Onboarding: Invite new users (#5714)

* Server Users: More precise message when inviting users This lets the admin who invited a new user know whether or not an email has been sent. If the SMTP server hasn't been set up, they need to share the invite link with the user. * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` * Remove duplicate status message from views that use the wizard layout * Auto-approve users created by an admin * Notify admins via email if a new account requires approval * Update wording * Fix update user error * Fix redirect to email confirmation in invite action * Fix precondition checks after signup * Improve admin notification Send notification only if the user does not require email confirmation or when they confirmed their email address. Rationale: We want to inform admins only about qualified users and not annoy them with bot registrations. * Allow approval alongside resending confirm email * Use user email in log messages instead of ID * Prevent unnecessary notification after email confirmation * Use ApplicationUser type explicitly * Fix after rebase * Refactoring: Do not subclass UserRegisteredEvent
2025-12-18 14:34:23 +01:00 · 2024-02-28 12:43:18 +01:00
parent 8b446e2791
commit e43b4ed540
24 changed files with 394 additions and 237 deletions
--- a/BTCPayServer/UserManagerExtensions.cs
+++ b/BTCPayServer/UserManagerExtensions.cs
@@ -1,19 +1,34 @@
 #nullable enable
 using System.Threading.Tasks;
+using BTCPayServer.Security;
 using Microsoft.AspNetCore.Identity;

 namespace BTCPayServer
 {
    public static class UserManagerExtensions
    {
-        public async static Task<TUser?> FindByIdOrEmail<TUser>(this UserManager<TUser> userManager, string? idOrEmail) where TUser : class
+        private const string InvitationPurpose = "invitation";
+
+        public static async Task<TUser?> FindByIdOrEmail<TUser>(this UserManager<TUser> userManager, string? idOrEmail) where TUser : class
        {
            if (string.IsNullOrEmpty(idOrEmail))
                return null;
            if (idOrEmail.Contains('@'))
                return await userManager.FindByEmailAsync(idOrEmail);
-            else
-                return await userManager.FindByIdAsync(idOrEmail);
+
+            return await userManager.FindByIdAsync(idOrEmail);
+        }
+
+        public static async Task<string> GenerateInvitationTokenAsync<TUser>(this UserManager<TUser> userManager, TUser user) where TUser : class
+        {
+            return await userManager.GenerateUserTokenAsync(user, InvitationTokenProviderOptions.ProviderName, InvitationPurpose);
+        }
+
+        public static async Task<TUser?> FindByInvitationTokenAsync<TUser>(this UserManager<TUser> userManager, string userId, string token) where TUser : class
+        {
+            var user = await userManager.FindByIdAsync(userId);
+            var isValid = user is not null && await userManager.VerifyUserTokenAsync(user, InvitationTokenProviderOptions.ProviderName, InvitationPurpose, token);
+            return isValid ? user : null;
        }
    }
 }