btcpayserver/BTCPayServer/UserManagerExtensions.cs

#nullable enable
using System;
using System.Threading.Tasks;
using BTCPayServer.Data;
using BTCPayServer.Security;
using Microsoft.AspNetCore.Identity;

namespace BTCPayServer
{
    public static class UserManagerExtensions
    {
        private const string InvitationPurpose = "invitation";

        public static async Task<TUser?> FindByIdOrEmail<TUser>(this UserManager<TUser> userManager, string? idOrEmail) where TUser : class
        {
            if (string.IsNullOrEmpty(idOrEmail))
                return null;
            if (idOrEmail.Contains('@'))
                return await userManager.FindByEmailAsync(idOrEmail);

            return await userManager.FindByIdAsync(idOrEmail);
        }

        public static async Task<string?> GenerateInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId) where TUser : class
        {
            var token = Guid.NewGuid().ToString("n")[..12];
            return await userManager.SetInvitationTokenAsync<TUser>(userId, token) ? token : null;
        }

        public static async Task<bool> UnsetInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId) where TUser : class
        {
            return await userManager.SetInvitationTokenAsync<TUser>(userId, null);
        }

        public static bool HasInvitationToken<TUser>(this UserManager<ApplicationUser> userManager, ApplicationUser user, string? token = null) where TUser : class
        {
            var blob = user.GetBlob() ?? new UserBlob();
            return token == null ? !string.IsNullOrEmpty(blob.InvitationToken) : blob.InvitationToken == token;
        }

        private static async Task<bool> SetInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId, string? token) where TUser : class
        {
            var user = await userManager.FindByIdAsync(userId);
            if (user == null) return false;
            var blob = user.GetBlob() ?? new UserBlob();
            blob.InvitationToken = token;
            user.SetBlob(blob);
            await userManager.UpdateAsync(user);
            return true;
        }

        public static async Task<ApplicationUser?> FindByInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId, string token) where TUser : class
        {
            var user = await userManager.FindByIdAsync(userId);
            var isValid = user is not null && (
                user.GetBlob()?.InvitationToken == token ||
                // backwards-compatibility with old tokens
                await userManager.VerifyUserTokenAsync(user, InvitationTokenProviderOptions.ProviderName, InvitationPurpose, token));
            return isValid ? user : null;
        }
    }
}
[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 13:24:27 +01:00			`#nullable enable`
Invitation process improvements (#6188) * Server: Make sending email optional when adding user Closes #6158. * Generate custom invite token and store it in user blob Closes btcpayserver/app/#46. * QR code for user invite Closes #6157. * Text fix 2024-09-12 05:31:57 +02:00			`using System;`
[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 13:24:27 +01:00			`using System.Threading.Tasks;`
Invitation process improvements (#6188) * Server: Make sending email optional when adding user Closes #6158. * Generate custom invite token and store it in user blob Closes btcpayserver/app/#46. * QR code for user invite Closes #6157. * Text fix 2024-09-12 05:31:57 +02:00			`using BTCPayServer.Data;`
Onboarding: Invite new users (#5714) * Server Users: More precise message when inviting users This lets the admin who invited a new user know whether or not an email has been sent. If the SMTP server hasn't been set up, they need to share the invite link with the user. * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` * Remove duplicate status message from views that use the wizard layout * Auto-approve users created by an admin * Notify admins via email if a new account requires approval * Update wording * Fix update user error * Fix redirect to email confirmation in invite action * Fix precondition checks after signup * Improve admin notification Send notification only if the user does not require email confirmation or when they confirmed their email address. Rationale: We want to inform admins only about qualified users and not annoy them with bot registrations. * Allow approval alongside resending confirm email * Use user email in log messages instead of ID * Prevent unnecessary notification after email confirmation * Use ApplicationUser type explicitly * Fix after rebase * Refactoring: Do not subclass UserRegisteredEvent 2024-02-28 12:43:18 +01:00			`using BTCPayServer.Security;`
[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 13:24:27 +01:00			`using Microsoft.AspNetCore.Identity;`

			`namespace BTCPayServer`
			`{`
			`public static class UserManagerExtensions`
			`{`
Onboarding: Invite new users (#5714) * Server Users: More precise message when inviting users This lets the admin who invited a new user know whether or not an email has been sent. If the SMTP server hasn't been set up, they need to share the invite link with the user. * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` * Remove duplicate status message from views that use the wizard layout * Auto-approve users created by an admin * Notify admins via email if a new account requires approval * Update wording * Fix update user error * Fix redirect to email confirmation in invite action * Fix precondition checks after signup * Improve admin notification Send notification only if the user does not require email confirmation or when they confirmed their email address. Rationale: We want to inform admins only about qualified users and not annoy them with bot registrations. * Allow approval alongside resending confirm email * Use user email in log messages instead of ID * Prevent unnecessary notification after email confirmation * Use ApplicationUser type explicitly * Fix after rebase * Refactoring: Do not subclass UserRegisteredEvent 2024-02-28 12:43:18 +01:00			`private const string InvitationPurpose = "invitation";`

			`public static async Task<TUser?> FindByIdOrEmail<TUser>(this UserManager<TUser> userManager, string? idOrEmail) where TUser : class`
[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 13:24:27 +01:00			`{`
			`if (string.IsNullOrEmpty(idOrEmail))`
			`return null;`
			`if (idOrEmail.Contains('@'))`
			`return await userManager.FindByEmailAsync(idOrEmail);`
Onboarding: Invite new users (#5714) * Server Users: More precise message when inviting users This lets the admin who invited a new user know whether or not an email has been sent. If the SMTP server hasn't been set up, they need to share the invite link with the user. * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` * Remove duplicate status message from views that use the wizard layout * Auto-approve users created by an admin * Notify admins via email if a new account requires approval * Update wording * Fix update user error * Fix redirect to email confirmation in invite action * Fix precondition checks after signup * Improve admin notification Send notification only if the user does not require email confirmation or when they confirmed their email address. Rationale: We want to inform admins only about qualified users and not annoy them with bot registrations. * Allow approval alongside resending confirm email * Use user email in log messages instead of ID * Prevent unnecessary notification after email confirmation * Use ApplicationUser type explicitly * Fix after rebase * Refactoring: Do not subclass UserRegisteredEvent 2024-02-28 12:43:18 +01:00
			`return await userManager.FindByIdAsync(idOrEmail);`
			`}`

Invitation process improvements (#6188) * Server: Make sending email optional when adding user Closes #6158. * Generate custom invite token and store it in user blob Closes btcpayserver/app/#46. * QR code for user invite Closes #6157. * Text fix 2024-09-12 05:31:57 +02:00			`public static async Task<string?> GenerateInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId) where TUser : class`
Onboarding: Invite new users (#5714) * Server Users: More precise message when inviting users This lets the admin who invited a new user know whether or not an email has been sent. If the SMTP server hasn't been set up, they need to share the invite link with the user. * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` * Remove duplicate status message from views that use the wizard layout * Auto-approve users created by an admin * Notify admins via email if a new account requires approval * Update wording * Fix update user error * Fix redirect to email confirmation in invite action * Fix precondition checks after signup * Improve admin notification Send notification only if the user does not require email confirmation or when they confirmed their email address. Rationale: We want to inform admins only about qualified users and not annoy them with bot registrations. * Allow approval alongside resending confirm email * Use user email in log messages instead of ID * Prevent unnecessary notification after email confirmation * Use ApplicationUser type explicitly * Fix after rebase * Refactoring: Do not subclass UserRegisteredEvent 2024-02-28 12:43:18 +01:00			`{`
Invitation process improvements (#6188) * Server: Make sending email optional when adding user Closes #6158. * Generate custom invite token and store it in user blob Closes btcpayserver/app/#46. * QR code for user invite Closes #6157. * Text fix 2024-09-12 05:31:57 +02:00			`var token = Guid.NewGuid().ToString("n")[..12];`
			`return await userManager.SetInvitationTokenAsync<TUser>(userId, token) ? token : null;`
Onboarding: Invite new users (#5714) * Server Users: More precise message when inviting users This lets the admin who invited a new user know whether or not an email has been sent. If the SMTP server hasn't been set up, they need to share the invite link with the user. * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` * Remove duplicate status message from views that use the wizard layout * Auto-approve users created by an admin * Notify admins via email if a new account requires approval * Update wording * Fix update user error * Fix redirect to email confirmation in invite action * Fix precondition checks after signup * Improve admin notification Send notification only if the user does not require email confirmation or when they confirmed their email address. Rationale: We want to inform admins only about qualified users and not annoy them with bot registrations. * Allow approval alongside resending confirm email * Use user email in log messages instead of ID * Prevent unnecessary notification after email confirmation * Use ApplicationUser type explicitly * Fix after rebase * Refactoring: Do not subclass UserRegisteredEvent 2024-02-28 12:43:18 +01:00			`}`

Invitation process improvements (#6188) * Server: Make sending email optional when adding user Closes #6158. * Generate custom invite token and store it in user blob Closes btcpayserver/app/#46. * QR code for user invite Closes #6157. * Text fix 2024-09-12 05:31:57 +02:00			`public static async Task<bool> UnsetInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId) where TUser : class`
			`{`
			`return await userManager.SetInvitationTokenAsync<TUser>(userId, null);`
			`}`

UI: Additional improvements to the User Invitation flow (#6233) * UI: Additional improvements to the User Invitation flow Closes #6224. * Clear invitation token only after the user can sign in Fixes "404 Error on Follow-Up Visits" of #6236. * Minor spacing fix * Update accordion button 2024-10-03 14:35:01 +02:00			`public static bool HasInvitationToken<TUser>(this UserManager<ApplicationUser> userManager, ApplicationUser user, string? token = null) where TUser : class`
			`{`
			`var blob = user.GetBlob() ?? new UserBlob();`
			`return token == null ? !string.IsNullOrEmpty(blob.InvitationToken) : blob.InvitationToken == token;`
			`}`

Invitation process improvements (#6188) * Server: Make sending email optional when adding user Closes #6158. * Generate custom invite token and store it in user blob Closes btcpayserver/app/#46. * QR code for user invite Closes #6157. * Text fix 2024-09-12 05:31:57 +02:00			`private static async Task<bool> SetInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId, string? token) where TUser : class`
			`{`
			`var user = await userManager.FindByIdAsync(userId);`
			`if (user == null) return false;`
			`var blob = user.GetBlob() ?? new UserBlob();`
			`blob.InvitationToken = token;`
			`user.SetBlob(blob);`
			`await userManager.UpdateAsync(user);`
			`return true;`
			`}`

			`public static async Task<ApplicationUser?> FindByInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId, string token) where TUser : class`
Onboarding: Invite new users (#5714) * Server Users: More precise message when inviting users This lets the admin who invited a new user know whether or not an email has been sent. If the SMTP server hasn't been set up, they need to share the invite link with the user. * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` * Remove duplicate status message from views that use the wizard layout * Auto-approve users created by an admin * Notify admins via email if a new account requires approval * Update wording * Fix update user error * Fix redirect to email confirmation in invite action * Fix precondition checks after signup * Improve admin notification Send notification only if the user does not require email confirmation or when they confirmed their email address. Rationale: We want to inform admins only about qualified users and not annoy them with bot registrations. * Allow approval alongside resending confirm email * Use user email in log messages instead of ID * Prevent unnecessary notification after email confirmation * Use ApplicationUser type explicitly * Fix after rebase * Refactoring: Do not subclass UserRegisteredEvent 2024-02-28 12:43:18 +01:00			`{`
			`var user = await userManager.FindByIdAsync(userId);`
Invitation process improvements (#6188) * Server: Make sending email optional when adding user Closes #6158. * Generate custom invite token and store it in user blob Closes btcpayserver/app/#46. * QR code for user invite Closes #6157. * Text fix 2024-09-12 05:31:57 +02:00			`var isValid = user is not null && (`
			`user.GetBlob()?.InvitationToken == token \|\|`
			`// backwards-compatibility with old tokens`
			`await userManager.VerifyUserTokenAsync(user, InvitationTokenProviderOptions.ProviderName, InvitationPurpose, token));`
Onboarding: Invite new users (#5714) * Server Users: More precise message when inviting users This lets the admin who invited a new user know whether or not an email has been sent. If the SMTP server hasn't been set up, they need to share the invite link with the user. * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` * Remove duplicate status message from views that use the wizard layout * Auto-approve users created by an admin * Notify admins via email if a new account requires approval * Update wording * Fix update user error * Fix redirect to email confirmation in invite action * Fix precondition checks after signup * Improve admin notification Send notification only if the user does not require email confirmation or when they confirmed their email address. Rationale: We want to inform admins only about qualified users and not annoy them with bot registrations. * Allow approval alongside resending confirm email * Use user email in log messages instead of ID * Prevent unnecessary notification after email confirmation * Use ApplicationUser type explicitly * Fix after rebase * Refactoring: Do not subclass UserRegisteredEvent 2024-02-28 12:43:18 +01:00			`return isValid ? user : null;`
[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 13:24:27 +01:00			`}`
			`}`
			`}`