Disable Authentication & Login Page Rework (#619)

* Implemented the ability to disable authentication on a server instance. Admins will require authentication, but non-admin accounts can be setup without any password requirements. * WIP for new login page. * Reworked code to handle disabled auth better. First time user flow is moved into the user login component. * Removed debug code * Removed home component, shakeout testing is complete. * remove a file accidently committed * Fixed a code smell from last PR * Code smells
2021-10-02 09:23:58 -07:00 · 2021-10-02 09:23:58 -07:00 · a5b6bf1b52
commit a5b6bf1b52
parent 83d76982f4
36 changed files with 376 additions and 174 deletions
--- a/API/Services/AccountService.cs
+++ b/API/Services/AccountService.cs
@ -0,0 +1,53 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using API.Entities;
+using API.Errors;
+using API.Interfaces.Services;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Logging;
+
+namespace API.Services
+{
+    public class AccountService : IAccountService
+    {
+        private readonly UserManager<AppUser> _userManager;
+        private readonly ILogger<AccountService> _logger;
+        public const string DefaultPassword = "[k.2@RZ!mxCQkJzE";
+
+        public AccountService(UserManager<AppUser> userManager, ILogger<AccountService> logger)
+        {
+            _userManager = userManager;
+            _logger = logger;
+        }
+
+        public async Task<IEnumerable<ApiException>> ChangeUserPassword(AppUser user, string newPassword)
+        {
+            foreach (var validator in _userManager.PasswordValidators)
+            {
+                var validationResult = await validator.ValidateAsync(_userManager, user, newPassword);
+                if (!validationResult.Succeeded)
+                {
+                    return validationResult.Errors.Select(e => new ApiException(400, e.Code, e.Description));
+                }
+            }
+
+            var result = await _userManager.RemovePasswordAsync(user);
+            if (!result.Succeeded)
+            {
+                _logger.LogError("Could not update password");
+                return result.Errors.Select(e => new ApiException(400, e.Code, e.Description));
+            }
+
+
+            result = await _userManager.AddPasswordAsync(user, newPassword);
+            if (!result.Succeeded)
+            {
+                _logger.LogError("Could not update password");
+                return result.Errors.Select(e => new ApiException(400, e.Code, e.Description));
+            }
+
+            return new List<ApiException>();
+        }
+    }
+}