Skip to content

Commit

Permalink
Require registerAccount flow to be unauthenticated
Browse files Browse the repository at this point in the history
  • Loading branch information
rmunn committed May 16, 2024
1 parent f5e31ca commit 634a3d5
Showing 1 changed file with 12 additions and 11 deletions.
23 changes: 12 additions & 11 deletions backend/LexBoxApi/Controllers/UserController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ LexAuthService lexAuthService
}

[HttpPost("registerAccount")]
[AllowAnonymous]
[AllowAnonymous] // Is there a RequireAnonymous attribute?
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesErrorResponseType(typeof(Dictionary<string, string[]>))]
[ProducesDefaultResponseType]
Expand All @@ -57,6 +57,13 @@ public async Task<ActionResult<LexAuthUser>> RegisterAccount(RegisterAccountInpu
return ValidationProblem(ModelState);
}

var jwtUser = _loggedInContext.MaybeUser;
if (jwtUser is not null)
{
// TODO: Figure out how to register this error (AddModelError<RegisterAccountInput> isn't correct, obviously)
ModelState.AddModelError<RegisterAccountInput>(r => r.Email, "must not access register flow while logged in");
}

var hasExistingUser = await _lexBoxDbContext.Users.FilterByEmailOrUsername(accountInput.Email).AnyAsync();
registerActivity?.AddTag("app.email_available", !hasExistingUser);
if (hasExistingUser)
Expand All @@ -65,22 +72,16 @@ public async Task<ActionResult<LexAuthUser>> RegisterAccount(RegisterAccountInpu
return ValidationProblem(ModelState);
}

var jwtUser = _loggedInContext.MaybeUser;
var emailVerified = jwtUser?.Email == accountInput.Email;
var createdByAdmin = jwtUser?.IsAdmin ?? false;
var userEntity = CreateUserEntity(accountInput, emailVerified, createdByAdmin ? jwtUser?.Id : null);
var userEntity = CreateUserEntity(accountInput, emailVerified: false);
registerActivity?.AddTag("app.user.id", userEntity.Id);
_lexBoxDbContext.Users.Add(userEntity);
await _lexBoxDbContext.SaveChangesAsync();

var user = new LexAuthUser(userEntity);
if (accountInput.AutoLogin)
{
await HttpContext.SignInAsync(user.GetPrincipal("Registration"),
new AuthenticationProperties { IsPersistent = true });
}
await HttpContext.SignInAsync(user.GetPrincipal("Registration"),
new AuthenticationProperties { IsPersistent = true });

if (!emailVerified) await _emailService.SendVerifyAddressEmail(userEntity);
await _emailService.SendVerifyAddressEmail(userEntity);
return Ok(user);
}

Expand Down

0 comments on commit 634a3d5

Please sign in to comment.