From c90b54d642e0020d5dd7fe4b5b971d30f845f950 Mon Sep 17 00:00:00 2001
From: Paul Schneider <paul@pschneider.fr>
Date: Tue, 3 Nov 2015 16:06:28 +0100
Subject: [PATCH] Fixes account creation and removal

* NpgsqlMembershipProvider.cs: Fixes the latest commit concerning
  account creation and removal

* YavscController.cs: TODO ...
---
 NpgsqlMRPProviders/ChangeLog                  |  5 +++
 .../NpgsqlMembershipProvider.cs               | 44 +++++++++++++------
 web/ApiControllers/YavscController.cs         |  1 +
 web/ChangeLog                                 |  4 ++
 4 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/NpgsqlMRPProviders/ChangeLog b/NpgsqlMRPProviders/ChangeLog
index f60947f5..239e4e18 100644
--- a/NpgsqlMRPProviders/ChangeLog
+++ b/NpgsqlMRPProviders/ChangeLog
@@ -1,3 +1,8 @@
+2015-11-03  Paul Schneider  <paul@pschneider.fr>
+
+	* NpgsqlMembershipProvider.cs: Fixes the latest commit
+	concerning account creation and removal
+
 2015-11-03  Paul Schneider  <paul@pschneider.fr>
 
 	* NpgsqlMembershipProvider.cs: insert a profile record before
diff --git a/NpgsqlMRPProviders/NpgsqlMembershipProvider.cs b/NpgsqlMRPProviders/NpgsqlMembershipProvider.cs
index 88106ced..454c0211 100644
--- a/NpgsqlMRPProviders/NpgsqlMembershipProvider.cs
+++ b/NpgsqlMRPProviders/NpgsqlMembershipProvider.cs
@@ -375,16 +375,18 @@ namespace Npgsql.Web
 				}
 
 				using (NpgsqlConnection conn = new NpgsqlConnection (connectionString)) {
+					conn.Open ();
+
+					NpgsqlTransaction tran = conn.BeginTransaction();
 					using (NpgsqlCommand cmd = new NpgsqlCommand ("INSERT INTO profiles (username,applicationname,isanonymous)\n" +
 						"VALUES (:uname,:app,FALSE)")) {
+						cmd.Connection = conn;
 						cmd.Parameters.AddWithValue ("uname", username);
 						cmd.Parameters.AddWithValue ("app", pApplicationName);
-						conn.Open ();
+
 						cmd.ExecuteNonQuery ();
 					}
-				}
-
-				using (NpgsqlConnection conn = new NpgsqlConnection (connectionString)) {
+				
 					using (NpgsqlCommand cmd = new NpgsqlCommand ("INSERT INTO Users " +
 					" (PKID, Username, Passw, Email, PasswordQuestion, " +
 					" PasswordAnswer, IsApproved," +
@@ -416,15 +418,15 @@ namespace Npgsql.Web
 						cmd.Parameters.AddWithValue ("@FailedPasswordAttemptWindowStart", createDate);
 						cmd.Parameters.AddWithValue ("@FailedPasswordAnswerAttemptCount", 0);
 						cmd.Parameters.AddWithValue ("@FailedPasswordAnswerAttemptWindowStart", createDate);
-
 						int recAdded = cmd.ExecuteNonQuery ();
 						if (recAdded > 0) {
 							status = MembershipCreateStatus.Success;
 						} else {
 							status = MembershipCreateStatus.UserRejected;
 						}
-						conn.Close ();
 					}
+					tran.Commit();  
+					conn.Close ();
 				}
 				return GetUser (username, false);      
 			} else {
@@ -458,17 +460,33 @@ namespace Npgsql.Web
 		{
 			int rowsAffected = 0;
 			using (NpgsqlConnection conn = new NpgsqlConnection (connectionString)) {
-				using (NpgsqlCommand cmd = new NpgsqlCommand ("DELETE FROM Users " +
-					" WHERE Username = @Username AND Applicationname = @ApplicationName", conn)) {
+				conn.Open ();
+				NpgsqlTransaction trans = conn.BeginTransaction ();
+				using (NpgsqlCommand cmd = new NpgsqlCommand ("DELETE FROM users " +
+				                           " WHERE username = @Username AND applicationname = @ApplicationName", conn)) {
 					cmd.Parameters.AddWithValue ("@Username", NpgsqlDbType.Varchar, 255).Value = username;
 					cmd.Parameters.AddWithValue ("@ApplicationName", NpgsqlDbType.Varchar, 255).Value = pApplicationName;
-					conn.Open ();
+
 					rowsAffected = cmd.ExecuteNonQuery ();
-					if (deleteAllRelatedData) {
-						// TODO Process commands to delete all data for the user in the database.
-					}
-					conn.Close ();
 				}
+
+				// TODO  if (deleteAllRelatedData) {  Process commands to delete all data for the user in the database. }
+				// OR NOT TO DO, to me, deleting an user implies delete all of its related data in db,
+				// as long they belong to him.
+				//
+				// So, just ignore this parameter,
+				// and remove the records from the profile model, that are not 
+				// dropped in cascade by constraint,
+				// as long as these profiles may also be anonymous
+				using (NpgsqlCommand cmd = new NpgsqlCommand ("DELETE FROM profiles " +
+						" WHERE username = :uname AND applicationname = :appname", conn)) {
+						cmd.Parameters.AddWithValue ("uname", NpgsqlDbType.Varchar, 255).Value = username;
+						cmd.Parameters.AddWithValue ("appname", NpgsqlDbType.Varchar, 255).Value = pApplicationName;
+						cmd.ExecuteNonQuery ();
+
+				}
+				trans.Commit ();
+				conn.Close ();
 			}
 			return (rowsAffected > 0);
 		}
diff --git a/web/ApiControllers/YavscController.cs b/web/ApiControllers/YavscController.cs
index db64f8df..ab43ed44 100644
--- a/web/ApiControllers/YavscController.cs
+++ b/web/ApiControllers/YavscController.cs
@@ -36,6 +36,7 @@ namespace Yavsc.ApiControllers
 
 		public void AllowCookies (Auth model)
 		{
+			// TODO check Auth when existing
 			if (model.Id != null) {
 				ProfileBase pr = ProfileBase.Create (model.Id);
 				pr.SetPropertyValue ("allowcookies", true);
diff --git a/web/ChangeLog b/web/ChangeLog
index a158a50d..20a5ec07 100644
--- a/web/ChangeLog
+++ b/web/ChangeLog
@@ -1,3 +1,7 @@
+2015-11-03  Paul Schneider  <paul@pschneider.fr>
+
+	* YavscController.cs: TODO ... 
+
 2015-11-03  Paul Schneider  <paul@pschneider.fr>
 
 	* YavscController.cs: Fixes the cookies agreement