using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using System.Web; using API.Constants; using API.Data; using API.DTOs.Account; using API.Entities; using API.Errors; using Kavita.Common; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Identity; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; namespace API.Services; #nullable enable public interface IAccountService { Task> ChangeUserPassword(AppUser user, string newPassword); Task> ValidatePassword(AppUser user, string password); Task> ValidateUsername(string username); Task> ValidateEmail(string email); Task HasBookmarkPermission(AppUser? user); Task HasDownloadPermission(AppUser? user); Task CanChangeAgeRestriction(AppUser? user); } public class AccountService : IAccountService { private readonly UserManager _userManager; private readonly ILogger _logger; private readonly IUnitOfWork _unitOfWork; public const string DefaultPassword = "[k.2@RZ!mxCQkJzE"; public AccountService(UserManager userManager, ILogger logger, IUnitOfWork unitOfWork) { _userManager = userManager; _logger = logger; _unitOfWork = unitOfWork; } public async Task> ChangeUserPassword(AppUser user, string newPassword) { var passwordValidationIssues = (await ValidatePassword(user, newPassword)).ToList(); if (passwordValidationIssues.Count != 0) return passwordValidationIssues; var result = await _userManager.RemovePasswordAsync(user); if (!result.Succeeded) { _logger.LogError("Could not update password"); return result.Errors.Select(e => new ApiException(400, e.Code, e.Description)); } result = await _userManager.AddPasswordAsync(user, newPassword); if (result.Succeeded) return []; _logger.LogError("Could not update password"); return result.Errors.Select(e => new ApiException(400, e.Code, e.Description)); } public async Task> ValidatePassword(AppUser user, string password) { foreach (var validator in _userManager.PasswordValidators) { var validationResult = await validator.ValidateAsync(_userManager, user, password); if (!validationResult.Succeeded) { return validationResult.Errors.Select(e => new ApiException(400, e.Code, e.Description)); } } return Array.Empty(); } public async Task> ValidateUsername(string username) { if (await _userManager.Users.AnyAsync(x => x.NormalizedUserName != null && x.NormalizedUserName.Equals(username, StringComparison.CurrentCultureIgnoreCase))) { return [ new(400, "Username is already taken") ]; } return []; } public async Task> ValidateEmail(string email) { var user = await _unitOfWork.UserRepository.GetUserByEmailAsync(email); if (user == null) return []; return [ new ApiException(400, "Email is already registered") ]; } ///

/// Does the user have the Bookmark permission or admin rights ///

/// /// public async Task HasBookmarkPermission(AppUser? user) { if (user == null) return false; var roles = await _userManager.GetRolesAsync(user); return roles.Contains(PolicyConstants.BookmarkRole) || roles.Contains(PolicyConstants.AdminRole); } ///

/// Does the user have the Download permission or admin rights ///

/// /// public async Task HasDownloadPermission(AppUser? user) { if (user == null) return false; var roles = await _userManager.GetRolesAsync(user); return roles.Contains(PolicyConstants.DownloadRole) || roles.Contains(PolicyConstants.AdminRole); } ///

/// Does the user have Change Restriction permission or admin rights and not Read Only ///

/// /// public async Task CanChangeAgeRestriction(AppUser? user) { if (user == null) return false; var roles = await _userManager.GetRolesAsync(user); if (roles.Contains(PolicyConstants.ReadOnlyRole)) return false; return roles.Contains(PolicyConstants.ChangePasswordRole) || roles.Contains(PolicyConstants.AdminRole); } }