mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-02-22 22:25:28 +01:00
Code Issues Projects Releases Packages Wiki Activity
btcpayserver/BTCPayServer/Controllers/GreenField/GreenfieldUsersController.cs

263 lines
12 KiB
C#
Raw Normal View History

Enable nullable reference checking in UsersController
2021-04-06 18:00:07 -07:00
#nullable enable
Add Created date to user, add verified column in list and make user list use same model as modern lists
2020-10-03 14:12:55 +02:00
using System;
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
using System.Linq;
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
using System.Threading;
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
using System.Threading.Tasks;
Plugins: Allow creation of independent DbContexts This allows plugins to create custom dbcontexts, which would be namespaced in the scheme with a prefix. Migrations are supported too and the table would be prefixed too
2020-11-17 13:46:23 +01:00
using BTCPayServer.Abstractions.Constants;
Refactoring: Allow GreenfieldExtensions to be used by plugins
2022-02-24 09:00:44 +01:00
using BTCPayServer.Abstractions.Extensions;
Run dotnet format
2020-06-28 17:55:27 +09:00
using BTCPayServer.Client;
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
using BTCPayServer.Client.Models;
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
using BTCPayServer.Configuration;
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
using BTCPayServer.Data;
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
using BTCPayServer.Events;
Run dotnet format (#3244)
2021-12-31 16:59:02 +09:00
using BTCPayServer.Logging;
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
using BTCPayServer.Security;
Rename GreenField -> Greenfield
2022-01-14 13:05:23 +09:00
using BTCPayServer.Security.Greenfield;
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
using BTCPayServer.Services;
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
using Microsoft.AspNetCore.Authorization;
Enable CORS and fix small doc error
2020-06-30 08:26:19 +02:00
using Microsoft.AspNetCore.Cors;
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
using NicolasDorier.RateLimits;
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
Rename GreenField -> Greenfield
2022-01-14 13:05:23 +09:00
namespace BTCPayServer.Controllers.Greenfield
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
{
[ApiController]
Consolidate auth into one
2020-03-23 14:23:23 +01:00
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
Enable CORS and fix small doc error
2020-06-30 08:26:19 +02:00
[EnableCors(CorsPolicies.All)]
Rename greenfield controllers
2022-01-07 12:17:59 +09:00
public class GreenfieldUsersController : ControllerBase
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
{
Allow resolution of any settings via DI
2022-05-24 13:18:16 +09:00
public PoliciesSettings PoliciesSettings { get; }
Remove Logs static singletons
2021-11-22 17:16:08 +09:00
public Logs Logs { get; }
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
private readonly UserManager<ApplicationUser> _userManager;
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
private readonly RoleManager<IdentityRole> _roleManager;
private readonly SettingsRepository _settingsRepository;
private readonly EventAggregator _eventAggregator;
Properly validate create user input
2020-03-18 20:51:50 +09:00
private readonly IPasswordValidator<ApplicationUser> _passwordValidator;
Add spam rate limits for public invoice endpoints (Fix #3782) (#3889)
2022-06-21 12:33:20 +09:00
private readonly IRateLimitService _throttleService;
Make sure the create user is respecting the disable-registration settings
2020-03-19 13:30:53 +09:00
private readonly BTCPayServerOptions _options;
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
private readonly IAuthorizationService _authorizationService;
Add user service
2021-03-14 12:24:32 -07:00
private readonly UserService _userService;
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
Rename greenfield controllers
2022-01-07 12:17:59 +09:00
public GreenfieldUsersController(UserManager<ApplicationUser> userManager,
Run dotnet format (#3244)
2021-12-31 16:59:02 +09:00
RoleManager<IdentityRole> roleManager,
GreenField: Notifications API (#2055) * GreenField: Notifications API This refactors notifications so that we dont have a bunch of duplicated direct access to db contexts in controllers and then introduces new endpoints to fetch/toggle seen/remove notifications of the current user. * add tests + docs * fix test * pr changes * fix permission json
2020-12-11 15:11:08 +01:00
SettingsRepository settingsRepository,
Allow resolution of any settings via DI
2022-05-24 13:18:16 +09:00
PoliciesSettings policiesSettings,
Properly validate create user input
2020-03-18 20:51:50 +09:00
EventAggregator eventAggregator,
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
IPasswordValidator<ApplicationUser> passwordValidator,
Add spam rate limits for public invoice endpoints (Fix #3782) (#3889)
2022-06-21 12:33:20 +09:00
IRateLimitService throttleService,
add basic auth for greenfield
2020-03-20 14:05:23 +01:00
BTCPayServerOptions options,
Introduce Spam protection fixes #1958 Adds 2 new options: * Do not allow stores to use the email settings of the server. Instead, they would need to fill in the email settings in their own store * Do not allow user creation through the API unless you are an admin. Both are opt-in and turned off by default.
2020-12-04 08:08:05 +01:00
IAuthorizationService authorizationService,
Remove Logs static singletons
2021-11-22 17:16:08 +09:00
UserService userService,
Logs logs)
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
{
Remove Logs static singletons
2021-11-22 17:16:08 +09:00
this.Logs = logs;
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
_userManager = userManager;
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
_roleManager = roleManager;
_settingsRepository = settingsRepository;
Allow resolution of any settings via DI
2022-05-24 13:18:16 +09:00
PoliciesSettings = policiesSettings;
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
_eventAggregator = eventAggregator;
Properly validate create user input
2020-03-18 20:51:50 +09:00
_passwordValidator = passwordValidator;
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
_throttleService = throttleService;
Make sure the create user is respecting the disable-registration settings
2020-03-19 13:30:53 +09:00
_options = options;
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
_authorizationService = authorizationService;
Add user service
2021-03-14 12:24:32 -07:00
_userService = userService;
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
}
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
New API endpoint: Find 1 user by ID or by email, or list all users. (#3176) Co-authored-by: Kukks <evilkukka@gmail.com>
2022-02-15 16:19:52 +01:00
[Authorize(Policy = Policies.CanViewUsers, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
[HttpGet("~/api/v1/users/{idOrEmail}")]
public async Task<IActionResult> GetUser(string idOrEmail)
{
var user = (await _userManager.FindByIdAsync(idOrEmail) ) ?? await _userManager.FindByEmailAsync(idOrEmail);
if (user != null)
{
return Ok(await FromModel(user));
}
return UserNotFound();
}
Allow Users to be disabled/enabled (#3639) * Allow Users to be disabled/enabled * rebrand to locked for api * Update BTCPayServer/Views/UIAccount/Lockout.cshtml Co-authored-by: d11n <mail@dennisreimann.de> * fix docker compose and an uneeded check in api handler * fix * Add enabled user test Co-authored-by: d11n <mail@dennisreimann.de> Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
2022-04-26 14:27:35 +02:00
[Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
[HttpPost("~/api/v1/users/{idOrEmail}/lock")]
public async Task<IActionResult> LockUser(string idOrEmail, LockUserRequest request )
{
var user = (await _userManager.FindByIdAsync(idOrEmail) ) ?? await _userManager.FindByEmailAsync(idOrEmail);
if (user is null)
{
return UserNotFound();
}
New API endpoint: Find 1 user by ID or by email, or list all users. (#3176) Co-authored-by: Kukks <evilkukka@gmail.com>
2022-02-15 16:19:52 +01:00
Allow Users to be disabled/enabled (#3639) * Allow Users to be disabled/enabled * rebrand to locked for api * Update BTCPayServer/Views/UIAccount/Lockout.cshtml Co-authored-by: d11n <mail@dennisreimann.de> * fix docker compose and an uneeded check in api handler * fix * Add enabled user test Co-authored-by: d11n <mail@dennisreimann.de> Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
2022-04-26 14:27:35 +02:00
await _userService.ToggleUser(user.Id, request.Locked ? DateTimeOffset.MaxValue : null);
return Ok();
}
New API endpoint: Find 1 user by ID or by email, or list all users. (#3176) Co-authored-by: Kukks <evilkukka@gmail.com>
2022-02-15 16:19:52 +01:00
[Authorize(Policy = Policies.CanViewUsers, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
[HttpGet("~/api/v1/users/")]
public async Task<ActionResult<ApplicationUserData[]>> GetUsers()
{
return Ok(await _userService.GetUsersWithRoles());
}
Consolidate auth into one
2020-03-23 14:23:23 +01:00
[Authorize(Policy = Policies.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
[HttpGet("~/api/v1/users/me")]
public async Task<ActionResult<ApplicationUserData>> GetCurrentUser()
{
var user = await _userManager.GetUserAsync(User);
Users API: Add roles (#1914) * API: Fix create user response model * API: Add roles to user data
2020-09-16 14:17:33 +02:00
return await FromModel(user);
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
}
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
Add "/api/v1/users/me" endpoint
2021-04-07 20:40:57 -07:00
[Authorize(Policy = Policies.CanDeleteUser, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
[HttpDelete("~/api/v1/users/me")]
Specify correct return type on delete user methods
2021-04-10 22:27:17 -07:00
public async Task<IActionResult> DeleteCurrentUser()
Add "/api/v1/users/me" endpoint
2021-04-07 20:40:57 -07:00
{
Improve tests and small refactoring
2021-06-04 12:20:45 +02:00
return await DeleteUser(_userManager.GetUserId(User));
Add "/api/v1/users/me" endpoint
2021-04-07 20:40:57 -07:00
}
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
[AllowAnonymous]
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
[HttpPost("~/api/v1/users")]
GreenField: Handle status codes, error models consistently
2020-06-03 11:58:49 +02:00
public async Task<IActionResult> CreateUser(CreateApplicationUserRequest request, CancellationToken cancellationToken = default)
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
{
Enable nullable reference checking in UsersController
2021-04-06 18:00:07 -07:00
if (request.Email is null)
GreenField: Handle status codes, error models consistently
2020-06-03 11:58:49 +02:00
ModelState.AddModelError(nameof(request.Email), "Email is missing");
Improve email settings validation and UX (#3891)
2022-06-23 13:41:52 +09:00
if (!string.IsNullOrEmpty(request.Email) && !MailboxAddressValidator.IsMailboxAddress(request.Email))
Properly validate create user input
2020-03-18 20:51:50 +09:00
{
GreenField: Handle status codes, error models consistently
2020-06-03 11:58:49 +02:00
ModelState.AddModelError(nameof(request.Email), "Invalid email");
Properly validate create user input
2020-03-18 20:51:50 +09:00
}
Enable nullable reference checking in UsersController
2021-04-06 18:00:07 -07:00
if (request.Password is null)
GreenField: Handle status codes, error models consistently
2020-06-03 11:58:49 +02:00
ModelState.AddModelError(nameof(request.Password), "Password is missing");
if (!ModelState.IsValid)
{
Fix lightning implementation, docs and tests
2020-06-08 23:40:58 +09:00
return this.CreateValidationError(ModelState);
GreenField: Handle status codes, error models consistently
2020-06-03 11:58:49 +02:00
}
Fix warnings
2021-12-27 13:46:31 +09:00
if (User.Identity is null)
throw new JsonHttpException(this.StatusCode(401));
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
var anyAdmin = (await _userManager.GetUsersInRoleAsync(Roles.ServerAdmin)).Any();
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
var policies = await _settingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
Rename GreenField -> Greenfield
2022-01-14 13:05:23 +09:00
var isAuth = User.Identity.AuthenticationType == GreenfieldConstants.AuthenticationType;
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
// If registration are locked and that an admin exists, don't accept unauthenticated connection
if (anyAdmin && policies.LockSubscription && !isAuth)
Mention the missing API permission in the response of a Greenfield request (#3195) * Mention the missing API permission in the response header or body * Fixes + Added a unit test. 1 TODO remains. * Added MissingPermissionDescription to the error * Update BTCPayServer.Tests/GreenfieldAPITests.cs Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com> * Fix tests * [GreenField]: Make sure we are sending fully typed errors Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
2021-12-16 15:04:06 +01:00
return this.CreateAPIError(401, "unauthenticated", "New user creation isn't authorized to users who are not admin");
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
// Even if subscription are unlocked, it is forbidden to create admin unauthenticated
if (anyAdmin && request.IsAdministrator is true && !isAuth)
Mention the missing API permission in the response of a Greenfield request (#3195) * Mention the missing API permission in the response header or body * Fixes + Added a unit test. 1 TODO remains. * Added MissingPermissionDescription to the error * Update BTCPayServer.Tests/GreenfieldAPITests.cs Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com> * Fix tests * [GreenField]: Make sure we are sending fully typed errors Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
2021-12-16 15:04:06 +01:00
return this.CreateAPIError(401, "unauthenticated", "New admin creation isn't authorized to users who are not admin");
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
// You are de-facto admin if there is no other admin, else you need to be auth and pass policy requirements
Fix build
2020-03-20 18:38:21 +09:00
bool isAdmin = anyAdmin ? (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanModifyServerSettings))).Succeeded
&& (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.Unrestricted))).Succeeded
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
&& isAuth
: true;
// You need to be admin to create an admin
if (request.IsAdministrator is true && !isAdmin)
Mention the missing API permission in the response of a Greenfield request (#3195) * Mention the missing API permission in the response header or body * Fixes + Added a unit test. 1 TODO remains. * Added MissingPermissionDescription to the error * Update BTCPayServer.Tests/GreenfieldAPITests.cs Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com> * Fix tests * [GreenField]: Make sure we are sending fully typed errors Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
2021-12-16 15:04:06 +01:00
return this.CreateAPIPermissionError(Policies.Unrestricted, $"Insufficient API Permissions. Please use an API key with permission: {Policies.Unrestricted} and be an admin.");
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
Allow resolution of any settings via DI
2022-05-24 13:18:16 +09:00
if (!isAdmin && (policies.LockSubscription || PoliciesSettings.DisableNonAdminCreateUserApi))
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
{
Reverting changes to UsersController because of CanCreateUsersViaAPI test
2020-03-18 18:55:45 -05:00
// If we are not admin and subscriptions are locked, we need to check the Policies.CanCreateUser.Key permission
Fix build
2020-03-20 13:44:02 +09:00
var canCreateUser = (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser))).Succeeded;
Adding new check for expected behavior in UsersControllerTests
2020-03-18 19:01:27 -05:00
if (!isAuth || !canCreateUser)
Mention the missing API permission in the response of a Greenfield request (#3195) * Mention the missing API permission in the response header or body * Fixes + Added a unit test. 1 TODO remains. * Added MissingPermissionDescription to the error * Update BTCPayServer.Tests/GreenfieldAPITests.cs Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com> * Fix tests * [GreenField]: Make sure we are sending fully typed errors Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
2021-12-16 15:04:06 +01:00
return this.CreateAPIPermissionError(Policies.CanCreateUser);
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
}
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
var user = new ApplicationUser
{
UserName = request.Email,
Email = request.Email,
Add Created date to user, add verified column in list and make user list use same model as modern lists
2020-10-03 14:12:55 +02:00
RequiresEmailConfirmation = policies.RequiresConfirmedEmail,
Created = DateTimeOffset.UtcNow,
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
};
Properly validate create user input
2020-03-18 20:51:50 +09:00
var passwordValidation = await this._passwordValidator.ValidateAsync(_userManager, user, request.Password);
if (!passwordValidation.Succeeded)
{
foreach (var error in passwordValidation.Errors)
{
ModelState.AddModelError(nameof(request.Password), error.Description);
}
Fix lightning implementation, docs and tests
2020-06-08 23:40:58 +09:00
return this.CreateValidationError(ModelState);
Properly validate create user input
2020-03-18 20:51:50 +09:00
}
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
if (!isAdmin)
{
if (!await _throttleService.Throttle(ZoneLimits.Register, this.HttpContext.Connection.RemoteIpAddress, cancellationToken))
return new TooManyRequestsResult(ZoneLimits.Register);
}
Properly validate create user input
2020-03-18 20:51:50 +09:00
var identityResult = await _userManager.CreateAsync(user, request.Password);
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
if (!identityResult.Succeeded)
{
Properly validate create user input
2020-03-18 20:51:50 +09:00
foreach (var error in identityResult.Errors)
{
Fix lightning implementation, docs and tests
2020-06-08 23:40:58 +09:00
if (error.Code == "DuplicateUserName")
ModelState.AddModelError(nameof(request.Email), error.Description);
else
ModelState.AddModelError(string.Empty, error.Description);
Properly validate create user input
2020-03-18 20:51:50 +09:00
}
Fix lightning implementation, docs and tests
2020-06-08 23:40:58 +09:00
return this.CreateValidationError(ModelState);
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
}
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
if (request.IsAdministrator is true)
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
{
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
if (!anyAdmin)
{
await _roleManager.CreateAsync(new IdentityRole(Roles.ServerAdmin));
}
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
await _userManager.AddToRoleAsync(user, Roles.ServerAdmin);
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
if (!anyAdmin)
{
API: Fix behaviour after first admin signup (#2150) Without updating the `FirstRun` setting it is not possible to login after signing up via the API. Otherwise the `HomeController.Index` action always redirects to the Registration page.
2020-12-17 12:27:01 +01:00
var settings = await _settingsRepository.GetSettingAsync<ThemeSettings>();
Run dotnet format (#3244)
2021-12-31 16:59:02 +09:00
if (settings != null)
{
Enable nullable reference checking in UsersController
2021-04-06 18:00:07 -07:00
settings.FirstRun = false;
await _settingsRepository.UpdateSetting(settings);
}
API: Fix behaviour after first admin signup (#2150) Without updating the `FirstRun` setting it is not possible to login after signing up via the API. Otherwise the `HomeController.Index` action always redirects to the Registration page.
2020-12-17 12:27:01 +01:00
Remove Logs static singletons
2021-11-22 17:16:08 +09:00
await _settingsRepository.FirstAdminRegistered(policies, _options.UpdateUrl != null, _options.DisableRegistration, Logs);
Can create user without authentication if there is no admin
2020-03-18 23:10:15 +09:00
}
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
}
Run dotnet format
2020-06-28 17:55:27 +09:00
_eventAggregator.Publish(new UserRegisteredEvent() { RequestUri = Request.GetAbsoluteRootUri(), User = user, Admin = request.IsAdministrator is true });
Users API: Add roles (#1914) * API: Fix create user response model * API: Add roles to user data
2020-09-16 14:17:33 +02:00
var model = await FromModel(user);
return CreatedAtAction(string.Empty, model);
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one.
2020-03-13 11:47:22 +01:00
}
Add DELETE action for api/v1/users endpoint
2021-03-07 16:50:55 -08:00
[HttpDelete("~/api/v1/users/{userId}")]
Replace admin check with CanModifyServerSettings authorization policy
2021-04-10 19:33:37 -07:00
[Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
Specify correct return type on delete user methods
2021-04-10 22:27:17 -07:00
public async Task<IActionResult> DeleteUser(string userId)
Add DELETE action for api/v1/users endpoint
2021-03-07 16:50:55 -08:00
{
Remove unnecessary null check
2021-04-10 21:15:18 -07:00
var user = await _userManager.FindByIdAsync(userId);
Add DELETE action for api/v1/users endpoint
2021-03-07 16:50:55 -08:00
if (user == null)
{
Use UserNotFound instead of NotFound
2021-05-16 17:48:25 -07:00
return UserNotFound();
Add DELETE action for api/v1/users endpoint
2021-03-07 16:50:55 -08:00
}
// We can safely delete the user if it's not an admin user
Add IsAdminUser method to UserService
2021-04-06 18:19:31 -07:00
if (!(await _userService.IsAdminUser(user)))
Add DELETE action for api/v1/users endpoint
2021-03-07 16:50:55 -08:00
{
Add user service
2021-03-14 12:24:32 -07:00
await _userService.DeleteUserAndAssociatedData(user);
Add DELETE action for api/v1/users endpoint
2021-03-07 16:50:55 -08:00
return Ok();
}
// User shouldn't be deleted if it's the only admin
Allow Users to be disabled/enabled (#3639) * Allow Users to be disabled/enabled * rebrand to locked for api * Update BTCPayServer/Views/UIAccount/Lockout.cshtml Co-authored-by: d11n <mail@dennisreimann.de> * fix docker compose and an uneeded check in api handler * fix * Add enabled user test Co-authored-by: d11n <mail@dennisreimann.de> Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
2022-04-26 14:27:35 +02:00
if (await _userService.IsUserTheOnlyOneAdmin(user))
Add DELETE action for api/v1/users endpoint
2021-03-07 16:50:55 -08:00
{
return Forbid(AuthenticationSchemes.GreenfieldBasic);
}
// Ok, this user is an admin but there are other admins as well so safe to delete
Add user service
2021-03-14 12:24:32 -07:00
await _userService.DeleteUserAndAssociatedData(user);
Add DELETE action for api/v1/users endpoint
2021-03-07 16:50:55 -08:00
return Ok();
}
Users API: Add roles (#1914) * API: Fix create user response model * API: Add roles to user data
2020-09-16 14:17:33 +02:00
private async Task<ApplicationUserData> FromModel(ApplicationUser data)
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
{
Users API: Add roles (#1914) * API: Fix create user response model * API: Add roles to user data
2020-09-16 14:17:33 +02:00
var roles = (await _userManager.GetRolesAsync(data)).ToArray();
New API endpoint: Find 1 user by ID or by email, or list all users. (#3176) Co-authored-by: Kukks <evilkukka@gmail.com>
2022-02-15 16:19:52 +01:00
return UserService.FromModel(data, roles);
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
}
Add "/api/v1/users/me" endpoint
2021-04-07 20:40:57 -07:00
Allow Users to be disabled/enabled (#3639) * Allow Users to be disabled/enabled * rebrand to locked for api * Update BTCPayServer/Views/UIAccount/Lockout.cshtml Co-authored-by: d11n <mail@dennisreimann.de> * fix docker compose and an uneeded check in api handler * fix * Add enabled user test Co-authored-by: d11n <mail@dennisreimann.de> Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com>
2022-04-26 14:27:35 +02:00
Use UserNotFound instead of NotFound
2021-05-16 17:48:25 -07:00
private IActionResult UserNotFound()
{
return this.CreateAPIError(404, "user-not-found", "The user was not found");
}
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later)
2020-03-12 14:59:24 +01:00
}
}
Reference in a new issue Copy permalink