Half updated section 4

davidfowl · DamianEdwards · commit 56e2655e21e4 · 2019-10-01T17:37:06.000-07:00
diff --git a/docs/4. Add auth features.md b/docs/4. Add auth features.md
@@ -107,48 +107,47 @@ In this module we're going to add the capability for users to register and sign-
     ```
 
 ### Allow creation of an admin user
-> Let's make it so the site allows creation of an admin user when there isn't one already, but only if the user also has a special single-use creation key. That way, we can easily create an admin user without access to the database when we first run the app in any environment.
+> Let's make it so the site allows creation of an admin user when there isn't one already. The first user to access the site will be deemed the administrator.
 
 1. Create a new class `AdminService` in the `Services` folder. This class will be responsible for managing the creation key generation and tracking whether the site should allow creating admin users.
 1. Add code to the class that will create an appropriately long creation key and expose it via a property:
     ``` c#
-    private readonly Lazy<long> _creationKey = new Lazy<long>(() => BitConverter.ToInt64(Guid.NewGuid().ToByteArray(), 7));
-    private readonly IdentityDbContext _dbContext;
-    private bool _adminExists;
-
-    public AdminService(IdentityDbContext dbContext)
+    public class AdminService
     {
-        _dbContext = dbContext;
-    }
+        private readonly IdentityDbContext _dbContext;
 
-    public long CreationKey => _creationKey.Value;
+        private bool _adminExists;
 
-    public async Task<bool> AllowAdminUserCreationAsync()
-    {
-        if (_adminExists)
+        public AdminService(IdentityDbContext dbContext)
         {
-            return false;
+            _dbContext = dbContext;
         }
-        else
+
+        public async Task<bool> AllowAdminUserCreationAsync()
         {
-            if (await _dbContext.Users.AnyAsync(user => user.IsAdmin))
+            if (_adminExists)
             {
-                // There are already admin users so disable admin creation
-                _adminExists = true;
                 return false;
             }
+            else
+            {
+                if (await _dbContext.Users.AnyAsync(user => user.IsAdmin))
+                {
+                    // There are already admin users so disable admin creation
+                    _adminExists = true;
+                    return false;
+                }
 
-            // There are no admin users so enable admin creation
-            return true;
+                // There are no admin users so enable admin creation
+                return true;
+            }
         }
     }
     ```
 1. Extract an interface from the class and call it `IAdminService`
     ``` c#
     public interface IAdminService
     {
-        long CreationKey { get; }
-
         Task<bool> AllowAdminUserCreationAsync();
     }
     ```
@@ -164,7 +163,7 @@ In this module we're going to add the capability for users to register and sign-
      ```
      dotnet aspnet-codegenerator identity --dbContext FrontEnd.Data.IdentityDbContext --files Account.Register
      ```
-1. Update the `RegisterModel` class in the `Register.cshtml.cs` file to accept `IAdminService` and `IdentityDbContext` parameters and save them to local members:
+1. Update the `RegisterModel` class in the `Register.cshtml.cs` file to accept `IAdminService` as a parameter and it them to a local member:
     ``` c#
     [AllowAnonymous]
     public class RegisterModel : PageModel
@@ -174,52 +173,30 @@ In this module we're going to add the capability for users to register and sign-
         private readonly ILogger<RegisterModel> _logger;
         private readonly IEmailSender _emailSender;
         private readonly IAdminService _adminService;
-        private readonly IdentityDbContext _dbContext;
 
         public RegisterModel(
             UserManager<User> userManager,
             SignInManager<User> signInManager,
             ILogger<RegisterModel> logger,
             IEmailSender emailSender,
-            IAdminService adminService,
-            IdentityDbContext dbContext)
+            IAdminService adminService)
         {
             _userManager = userManager;
             _signInManager = signInManager;
             _logger = logger;
             _emailSender = emailSender;
             _adminService = adminService;
-            _dbContext = dbContext;
         }
 
         ...
     ```
-1. Add a `bool` property to the page model to indicate to the page whether admin creation is currently allowed:
-    ``` c#
-    public bool AllowAdminCreation { get; set; }
-    ```
-1. Add an `AdminCreationKey` property to to the page's `InputModel` class to capture the submitted key for creating the admin user:
-    ``` c#
-    [DataType(DataType.Password)]
-    [Display(Name = "Admin creation key")]
-    public long? AdminCreationKey { get; set; }
-    ```
-1. Add code to the `OnGet` method to use the `IAdminService` to see if admin creation is enabled and log the creation key if so. You'll also need to change the method to be async by updating the method signature to the following: `public async Task OnGetAsync(string returnUrl = null)`
+
+1. Add code to the `OnPostAsync` that marks the new user as an admin if the `IAdminService.AllowAdminUserCreationAsync` returns true before creating the user:
     ``` c#
     if (await _adminService.AllowAdminUserCreationAsync())
-    {
-        AllowAdminCreation = true;
-        _logger.LogInformation("Admin creation is enabled. Use the following key to create an admin user: {adminKey}", _adminService.CreationKey);
-    }
-    ```
-1. Add code to the `OnPostAsync` that marks the new user as an admin if the admin creation key was submitted and matches the in the `IAdminService`, before creating the user:
-    ``` c#
-    if (await _adminService.AllowAdminUserCreationAsync() && Input.AdminCreationKey == _adminService.CreationKey)
     {
         // Set as admin user
         user.IsAdmin = true;
-        // In the event user creation fails in the next few lines, set this so the admin key box still shows up on the retry page
-        AllowAdminCreation = true;
     }
 
     var result = await _userManager.CreateAsync(user, Input.Password);
@@ -235,34 +212,13 @@ In this module we're going to add the capability for users to register and sign-
         _logger.LogInformation("User created a new account with password.");
     }
     ```
-1. Update the registration form to allow entering the admin creation key by adding a text input to the end of `Register.cshtml`:
-    ``` html
-	...
-	    <div class="form-group">
-		<label asp-for="Input.ConfirmPassword"></label>
-		<input asp-for="Input.ConfirmPassword" class="form-control" />
-		<span asp-validation-for="Input.ConfirmPassword" class="text-danger"></span>
-	    </div>
-	    @if (Model.AllowAdminCreation)
-	    {
-		<div class="form-group">
-		    <label asp-for="Input.AdminCreationKey"></label>
-		    <input asp-for="Input.AdminCreationKey" class="form-control" />
-		    <span asp-validation-for="Input.AdminCreationKey" class="text-danger"></span>
-		</div>
-	    }
-	    <button type="submit" class="btn btn-primary">Register</button>
-	</form>
-	...
-    ```
 
 > If you run the app at this point, you'll see an exception stating that you can't inject a scoped type into a type registered as a singleton. This is the DI system protecting you from a common anti-pattern that can arise when using IoC containers. Let's fix the `AdminService` to use the scoped `IdentityDbContext` correctly.
 
 1. Open the `AdminService.cs` file and change the code to accept an `IServiceProvider` instead of the `IdentityDbContext` in its constructor:
     ``` csharp
     public class AdminService : IAdminService
     {
-        private readonly Lazy<long> _creationKey = new Lazy<long>(() => BitConverter.ToInt64(Guid.NewGuid().ToByteArray(), 7));
         private readonly IServiceProvider _serviceProvider;
 
         private bool _adminExists;
