2021-04-05 05:56:48 +02:00
|
|
|
#nullable enable
|
2021-03-14 21:02:43 +01:00
|
|
|
using System;
|
|
|
|
using System.Collections.Generic;
|
2024-01-31 06:45:54 +01:00
|
|
|
using System.Diagnostics.CodeAnalysis;
|
2021-03-14 20:24:32 +01:00
|
|
|
using System.Linq;
|
|
|
|
using System.Threading.Tasks;
|
2022-02-15 16:19:52 +01:00
|
|
|
using BTCPayServer.Client.Models;
|
2021-03-14 20:24:32 +01:00
|
|
|
using BTCPayServer.Data;
|
2024-01-31 06:45:54 +01:00
|
|
|
using BTCPayServer.Events;
|
2021-12-31 08:59:02 +01:00
|
|
|
using BTCPayServer.Storage.Services;
|
|
|
|
using Microsoft.AspNetCore.Identity;
|
2022-02-15 16:19:52 +01:00
|
|
|
using Microsoft.EntityFrameworkCore;
|
2023-02-15 06:28:34 +01:00
|
|
|
using Microsoft.Extensions.DependencyInjection;
|
2022-04-26 14:27:35 +02:00
|
|
|
using Microsoft.Extensions.Logging;
|
2021-03-14 20:24:32 +01:00
|
|
|
|
|
|
|
namespace BTCPayServer.Services
|
|
|
|
{
|
|
|
|
public class UserService
|
|
|
|
{
|
2023-02-15 06:28:34 +01:00
|
|
|
private readonly IServiceProvider _serviceProvider;
|
2021-03-14 20:24:32 +01:00
|
|
|
private readonly StoredFileRepository _storedFileRepository;
|
|
|
|
private readonly FileService _fileService;
|
2024-01-31 06:45:54 +01:00
|
|
|
private readonly EventAggregator _eventAggregator;
|
2022-02-15 16:19:52 +01:00
|
|
|
private readonly ApplicationDbContextFactory _applicationDbContextFactory;
|
2022-04-26 14:27:35 +02:00
|
|
|
private readonly ILogger<UserService> _logger;
|
2021-03-14 20:24:32 +01:00
|
|
|
|
|
|
|
public UserService(
|
2023-02-15 06:28:34 +01:00
|
|
|
IServiceProvider serviceProvider,
|
2021-03-14 20:24:32 +01:00
|
|
|
StoredFileRepository storedFileRepository,
|
|
|
|
FileService fileService,
|
2024-01-31 06:45:54 +01:00
|
|
|
EventAggregator eventAggregator,
|
2022-04-26 14:27:35 +02:00
|
|
|
ApplicationDbContextFactory applicationDbContextFactory,
|
|
|
|
ILogger<UserService> logger)
|
2021-03-14 20:24:32 +01:00
|
|
|
{
|
2023-02-15 06:28:34 +01:00
|
|
|
_serviceProvider = serviceProvider;
|
2021-03-14 20:24:32 +01:00
|
|
|
_storedFileRepository = storedFileRepository;
|
|
|
|
_fileService = fileService;
|
2024-01-31 06:45:54 +01:00
|
|
|
_eventAggregator = eventAggregator;
|
2022-02-15 16:19:52 +01:00
|
|
|
_applicationDbContextFactory = applicationDbContextFactory;
|
2022-04-26 14:27:35 +02:00
|
|
|
_logger = logger;
|
2022-02-15 16:19:52 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
public async Task<List<ApplicationUserData>> GetUsersWithRoles()
|
|
|
|
{
|
|
|
|
await using var context = _applicationDbContextFactory.CreateContext();
|
2023-01-06 14:18:07 +01:00
|
|
|
return await (context.Users.Select(p => FromModel(p, p.UserRoles.Join(context.Roles, userRole => userRole.RoleId, role => role.Id,
|
|
|
|
(userRole, role) => role.Name).ToArray()))).ToListAsync();
|
2022-02-15 16:19:52 +01:00
|
|
|
}
|
2023-01-06 14:18:07 +01:00
|
|
|
|
2023-11-28 15:20:03 +01:00
|
|
|
public static ApplicationUserData FromModel(ApplicationUser data, string?[] roles)
|
2022-02-15 16:19:52 +01:00
|
|
|
{
|
2024-01-31 06:45:54 +01:00
|
|
|
return new ApplicationUserData
|
2022-02-15 16:19:52 +01:00
|
|
|
{
|
|
|
|
Id = data.Id,
|
|
|
|
Email = data.Email,
|
|
|
|
EmailConfirmed = data.EmailConfirmed,
|
|
|
|
RequiresEmailConfirmation = data.RequiresEmailConfirmation,
|
2024-01-31 06:45:54 +01:00
|
|
|
Approved = data.Approved,
|
|
|
|
RequiresApproval = data.RequiresApproval,
|
2022-02-15 16:19:52 +01:00
|
|
|
Created = data.Created,
|
2022-04-26 14:27:35 +02:00
|
|
|
Roles = roles,
|
|
|
|
Disabled = data.LockoutEnabled && data.LockoutEnd is not null && DateTimeOffset.UtcNow < data.LockoutEnd.Value.UtcDateTime
|
2022-02-15 16:19:52 +01:00
|
|
|
};
|
2021-03-14 20:24:32 +01:00
|
|
|
}
|
2021-12-31 08:59:02 +01:00
|
|
|
|
2024-01-31 06:45:54 +01:00
|
|
|
private static bool IsEmailConfirmed(ApplicationUser user)
|
|
|
|
{
|
|
|
|
return user.EmailConfirmed || !user.RequiresEmailConfirmation;
|
|
|
|
}
|
|
|
|
|
|
|
|
private static bool IsApproved(ApplicationUser user)
|
|
|
|
{
|
|
|
|
return user.Approved || !user.RequiresApproval;
|
|
|
|
}
|
|
|
|
|
|
|
|
private static bool IsDisabled(ApplicationUser user)
|
2022-04-26 14:27:35 +02:00
|
|
|
{
|
|
|
|
return user.LockoutEnabled && user.LockoutEnd is not null &&
|
|
|
|
DateTimeOffset.UtcNow < user.LockoutEnd.Value.UtcDateTime;
|
|
|
|
}
|
2024-01-31 06:45:54 +01:00
|
|
|
|
|
|
|
public static bool TryCanLogin([NotNullWhen(true)] ApplicationUser? user, [MaybeNullWhen(true)] out string error)
|
|
|
|
{
|
|
|
|
error = null;
|
|
|
|
if (user == null)
|
|
|
|
{
|
|
|
|
error = "Invalid login attempt.";
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if (!IsEmailConfirmed(user))
|
|
|
|
{
|
|
|
|
error = "You must have a confirmed email to log in.";
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if (!IsApproved(user))
|
|
|
|
{
|
|
|
|
error = "Your user account requires approval by an admin before you can log in.";
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if (IsDisabled(user))
|
|
|
|
{
|
|
|
|
error = "Your user account is currently disabled.";
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
public async Task<bool> SetUserApproval(string userId, bool approved, Uri requestUri)
|
|
|
|
{
|
|
|
|
using var scope = _serviceProvider.CreateScope();
|
|
|
|
var userManager = scope.ServiceProvider.GetRequiredService<UserManager<ApplicationUser>>();
|
|
|
|
var user = await userManager.FindByIdAsync(userId);
|
|
|
|
if (user is null || !user.RequiresApproval || user.Approved == approved)
|
|
|
|
{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
user.Approved = approved;
|
|
|
|
var succeeded = await userManager.UpdateAsync(user) is { Succeeded: true };
|
|
|
|
if (succeeded)
|
|
|
|
{
|
2024-02-28 12:43:18 +01:00
|
|
|
_logger.LogInformation("User {Email} is now {Status}", user.Email, approved ? "approved" : "unapproved");
|
|
|
|
_eventAggregator.Publish(new UserApprovedEvent { User = user, RequestUri = requestUri });
|
2024-01-31 06:45:54 +01:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2024-02-28 12:43:18 +01:00
|
|
|
_logger.LogError("Failed to {Action} user {Email}", approved ? "approve" : "unapprove", user.Email);
|
2024-01-31 06:45:54 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return succeeded;
|
|
|
|
}
|
|
|
|
|
2022-12-07 19:01:50 +01:00
|
|
|
public async Task<bool?> ToggleUser(string userId, DateTimeOffset? lockedOutDeadline)
|
2022-04-26 14:27:35 +02:00
|
|
|
{
|
2023-02-15 06:28:34 +01:00
|
|
|
using var scope = _serviceProvider.CreateScope();
|
|
|
|
var userManager = scope.ServiceProvider.GetRequiredService<UserManager<ApplicationUser>>();
|
|
|
|
var user = await userManager.FindByIdAsync(userId);
|
2022-04-26 14:27:35 +02:00
|
|
|
if (user is null)
|
|
|
|
{
|
2022-12-07 19:01:50 +01:00
|
|
|
return null;
|
2022-04-26 14:27:35 +02:00
|
|
|
}
|
|
|
|
if (lockedOutDeadline is not null)
|
|
|
|
{
|
2023-02-15 06:28:34 +01:00
|
|
|
await userManager.SetLockoutEnabledAsync(user, true);
|
2022-04-26 14:27:35 +02:00
|
|
|
}
|
|
|
|
|
2023-02-15 06:28:34 +01:00
|
|
|
var res = await userManager.SetLockoutEndDateAsync(user, lockedOutDeadline);
|
2022-04-26 14:27:35 +02:00
|
|
|
if (res.Succeeded)
|
|
|
|
{
|
2024-02-28 12:43:18 +01:00
|
|
|
_logger.LogInformation("User {Email} is now {Status}", user.Email, (lockedOutDeadline is null ? "unlocked" : "locked"));
|
2022-04-26 14:27:35 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2024-02-28 12:43:18 +01:00
|
|
|
_logger.LogError("Failed to set lockout for user {Email}", user.Email);
|
2022-04-26 14:27:35 +02:00
|
|
|
}
|
2022-12-07 19:01:50 +01:00
|
|
|
|
|
|
|
return res.Succeeded;
|
2022-04-26 14:27:35 +02:00
|
|
|
}
|
|
|
|
|
2021-12-31 08:59:02 +01:00
|
|
|
public async Task<bool> IsAdminUser(string userId)
|
2021-11-04 08:21:01 +01:00
|
|
|
{
|
2023-02-15 06:28:34 +01:00
|
|
|
using var scope = _serviceProvider.CreateScope();
|
|
|
|
var userManager = scope.ServiceProvider.GetRequiredService<UserManager<ApplicationUser>>();
|
|
|
|
return Roles.HasServerAdmin(await userManager.GetRolesAsync(new ApplicationUser() { Id = userId }));
|
2021-11-04 08:21:01 +01:00
|
|
|
}
|
2021-03-14 20:24:32 +01:00
|
|
|
|
2021-12-31 08:59:02 +01:00
|
|
|
public async Task<bool> IsAdminUser(ApplicationUser user)
|
2021-04-07 03:19:31 +02:00
|
|
|
{
|
2023-02-15 06:28:34 +01:00
|
|
|
using var scope = _serviceProvider.CreateScope();
|
|
|
|
var userManager = scope.ServiceProvider.GetRequiredService<UserManager<ApplicationUser>>();
|
|
|
|
return Roles.HasServerAdmin(await userManager.GetRolesAsync(user));
|
2021-04-07 03:19:31 +02:00
|
|
|
}
|
|
|
|
|
2022-06-07 03:42:59 +02:00
|
|
|
public async Task<bool> SetAdminUser(string userId, bool enableAdmin)
|
|
|
|
{
|
2023-02-15 06:28:34 +01:00
|
|
|
using var scope = _serviceProvider.CreateScope();
|
|
|
|
var userManager = scope.ServiceProvider.GetRequiredService<UserManager<ApplicationUser>>();
|
|
|
|
var user = await userManager.FindByIdAsync(userId);
|
2023-11-28 15:20:03 +01:00
|
|
|
if (user is null)
|
|
|
|
return false;
|
2022-06-07 03:42:59 +02:00
|
|
|
IdentityResult res;
|
|
|
|
if (enableAdmin)
|
|
|
|
{
|
2023-02-15 06:28:34 +01:00
|
|
|
res = await userManager.AddToRoleAsync(user, Roles.ServerAdmin);
|
2022-06-07 03:42:59 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2023-02-15 06:28:34 +01:00
|
|
|
res = await userManager.RemoveFromRoleAsync(user, Roles.ServerAdmin);
|
2022-06-07 03:42:59 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (res.Succeeded)
|
|
|
|
{
|
2024-02-28 12:43:18 +01:00
|
|
|
_logger.LogInformation("Successfully set admin status for user {Email}", user.Email);
|
2022-06-07 03:42:59 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2024-02-28 12:43:18 +01:00
|
|
|
_logger.LogError("Error setting admin status for user {Email}", user.Email);
|
2022-06-07 03:42:59 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return res.Succeeded;
|
|
|
|
}
|
|
|
|
|
2021-12-31 08:59:02 +01:00
|
|
|
public async Task DeleteUserAndAssociatedData(ApplicationUser user)
|
2021-03-14 20:24:32 +01:00
|
|
|
{
|
2023-02-15 06:28:34 +01:00
|
|
|
using var scope = _serviceProvider.CreateScope();
|
|
|
|
var userManager = scope.ServiceProvider.GetRequiredService<UserManager<ApplicationUser>>();
|
|
|
|
|
2021-03-14 20:24:32 +01:00
|
|
|
var userId = user.Id;
|
|
|
|
var files = await _storedFileRepository.GetFiles(new StoredFileRepository.FilesQuery()
|
|
|
|
{
|
|
|
|
UserIds = new[] { userId },
|
|
|
|
});
|
|
|
|
|
|
|
|
await Task.WhenAll(files.Select(file => _fileService.RemoveFile(file.Id, userId)));
|
|
|
|
|
2023-11-28 15:20:03 +01:00
|
|
|
user = (await userManager.FindByIdAsync(userId))!;
|
|
|
|
if (user is null)
|
|
|
|
return;
|
2023-02-15 06:28:34 +01:00
|
|
|
var res = await userManager.DeleteAsync(user);
|
2022-06-07 03:42:59 +02:00
|
|
|
if (res.Succeeded)
|
|
|
|
{
|
2024-02-28 12:43:18 +01:00
|
|
|
_logger.LogInformation("User {Email} was successfully deleted", user.Email);
|
2022-06-07 03:42:59 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2024-02-28 12:43:18 +01:00
|
|
|
_logger.LogError("Failed to delete user {Email}", user.Email);
|
2023-01-06 14:18:07 +01:00
|
|
|
}
|
2021-03-14 20:24:32 +01:00
|
|
|
}
|
2021-03-14 21:02:43 +01:00
|
|
|
|
2022-04-26 14:27:35 +02:00
|
|
|
public async Task<bool> IsUserTheOnlyOneAdmin(ApplicationUser user)
|
|
|
|
{
|
2023-02-15 06:28:34 +01:00
|
|
|
using var scope = _serviceProvider.CreateScope();
|
|
|
|
var userManager = scope.ServiceProvider.GetRequiredService<UserManager<ApplicationUser>>();
|
|
|
|
var roles = await userManager.GetRolesAsync(user);
|
|
|
|
if (!Roles.HasServerAdmin(roles))
|
2022-04-26 14:27:35 +02:00
|
|
|
{
|
|
|
|
return false;
|
|
|
|
}
|
2023-02-15 06:28:34 +01:00
|
|
|
var adminUsers = await userManager.GetUsersInRoleAsync(Roles.ServerAdmin);
|
2022-06-04 07:10:08 +02:00
|
|
|
var enabledAdminUsers = adminUsers
|
2024-01-31 06:45:54 +01:00
|
|
|
.Where(applicationUser => !IsDisabled(applicationUser) && IsApproved(applicationUser))
|
2022-06-04 07:10:08 +02:00
|
|
|
.Select(applicationUser => applicationUser.Id).ToList();
|
|
|
|
|
|
|
|
return enabledAdminUsers.Count == 1 && enabledAdminUsers.Contains(user.Id);
|
2022-04-26 14:27:35 +02:00
|
|
|
}
|
2021-03-14 20:24:32 +01:00
|
|
|
}
|
|
|
|
}
|