// Copyright (c) .NET Foundation. All rights reserved. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Security.Claims; using System.Text; using System.Threading; using System.Threading.Tasks; using Microsoft.AspNet.Http; using Microsoft.Framework.DependencyInjection; using Microsoft.Framework.Logging; using Microsoft.Framework.OptionsModel; namespace Microsoft.AspNet.Identity { ///

/// Provides the APIs for managing user in a persistence store. ///

/// The type encapsulating a user. public class UserManager : IDisposable where TUser : class { protected const string ResetPasswordTokenPurpose = "ResetPassword"; protected const string ConfirmEmailTokenPurpose = "EmailConfirmation"; private readonly Dictionary> _tokenProviders = new Dictionary>(); private TimeSpan _defaultLockout = TimeSpan.Zero; private bool _disposed; private readonly HttpContext _context; private CancellationToken CancellationToken => _context?.RequestAborted ?? CancellationToken.None; ///

/// Constructs a new instance of . ///

/// The persistence store the manager will operate over. /// The accessor used to access the . /// The password hashing implementation to use when saving passwords. /// A collection of to validate users against. /// A collection of to validate passwords against. /// The to use when generating index keys for users. /// The used to provider error messages. /// /// The logger used to log messages, warnings and errors. /// The accessor used to access the . public UserManager(IUserStore store, IOptions optionsAccessor, IPasswordHasher passwordHasher, IEnumerable> userValidators, IEnumerable> passwordValidators, ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider services, ILogger> logger, IHttpContextAccessor contextAccessor) { if (store == null) { throw new ArgumentNullException(nameof(store)); } Store = store; Options = optionsAccessor?.Value ?? new IdentityOptions(); _context = contextAccessor?.HttpContext; PasswordHasher = passwordHasher; KeyNormalizer = keyNormalizer; ErrorDescriber = errors; Logger = logger; if (userValidators != null) { foreach (var v in userValidators) { UserValidators.Add(v); } } if (passwordValidators != null) { foreach (var v in passwordValidators) { PasswordValidators.Add(v); } } if (services != null) { foreach (var providerName in Options.Tokens.ProviderMap.Keys) { var provider = services.GetRequiredService(Options.Tokens.ProviderMap[providerName].ProviderType) as IUserTokenProvider; if (provider != null) { RegisterTokenProvider(providerName, provider); } } } } ///

/// Gets or sets the persistence store the manager operates over. ///

/// The persistence store the manager operates over. protected internal IUserStore Store { get; set; } ///

/// Gets the used to log messages from the manager. ///

/// /// The used to log messages from the manager. /// protected internal virtual ILogger Logger { get; set; } internal IPasswordHasher PasswordHasher { get; set; } internal IList> UserValidators { get; } = new List>(); internal IList> PasswordValidators { get; } = new List>(); internal ILookupNormalizer KeyNormalizer { get; set; } internal IdentityErrorDescriber ErrorDescriber { get; set; } internal IdentityOptions Options { get; set; } ///

/// Gets a flag indicating whether the backing user store supports two factor authentication. ///

/// /// true if the backing user store supports user two factor authentication, otherwise false. /// public virtual bool SupportsUserTwoFactor { get { ThrowIfDisposed(); return Store is IUserTwoFactorStore; } } ///

/// Gets a flag indicating whether the backing user store supports user passwords. ///

/// /// true if the backing user store supports user passwords, otherwise false. /// public virtual bool SupportsUserPassword { get { ThrowIfDisposed(); return Store is IUserPasswordStore; } } ///

/// Gets a flag indicating whether the backing user store supports security stamps. ///

/// /// true if the backing user store supports user security stamps, otherwise false. /// public virtual bool SupportsUserSecurityStamp { get { ThrowIfDisposed(); return Store is IUserSecurityStampStore; } } ///

/// Gets a flag indicating whether the backing user store supports user roles. ///

/// /// true if the backing user store supports user roles, otherwise false. /// public virtual bool SupportsUserRole { get { ThrowIfDisposed(); return Store is IUserRoleStore; } } ///

/// Gets a flag indicating whether the backing user store supports external logins. ///

/// /// true if the backing user store supports external logins, otherwise false. /// public virtual bool SupportsUserLogin { get { ThrowIfDisposed(); return Store is IUserLoginStore; } } ///

/// Gets a flag indicating whether the backing user store supports user emails. ///

/// /// true if the backing user store supports user emails, otherwise false. /// public virtual bool SupportsUserEmail { get { ThrowIfDisposed(); return Store is IUserEmailStore; } } ///

/// Gets a flag indicating whether the backing user store supports user telephone numbers. ///

/// /// true if the backing user store supports user telephone numbers, otherwise false. /// public virtual bool SupportsUserPhoneNumber { get { ThrowIfDisposed(); return Store is IUserPhoneNumberStore; } } ///

/// Gets a flag indicating whether the backing user store supports user claims. ///

/// /// true if the backing user store supports user claims, otherwise false. /// public virtual bool SupportsUserClaim { get { ThrowIfDisposed(); return Store is IUserClaimStore; } } ///

/// Gets a flag indicating whether the backing user store supports user lock-outs. ///

/// /// true if the backing user store supports user lock-outs, otherwise false. /// public virtual bool SupportsUserLockout { get { ThrowIfDisposed(); return Store is IUserLockoutStore; } } ///

/// Gets a flag indicating whether the backing user store supports returning /// collections of information. ///

/// /// true if the backing user store supports returning collections of /// information, otherwise false. /// public virtual bool SupportsQueryableUsers { get { ThrowIfDisposed(); return Store is IQueryableUserStore; } } ///

/// Returns an IQueryable of users if the store is an IQueryableUserStore ///

public virtual IQueryable Users { get { var queryableStore = Store as IQueryableUserStore; if (queryableStore == null) { throw new NotSupportedException(Resources.StoreNotIQueryableUserStore); } return queryableStore.Users; } } ///

/// Releases all resources used by the user manager. ///

public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } ///

/// Generates a value suitable for use in concurrency tracking, as an asynchronous operation. ///

/// The user to generate the stamp for. /// /// The that represents the asynchronous operation, containing the security /// stamp for the specified . /// public virtual Task GenerateConcurrencyStampAsync(TUser user) { return Task.FromResult(Guid.NewGuid().ToString()); } ///

/// Creates the specified in the backing store with no password, /// as an asynchronous operation. ///

/// The user to create. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task CreateAsync(TUser user) { ThrowIfDisposed(); await UpdateSecurityStampInternal(user); var result = await ValidateUserInternal(user); if (!result.Succeeded) { return result; } if (Options.Lockout.AllowedForNewUsers && SupportsUserLockout) { await GetUserLockoutStore().SetLockoutEnabledAsync(user, true, CancellationToken); } await UpdateNormalizedUserNameAsync(user); await UpdateNormalizedEmailAsync(user); return await Store.CreateAsync(user, CancellationToken); } ///

/// Updates the specified in the backing store, as an asynchronous operation. ///

/// The user to update. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual Task UpdateAsync(TUser user) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } return UpdateUserAsync(user); } ///

/// Deletes the specified from the backing store, as an asynchronous operation. ///

/// The user to delete. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual Task DeleteAsync(TUser user) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } return Store.DeleteAsync(user, CancellationToken); } ///

/// Finds and returns a user, if any, who has the specified . ///

/// The user ID to search for. /// The used to propagate notifications that the operation should be canceled. /// /// The that represents the asynchronous operation, containing the user matching the specified if it exists. /// public virtual Task FindByIdAsync(string userId) { ThrowIfDisposed(); return Store.FindByIdAsync(userId, CancellationToken); } ///

/// Finds and returns a user, if any, who has the specified normalized user name. ///

/// The normalized user name to search for. /// The used to propagate notifications that the operation should be canceled. /// /// The that represents the asynchronous operation, containing the user matching the specified if it exists. /// public virtual Task FindByNameAsync(string userName) { ThrowIfDisposed(); if (userName == null) { throw new ArgumentNullException("userName"); } userName = NormalizeKey(userName); return Store.FindByNameAsync(userName, CancellationToken); } ///

/// Creates the specified in the backing store with given password, /// as an asynchronous operation. ///

/// The user to create. /// The password for the user to hash and store. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task CreateAsync(TUser user, string password) { ThrowIfDisposed(); var passwordStore = GetPasswordStore(); if (user == null) { throw new ArgumentNullException("user"); } if (password == null) { throw new ArgumentNullException("password"); } var result = await UpdatePasswordHash(passwordStore, user, password); if (!result.Succeeded) { return result; } return await CreateAsync(user); } ///

/// Normalize a key (user name, email) for consistent comparisons. ///

/// The key to normalize. /// A normalized value representing the specified . public virtual string NormalizeKey(string key) { return (KeyNormalizer == null) ? key : KeyNormalizer.Normalize(key); } ///

/// Updates the normalized user name for the specified , as an asynchronous operation. ///

/// The user whose user name should be normalized and updated. /// The that represents the asynchronous operation. public virtual async Task UpdateNormalizedUserNameAsync(TUser user) { var normalizedName = NormalizeKey(await GetUserNameAsync(user)); await Store.SetNormalizedUserNameAsync(user, normalizedName, CancellationToken); } ///

/// Gets the user name for the specified , as an asynchronous operation. ///

/// The user whose name should be retrieved. /// The that represents the asynchronous operation, containing the name for the specified . public virtual async Task GetUserNameAsync(TUser user) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } return await Store.GetUserNameAsync(user, CancellationToken); } ///

/// Sets the given for the specified , as an asynchronous operation. ///

/// The user whose name should be set. /// The user name to set. /// The that represents the asynchronous operation. public virtual async Task SetUserNameAsync(TUser user, string userName) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } await Store.SetUserNameAsync(user, userName, CancellationToken); await UpdateSecurityStampInternal(user); return await UpdateUserAsync(user); } ///

/// Gets the user identifier for the specified , as an asynchronous operation. ///

/// The user whose identifier should be retrieved. /// The that represents the asynchronous operation, containing the identifier for the specified . public virtual async Task GetUserIdAsync(TUser user) { ThrowIfDisposed(); return await Store.GetUserIdAsync(user, CancellationToken); } ///

/// Returns a flag indicating whether the given is valid for the /// specified , as an asynchronous operation. ///

/// The user whose password should be validated. /// The password to validate /// The that represents the asynchronous operation, containing true if /// the specified matches the one store for the , /// otherwise false. public virtual async Task CheckPasswordAsync(TUser user, string password) { ThrowIfDisposed(); var passwordStore = GetPasswordStore(); if (user == null) { return false; } var result = await VerifyPasswordAsync(passwordStore, user, password); if (result == PasswordVerificationResult.SuccessRehashNeeded) { await UpdatePasswordHash(passwordStore, user, password, validatePassword: false); await UpdateUserAsync(user); } var success = result != PasswordVerificationResult.Failed; if (!success) { Logger.LogWarning("Invalid password for user {userId}.", await GetUserIdAsync(user)); } return success; } ///

/// Gets a flag indicating whether the specified has a password, as an asynchronous operation. ///

/// The user to return a flag for, indicating whether they have a password or not. /// /// The that represents the asynchronous operation, returning true if the specified has a password /// otherwise false. /// public virtual Task HasPasswordAsync(TUser user) { ThrowIfDisposed(); var passwordStore = GetPasswordStore(); if (user == null) { throw new ArgumentNullException("user"); } return passwordStore.HasPasswordAsync(user, CancellationToken); } ///

/// Adds the to the specified only if the user /// does not already have a password, as an asynchronous operation. ///

/// The user whose password should be set. /// The password to set. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task AddPasswordAsync(TUser user, string password) { ThrowIfDisposed(); var passwordStore = GetPasswordStore(); if (user == null) { throw new ArgumentNullException("user"); } var hash = await passwordStore.GetPasswordHashAsync(user, CancellationToken); if (hash != null) { Logger.LogWarning("User {userId} already has a password.", await GetUserIdAsync(user)); return IdentityResult.Failed(ErrorDescriber.UserAlreadyHasPassword()); } var result = await UpdatePasswordHash(passwordStore, user, password); if (!result.Succeeded) { return result; } return await UpdateUserAsync(user); } ///

/// Changes a user's password after confirming the specified is correct, /// as an asynchronous operation. ///

/// The user whose password should be set. /// The current password to validate before changing. /// The new password to set for the specified . /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task ChangePasswordAsync(TUser user, string currentPassword, string newPassword) { ThrowIfDisposed(); var passwordStore = GetPasswordStore(); if (user == null) { throw new ArgumentNullException("user"); } if (await VerifyPasswordAsync(passwordStore, user, currentPassword) != PasswordVerificationResult.Failed) { var result = await UpdatePasswordHash(passwordStore, user, newPassword); if (!result.Succeeded) { return result; } return await UpdateUserAsync(user); } Logger.LogWarning("Change password failed for user {userId}.", await GetUserIdAsync(user)); return IdentityResult.Failed(ErrorDescriber.PasswordMismatch()); } ///

/// Removes a user's password, as an asynchronous operation. ///

/// The user whose password should be removed. /// The used to propagate notifications that the operation should be canceled. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task RemovePasswordAsync(TUser user, CancellationToken cancellationToken = default(CancellationToken)) { ThrowIfDisposed(); var passwordStore = GetPasswordStore(); if (user == null) { throw new ArgumentNullException("user"); } await UpdatePasswordHash(passwordStore, user, null, validatePassword: false); return await UpdateUserAsync(user); } ///

/// Returns a indicating the result of a password hash comparison. ///

/// The store containing a user's password. /// The user whose password should be verified. /// The password to verify. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// protected virtual async Task VerifyPasswordAsync(IUserPasswordStore store, TUser user, string password) { var hash = await store.GetPasswordHashAsync(user, CancellationToken); if (hash == null) { return PasswordVerificationResult.Failed; } return PasswordHasher.VerifyHashedPassword(user, hash, password); } ///

/// Get the security stamp for the specified , as an asynchronous operation. ///

/// The user whose security stamp should be set. /// The that represents the asynchronous operation, containing the security stamp for the specified . public virtual async Task GetSecurityStampAsync(TUser user) { ThrowIfDisposed(); var securityStore = GetSecurityStore(); if (user == null) { throw new ArgumentNullException("user"); } return await securityStore.GetSecurityStampAsync(user, CancellationToken); } ///

/// Regenerates the security stamp for the specified , as an asynchronous operation. ///

/// The user whose security stamp should be regenerated. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// /// /// Regenerating a security stamp will sign out any saved login for the user. /// public virtual async Task UpdateSecurityStampAsync(TUser user) { ThrowIfDisposed(); GetSecurityStore(); if (user == null) { throw new ArgumentNullException("user"); } await UpdateSecurityStampInternal(user); return await UpdateUserAsync(user); } ///

/// Generates a password reset token for the specified , using /// the configured password reset token provider, as an asynchronous operation. ///

/// The user to generate a password reset token for. /// The that represents the asynchronous operation, /// containing a password reset token for the specified . public virtual Task GeneratePasswordResetTokenAsync(TUser user) { ThrowIfDisposed(); return GenerateUserTokenAsync(user, Options.Tokens.PasswordResetTokenProvider, ResetPasswordTokenPurpose); } ///

/// Resets the 's password to the specified after /// validating the given password reset , as an asynchronous operation. ///

/// The user whose password should be reset. /// The password reset token to verify. /// The new password to set if reset token verification fails. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task ResetPasswordAsync(TUser user, string token, string newPassword) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } // Make sure the token is valid and the stamp matches if (!await VerifyUserTokenAsync(user, Options.Tokens.PasswordResetTokenProvider, ResetPasswordTokenPurpose, token)) { return IdentityResult.Failed(ErrorDescriber.InvalidToken()); } var passwordStore = GetPasswordStore(); var result = await UpdatePasswordHash(passwordStore, user, newPassword); if (!result.Succeeded) { return result; } return await UpdateUserAsync(user); } ///

/// Retrieves the user associated with the specified external login provider and login provider key, as an asynchronous operation.. ///

/// The login provider who provided the . /// The key provided by the to identify a user. /// /// The for the asynchronous operation, containing the user, if any which matched the specified login provider and key. /// public virtual Task FindByLoginAsync(string loginProvider, string providerKey) { ThrowIfDisposed(); var loginStore = GetLoginStore(); if (loginProvider == null) { throw new ArgumentNullException("loginProvider"); } if (providerKey == null) { throw new ArgumentNullException("providerKey"); } return loginStore.FindByLoginAsync(loginProvider, providerKey, CancellationToken); } ///

/// Attempts to remove the provided external login information from the specified , as an asynchronous operation. /// and returns a flag indicating whether the removal succeed or not. ///

/// The user to remove the login information from. /// The login provide whose information should be removed. /// The key given by the external login provider for the specified user. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task RemoveLoginAsync(TUser user, string loginProvider, string providerKey) { ThrowIfDisposed(); var loginStore = GetLoginStore(); if (loginProvider == null) { throw new ArgumentNullException("loginProvider"); } if (providerKey == null) { throw new ArgumentNullException("providerKey"); } if (user == null) { throw new ArgumentNullException("user"); } await loginStore.RemoveLoginAsync(user, loginProvider, providerKey, CancellationToken); await UpdateSecurityStampInternal(user); return await UpdateUserAsync(user); } ///

/// Adds an external to the specified , as an asynchronous operation. ///

/// The user to add the login to. /// The external to add to the specified . /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task AddLoginAsync(TUser user, UserLoginInfo login) { ThrowIfDisposed(); var loginStore = GetLoginStore(); if (login == null) { throw new ArgumentNullException("login"); } if (user == null) { throw new ArgumentNullException("user"); } var existingUser = await FindByLoginAsync(login.LoginProvider, login.ProviderKey); if (existingUser != null) { Logger.LogWarning("AddLogin for user {userId} failed because it was already assocated with another user.", await GetUserIdAsync(user)); return IdentityResult.Failed(ErrorDescriber.LoginAlreadyAssociated()); } await loginStore.AddLoginAsync(user, login, CancellationToken); return await UpdateUserAsync(user); } ///

/// Retrieves the associated logins for the specified , as an asynchronous operation. ///

/// The user whose associated logins to retrieve. /// /// The for the asynchronous operation, containing a list of for the specified , if any. /// public virtual async Task> GetLoginsAsync(TUser user) { ThrowIfDisposed(); var loginStore = GetLoginStore(); if (user == null) { throw new ArgumentNullException("user"); } return await loginStore.GetLoginsAsync(user, CancellationToken); } ///

/// Adds the specified to the , as an asynchronous operation. ///

/// The user to add the claim to. /// The claim to add. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual Task AddClaimAsync(TUser user, Claim claim) { ThrowIfDisposed(); var claimStore = GetClaimStore(); if (claim == null) { throw new ArgumentNullException("claim"); } if (user == null) { throw new ArgumentNullException("user"); } return AddClaimsAsync(user, new Claim[] { claim }); } ///

/// Adds the specified to the , as an asynchronous operation. ///

/// The user to add the claim to. /// The claims to add. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task AddClaimsAsync(TUser user, IEnumerable claims) { ThrowIfDisposed(); var claimStore = GetClaimStore(); if (claims == null) { throw new ArgumentNullException("claims"); } if (user == null) { throw new ArgumentNullException("user"); } await claimStore.AddClaimsAsync(user, claims, CancellationToken); return await UpdateUserAsync(user); } ///

/// Replaces the given on the specified with the ///

/// The user to replace the claim on. /// The claim to replace. /// The new claim to replace the existing with. /// The used to propagate notifications that the operation should be canceled. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task ReplaceClaimAsync(TUser user, Claim claim, Claim newClaim) { ThrowIfDisposed(); var claimStore = GetClaimStore(); if (claim == null) { throw new ArgumentNullException("claim"); } if (newClaim == null) { throw new ArgumentNullException("newClaim"); } if (user == null) { throw new ArgumentNullException("user"); } await claimStore.ReplaceClaimAsync(user, claim, newClaim, CancellationToken); return await UpdateUserAsync(user); } ///

/// Removes the specified from the given . ///

/// The user to remove the specified from. /// The to remove. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual Task RemoveClaimAsync(TUser user, Claim claim) { ThrowIfDisposed(); var claimStore = GetClaimStore(); if (user == null) { throw new ArgumentNullException("user"); } if (claim == null) { throw new ArgumentNullException("claim"); } return RemoveClaimsAsync(user, new Claim[] { claim }); } ///

/// Removes the specified from the given . ///

/// The user to remove the specified from. /// A collection of s to remove. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task RemoveClaimsAsync(TUser user, IEnumerable claims) { ThrowIfDisposed(); var claimStore = GetClaimStore(); if (user == null) { throw new ArgumentNullException("user"); } if (claims == null) { throw new ArgumentNullException("claims"); } await claimStore.RemoveClaimsAsync(user, claims, CancellationToken); return await UpdateUserAsync(user); } ///

/// Gets a list of s to be belonging to the specified as an asynchronous operation. ///

/// The role whose claims to retrieve. /// /// A that represents the result of the asynchronous query, a list of s. /// public virtual async Task> GetClaimsAsync(TUser user) { ThrowIfDisposed(); var claimStore = GetClaimStore(); if (user == null) { throw new ArgumentNullException("user"); } return await claimStore.GetClaimsAsync(user, CancellationToken); } ///

/// Add the specified to the named role, as an asynchronous operation. ///

/// The user to add to the named role. /// The name of the role to add the user to. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task AddToRoleAsync(TUser user, string role) { ThrowIfDisposed(); var userRoleStore = GetUserRoleStore(); if (user == null) { throw new ArgumentNullException("user"); } var userRoles = await userRoleStore.GetRolesAsync(user, CancellationToken); if (userRoles.Contains(role)) { return await UserAlreadyInRoleError(user, role); } await userRoleStore.AddToRoleAsync(user, role, CancellationToken); return await UpdateUserAsync(user); } ///

/// Add the specified to the named roles, as an asynchronous operation. ///

/// The user to add to the named roles. /// The name of the roles to add the user to. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task AddToRolesAsync(TUser user, IEnumerable roles) { ThrowIfDisposed(); var userRoleStore = GetUserRoleStore(); if (user == null) { throw new ArgumentNullException("user"); } if (roles == null) { throw new ArgumentNullException("roles"); } var userRoles = await userRoleStore.GetRolesAsync(user, CancellationToken); foreach (var role in roles) { if (userRoles.Contains(role)) { return await UserAlreadyInRoleError(user, role); } await userRoleStore.AddToRoleAsync(user, role, CancellationToken); } return await UpdateUserAsync(user); } ///

/// Removes the specified from the named role, as an asynchronous operation. ///

/// The user to remove from the named role. /// The name of the role to remove the user from. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task RemoveFromRoleAsync(TUser user, string role) { ThrowIfDisposed(); var userRoleStore = GetUserRoleStore(); if (user == null) { throw new ArgumentNullException("user"); } if (!await userRoleStore.IsInRoleAsync(user, role, CancellationToken)) { return await UserNotInRoleError(user, role); } await userRoleStore.RemoveFromRoleAsync(user, role, CancellationToken); return await UpdateUserAsync(user); } private async Task UserAlreadyInRoleError(TUser user, string role) { Logger.LogWarning("User {userId} is already in role {role}.", await GetUserIdAsync(user), role); return IdentityResult.Failed(ErrorDescriber.UserAlreadyInRole(role)); } private async Task UserNotInRoleError(TUser user, string role) { Logger.LogWarning("User {userId} is not in role {role}.", await GetUserIdAsync(user), role); return IdentityResult.Failed(ErrorDescriber.UserNotInRole(role)); } ///

/// Removes the specified from the named roles, as an asynchronous operation. ///

/// The user to remove from the named roles. /// The name of the roles to remove the user from. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task RemoveFromRolesAsync(TUser user, IEnumerable roles) { ThrowIfDisposed(); var userRoleStore = GetUserRoleStore(); if (user == null) { throw new ArgumentNullException("user"); } if (roles == null) { throw new ArgumentNullException("roles"); } foreach (var role in roles) { if (!await userRoleStore.IsInRoleAsync(user, role, CancellationToken)) { return await UserNotInRoleError(user, role); } await userRoleStore.RemoveFromRoleAsync(user, role, CancellationToken); } return await UpdateUserAsync(user); } ///

/// Gets a list of role names the specified belongs to, as an asynchronous operation. ///

/// The user whose role names to retrieve. /// The that represents the asynchronous operation, containing a list of role names. public virtual async Task> GetRolesAsync(TUser user) { ThrowIfDisposed(); var userRoleStore = GetUserRoleStore(); if (user == null) { throw new ArgumentNullException("user"); } return await userRoleStore.GetRolesAsync(user, CancellationToken); } ///

/// Returns a flag indicating whether the specified is a member of the give named role, as an asynchronous operation. ///

/// The user whose role membership should be checked. /// The name of the role to be checked. /// /// The that represents the asynchronous operation, containing a flag indicating whether the specified is /// a member of the named role. /// public virtual async Task IsInRoleAsync(TUser user, string role) { ThrowIfDisposed(); var userRoleStore = GetUserRoleStore(); if (user == null) { throw new ArgumentNullException("user"); } return await userRoleStore.IsInRoleAsync(user, role, CancellationToken); } ///

/// Gets the email address for the specified , as an asynchronous operation. ///

/// The user whose email should be returned. /// The used to propagate notifications that the operation should be canceled. /// The task object containing the results of the asynchronous operation, the email address for the specified . public virtual async Task GetEmailAsync(TUser user) { ThrowIfDisposed(); var store = GetEmailStore(); if (user == null) { throw new ArgumentNullException("user"); } return await store.GetEmailAsync(user, CancellationToken); } ///

/// Sets the address for a , as an asynchronous operation. ///

/// The user whose email should be set. /// The email to set. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task SetEmailAsync(TUser user, string email) { ThrowIfDisposed(); var store = GetEmailStore(); if (user == null) { throw new ArgumentNullException("user"); } await store.SetEmailAsync(user, email, CancellationToken); await store.SetEmailConfirmedAsync(user, false, CancellationToken); await UpdateSecurityStampInternal(user); return await UpdateUserAsync(user); } ///

/// Gets the user, if any, associated with the specified, normalized email address. ///

/// The normalized email address to return the user for. /// The used to propagate notifications that the operation should be canceled. /// /// The task object containing the results of the asynchronous lookup operation, the user if any associated with the specified normalized email address. /// public virtual Task FindByEmailAsync(string email) { ThrowIfDisposed(); var store = GetEmailStore(); if (email == null) { throw new ArgumentNullException("email"); } return store.FindByEmailAsync(NormalizeKey(email), CancellationToken); } ///

/// Updates the normalized email for the specified . ///

/// The user whose email address should be normalized and updated. /// The task object representing the asynchronous operation. public virtual async Task UpdateNormalizedEmailAsync(TUser user) { var store = GetEmailStore(throwOnFail: false); if (store != null) { var email = await GetEmailAsync(user); await store.SetNormalizedEmailAsync(user, NormalizeKey(email), CancellationToken); } } ///

/// Generates an email confirmation token for the specified user, as an asynchronous operation. ///

/// The user to generate an email confirmation token for. /// /// The that represents the asynchronous operation, an email confirmation token. /// public virtual Task GenerateEmailConfirmationTokenAsync(TUser user) { ThrowIfDisposed(); return GenerateUserTokenAsync(user, Options.Tokens.EmailConfirmationTokenProvider, ConfirmEmailTokenPurpose); } ///

/// Validates that an email confirmation token matches the specified , as an asynchronous operation. ///

/// The user to validate the token against. /// The email confirmation token to validate. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task ConfirmEmailAsync(TUser user, string token) { ThrowIfDisposed(); var store = GetEmailStore(); if (user == null) { throw new ArgumentNullException("user"); } if (!await VerifyUserTokenAsync(user, Options.Tokens.EmailConfirmationTokenProvider, ConfirmEmailTokenPurpose, token)) { return IdentityResult.Failed(ErrorDescriber.InvalidToken()); } await store.SetEmailConfirmedAsync(user, true, CancellationToken); return await UpdateUserAsync(user); } ///

/// Gets a flag indicating whether the email address for the specified has been verified, true if the email address is verified otherwise /// false, as an asynchronous operation. ///

/// The user whose email confirmation status should be returned. /// /// The task object containing the results of the asynchronous operation, a flag indicating whether the email address for the specified /// has been confirmed or not. /// public virtual async Task IsEmailConfirmedAsync(TUser user) { ThrowIfDisposed(); var store = GetEmailStore(); if (user == null) { throw new ArgumentNullException("user"); } return await store.GetEmailConfirmedAsync(user, CancellationToken); } ///

/// Generates an email change token for the specified user, as an asynchronous operation. ///

/// The user to generate an email change token for. /// /// The that represents the asynchronous operation, an email change token. /// public virtual Task GenerateChangeEmailTokenAsync(TUser user, string newEmail) { ThrowIfDisposed(); return GenerateUserTokenAsync(user, Options.Tokens.ChangeEmailTokenProvider, GetChangeEmailTokenPurpose(newEmail)); } ///

/// Updates a users emails if the specified email change is valid for the user. ///

/// The user whose email should be updated. /// The new email address. /// The change email token to be verified. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task ChangeEmailAsync(TUser user, string newEmail, string token) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } // Make sure the token is valid and the stamp matches if (!await VerifyUserTokenAsync(user, Options.Tokens.ChangeEmailTokenProvider, GetChangeEmailTokenPurpose(newEmail), token)) { return IdentityResult.Failed(ErrorDescriber.InvalidToken()); } var store = GetEmailStore(); await store.SetEmailAsync(user, newEmail, CancellationToken); await store.SetEmailConfirmedAsync(user, true, CancellationToken); await UpdateSecurityStampInternal(user); return await UpdateUserAsync(user); } ///

/// Gets the telephone number, if any, for the specified , as an asynchronous operation. ///

/// The user whose telephone number should be retrieved. /// The that represents the asynchronous operation, containing the user's telephone number, if any. public virtual async Task GetPhoneNumberAsync(TUser user) { ThrowIfDisposed(); var store = GetPhoneNumberStore(); if (user == null) { throw new ArgumentNullException("user"); } return await store.GetPhoneNumberAsync(user, CancellationToken); } ///

/// Sets the phone number for the specified . ///

/// The user whose phone number to set. /// The phone number to set. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task SetPhoneNumberAsync(TUser user, string phoneNumber) { ThrowIfDisposed(); var store = GetPhoneNumberStore(); if (user == null) { throw new ArgumentNullException("user"); } await store.SetPhoneNumberAsync(user, phoneNumber, CancellationToken); await store.SetPhoneNumberConfirmedAsync(user, false, CancellationToken); await UpdateSecurityStampInternal(user); return await UpdateUserAsync(user); } ///

/// Sets the phone number for the specified if the specified /// change is valid. ///

/// The user whose phone number to set. /// The phone number to set. /// The phone number confirmation token to validate. /// /// The that represents the asynchronous operation, containing the /// of the operation. /// public virtual async Task ChangePhoneNumberAsync(TUser user, string phoneNumber, string token) { ThrowIfDisposed(); var store = GetPhoneNumberStore(); if (user == null) { throw new ArgumentNullException("user"); } if (!await VerifyChangePhoneNumberTokenAsync(user, token, phoneNumber)) { Logger.LogWarning("Change phone number for user {userId} failed with invalid token.", await GetUserIdAsync(user)); return IdentityResult.Failed(ErrorDescriber.InvalidToken()); } await store.SetPhoneNumberAsync(user, phoneNumber, CancellationToken); await store.SetPhoneNumberConfirmedAsync(user, true, CancellationToken); await UpdateSecurityStampInternal(user); return await UpdateUserAsync(user); } ///

/// Gets a flag indicating whether the specified 's telephone number has been confirmed, as an asynchronous operation. ///

/// The user to return a flag for, indicating whether their telephone number is confirmed. /// /// The that represents the asynchronous operation, returning true if the specified has a confirmed /// telephone number otherwise false. /// public virtual Task IsPhoneNumberConfirmedAsync(TUser user) { ThrowIfDisposed(); var store = GetPhoneNumberStore(); if (user == null) { throw new ArgumentNullException("user"); } return store.GetPhoneNumberConfirmedAsync(user, CancellationToken); } ///

/// Generates a telephone number change token for the specified user, as an asynchronous operation. ///

/// The user to generate a telephone number token for. /// The new phone number the validation token should be sent to. /// /// The that represents the asynchronous operation, containing the telephone change number token. /// public virtual async Task GenerateChangePhoneNumberTokenAsync(TUser user, string phoneNumber) { ThrowIfDisposed(); return Rfc6238AuthenticationService.GenerateCode( await CreateSecurityTokenAsync(user), phoneNumber) .ToString(CultureInfo.InvariantCulture); } ///

/// Returns a flag indicating whether the specified 's phone number change verification /// token is valid for the given , as an asynchronous operation. ///

/// The user to validate the token against. /// The telephone number change token to validate. /// The telephone number the token was generated for. /// /// The that represents the asynchronous operation, returning true if the /// is valid, otherwise false. /// public virtual async Task VerifyChangePhoneNumberTokenAsync(TUser user, string token, string phoneNumber) { ThrowIfDisposed(); var securityToken = await CreateSecurityTokenAsync(user); int code; if (securityToken != null && Int32.TryParse(token, out code)) { if (Rfc6238AuthenticationService.ValidateCode(securityToken, code, phoneNumber)) { return true; } } Logger.LogWarning("VerifyChangePhoneNumberTokenAsync() failed for user {userId}.", await GetUserIdAsync(user)); return false; } ///

/// Returns a flag indicating whether the specified is valid for /// the given and , as an asynchronous operation. ///

/// The user to validate the token against. /// The token provider used to generate the token. /// The purpose the token should be generated for. /// The token to validate /// /// The that represents the asynchronous operation, returning true if the /// is valid, otherwise false. /// public virtual async Task VerifyUserTokenAsync(TUser user, string tokenProvider, string purpose, string token) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } if (tokenProvider == null) { throw new ArgumentNullException(nameof(tokenProvider)); } if (!_tokenProviders.ContainsKey(tokenProvider)) { throw new NotSupportedException(string.Format(CultureInfo.CurrentCulture, Resources.NoTokenProvider, tokenProvider)); } // Make sure the token is valid var result = await _tokenProviders[tokenProvider].ValidateAsync(purpose, token, this, user); if (!result) { Logger.LogWarning("VerifyUserTokenAsync() failed with purpose: {purpose} for user {userId}.", purpose, await GetUserIdAsync(user)); } return result; } ///

/// Generates a token for the given and , as an asynchronous operation. ///

/// The purpose the token will be for. /// The user the token will be for. /// The provider which will generate the token. /// /// The that represents result of the asynchronous operation, a token for /// the given user and purpose. /// public virtual Task GenerateUserTokenAsync(TUser user, string tokenProvider, string purpose) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } if (tokenProvider == null) { throw new ArgumentNullException(nameof(tokenProvider)); } if (!_tokenProviders.ContainsKey(tokenProvider)) { throw new NotSupportedException(string.Format(CultureInfo.CurrentCulture, Resources.NoTokenProvider, tokenProvider)); } return _tokenProviders[tokenProvider].GenerateAsync(purpose, this, user); } ///

/// Registers a token provider. ///

/// The name of the provider to register. /// The provider to register. public virtual void RegisterTokenProvider(string providerName, IUserTokenProvider provider) { ThrowIfDisposed(); if (provider == null) { throw new ArgumentNullException("provider"); } _tokenProviders[providerName] = provider; } ///

/// Gets a list of valid two factor token providers for the specified , /// as an asynchronous operation. ///

/// The user the whose two factor authentication providers will be returned. /// /// The that represents result of the asynchronous operation, a list of two /// factor authentication providers for the specified user. /// public virtual async Task> GetValidTwoFactorProvidersAsync(TUser user) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } var results = new List(); foreach (var f in _tokenProviders) { if (await f.Value.CanGenerateTwoFactorTokenAsync(this, user)) { results.Add(f.Key); } } return results; } ///

/// Verifies the specified two factor authentication against the , as an asynchronous operation. ///

/// The user the token is supposed to be for. /// The provider which will verify the token. /// The token to verify. /// /// The that represents result of the asynchronous operation, true if the token is valid, /// otherwise false. /// public virtual async Task VerifyTwoFactorTokenAsync(TUser user, string tokenProvider, string token) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } if (!_tokenProviders.ContainsKey(tokenProvider)) { throw new NotSupportedException(String.Format(CultureInfo.CurrentCulture, Resources.NoTokenProvider, tokenProvider)); } // Make sure the token is valid var result = await _tokenProviders[tokenProvider].ValidateAsync("TwoFactor", token, this, user); if (!result) { Logger.LogWarning($"{nameof(VerifyTwoFactorTokenAsync)}() failed for user {await GetUserIdAsync(user)}."); } return result; } ///

/// Gets a two factor authentication token for the specified , as an asynchronous operation. ///

/// The user the token is for. /// The provider which will generate the token. /// /// The that represents result of the asynchronous operation, a two factor authentication token /// for the user. /// public virtual Task GenerateTwoFactorTokenAsync(TUser user, string tokenProvider) { ThrowIfDisposed(); if (user == null) { throw new ArgumentNullException("user"); } if (!_tokenProviders.ContainsKey(tokenProvider)) { throw new NotSupportedException(String.Format(CultureInfo.CurrentCulture, Resources.NoTokenProvider, tokenProvider)); } return _tokenProviders[tokenProvider].GenerateAsync("TwoFactor", this, user); } ///

/// Returns a flag indicating whether the specified has two factor authentication enabled or not, /// as an asynchronous operation. ///

/// The user whose two factor authentication enabled status should be retrieved. /// /// The that represents the asynchronous operation, true if the specified /// has two factor authentication enabled, otherwise false. /// public virtual async Task GetTwoFactorEnabledAsync(TUser user) { ThrowIfDisposed(); var store = GetUserTwoFactorStore(); if (user == null) { throw new ArgumentNullException("user"); } return await store.GetTwoFactorEnabledAsync(user, CancellationToken); } ///

/// Sets a flag indicating whether the specified has two factor authentication enabled or not, /// as an asynchronous operation. ///

/// The user whose two factor authentication enabled status should be set. /// /// The that represents the asynchronous operation, the of the operation /// public virtual async Task SetTwoFactorEnabledAsync(TUser user, bool enabled) { ThrowIfDisposed(); var store = GetUserTwoFactorStore(); if (user == null) { throw new ArgumentNullException("user"); } await store.SetTwoFactorEnabledAsync(user, enabled, CancellationToken); await UpdateSecurityStampInternal(user); return await UpdateUserAsync(user); } ///

/// Returns a flag indicating whether the specified his locked out, /// as an asynchronous operation. ///

/// The user whose locked out status should be retrieved. /// /// The that represents the asynchronous operation, true if the specified /// is locked out, otherwise false. /// public virtual async Task IsLockedOutAsync(TUser user) { ThrowIfDisposed(); var store = GetUserLockoutStore(); if (user == null) { throw new ArgumentNullException("user"); } if (!await store.GetLockoutEnabledAsync(user, CancellationToken)) { return false; } var lockoutTime = await store.GetLockoutEndDateAsync(user, CancellationToken); return lockoutTime >= DateTimeOffset.UtcNow; } ///

/// Sets a flag indicating whether the specified is locked out, /// as an asynchronous operation. ///

/// The user whose locked out status should be set. /// Flag indicating whether the user is locked out or not. /// /// The that represents the asynchronous operation, the of the operation /// public virtual async Task SetLockoutEnabledAsync(TUser user, bool enabled) { ThrowIfDisposed(); var store = GetUserLockoutStore(); if (user == null) { throw new ArgumentNullException("user"); } await store.SetLockoutEnabledAsync(user, enabled, CancellationToken); return await UpdateUserAsync(user); } ///

/// Retrieves a flag indicating whether user lockout can enabled for the specified user, as an asynchronous operation. ///

/// The user whose ability to be locked out should be returned. /// /// The that represents the asynchronous operation, true if a user can be locked out, otherwise false. /// public virtual async Task GetLockoutEnabledAsync(TUser user) { ThrowIfDisposed(); var store = GetUserLockoutStore(); if (user == null) { throw new ArgumentNullException("user"); } return await store.GetLockoutEnabledAsync(user, CancellationToken); } ///

/// Gets the last a user's last lockout expired, if any, as an asynchronous operation. /// Any time in the past should be indicates a user is not locked out. ///

/// The user whose lockout date should be retrieved. /// /// A that represents the lookup, a containing the last time a user's lockout expired, if any. /// public virtual async Task GetLockoutEndDateAsync(TUser user) { ThrowIfDisposed(); var store = GetUserLockoutStore(); if (user == null) { throw new ArgumentNullException("user"); } return await store.GetLockoutEndDateAsync(user, CancellationToken); } ///

/// Locks out a user until the specified end date has passed, as an asynchronous operation. Setting a end date in the past immediately unlocks a user. ///

/// The user whose lockout date should be set. /// The after which the 's lockout should end. /// The that represents the asynchronous operation, containing the of the operation. public virtual async Task SetLockoutEndDateAsync(TUser user, DateTimeOffset? lockoutEnd) { ThrowIfDisposed(); var store = GetUserLockoutStore(); if (user == null) { throw new ArgumentNullException("user"); } if (!await store.GetLockoutEnabledAsync(user, CancellationToken)) { Logger.LogWarning("Lockout for user {userId} failed because lockout is not enabled for this user.", await GetUserIdAsync(user)); return IdentityResult.Failed(ErrorDescriber.UserLockoutNotEnabled()); } await store.SetLockoutEndDateAsync(user, lockoutEnd, CancellationToken); return await UpdateUserAsync(user); } ///

/// Increments the access failed count for the user as an asynchronous operation. /// If the failed access account is greater than or equal to the configured maximum number of attempts, /// the user will be locked out for the configured lockout time span. ///

/// The user whose failed access count to increment. /// The that represents the asynchronous operation, containing the of the operation. public virtual async Task AccessFailedAsync(TUser user) { ThrowIfDisposed(); var store = GetUserLockoutStore(); if (user == null) { throw new ArgumentNullException("user"); } // If this puts the user over the threshold for lockout, lock them out and reset the access failed count var count = await store.IncrementAccessFailedCountAsync(user, CancellationToken); if (count < Options.Lockout.MaxFailedAccessAttempts) { return await UpdateUserAsync(user); } Logger.LogWarning("User {userId} is locked out.", await GetUserIdAsync(user)); await store.SetLockoutEndDateAsync(user, DateTimeOffset.UtcNow.Add(Options.Lockout.DefaultLockoutTimeSpan), CancellationToken); await store.ResetAccessFailedCountAsync(user, CancellationToken); return await UpdateUserAsync(user); } ///

/// Resets the access failed count for the specified , as an asynchronous operation. ///

/// The user whose failed access count should be reset. /// The that represents the asynchronous operation, containing the of the operation. public virtual async Task ResetAccessFailedCountAsync(TUser user) { ThrowIfDisposed(); var store = GetUserLockoutStore(); if (user == null) { throw new ArgumentNullException("user"); } if (await GetAccessFailedCountAsync(user) == 0) { return IdentityResult.Success; } await store.ResetAccessFailedCountAsync(user, CancellationToken); return await UpdateUserAsync(user); } ///

/// Retrieves the current number of failed accesses for the given , as an asynchronous operation. ///

/// The user whose access failed count should be retrieved for. /// The that contains the result the asynchronous operation, the current failed access count /// for the user.. public virtual async Task GetAccessFailedCountAsync(TUser user) { ThrowIfDisposed(); var store = GetUserLockoutStore(); if (user == null) { throw new ArgumentNullException("user"); } return await store.GetAccessFailedCountAsync(user, CancellationToken); } public virtual Task> GetUsersForClaimAsync(Claim claim) { ThrowIfDisposed(); var store = GetClaimStore(); if (claim == null) { throw new ArgumentNullException("claim"); } return store.GetUsersForClaimAsync(claim, CancellationToken); } ///

/// Returns a list of users from the user store who have the specified . ///

/// The claim to look for. /// /// A that represents the result of the asynchronous query, a list of s who /// have the specified claim. /// public virtual Task> GetUsersInRoleAsync(string roleName) { ThrowIfDisposed(); var store = GetUserRoleStore(); if (roleName == null) { throw new ArgumentNullException("role"); } return store.GetUsersInRoleAsync(roleName, CancellationToken); } ///

/// Releases the unmanaged resources used by the role manager and optionally releases the managed resources. ///

/// true to release both managed and unmanaged resources; false to release only unmanaged resources. protected virtual void Dispose(bool disposing) { if (disposing && !_disposed) { Store.Dispose(); _disposed = true; } } // IUserFactorStore methods internal IUserTwoFactorStore GetUserTwoFactorStore() { var cast = Store as IUserTwoFactorStore; if (cast == null) { throw new NotSupportedException(Resources.StoreNotIUserTwoFactorStore); } return cast; } // IUserLockoutStore methods internal IUserLockoutStore GetUserLockoutStore() { var cast = Store as IUserLockoutStore; if (cast == null) { throw new NotSupportedException(Resources.StoreNotIUserLockoutStore); } return cast; } // IUserEmailStore methods internal IUserEmailStore GetEmailStore(bool throwOnFail = true) { var cast = Store as IUserEmailStore; if (throwOnFail && cast == null) { throw new NotSupportedException(Resources.StoreNotIUserEmailStore); } return cast; } // IUserPhoneNumberStore methods internal IUserPhoneNumberStore GetPhoneNumberStore() { var cast = Store as IUserPhoneNumberStore; if (cast == null) { throw new NotSupportedException(Resources.StoreNotIUserPhoneNumberStore); } return cast; } // Two factor APIS internal async Task CreateSecurityTokenAsync(TUser user) { return Encoding.Unicode.GetBytes(await GetSecurityStampAsync(user)); } // Update the security stamp if the store supports it internal async Task UpdateSecurityStampInternal(TUser user) { if (SupportsUserSecurityStamp) { await GetSecurityStore().SetSecurityStampAsync(user, NewSecurityStamp(), CancellationToken); } } internal async Task UpdatePasswordHash(IUserPasswordStore passwordStore, TUser user, string newPassword, bool validatePassword = true) { if (validatePassword) { var validate = await ValidatePasswordInternal(user, newPassword); if (!validate.Succeeded) { return validate; } } var hash = newPassword != null ? PasswordHasher.HashPassword(user, newPassword) : null; await passwordStore.SetPasswordHashAsync(user, hash, CancellationToken); await UpdateSecurityStampInternal(user); return IdentityResult.Success; } private IUserRoleStore GetUserRoleStore() { var cast = Store as IUserRoleStore; if (cast == null) { throw new NotSupportedException(Resources.StoreNotIUserRoleStore); } return cast; } private static string NewSecurityStamp() { return Guid.NewGuid().ToString(); } // IUserLoginStore methods private IUserLoginStore GetLoginStore() { var cast = Store as IUserLoginStore; if (cast == null) { throw new NotSupportedException(Resources.StoreNotIUserLoginStore); } return cast; } private IUserSecurityStampStore GetSecurityStore() { var cast = Store as IUserSecurityStampStore; if (cast == null) { throw new NotSupportedException(Resources.StoreNotIUserSecurityStampStore); } return cast; } private IUserClaimStore GetClaimStore() { var cast = Store as IUserClaimStore; if (cast == null) { throw new NotSupportedException(Resources.StoreNotIUserClaimStore); } return cast; } ///

/// Generates the token purpose used to change email ///

/// /// protected static string GetChangeEmailTokenPurpose(string newEmail) { return "ChangeEmail:" + newEmail; } private async Task ValidateUserInternal(TUser user) { var errors = new List(); foreach (var v in UserValidators) { var result = await v.ValidateAsync(this, user); if (!result.Succeeded) { errors.AddRange(result.Errors); } } if (errors.Count > 0) { Logger.LogWarning("User {userId} validation failed: {errors}.", await GetUserIdAsync(user), string.Join(";", errors.Select(e => e.Code))); return IdentityResult.Failed(errors.ToArray()); } return IdentityResult.Success; } private async Task ValidatePasswordInternal(TUser user, string password) { var errors = new List(); foreach (var v in PasswordValidators) { var result = await v.ValidateAsync(this, user, password); if (!result.Succeeded) { errors.AddRange(result.Errors); } } if (errors.Count > 0) { Logger.LogWarning("User {userId} password validation failed: {errors}.", await GetUserIdAsync(user), string.Join(";", errors.Select(e => e.Code))); return IdentityResult.Failed(errors.ToArray()); } return IdentityResult.Success; } ///

/// Validate user and update. Called by other UserManager methods ///

/// /// private async Task UpdateUserAsync(TUser user) { var result = await ValidateUserInternal(user); if (!result.Succeeded) { return result; } await UpdateNormalizedUserNameAsync(user); await UpdateNormalizedEmailAsync(user); return await Store.UpdateAsync(user, CancellationToken); } // IUserPasswordStore methods private IUserPasswordStore GetPasswordStore() { var cast = Store as IUserPasswordStore; if (cast == null) { throw new NotSupportedException(Resources.StoreNotIUserPasswordStore); } return cast; } private void ThrowIfDisposed() { if (_disposed) { throw new ObjectDisposedException(GetType().Name); } } } }