo<int>();
|
2020-01-27 15:29:04 +10:00
|
|
|
if (intId.Success == false)
|
|
|
|
|
{
|
2021-01-12 14:00:14 +01:00
|
|
|
return NotFound();
|
2020-01-27 15:29:04 +10:00
|
|
|
}
|
|
|
|
|
|
2021-02-20 19:16:31 +00:00
|
|
|
IUser found = _userService.GetUserById(intId.Result);
|
2020-01-27 15:29:04 +10:00
|
|
|
if (found == null)
|
|
|
|
|
{
|
2021-01-12 14:00:14 +01:00
|
|
|
return NotFound();
|
2020-01-27 15:29:04 +10:00
|
|
|
}
|
|
|
|
|
|
2021-02-26 14:52:54 +00:00
|
|
|
IUser currentUser = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser;
|
2021-02-26 12:42:18 +00:00
|
|
|
|
2021-06-15 12:57:14 +01:00
|
|
|
// if it's the current user, the current user cannot reset their own password without providing their old password
|
|
|
|
|
if (currentUser.Username == found.Username && string.IsNullOrEmpty(changingPasswordModel.OldPassword))
|
2021-02-26 12:42:18 +00:00
|
|
|
{
|
2021-06-15 12:57:14 +01:00
|
|
|
return ValidationErrorResult.CreateNotificationValidationErrorResult("Password reset is not allowed without providing old password");
|
2021-02-26 12:42:18 +00:00
|
|
|
}
|
|
|
|
|
|
2021-03-15 09:01:10 +00:00
|
|
|
if (!currentUser.IsAdmin() && found.IsAdmin())
|
|
|
|
|
{
|
2021-06-15 12:57:14 +01:00
|
|
|
return ValidationErrorResult.CreateNotificationValidationErrorResult("The current user cannot change the password for the specified user");
|
2021-03-15 09:01:10 +00:00
|
|
|
}
|
|
|
|
|
|
2021-02-20 19:16:31 +00:00
|
|
|
Attempt<PasswordChangedModel> passwordChangeResult = await _passwordChanger.ChangePasswordWithIdentityAsync(changingPasswordModel, _userManager);
|
2020-01-27 15:29:04 +10:00
|
|
|
|
|
|
|
|
if (passwordChangeResult.Success)
|
|
|
|
|
{
|
|
|
|
|
var result = new ModelWithNotifications<string>(passwordChangeResult.Result.ResetPassword);
|
2020-06-22 10:08:08 +02:00
|
|
|
result.AddSuccessNotification(_localizedTextService.Localize("general/success"), _localizedTextService.Localize("user/passwordChangedGeneric"));
|
2020-01-27 15:29:04 +10:00
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-20 19:16:31 +00:00
|
|
|
foreach (string memberName in passwordChangeResult.Result.ChangeError.MemberNames)
|
2020-01-27 15:29:04 +10:00
|
|
|
{
|
|
|
|
|
ModelState.AddModelError(memberName, passwordChangeResult.Result.ChangeError.ErrorMessage);
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-13 11:39:44 +01:00
|
|
|
return new ValidationErrorResult(new SimpleValidationModel(ModelState.ToErrorDictionary()));
|
2020-01-27 15:29:04 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2017-09-12 16:22:16 +02:00
|
|
|
/// <summary>
|
|
|
|
|
/// Disables the users with the given user ids
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="userIds"></param>
|
2020-11-19 23:53:04 +11:00
|
|
|
[Authorize(Policy = AuthorizationPolicies.AdminUserEditsRequireAdmin)]
|
2020-06-22 10:08:08 +02:00
|
|
|
public IActionResult PostDisableUsers([FromQuery]int[] userIds)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2021-02-26 14:52:54 +00:00
|
|
|
var tryGetCurrentUserId = _backofficeSecurityAccessor.BackOfficeSecurity.GetUserId();
|
2018-03-02 15:48:21 +01:00
|
|
|
if (tryGetCurrentUserId && userIds.Contains(tryGetCurrentUserId.Result))
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2020-12-22 16:36:07 +01:00
|
|
|
return ValidationErrorResult.CreateNotificationValidationErrorResult("The current user cannot disable itself");
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
var users = _userService.GetUsersById(userIds).ToArray();
|
2017-09-12 16:22:16 +02:00
|
|
|
foreach (var u in users)
|
|
|
|
|
{
|
|
|
|
|
u.IsApproved = false;
|
|
|
|
|
u.InvitedDate = null;
|
|
|
|
|
}
|
2020-06-22 10:08:08 +02:00
|
|
|
_userService.Save(users);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
if (users.Length > 1)
|
|
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
return new UmbracoNotificationSuccessResponse(
|
|
|
|
|
_localizedTextService.Localize("speechBubbles/disableUsersSuccess", new[] {userIds.Length.ToString()}));
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
return new UmbracoNotificationSuccessResponse(
|
|
|
|
|
_localizedTextService.Localize("speechBubbles/disableUserSuccess", new[] { users[0].Name }));
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Enables the users with the given user ids
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="userIds"></param>
|
2020-11-19 23:53:04 +11:00
|
|
|
[Authorize(Policy = AuthorizationPolicies.AdminUserEditsRequireAdmin)]
|
2020-06-22 10:08:08 +02:00
|
|
|
public IActionResult PostEnableUsers([FromQuery]int[] userIds)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
var users = _userService.GetUsersById(userIds).ToArray();
|
2017-09-12 16:22:16 +02:00
|
|
|
foreach (var u in users)
|
|
|
|
|
{
|
|
|
|
|
u.IsApproved = true;
|
|
|
|
|
}
|
2020-06-22 10:08:08 +02:00
|
|
|
_userService.Save(users);
|
2017-09-12 16:22:16 +02:00
|
|
|
|
|
|
|
|
if (users.Length > 1)
|
|
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
return new UmbracoNotificationSuccessResponse(
|
|
|
|
|
_localizedTextService.Localize("speechBubbles/enableUsersSuccess", new[] { userIds.Length.ToString() }));
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
return new UmbracoNotificationSuccessResponse(
|
|
|
|
|
_localizedTextService.Localize("speechBubbles/enableUserSuccess", new[] { users[0].Name }));
|
2017-09-19 15:51:47 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Unlocks the users with the given user ids
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="userIds"></param>
|
2020-11-19 23:53:04 +11:00
|
|
|
[Authorize(Policy = AuthorizationPolicies.AdminUserEditsRequireAdmin)]
|
2020-06-22 10:08:08 +02:00
|
|
|
public async Task<IActionResult> PostUnlockUsers([FromQuery]int[] userIds)
|
2017-09-19 15:51:47 +02:00
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
if (userIds.Length <= 0) return Ok();
|
2020-09-04 01:40:46 +10:00
|
|
|
var notFound = new List<int>();
|
2017-09-19 15:51:47 +02:00
|
|
|
|
2020-05-04 18:19:24 +01:00
|
|
|
foreach (var u in userIds)
|
2017-09-19 15:51:47 +02:00
|
|
|
{
|
2020-10-23 14:18:53 +11:00
|
|
|
var user = await _userManager.FindByIdAsync(u.ToString());
|
2020-09-04 01:40:46 +10:00
|
|
|
if (user == null)
|
|
|
|
|
{
|
|
|
|
|
notFound.Add(u);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2020-03-16 13:53:03 +00:00
|
|
|
|
2021-03-18 15:57:53 +11:00
|
|
|
var unlockResult = await _userManager.SetLockoutEndDateAsync(user, DateTimeOffset.Now.AddMinutes(-1));
|
2017-09-19 15:51:47 +02:00
|
|
|
if (unlockResult.Succeeded == false)
|
|
|
|
|
{
|
2020-12-22 16:36:07 +01:00
|
|
|
return new ValidationErrorResult(
|
|
|
|
|
$"Could not unlock for user {u} - error {unlockResult.Errors.ToErrorMessage()}");
|
2017-09-19 15:51:47 +02:00
|
|
|
}
|
|
|
|
|
|
2020-05-04 18:19:24 +01:00
|
|
|
if (userIds.Length == 1)
|
2017-09-19 15:51:47 +02:00
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
return new UmbracoNotificationSuccessResponse(
|
|
|
|
|
_localizedTextService.Localize("speechBubbles/unlockUserSuccess", new[] {user.Name}));
|
2017-09-19 15:51:47 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
return new UmbracoNotificationSuccessResponse(
|
2020-09-04 01:40:46 +10:00
|
|
|
_localizedTextService.Localize("speechBubbles/unlockUsersSuccess", new[] {(userIds.Length - notFound.Count).ToString()}));
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2020-11-19 23:53:04 +11:00
|
|
|
[Authorize(Policy = AuthorizationPolicies.AdminUserEditsRequireAdmin)]
|
2020-06-22 10:08:08 +02:00
|
|
|
public IActionResult PostSetUserGroupsOnUsers([FromQuery]string[] userGroupAliases, [FromQuery]int[] userIds)
|
2017-09-12 16:22:16 +02:00
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
var users = _userService.GetUsersById(userIds).ToArray();
|
|
|
|
|
var userGroups = _userService.GetUserGroupsByAlias(userGroupAliases).Select(x => x.ToReadOnlyGroup()).ToArray();
|
2017-09-12 16:22:16 +02:00
|
|
|
foreach (var u in users)
|
|
|
|
|
{
|
|
|
|
|
u.ClearGroups();
|
|
|
|
|
foreach (var userGroup in userGroups)
|
|
|
|
|
{
|
|
|
|
|
u.AddGroup(userGroup);
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-06-22 10:08:08 +02:00
|
|
|
_userService.Save(users);
|
|
|
|
|
return new UmbracoNotificationSuccessResponse(
|
|
|
|
|
_localizedTextService.Localize("speechBubbles/setUserGroupOnUsersSuccess"));
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
|
|
|
|
|
2018-04-09 08:52:54 +02:00
|
|
|
/// <summary>
|
|
|
|
|
/// Deletes the non-logged in user provided id
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="id">User Id</param>
|
|
|
|
|
/// <remarks>
|
|
|
|
|
/// Limited to users that haven't logged in to avoid issues with related records constrained
|
|
|
|
|
/// with a foreign key on the user Id
|
|
|
|
|
/// </remarks>
|
2020-11-19 23:53:04 +11:00
|
|
|
[Authorize(Policy = AuthorizationPolicies.AdminUserEditsRequireAdmin)]
|
2020-06-22 10:08:08 +02:00
|
|
|
public IActionResult PostDeleteNonLoggedInUser(int id)
|
2018-04-09 08:52:54 +02:00
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
var user = _userService.GetUserById(id);
|
2018-04-09 08:52:54 +02:00
|
|
|
if (user == null)
|
|
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
return NotFound();
|
2018-04-09 08:52:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check user hasn't logged in. If they have they may have made content changes which will mean
|
|
|
|
|
// the Id is associated with audit trails, versions etc. and can't be removed.
|
|
|
|
|
if (user.LastLoginDate != default(DateTime))
|
|
|
|
|
{
|
2020-06-22 10:08:08 +02:00
|
|
|
return BadRequest();
|
2018-04-09 08:52:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var userName = user.Name;
|
2020-06-22 10:08:08 +02:00
|
|
|
_userService.Delete(user, true);
|
2018-12-12 17:49:24 +01:00
|
|
|
|
2020-06-22 10:08:08 +02:00
|
|
|
return new UmbracoNotificationSuccessResponse(
|
|
|
|
|
_localizedTextService.Localize("speechBubbles/deleteUserSuccess", new[] { userName }));
|
2018-04-09 08:52:54 +02:00
|
|
|
}
|
|
|
|
|
|
2017-09-12 16:22:16 +02:00
|
|
|
public class PagedUserResult : PagedResult<UserBasic>
|
|
|
|
|
{
|
|
|
|
|
public PagedUserResult(long totalItems, long pageNumber, long pageSize) : base(totalItems, pageNumber, pageSize)
|
|
|
|
|
{
|
|
|
|
|
UserStates = new Dictionary<UserState, int>();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// This is basically facets of UserStates key = state, value = count
|
|
|
|
|
/// </summary>
|
|
|
|
|
[DataMember(Name = "userStates")]
|
|
|
|
|
public IDictionary<UserState, int> UserStates { get; set; }
|
|
|
|
|
}
|
2017-09-19 15:51:47 +02:00
|
|
|
|
2017-09-12 16:22:16 +02:00
|
|
|
}
|
2017-09-23 10:08:18 +02:00
|
|
|
}
|
