btcpayserver/BTCPayServer/UserManagerExtensions.cs
d11n f3d485da53
Invitation process improvements (#6188)
* Server: Make sending email optional when adding user

Closes #6158.

* Generate custom invite token and store it in user blob

Closes btcpayserver/app/#46.

* QR code for user invite

Closes #6157.

* Text fix
2024-09-12 12:31:57 +09:00

57 lines
2.4 KiB
C#

#nullable enable
using System;
using System.Threading.Tasks;
using BTCPayServer.Data;
using BTCPayServer.Security;
using Microsoft.AspNetCore.Identity;
namespace BTCPayServer
{
public static class UserManagerExtensions
{
private const string InvitationPurpose = "invitation";
public static async Task<TUser?> FindByIdOrEmail<TUser>(this UserManager<TUser> userManager, string? idOrEmail) where TUser : class
{
if (string.IsNullOrEmpty(idOrEmail))
return null;
if (idOrEmail.Contains('@'))
return await userManager.FindByEmailAsync(idOrEmail);
return await userManager.FindByIdAsync(idOrEmail);
}
public static async Task<string?> GenerateInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId) where TUser : class
{
var token = Guid.NewGuid().ToString("n")[..12];
return await userManager.SetInvitationTokenAsync<TUser>(userId, token) ? token : null;
}
public static async Task<bool> UnsetInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId) where TUser : class
{
return await userManager.SetInvitationTokenAsync<TUser>(userId, null);
}
private static async Task<bool> SetInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId, string? token) where TUser : class
{
var user = await userManager.FindByIdAsync(userId);
if (user == null) return false;
var blob = user.GetBlob() ?? new UserBlob();
blob.InvitationToken = token;
user.SetBlob(blob);
await userManager.UpdateAsync(user);
return true;
}
public static async Task<ApplicationUser?> FindByInvitationTokenAsync<TUser>(this UserManager<ApplicationUser> userManager, string userId, string token) where TUser : class
{
var user = await userManager.FindByIdAsync(userId);
var isValid = user is not null && (
user.GetBlob()?.InvitationToken == token ||
// backwards-compatibility with old tokens
await userManager.VerifyUserTokenAsync(user, InvitationTokenProviderOptions.ProviderName, InvitationPurpose, token));
return isValid ? user : null;
}
}
}