using Microsoft.AspNet.Identity; using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Mvc; using Microsoft.Extensions.Logging; using System.Security.Claims; using System.Threading.Tasks; namespace Yavsc.WebApi.Controllers { using Models; using Models.Account; using ViewModels.Account; using Yavsc.Helpers; using System.Linq; using Microsoft.Data.Entity; using Microsoft.AspNet.Identity.EntityFramework; using Yavsc.Abstract.Identity; [Authorize(),Route("~/api/account")] public class ApiAccountController : Controller { private UserManager _userManager; private readonly SignInManager _signInManager; ApplicationDbContext _dbContext; private ILogger _logger; public ApiAccountController(UserManager userManager, SignInManager signInManager, ILoggerFactory loggerFactory, ApplicationDbContext dbContext) { UserManager = userManager; _signInManager = signInManager; _logger = loggerFactory.CreateLogger("ApiAuth"); _dbContext = dbContext; } public UserManager UserManager { get { return _userManager; } private set { _userManager = value; } } // POST api/Account/ChangePassword [Authorize] public async Task ChangePassword(ChangePasswordBindingModel model) { if (!ModelState.IsValid) { return new BadRequestObjectResult(ModelState); } var user = await _userManager.FindByIdAsync(User.GetUserId()); if (user == null || !(await _userManager.IsEmailConfirmedAsync(user))) { IdentityResult result = await UserManager.ChangePasswordAsync(user, model.OldPassword, model.NewPassword); if (!result.Succeeded) { AddErrors("NewPassword",result); return new BadRequestObjectResult(ModelState); } } return Ok(); } // POST api/Account/SetPassword [Authorize] public async Task SetPassword(SetPasswordBindingModel model) { if (!ModelState.IsValid) { return new BadRequestObjectResult(ModelState); } var user = await _userManager.FindByIdAsync(User.GetUserId()); if (user == null || !(await _userManager.IsEmailConfirmedAsync(user))) { IdentityResult result = await UserManager.AddPasswordAsync(user, model.NewPassword); if (!result.Succeeded) { AddErrors ("NewPassword",result); return new BadRequestObjectResult(ModelState); } } return Ok(); } // POST api/Account/Register [AllowAnonymous] public async Task Register(RegisterViewModel model) { if (!ModelState.IsValid) { return new BadRequestObjectResult(ModelState); } var user = new ApplicationUser { UserName = model.Email, Email = model.Email }; IdentityResult result = await UserManager.CreateAsync(user, model.Password); if (!result.Succeeded) { AddErrors ("Register",result); return new BadRequestObjectResult(ModelState); } await _signInManager.SignInAsync(user, isPersistent: false); return Ok(); } private void AddErrors(string key, IdentityResult result) { foreach (var error in result.Errors) { ModelState.AddModelError(key, error.Description); } } protected override void Dispose(bool disposing) { if (disposing) { UserManager.Dispose(); } base.Dispose(disposing); } [HttpGet("~/api/me"),Authorize] public async Task Me () { if (User==null) return new BadRequestObjectResult( new { error = "user not found" }); var uid = User.GetUserId(); var userData = await _dbContext.Users .Include(u=>u.PostalAddress) .Include(u=>u.AccountBalance) .Include(u=>u.Roles) .FirstAsync(u=>u.Id == uid); var user = new Yavsc.Models.Auth.Me(userData.Id, userData.UserName, userData.Email, userData.Avatar , userData.PostalAddress, userData.DedicatedGoogleCalendar ); var userRoles = _dbContext.UserRoles.Where(u=>u.UserId == uid).ToArray(); IdentityRole [] roles = _dbContext.Roles.Where(r=>userRoles.Any(ur=>ur.RoleId==r.Id)).ToArray(); user.Roles = roles.Select(r=>r.Name).ToArray(); return Ok(user); } [HttpGet("~/api/myip"),Authorize] public IActionResult MyIp () { string ip = null; ip = Request.Headers["X-Forwarded-For"]; if (string.IsNullOrEmpty(ip)) { ip = Request.Host.Value; } else { // Using X-Forwarded-For last address ip = ip.Split(',') .Last() .Trim(); } return Ok(ip); } /// /// Actually only updates the user's name. /// /// MyUpdate containing the new user name /// Ok when all is ok. [HttpPut("~/api/me"),Authorize] public async Task UpdateMe(UserInfo me) { if (!ModelState.IsValid) return new BadRequestObjectResult( new { error = "Specify some valid user update request." }); var user = await _userManager.FindByIdAsync(User.GetUserId()); var result = await _userManager.SetUserNameAsync(user, me.UserName); if (result.Succeeded) return Ok(); else return new BadRequestObjectResult(result); } /// /// Updates the avatar /// /// [HttpPost("~/api/setavatar"),Authorize] public async Task SetAvatar() { var root = User.InitPostToFileSystem(null); var user = await _userManager.FindByIdAsync(User.GetUserId()); if (Request.Form.Files.Count!=1) return new BadRequestResult(); var info = user.ReceiveAvatar(Request.Form.Files[0]); await _userManager.UpdateAsync(user); return Ok(info); } } }