admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deactivate users cancel auth token, also docs

Browse Source
This commit is contained in:
John Cardinal
2021-11-10 21:31:37 +00:00
parent 4d20539429
commit fe0eaef9e0
2 changed files with 103 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
server/AyaNova/biz/UserBiz.cs
View File

@@ -297,56 +297,6 @@ namespace AyaNova.Biz
}
}
// ////////////////////////////////////////////////////////////////////////////////////////////////
// //DUPLICATE
// //
// internal async Task<User> DuplicateAsync(long id)
// {
// User dbObject = await GetAsync(id, false);
// if (dbObject == null)
// {
// AddError(ApiErrorCode.NOT_FOUND, "id");
// return null;
// }
// //Also used for Contacts (customer type user or ho type user)
// //by users with no User right but with Customer rights so need to double check here
// if (
// (dbObject.IsOutsideUser && !Authorized.HasCreateRole(CurrentUserRoles, AyaType.Customer)) ||
// (!dbObject.IsOutsideUser && !Authorized.HasCreateRole(CurrentUserRoles, AyaType.User))
// )
// {
// AddError(ApiErrorCode.NOT_AUTHORIZED);
// return null;
// }
// User newObject = new User();
// CopyObject.Copy(dbObject, newObject, "Id, Salt, Login, Password, CurrentAuthToken, DlKey, DlKeyExpire, Wiki, Serial");
// string newUniqueName = string.Empty;
// bool NotUnique = true;
// long l = 1;
// do
// {
// newUniqueName = Util.StringUtil.UniqueNameBuilder(dbObject.Name, l++, 255);
// NotUnique = await ct.User.AnyAsync(z => z.Name == newUniqueName);
// } while (NotUnique);
// newObject.Name = newUniqueName;
// newObject.Id = 0;
// newObject.Concurrency = 0;
// newObject.Salt = Hasher.GenerateSalt();
// newObject.Password = Hasher.GenerateSalt();
// newObject.Login = Hasher.GenerateSalt();
// newObject.UserOptions = new UserOptions();
// newObject.UserOptions.TranslationId = ServerBootConfig.AYANOVA_DEFAULT_TRANSLATION_ID;
// await ct.User.AddAsync(newObject);
// await ct.SaveChangesAsync();
// await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, newObject.Id, BizType, AyaEvent.Created), ct);
// await SearchIndexAsync(newObject, true);
// await TagBiz.ProcessUpdateTagsInRepositoryAsync(ct, newObject.Tags, null);
// await HandlePotentialNotificationEvent(AyaEvent.Created, newObject);
// return newObject;
// }
////////////////////////////////////////////////////////////////////////////////////////////////
/// GET
@@ -388,86 +338,6 @@ namespace AyaNova.Biz
}
// ////////////////////////////////////////////////////////////////////////////////////////////////
// //UPDATE
// //
// internal async Task<User> PutAsync(User putObject)
// {
// //todo: update to use the new PUT methodology
// var dbObject = await GetAsync(putObject.Id, false);
// if (dbObject == null)
// {
// AddError(ApiErrorCode.NOT_FOUND, "id");
// return null;
// }
// //Also used for Contacts (customer type user or ho type user)
// //by users with no User right but with Customer rights so need to double check here
// if (
// (dbObject.IsOutsideUser && !Authorized.HasModifyRole(CurrentUserRoles, AyaType.Customer)) ||
// (!dbObject.IsOutsideUser && !Authorized.HasModifyRole(CurrentUserRoles, AyaType.User))
// )
// {
// AddError(ApiErrorCode.NOT_AUTHORIZED);
// return null;
// }
// User SnapshotOfOriginalDBObj = new User();
// CopyObject.Copy(dbObject, SnapshotOfOriginalDBObj);
// CopyObject.Copy(putObject, dbObject, "Id, Salt, CurrentAuthToken, LoginKey, DlKey, DlKeyExpire");
// dbObject.Tags = TagBiz.NormalizeTags(dbObject.Tags);
// dbObject.CustomFields = JsonUtil.CompactJson(dbObject.CustomFields);
// //NOTE: It's valid to call this without intending to change login or password (null values)
// //Is the user updating the password?
// if (!string.IsNullOrWhiteSpace(putObject.Password))
// {
// //YES password is being updated:
// dbObject.Password = Hasher.hash(SnapshotOfOriginalDBObj.Salt, putObject.Password);
// }
// else
// {
// //No, use the snapshot password value
// dbObject.Password = SnapshotOfOriginalDBObj.Password;
// dbObject.Salt = SnapshotOfOriginalDBObj.Salt;
// }
// //Updating login?
// if (!string.IsNullOrWhiteSpace(putObject.Login))
// {
// //YES Login is being updated:
// dbObject.Login = putObject.Login;
// }
// else
// {
// //No, use the original value
// dbObject.Login = SnapshotOfOriginalDBObj.Login;
// }
// ct.Entry(dbObject).OriginalValues["Concurrency"] = putObject.Concurrency;
// await ValidateAsync(dbObject, SnapshotOfOriginalDBObj);
// if (HasErrors) return null;
// try
// {
// await ct.SaveChangesAsync();
// }
// catch (DbUpdateConcurrencyException)
// {
// if (!await ExistsAsync(putObject.Id))
// AddError(ApiErrorCode.NOT_FOUND);
// else
// AddError(ApiErrorCode.CONCURRENCY_CONFLICT);
// return null;
// }
// await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.Id, BizType, AyaEvent.Modified), ct);
// await SearchIndexAsync(dbObject, false);
// await TagBiz.ProcessUpdateTagsInRepositoryAsync(ct, dbObject.Tags, SnapshotOfOriginalDBObj.Tags);
// await HandlePotentialNotificationEvent(AyaEvent.Modified, dbObject, SnapshotOfOriginalDBObj);
// return dbObject;
// }
////////////////////////////////////////////////////////////////////////////////////////////////
//UPDATE
@@ -528,6 +398,13 @@ namespace AyaNova.Biz
putObject.Login = dbObject.Login;
}
//DE-ACTIVATING USER?
if (putObject.Active == false && dbObject.Active == true)
{
//yes, deactivating, so revoke their auth token
putObject.CurrentAuthToken = Hasher.GenerateSalt();//new random token that will definitely not work
}
await ValidateAsync(putObject, dbObject);
if (HasErrors) return null;
ct.Replace(dbObject, putObject);