Register user, delete user, and email confirmation

Author: craigbartdev

.gitignore

@@ -6,6 +6,7 @@
 *.user
 *.userosscache
 *.sln.docstates
+AppSettings.config
 
 # User-specific files (MonoDevelop/Xamarin Studio)
 *.userprefs

personal_site_api/Controllers/AccountController.cs

@@ -0,0 +1,111 @@
+using Microsoft.AspNet.Identity;
+using personal_site_api.Infrastructure;
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using System.Web.Http;
+using static personal_site_api.Models.AccountBindingModels;
+
+namespace personal_site_api.Controllers
+{
+    [RoutePrefix("api/accounts")]
+    public class AccountsController : BaseApiController
+    {
+        [Route("users")]
+        public IHttpActionResult GetUsers()
+        {
+            return Ok(AppUserManager.Users.ToList().Select(u => TheModelFactory.Create(u)));
+        }
+
+        [Route("user/{id:guid}", Name = "GetUserById")]
+        public async Task<IHttpActionResult> GetUser(string Id)
+        {
+            var user = await AppUserManager.FindByIdAsync(Id);
+
+            if (user != null)
+                return Ok(TheModelFactory.Create(user));
+
+            return NotFound();
+        }
+
+        [Route("create")]
+        public async Task<IHttpActionResult> CreateUser(CreateUserBindingModel createUserModel)
+        {
+            if (!ModelState.IsValid)
+                return BadRequest(ModelState);
+
+            var user = new ApplicationUser()
+            {
+                UserName = createUserModel.Username,
+                Email = createUserModel.Email
+            };
+
+            IdentityResult addUserResult = await AppUserManager.CreateAsync(user, createUserModel.Password);
+
+            if (!addUserResult.Succeeded)
+                return GetErrorResult(addUserResult);
+
+            //email configuration
+            string code = await AppUserManager.GenerateEmailConfirmationTokenAsync(user.Id);
+            var callbackUrl = new Uri(Url.Link("ConfirmEmailRoute", new { userId = user.Id, code }));
+            await AppUserManager.SendEmailAsync(user.Id, "Confirm your account", "Please confirm your email by clicking <a href=\"" + callbackUrl + "\">here</a>");
+
+            Uri locationHeader = new Uri(Url.Link("GetUserById", new { id = user.Id }));
+
+            return Created(locationHeader, TheModelFactory.Create(user));
+        }
+
+        [HttpGet]
+        [Route("ConfirmEmail", Name = "ConfirmEmailRoute")]
+        public async Task<IHttpActionResult> ConfirmEmail(string userId = "", string code = "")
+        {
+            if (string.IsNullOrWhiteSpace(userId) || string.IsNullOrWhiteSpace(code))
+            {
+                ModelState.AddModelError("", "User Id and Code are required");
+                return BadRequest(ModelState);
+            }
+
+            IdentityResult result = await AppUserManager.ConfirmEmailAsync(userId, code);
+
+            if (result.Succeeded)
+                return Ok();
+            else
+                return GetErrorResult(result);
+        }
+
+        [Route("ChangePassword")]
+        public async Task<IHttpActionResult> ChangePassword(ChangePasswordBindingModel model)
+        {
+            if (!ModelState.IsValid)
+                return BadRequest(ModelState);
+
+            var userId = User.Identity.GetUserId();
+
+            IdentityResult result = await AppUserManager.ChangePasswordAsync(userId, model.OldPassword, model.NewPassword);
+
+            if (!result.Succeeded)
+                return GetErrorResult(result);
+
+            await AppUserManager.SendEmailAsync(userId, "Password Change", "Your password has been changed");
+
+            return Ok();
+        }
+
+        [HttpDelete]
+        [Route("user/{id:guid}")]
+        public async Task<IHttpActionResult> DeleteUser(string id)
+        {
+            var appUser = await AppUserManager.FindByIdAsync(id);
+
+            if (appUser == null)
+                return NotFound();
+
+            IdentityResult result = await AppUserManager.DeleteAsync(appUser);
+
+            if (!result.Succeeded)
+                return GetErrorResult(result);
+
+            return Ok();
+        }
+    }
+}

personal_site_api/Controllers/AccountsController.cs

@@ -1,4 +1,6 @@
 using Microsoft.AspNet.Identity;
+using Microsoft.AspNet.Identity.Owin;
+using personal_site_api.Infrastructure;
 using personal_site_api.Models;
 using System;
 using System.Collections.Generic;
@@ -9,17 +11,29 @@
 
 namespace personal_site_api.Controllers
 {
+    //extended by account controller
     public class BaseApiController : ApiController
     {
         private ModelFactory _modelFactory;
+        private ApplicationUserManager _AppUserManager = null;
+
+        protected ApplicationUserManager AppUserManager
+        {
+            get
+            {
+                return _AppUserManager ?? Request.GetOwinContext().GetUserManager<ApplicationUserManager>();
+            }
+        }
+
+        public BaseApiController() { }
 
         protected ModelFactory TheModelFactory
         {
             get
             {
                 if (_modelFactory == null)
                 {
-                    _modelFactory = new ModelFactory(Request);
+                    _modelFactory = new ModelFactory(Request, AppUserManager);
                 }
                 return _modelFactory;
             }

personal_site_api/Controllers/BaseApiController.cs

@@ -0,0 +1,17 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+
+namespace personal_site_api.Dtos
+{
+    //used in ModelFactory
+    public class UserDto
+    {
+        public string Url { get; set; }
+        public string Id { get; set; }
+        public string UserName { get; set; }
+        public string Email { get; set; }
+        public IList<string> Roles { get; set; }
+    }
+}

personal_site_api/Dtos/UserDto.cs

@@ -0,0 +1,58 @@
+using Microsoft.AspNet.Identity;
+using Microsoft.AspNet.Identity.EntityFramework;
+using Microsoft.AspNet.Identity.Owin;
+using Microsoft.Owin;
+using personal_site_api.Services;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+
+namespace personal_site_api.Infrastructure
+{
+    public class ApplicationUserManager : UserManager<ApplicationUser>
+    {
+        public ApplicationUserManager(IUserStore<ApplicationUser> store)
+            : base(store)
+        {
+        }
+
+        public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context)
+        {
+            var appDbContext = context.Get<ApplicationDbContext>();
+            var appUserManager = new ApplicationUserManager(new UserStore<ApplicationUser>(appDbContext));
+
+            //username validation
+            appUserManager.UserValidator = new UserValidator<ApplicationUser>(appUserManager) {
+                AllowOnlyAlphanumericUserNames = true,
+                RequireUniqueEmail = true
+            };
+
+            //password validation
+            appUserManager.PasswordValidator = new PasswordValidator
+            {
+                RequiredLength = 6,
+                RequireNonLetterOrDigit = false,
+                RequireDigit = true,
+                RequireLowercase = true,
+                RequireUppercase = true
+            };
+
+
+            //hook up email service in Services folder
+            appUserManager.EmailService = new EmailService();
+
+            var dataProtectionProvider = options.DataProtectionProvider;
+            if(dataProtectionProvider != null)
+            {
+                appUserManager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("ASP.NET Identity"))
+                {
+                    //code for email confirmation and reset password lifetime
+                    TokenLifespan = TimeSpan.FromHours(6)
+                };
+            }
+
+            return appUserManager;
+        }
+    }
+}

personal_site_api/Infrastructure/ApplicationUserManager.cs

@@ -0,0 +1,58 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Linq;
+using System.Web;
+
+namespace personal_site_api.Models
+{
+    public class AccountBindingModels
+    {
+        public class CreateUserBindingModel
+        {
+            [Required]
+            [EmailAddress]
+            [Display(Name = "Email")]
+            public string Email { get; set; }
+
+            [Required]
+            [Display(Name = "Username")]
+            public string Username { get; set; }
+
+            [Display(Name = "Role Name")]
+            public string RoleName { get; set; }
+
+            [Required]
+            [StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
+            [DataType(DataType.Password)]
+            [Display(Name = "Password")]
+            public string Password { get; set; }
+
+            [Required]
+            [DataType(DataType.Password)]
+            [Display(Name = "Confirm Password")]
+            [Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
+            public string ConfirmPassword { get; set; }
+        }
+
+        public class ChangePasswordBindingModel
+        {
+            [Required]
+            [DataType(DataType.Password)]
+            [Display(Name = "Current Password")]
+            public string OldPassword { get; set; }
+
+            [Required]
+            [StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
+            [DataType(DataType.Password)]
+            [Display(Name = "New Password")]
+            public string NewPassword { get; set; }
+
+            [Required]
+            [DataType(DataType.Password)]
+            [Display(Name = "Confirm Password")]
+            [Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
+            public string ConfirmPassword { get; set; }
+        }
+    }
+}

personal_site_api/Models/AccountBindingModels.cs

@@ -1,4 +1,6 @@
-using System;
+using personal_site_api.Dtos;
+using personal_site_api.Infrastructure;
+using System;
 using System.Collections.Generic;
 using System.Net.Http;
 using System.Web.Http.Routing;
@@ -8,10 +10,25 @@ namespace personal_site_api.Models
     public class ModelFactory
     {
         private UrlHelper _UrlHelper;
+        private ApplicationUserManager _AppUserManager;
 
-        public ModelFactory(HttpRequestMessage request)
+        //called in BaseApiController
+        public ModelFactory(HttpRequestMessage request, ApplicationUserManager appUserManager)
         {
             _UrlHelper = new UrlHelper(request);
+            _AppUserManager = appUserManager;
+        }
+
+        public UserDto Create(ApplicationUser appUser)
+        {
+            return new UserDto
+            {
+                Url = _UrlHelper.Link("GetUserById", new { id = appUser.Id }),
+                Id = appUser.Id,
+                UserName = appUser.UserName,
+                Email = appUser.Email,
+                Roles = _AppUserManager.GetRolesAsync(appUser.Id).Result
+            };
         }
     }
 }

personal_site_api/Models/ModelFactory.cs

@@ -0,0 +1,45 @@
+using Microsoft.AspNet.Identity;
+using SendGrid;
+using System;
+using System.Collections.Generic;
+using System.Configuration;
+using System.Linq;
+using System.Net;
+using System.Threading.Tasks;
+using System.Web;
+
+namespace personal_site_api.Services
+{
+    public class EmailService : IIdentityMessageService
+    {
+        public async Task SendAsync(IdentityMessage message) {
+            await configSendGridAsync(message);
+        }
+        
+        public async Task configSendGridAsync(IdentityMessage message)
+        {
+            var myMessage = new SendGridMessage();
+
+            myMessage.AddTo(message.Destination);
+            myMessage.From = new System.Net.Mail.MailAddress("craigbartjr@gmail.com", "Craig Bartholomew");
+            myMessage.Subject = message.Subject;
+            myMessage.Text = message.Body;
+            myMessage.Html = message.Body;
+
+            var credentials = new NetworkCredential(ConfigurationManager.AppSettings["emailService:Username"],
+                                                    ConfigurationManager.AppSettings["emailService:Password"]);
+
+            var transportWeb = new Web(credentials);
+
+            if (transportWeb != null)
+            {
+                //send email
+                await transportWeb.DeliverAsync(myMessage);
+            } else
+            {
+                //errors
+                await Task.FromResult(0);
+            }
+        }
+    }
+}