From e08023cdb9aac5ad5fa0a2420fe30028b3137734 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Tue, 12 May 2020 19:26:01 +0000 Subject: [PATCH] --- server/AyaNova/Controllers/UserController.cs | 4 +- server/AyaNova/biz/UserBiz.cs | 59 ++++++++++---------- 2 files changed, 33 insertions(+), 30 deletions(-) diff --git a/server/AyaNova/Controllers/UserController.cs b/server/AyaNova/Controllers/UserController.cs index 04291ea2..dc653b67 100644 --- a/server/AyaNova/Controllers/UserController.cs +++ b/server/AyaNova/Controllers/UserController.cs @@ -228,7 +228,7 @@ namespace AyaNova.Api.Controllers //Create and validate - User o = await biz.CreateAsync(inObj); + dtUser o = await biz.CreateAsync(inObj); if (o == null) { @@ -241,7 +241,7 @@ namespace AyaNova.Api.Controllers //return success and link //NOTE: this is a USER object so we don't want to return some key fields for security reasons //which is why the object is "cleaned" before return - return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(UserBiz.CleanUserForReturn(o))); + return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o)); } } diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs index cb30e74e..dd0554d5 100644 --- a/server/AyaNova/biz/UserBiz.cs +++ b/server/AyaNova/biz/UserBiz.cs @@ -47,7 +47,7 @@ namespace AyaNova.Biz //////////////////////////////////////////////////////////////////////////////////////////////// //CREATE - internal async Task CreateAsync(User inObj) + internal async Task CreateAsync(User inObj) { //password and login are optional but in the sense that they can be left out in a PUT // but if left out here we need to generate a random value instead so they can't login but the code is happy @@ -101,11 +101,10 @@ namespace AyaNova.Biz //TAGS await TagUtil.ProcessUpdateTagsInRepositoryAsync(ct, inObj.Tags, null); - //Accept, but never return a User's password or login - inObj.Password = null; - inObj.Login = null; + dtUser retUser = new dtUser(); + CopyObject.Copy(inObj, retUser); + return retUser; - return inObj; } } @@ -123,11 +122,13 @@ namespace AyaNova.Biz { //Log await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, fetchId, BizType, AyaEvent.Retrieved), ct); - } - dtUser retUser = new dtUser(); - CopyObject.Copy(dbFullUser, retUser); - return retUser; + + dtUser retUser = new dtUser(); + CopyObject.Copy(dbFullUser, retUser); + return retUser; + } + else return null; } @@ -144,7 +145,7 @@ namespace AyaNova.Biz CopyObject.Copy(dbObj, SnapshotOfOriginalDBObj); //Update the db object with the PUT object values - CopyObject.Copy(inObj, dbObj, "Id, Salt, CurrentAuthToken"); + CopyObject.Copy(inObj, dbObj, "Id, Salt, CurrentAuthToken, DlKey, DlKeyExpire"); dbObj.Tags = TagUtil.NormalizeTags(dbObj.Tags); dbObj.CustomFields = JsonUtil.CompactJson(dbObj.CustomFields); @@ -507,24 +508,26 @@ namespace AyaNova.Biz //////////////////////////////////////////////////////////////////////////////////////////////// // Utilities // - internal static object CleanUserForReturn(User o) - { - return new - { - Id = o.Id, - ConcurrencyToken = o.ConcurrencyToken, - Active = o.Active, - Name = o.Name, - Roles = o.Roles, - TranslationId = o.UserOptions.TranslationId, - UserType = o.UserType, - EmployeeNumber = o.EmployeeNumber, - Notes = o.Notes, - CustomerId = o.CustomerId, - HeadOfficeId = o.HeadOfficeId, - SubVendorId = o.SubVendorId - }; - } + + //replaced by dtUser object instead + // internal static object CleanUserForReturn(User o) + // { + // return new + // { + // Id = o.Id, + // ConcurrencyToken = o.ConcurrencyToken, + // Active = o.Active, + // Name = o.Name, + // Roles = o.Roles, + // TranslationId = o.UserOptions.TranslationId, + // UserType = o.UserType, + // EmployeeNumber = o.EmployeeNumber, + // Notes = o.Notes, + // CustomerId = o.CustomerId, + // HeadOfficeId = o.HeadOfficeId, + // SubVendorId = o.SubVendorId + // }; + // }