Skip to content
Snippets Groups Projects

merge from develop

Merged merge from develop
develop into master
Merged Lucca Santangelo Dodera requested to merge develop into master
Viewing commit 348a8963
Prev Next
Show latest version
1 file
+ 1
1
Compare changes
  • Side-by-side
  • Inline
Tsi1.Api/Tsi1.Api/Controllers/UserController.cs
+ 273
24
@@ -23,21 +23,27 @@ namespace Tsi1.Api.Controllers
private readonly IUserService _userService;
private readonly IUserTypeService _userTypeService;
private readonly ITenantService _tenantService;
public UserController(IJwtAuthManager jwtAuthManager, IUserService userService,
IUserTypeService userTypeService, ITenantService tenantService)
private readonly IEmailService _emailService;
public UserController(
IJwtAuthManager jwtAuthManager,
IUserService userService,
IUserTypeService userTypeService,
ITenantService tenantService,
IEmailService emailService)
{
_jwtAuthManager = jwtAuthManager;
_userService = userService;
_userTypeService = userTypeService;
_tenantService = tenantService;
_emailService = emailService;
}
[AllowAnonymous]
[HttpPost("Login")]
public async Task<IActionResult> Login(LoginRequest request)
{
var resultSplit = request.UserName.Split("@");
var resultSplit = request.Username.Split("@");
if (resultSplit.Count() != 2)
{
@@ -45,9 +51,7 @@ namespace Tsi1.Api.Controllers
}
var userName = resultSplit[0];
var tenantName = resultSplit[1];
var tenantId = await _tenantService.GetByName(tenantName);
if (tenantId.HasError)
@@ -56,7 +60,6 @@ namespace Tsi1.Api.Controllers
}
var result = await _userService.Authenticate(userName, request.Password, tenantId.Data);
if (result.HasError)
{
return BadRequest(result.Message);
@@ -110,68 +113,178 @@ namespace Tsi1.Api.Controllers
}
}
[Authorize(Roles = UserTypes.FacultyAdmin)]
[Authorize(Roles = UserTypes.FacultyAdmin + ", " + UserTypes.UdelarAdmin)]
[HttpPost("Register")]
public async Task<IActionResult> Register(UserRegisterDto dto)
public async Task<IActionResult> Register(UserRegisterDto dto, [FromQuery] int? tenantId = null)
{
var tenantId = int.Parse(HttpContext.User.Claims.FirstOrDefault(x => x.Type == "TenantId").Value);
var myUserType = HttpContext.User.Claims.FirstOrDefault(x => x.Type == ClaimTypes.Role).Value;
if (myUserType == UserTypes.UdelarAdmin && tenantId == null)
{
return BadRequest(string.Format(ErrorMessages.TenantDoesNotExist, tenantId));
}
if (myUserType == UserTypes.FacultyAdmin)
{
tenantId = int.Parse(HttpContext.User.Claims.FirstOrDefault(x => x.Type == "TenantId").Value);
}
var userTypeResult = await _userTypeService.GetById(dto.UserTypeId);
if (userTypeResult.HasError)
{
return BadRequest(userTypeResult.Message);
}
var userType = userTypeResult.Data;
if (myUserType == UserTypes.UdelarAdmin &&
(userType.Name == UserTypes.Student ||
userType.Name == UserTypes.Professor))
{
return BadRequest(string.Format(ErrorMessages.InvalidUserType, userType.Name));
}
if (myUserType == UserTypes.FacultyAdmin &&
(userType.Name == UserTypes.UdelarAdmin ||
userType.Name == UserTypes.FacultyAdmin))
{
return BadRequest(string.Format(ErrorMessages.InvalidUserType, userType.Name));
}
var userServiceResult = await _userService.Create(dto, userType.Name, (int) tenantId);
if (userServiceResult.HasError)
{
BadRequest(userServiceResult.Message);
}
return Ok();
}
[Authorize(Roles = UserTypes.FacultyAdmin + ", " + UserTypes.UdelarAdmin)]
[HttpPut("Modify/{userId}")]
public async Task<IActionResult> Modify(UserModifyDto dto, int userId)
{
var myUserType = HttpContext.User.Claims.FirstOrDefault(x => x.Type == ClaimTypes.Role).Value;
var userTypeResult = await _userService.GetUserType(userId);
if (userTypeResult.HasError)
{
return BadRequest(userTypeResult.Message);
}
if (myUserType == UserTypes.FacultyAdmin)
{
var tenantId = int.Parse(HttpContext.User.Claims.FirstOrDefault(x => x.Type == "TenantId").Value);
var userTenant = await _userService.GetTenant(userId);
if (userTenant.HasError)
{
return BadRequest(userTenant.Message);
}
if (userTenant.Data != tenantId)
{
return BadRequest("No se puede modificar un usuario de otra facultad");
}
}
var userType = userTypeResult.Data;
if (userType.Name == UserTypes.UdelarAdmin ||
userType.Name == UserTypes.FacultyAdmin)
if (myUserType == UserTypes.UdelarAdmin &&
(userType.Name == UserTypes.Student ||
userType.Name == UserTypes.Professor))
{
return BadRequest(string.Format(ErrorMessages.InvalidUserType, userType.Name));
}
if (myUserType == UserTypes.FacultyAdmin &&
(userType.Name == UserTypes.UdelarAdmin ||
userType.Name == UserTypes.FacultyAdmin))
{
return BadRequest(string.Format(ErrorMessages.InvalidUserType, userType.Name));
}
var userServiceResult = await _userService.Create(dto, userType.Name, tenantId);
var userServiceResult = await _userService.Modify(dto, userType.Name, userId);
if (userServiceResult.HasError)
{
return BadRequest(userServiceResult.Message);
}
if (userServiceResult.Data == false)
{
return NotFound(userServiceResult.Message);
}
return Ok();
}
[Authorize(Roles = UserTypes.UdelarAdmin)]
[HttpPost("RegisterAdmin/{tenantId}")]
public async Task<IActionResult> RegisterAdmin(UserRegisterDto dto, int tenantId)
[Authorize(Roles = UserTypes.FacultyAdmin + ", " + UserTypes.UdelarAdmin)]
[HttpDelete("Delete/{userId}")]
public async Task<IActionResult> Delete(int userId)
{
var userTypeResult = await _userTypeService.GetById(dto.UserTypeId);
var myUserType = HttpContext.User.Claims.FirstOrDefault(x => x.Type == ClaimTypes.Role).Value;
if (myUserType == UserTypes.FacultyAdmin)
{
var tenantId = int.Parse(HttpContext.User.Claims.FirstOrDefault(x => x.Type == "TenantId").Value);
var userTenant = await _userService.GetTenant(userId);
if (userTenant.HasError)
{
return BadRequest(userTenant.Message);
}
if (userTenant.Data != tenantId)
{
return BadRequest("No se puede borrar un usuario de otra facultad");
}
}
var userTypeResult = await _userService.GetUserType(userId);
if (userTypeResult.HasError)
{
BadRequest(userTypeResult.Message);
return BadRequest(userTypeResult.Message);
}
var userType = userTypeResult.Data;
if (userType.Name == UserTypes.Student ||
userType.Name == UserTypes.Professor)
if (myUserType == UserTypes.UdelarAdmin &&
(userType.Name == UserTypes.Student ||
userType.Name == UserTypes.Professor))
{
return BadRequest(string.Format(ErrorMessages.InvalidUserType, userType.Name));
}
if (myUserType == UserTypes.FacultyAdmin &&
(userType.Name == UserTypes.UdelarAdmin ||
userType.Name == UserTypes.FacultyAdmin))
{
return BadRequest(string.Format(ErrorMessages.InvalidUserType, userType.Name));
}
var userServiceResult = await _userService.Create(dto, userType.Name, tenantId);
var userServiceResult = await _userService.Delete(userId);
if (userServiceResult.HasError)
{
BadRequest(userServiceResult.Message);
return BadRequest(userServiceResult.Message);
}
if (userServiceResult.Data == false)
{
return NotFound(userServiceResult.Message);
}
return Ok();
}
[Authorize(Roles = UserTypes.Student + ", " + UserTypes.Professor)]
[Authorize(Roles = UserTypes.Student + ", " + UserTypes.Professor + ", " + UserTypes.FacultyAdmin)]
[HttpGet("GetAll")]
public async Task<IActionResult> GetAll()
{
@@ -187,6 +300,39 @@ namespace Tsi1.Api.Controllers
return Ok(result.Data);
}
[Authorize(Roles = UserTypes.FacultyAdmin)]
[HttpGet("GetStudents")]
public async Task<IActionResult> GetStudents()
{
var tenantId = int.Parse(HttpContext.User.Claims.FirstOrDefault(x => x.Type == "TenantId").Value);
var result = await _userService.GetStudents(tenantId);
if (result.HasError)
{
return BadRequest(result.Message);
}
return Ok(result.Data);
}
[Authorize(Roles = UserTypes.FacultyAdmin)]
[HttpGet("GetProfessors")]
public async Task<IActionResult> GetProfessors()
{
var tenantId = int.Parse(HttpContext.User.Claims.FirstOrDefault(x => x.Type == "TenantId").Value);
var result = await _userService.GetProfessors(tenantId);
if (result.HasError)
{
return BadRequest(result.Message);
}
return Ok(result.Data);
}
[Authorize(Roles = UserTypes.Student + ", " + UserTypes.Professor)]
[HttpGet("GetById/{userId}")]
public async Task<IActionResult> GetById(int userId)
@@ -217,5 +363,108 @@ namespace Tsi1.Api.Controllers
return Ok(result.Data);
}
[AllowAnonymous]
[HttpGet("ForgotPassword/{username}")]
public async Task<IActionResult> ForgotPassword(string username)
{
var resultSplit = username.Split("@");
if (resultSplit.Count() != 2)
{
return BadRequest(ErrorMessages.InvalidUsername);
}
username = resultSplit[0];
var tenantName = resultSplit[1];
var tenantId = await _tenantService.GetByName(tenantName);
if (tenantId.HasError)
{
return BadRequest(tenantId.Message);
}
var userResult = await _userService.GetByUsername(username, tenantId.Data);
if (userResult.HasError)
{
return BadRequest(userResult.Message);
}
var code = _jwtAuthManager.GenerateVerificationCode(username, DateTime.Now);
var result = await _emailService.SendVerificationCode(userResult.Data.Email, code);
if (result.HasError)
{
return BadRequest("Ha ocurrido un error");
}
return Ok();
}
[AllowAnonymous]
[HttpGet("VerificationCode/{username}/{code}")]
public async Task<IActionResult> VerificationCode(string username, int code)
{
var resultSplit = username.Split("@");
if (resultSplit.Count() != 2)
{
return BadRequest(ErrorMessages.InvalidUsername);
}
username = resultSplit[0];
var tenantName = resultSplit[1];
var tenantId = await _tenantService.GetByName(tenantName);
if (tenantId.HasError)
{
return BadRequest(tenantId.Message);
}
if (!_jwtAuthManager.ValidateVerificationCode(username, code))
{
return BadRequest("Código de verificación incorrecto");
}
var userResult = await _userService.GetByUsername(username, tenantId.Data);
if (userResult.HasError)
{
return BadRequest(userResult.Message);
}
var user = userResult.Data;
var claims = new[]
{
new Claim("Id", user.Id.ToString()),
new Claim("Username", user.Username),
new Claim("TenantId", user.TenantId.ToString()),
new Claim(ClaimTypes.Role, user.UserType.Name)
};
var jwtResult = _jwtAuthManager.GenerateTokens(user.Username, claims, DateTime.Now);
return Ok(new LoginResult
{
Id = user.Id,
UserName = user.Username,
Role = user.UserType.Name,
AccessToken = jwtResult.AccessToken,
RefreshToken = jwtResult.RefreshToken.TokenString
});
}
[HttpPost("RestorePassword")]
public async Task<IActionResult> RestorePassword(RestorePasswordDto dto)
{
var userId = int.Parse(HttpContext.User.Claims.FirstOrDefault(x => x.Type == "Id").Value);
var result = await _userService.UpdatePassword(userId, dto.Password);
if (result.HasError)
{
return BadRequest(result.Message);
}
return Ok();
}
}
}