2015-12-08 22:57:38 -05:00
|
|
|
|
using System;
|
|
|
|
|
|
using System.Threading.Tasks;
|
2016-05-19 19:10:24 -04:00
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
2017-03-08 21:55:08 -05:00
|
|
|
|
using Bit.Core.Models.Api;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
using Bit.Core.Exceptions;
|
|
|
|
|
|
using Bit.Core.Services;
|
2016-05-19 19:10:24 -04:00
|
|
|
|
using Microsoft.AspNetCore.Identity;
|
2017-03-08 21:45:08 -05:00
|
|
|
|
using Bit.Core.Models.Table;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
using Bit.Core.Enums;
|
2015-12-26 23:09:53 -05:00
|
|
|
|
using System.Linq;
|
2017-03-02 21:51:03 -05:00
|
|
|
|
using Bit.Core.Repositories;
|
2017-07-06 14:55:58 -04:00
|
|
|
|
using Bit.Core.Utilities;
|
2017-07-28 12:09:12 -04:00
|
|
|
|
using Bit.Core;
|
2017-08-11 17:06:31 -04:00
|
|
|
|
using System.IO;
|
|
|
|
|
|
using Newtonsoft.Json;
|
|
|
|
|
|
using Bit.Core.Models.Business;
|
2017-08-14 12:08:57 -04:00
|
|
|
|
using Bit.Api.Utilities;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
|
|
|
|
|
|
namespace Bit.Api.Controllers
|
|
|
|
|
|
{
|
|
|
|
|
|
[Route("accounts")]
|
|
|
|
|
|
[Authorize("Application")]
|
|
|
|
|
|
public class AccountsController : Controller
|
|
|
|
|
|
{
|
|
|
|
|
|
private readonly IUserService _userService;
|
2015-12-26 23:09:53 -05:00
|
|
|
|
private readonly ICipherService _cipherService;
|
2017-03-06 20:51:13 -05:00
|
|
|
|
private readonly IOrganizationUserRepository _organizationUserRepository;
|
2017-08-11 22:55:25 -04:00
|
|
|
|
private readonly ILicensingService _licenseService;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
private readonly UserManager<User> _userManager;
|
2017-07-28 12:09:12 -04:00
|
|
|
|
private readonly GlobalSettings _globalSettings;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
|
|
|
|
|
|
public AccountsController(
|
|
|
|
|
|
IUserService userService,
|
2015-12-26 23:09:53 -05:00
|
|
|
|
ICipherService cipherService,
|
2017-03-06 20:51:13 -05:00
|
|
|
|
IOrganizationUserRepository organizationUserRepository,
|
2017-08-11 22:55:25 -04:00
|
|
|
|
ILicensingService licenseService,
|
2017-07-28 12:09:12 -04:00
|
|
|
|
UserManager<User> userManager,
|
|
|
|
|
|
GlobalSettings globalSettings)
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
|
|
|
|
|
_userService = userService;
|
2015-12-26 23:09:53 -05:00
|
|
|
|
_cipherService = cipherService;
|
2017-03-06 20:51:13 -05:00
|
|
|
|
_organizationUserRepository = organizationUserRepository;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
_userManager = userManager;
|
2017-08-11 22:55:25 -04:00
|
|
|
|
_licenseService = licenseService;
|
2017-07-28 12:09:12 -04:00
|
|
|
|
_globalSettings = globalSettings;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("register")]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public async Task PostRegister([FromBody]RegisterRequestModel model)
|
|
|
|
|
|
{
|
2016-02-20 23:25:44 -05:00
|
|
|
|
var result = await _userService.RegisterUserAsync(model.ToUser(), model.MasterPasswordHash);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-03-08 21:20:56 -05:00
|
|
|
|
foreach(var error in result.Errors.Where(e => e.Code != "DuplicateUserName"))
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("password-hint")]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public async Task PostPasswordHint([FromBody]PasswordHintRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
await _userService.SendMasterPasswordHintAsync(model.Email);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("email-token")]
|
|
|
|
|
|
public async Task PostEmailToken([FromBody]EmailTokenRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2017-06-02 13:17:46 -04:00
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-01-24 22:46:54 -05:00
|
|
|
|
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException("MasterPasswordHash", "Invalid password.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-01-24 22:46:54 -05:00
|
|
|
|
await _userService.InitiateEmailChangeAsync(user, model.NewEmail);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("email")]
|
2016-07-13 21:43:48 -04:00
|
|
|
|
[HttpPost("email")]
|
2017-05-03 10:12:13 -04:00
|
|
|
|
public async Task PutEmail([FromBody]EmailRequestModel model)
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2017-06-02 13:17:46 -04:00
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-05-31 09:54:32 -04:00
|
|
|
|
var result = await _userService.ChangeEmailAsync(user, model.MasterPasswordHash, model.NewEmail,
|
|
|
|
|
|
model.NewMasterPasswordHash, model.Token, model.Key);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
2017-07-05 15:35:46 -04:00
|
|
|
|
|
2017-07-01 23:20:19 -04:00
|
|
|
|
[HttpPost("verify-email")]
|
|
|
|
|
|
public async Task PostVerifyEmail()
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _userService.SendEmailVerificationAsync(user);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("verify-email-token")]
|
|
|
|
|
|
[AllowAnonymous]
|
2017-07-05 15:35:46 -04:00
|
|
|
|
public async Task PostVerifyEmailToken([FromBody]VerifyEmailRequestModel model)
|
2017-07-01 23:20:19 -04:00
|
|
|
|
{
|
2017-07-05 15:35:46 -04:00
|
|
|
|
var user = await _userService.GetUserByIdAsync(new Guid(model.UserId));
|
2017-07-01 23:20:19 -04:00
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
2017-07-05 15:35:46 -04:00
|
|
|
|
var result = await _userService.ConfirmEmailAsync(user, model.Token);
|
|
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
2017-07-01 23:20:19 -04:00
|
|
|
|
}
|
2015-12-08 22:57:38 -05:00
|
|
|
|
|
|
|
|
|
|
[HttpPut("password")]
|
2016-07-13 21:43:48 -04:00
|
|
|
|
[HttpPost("password")]
|
2017-05-03 10:12:13 -04:00
|
|
|
|
public async Task PutPassword([FromBody]PasswordRequestModel model)
|
2017-05-31 09:54:32 -04:00
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2017-06-02 13:17:46 -04:00
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-05-31 09:54:32 -04:00
|
|
|
|
var result = await _userService.ChangePasswordAsync(user, model.MasterPasswordHash,
|
|
|
|
|
|
model.NewMasterPasswordHash, model.Key);
|
|
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("key")]
|
|
|
|
|
|
[HttpPost("key")]
|
|
|
|
|
|
public async Task PutKey([FromBody]UpdateKeyRequestModel model)
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2017-06-02 13:17:46 -04:00
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
2017-01-24 22:46:54 -05:00
|
|
|
|
|
2015-12-08 22:57:38 -05:00
|
|
|
|
// NOTE: It is assumed that the eventual repository call will make sure the updated
|
|
|
|
|
|
// ciphers belong to user making this call. Therefore, no check is done here.
|
|
|
|
|
|
|
2017-05-31 09:54:32 -04:00
|
|
|
|
var ciphers = model.Ciphers.Select(c => c.ToCipher(user.Id));
|
|
|
|
|
|
var folders = model.Folders.Select(c => c.ToFolder(user.Id));
|
2017-04-28 16:49:40 -04:00
|
|
|
|
|
2017-05-31 09:54:32 -04:00
|
|
|
|
var result = await _userService.UpdateKeyAsync(
|
2017-01-24 22:46:54 -05:00
|
|
|
|
user,
|
2015-12-08 22:57:38 -05:00
|
|
|
|
model.MasterPasswordHash,
|
2017-05-31 09:54:32 -04:00
|
|
|
|
model.Key,
|
|
|
|
|
|
model.PrivateKey,
|
2017-04-17 14:53:07 -04:00
|
|
|
|
ciphers,
|
2017-05-31 09:54:32 -04:00
|
|
|
|
folders);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
|
|
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("security-stamp")]
|
2016-07-13 21:43:48 -04:00
|
|
|
|
[HttpPost("security-stamp")]
|
2015-12-08 22:57:38 -05:00
|
|
|
|
public async Task PutSecurityStamp([FromBody]SecurityStampRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2017-06-02 13:17:46 -04:00
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var result = await _userService.RefreshSecurityStampAsync(user, model.MasterPasswordHash);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet("profile")]
|
2017-01-24 22:46:54 -05:00
|
|
|
|
public async Task<ProfileResponseModel> GetProfile()
|
2015-12-08 22:57:38 -05:00
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2017-06-02 13:17:46 -04:00
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-25 21:53:32 -04:00
|
|
|
|
var organizationUserDetails = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id,
|
|
|
|
|
|
OrganizationUserStatusType.Confirmed);
|
2017-03-06 20:51:13 -05:00
|
|
|
|
var response = new ProfileResponseModel(user, organizationUserDetails);
|
2017-01-11 21:46:36 -05:00
|
|
|
|
return response;
|
2015-12-08 22:57:38 -05:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-03-06 20:51:13 -05:00
|
|
|
|
[HttpGet("organizations")]
|
|
|
|
|
|
public async Task<ListResponseModel<ProfileOrganizationResponseModel>> GetOrganizations()
|
|
|
|
|
|
{
|
|
|
|
|
|
var userId = _userService.GetProperUserId(User);
|
2017-03-25 21:53:32 -04:00
|
|
|
|
var organizationUserDetails = await _organizationUserRepository.GetManyDetailsByUserAsync(userId.Value,
|
|
|
|
|
|
OrganizationUserStatusType.Confirmed);
|
2017-03-06 20:51:13 -05:00
|
|
|
|
var responseData = organizationUserDetails.Select(o => new ProfileOrganizationResponseModel(o));
|
|
|
|
|
|
return new ListResponseModel<ProfileOrganizationResponseModel>(responseData);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-12-08 22:57:38 -05:00
|
|
|
|
[HttpPut("profile")]
|
2016-07-13 21:43:48 -04:00
|
|
|
|
[HttpPost("profile")]
|
2015-12-08 22:57:38 -05:00
|
|
|
|
public async Task<ProfileResponseModel> PutProfile([FromBody]UpdateProfileRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2017-06-02 13:17:46 -04:00
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-01-24 22:46:54 -05:00
|
|
|
|
await _userService.SaveUserAsync(model.ToUser(user));
|
2017-03-02 21:51:03 -05:00
|
|
|
|
var response = new ProfileResponseModel(user, null);
|
2015-12-08 22:57:38 -05:00
|
|
|
|
return response;
|
2017-01-11 21:46:36 -05:00
|
|
|
|
}
|
2017-01-14 10:02:37 -05:00
|
|
|
|
|
|
|
|
|
|
[HttpGet("revision-date")]
|
2017-01-24 22:46:54 -05:00
|
|
|
|
public async Task<long?> GetAccountRevisionDate()
|
2017-01-14 10:02:37 -05:00
|
|
|
|
{
|
2017-01-28 02:15:07 -05:00
|
|
|
|
var userId = _userService.GetProperUserId(User);
|
|
|
|
|
|
long? revisionDate = null;
|
|
|
|
|
|
if(userId.HasValue)
|
|
|
|
|
|
{
|
|
|
|
|
|
var date = await _userService.GetAccountRevisionDateByIdAsync(userId.Value);
|
2017-07-14 09:05:15 -04:00
|
|
|
|
revisionDate = CoreHelpers.ToEpocMilliseconds(date);
|
2017-01-28 02:15:07 -05:00
|
|
|
|
}
|
2017-01-16 22:02:12 -05:00
|
|
|
|
|
2017-01-28 02:15:07 -05:00
|
|
|
|
return revisionDate;
|
2017-01-14 10:02:37 -05:00
|
|
|
|
}
|
2017-01-09 22:20:34 -05:00
|
|
|
|
|
2017-02-11 23:00:55 -05:00
|
|
|
|
[HttpPut("keys")]
|
|
|
|
|
|
[HttpPost("keys")]
|
|
|
|
|
|
public async Task<KeysResponseModel> PutKeys([FromBody]KeysRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2017-06-02 13:17:46 -04:00
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-02-11 23:00:55 -05:00
|
|
|
|
await _userService.SaveUserAsync(model.ToUser(user));
|
|
|
|
|
|
return new KeysResponseModel(user);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet("keys")]
|
|
|
|
|
|
public async Task<KeysResponseModel> GetKeys()
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2017-06-02 13:17:46 -04:00
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-02-11 23:00:55 -05:00
|
|
|
|
return new KeysResponseModel(user);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-12-27 00:14:56 -05:00
|
|
|
|
[HttpPost("delete")]
|
|
|
|
|
|
public async Task PostDelete([FromBody]DeleteAccountRequestModel model)
|
|
|
|
|
|
{
|
2017-01-24 22:46:54 -05:00
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
2017-06-02 13:17:46 -04:00
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-12-27 00:14:56 -05:00
|
|
|
|
if(!await _userManager.CheckPasswordAsync(user, model.MasterPasswordHash))
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError("MasterPasswordHash", "Invalid password.");
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
var result = await _userService.DeleteAsync(user);
|
|
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
2017-07-06 14:55:58 -04:00
|
|
|
|
|
2017-08-09 10:53:42 -04:00
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
[HttpPost("delete-recover")]
|
|
|
|
|
|
public async Task PostDeleteRecover([FromBody]DeleteRecoverRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
await _userService.SendDeleteConfirmationAsync(model.Email);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost("delete-recover-token")]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public async Task PostDeleteRecoverToken([FromBody]VerifyDeleteRecoverRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByIdAsync(new Guid(model.UserId));
|
|
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var result = await _userService.DeleteAsync(user, model.Token);
|
|
|
|
|
|
if(result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach(var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await Task.Delay(2000);
|
|
|
|
|
|
throw new BadRequestException(ModelState);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-07-06 14:55:58 -04:00
|
|
|
|
[HttpPost("premium")]
|
2017-08-11 17:06:31 -04:00
|
|
|
|
public async Task<ProfileResponseModel> PostPremium(PremiumRequestModel model)
|
2017-07-06 14:55:58 -04:00
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-11 17:06:31 -04:00
|
|
|
|
var valid = model.Validate(_globalSettings);
|
|
|
|
|
|
UserLicense license = null;
|
2017-08-11 22:55:25 -04:00
|
|
|
|
if(valid && _globalSettings.SelfHosted && model.License != null)
|
2017-08-11 17:06:31 -04:00
|
|
|
|
{
|
2017-08-11 23:08:41 -04:00
|
|
|
|
if(!HttpContext.Request.ContentLength.HasValue || HttpContext.Request.ContentLength.Value > 51200) // 50 KB
|
2017-08-11 17:06:31 -04:00
|
|
|
|
{
|
2017-08-11 23:08:41 -04:00
|
|
|
|
valid = false;
|
2017-08-11 17:06:31 -04:00
|
|
|
|
}
|
2017-08-11 23:08:41 -04:00
|
|
|
|
else
|
2017-08-11 17:06:31 -04:00
|
|
|
|
{
|
2017-08-11 23:08:41 -04:00
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
using(var stream = model.License.OpenReadStream())
|
|
|
|
|
|
using(var reader = new StreamReader(stream))
|
|
|
|
|
|
{
|
|
|
|
|
|
var s = await reader.ReadToEndAsync();
|
|
|
|
|
|
if(string.IsNullOrWhiteSpace(s))
|
|
|
|
|
|
{
|
|
|
|
|
|
valid = false;
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
license = JsonConvert.DeserializeObject<UserLicense>(s);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch
|
|
|
|
|
|
{
|
|
|
|
|
|
valid = false;
|
|
|
|
|
|
}
|
2017-08-11 17:06:31 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-11 23:08:41 -04:00
|
|
|
|
if(!valid || (_globalSettings.SelfHosted && license == null))
|
2017-08-11 17:06:31 -04:00
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Invalid license.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _userService.SignUpPremiumAsync(user, model.PaymentToken,
|
|
|
|
|
|
model.AdditionalStorageGb.GetValueOrDefault(0), license);
|
2017-07-06 14:55:58 -04:00
|
|
|
|
return new ProfileResponseModel(user, null);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet("billing")]
|
|
|
|
|
|
public async Task<BillingResponseModel> GetBilling()
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-11 23:23:50 -04:00
|
|
|
|
if(!_globalSettings.SelfHosted && user.Gateway != null)
|
2017-07-06 14:55:58 -04:00
|
|
|
|
{
|
2017-08-11 23:23:50 -04:00
|
|
|
|
var paymentService = user.GetPaymentService(_globalSettings);
|
|
|
|
|
|
var billingInfo = await paymentService.GetBillingAsync(user);
|
|
|
|
|
|
return new BillingResponseModel(user, billingInfo, _licenseService);
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
return new BillingResponseModel(user);
|
2017-07-06 14:55:58 -04:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("payment")]
|
|
|
|
|
|
[HttpPost("payment")]
|
2017-08-14 12:08:57 -04:00
|
|
|
|
[SelfHosted(NotSelfHostedOnly = true)]
|
2017-07-06 14:55:58 -04:00
|
|
|
|
public async Task PutPayment([FromBody]PaymentRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _userService.ReplacePaymentMethodAsync(user, model.PaymentToken);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("storage")]
|
|
|
|
|
|
[HttpPost("storage")]
|
2017-08-14 12:08:57 -04:00
|
|
|
|
[SelfHosted(NotSelfHostedOnly = true)]
|
2017-07-06 14:55:58 -04:00
|
|
|
|
public async Task PutStorage([FromBody]StorageRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-07-11 10:59:59 -04:00
|
|
|
|
await _userService.AdjustStorageAsync(user, model.StorageGbAdjustment.Value);
|
2017-07-06 14:55:58 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-08-14 12:08:57 -04:00
|
|
|
|
[HttpPut("license")]
|
|
|
|
|
|
[HttpPost("license")]
|
|
|
|
|
|
[SelfHosted(SelfHostedOnly = true)]
|
|
|
|
|
|
public async Task PutLicense(UpdateLicenseRequestModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
UserLicense license = null;
|
|
|
|
|
|
if(HttpContext.Request.ContentLength.HasValue && HttpContext.Request.ContentLength.Value <= 51200) // 50 KB
|
|
|
|
|
|
{
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
using(var stream = model.License.OpenReadStream())
|
|
|
|
|
|
using(var reader = new StreamReader(stream))
|
|
|
|
|
|
{
|
|
|
|
|
|
var s = await reader.ReadToEndAsync();
|
|
|
|
|
|
if(!string.IsNullOrWhiteSpace(s))
|
|
|
|
|
|
{
|
|
|
|
|
|
license = JsonConvert.DeserializeObject<UserLicense>(s);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch { }
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if(license == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new BadRequestException("Invalid license");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _userService.UpdateLicenseAsync(user, license);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-07-06 14:55:58 -04:00
|
|
|
|
[HttpPut("cancel-premium")]
|
|
|
|
|
|
[HttpPost("cancel-premium")]
|
2017-08-14 12:08:57 -04:00
|
|
|
|
[SelfHosted(NotSelfHostedOnly = true)]
|
2017-07-06 14:55:58 -04:00
|
|
|
|
public async Task PutCancel()
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _userService.CancelPremiumAsync(user, true);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPut("reinstate-premium")]
|
|
|
|
|
|
[HttpPost("reinstate-premium")]
|
2017-08-14 12:08:57 -04:00
|
|
|
|
[SelfHosted(NotSelfHostedOnly = true)]
|
2017-07-06 14:55:58 -04:00
|
|
|
|
public async Task PutReinstate()
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = await _userService.GetUserByPrincipalAsync(User);
|
|
|
|
|
|
if(user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new UnauthorizedAccessException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await _userService.ReinstatePremiumAsync(user);
|
|
|
|
|
|
}
|
2015-12-08 22:57:38 -05:00
|
|
|
|
}
|
|
|
|
|
|
}
|
