in src/Web/Controllers/AccountController.cs [318:437]
private async Task<IActionResult> RegisterUser(RegisterViewModel model, string returnUrl, bool useAP)
{
//Create the user object and validate it before calling Fraud Protection
var user = new ApplicationUser
{
UserName = model.User.Email,
Email = model.User.Email,
FirstName = model.User.FirstName,
LastName = model.User.LastName,
PhoneNumber = model.User.Phone,
Address1 = model.Address.Address1,
Address2 = model.Address.Address2,
City = model.Address.City,
State = model.Address.State,
ZipCode = model.Address.ZipCode,
CountryRegion = model.Address.CountryRegion
};
foreach (var v in _userManager.UserValidators)
{
var validationResult = await v.ValidateAsync(_userManager, user);
if (!validationResult.Succeeded)
{
AddErrors(validationResult);
}
};
foreach (var v in _userManager.PasswordValidators)
{
var validationResult = await v.ValidateAsync(_userManager, user, model.Password);
if (!validationResult.Succeeded)
{
AddErrors(validationResult);
}
};
if (ModelState.ErrorCount > 0)
{
return View("Register", model);
}
#region Fraud Protection Service
var correlationId = _fraudProtectionService.NewCorrelationId;
// Ask Fraud Protection to assess this signup/registration before registering the user in our database, etc.
if (useAP)
{
AccountProtection.SignUp signupEvent = CreateSignupAPEvent(model);
var signupAssessment = await _fraudProtectionService.PostSignupAP(signupEvent, correlationId);
//Track Fraud Protection request/response for display only
var fraudProtectionIO = new FraudProtectionIOModel(correlationId, signupEvent, signupAssessment, "Signup");
TempData.Put(FraudProtectionIOModel.TempDataKey, fraudProtectionIO);
bool rejectSignup = false;
if (signupAssessment is ResponseSuccess signupResponse)
{
rejectSignup = signupResponse.ResultDetails.FirstOrDefault()?.Decision != DecisionName.Approve;
}
if (rejectSignup)
{
ModelState.AddModelError("", "Signup rejected by Fraud Protection. You can try again as it has a random likelihood of happening in this sample site.");
return View("Register", model);
}
}
else
{
SignUp signupEvent = CreateSignupEvent(model);
var signupAssessment = await _fraudProtectionService.PostSignup(signupEvent, correlationId);
//Track Fraud Protection request/response for display only
var fraudProtectionIO = new FraudProtectionIOModel(correlationId, signupEvent, signupAssessment, "Signup");
//2 out of 3 signups will succeed on average. Adjust if you want more or less signups blocked for tesing purposes.
var rejectSignup = new Random().Next(0, 3) != 0;
var signupStatusType = rejectSignup ? SignupStatusType.Rejected.ToString() : SignupStatusType.Approved.ToString();
var signupStatus = new SignupStatusEvent
{
SignUpId = signupEvent.SignUpId,
StatusType = signupStatusType,
StatusDate = DateTimeOffset.Now,
Reason = "User is " + signupStatusType
};
if (!rejectSignup)
{
signupStatus.User = new SignupStatusUser { UserId = model.User.Email };
}
var signupStatusResponse = await _fraudProtectionService.PostSignupStatus(signupStatus, correlationId);
fraudProtectionIO.Add(signupStatus, signupStatusResponse, "Signup Status");
TempData.Put(FraudProtectionIOModel.TempDataKey, fraudProtectionIO);
if (rejectSignup)
{
ModelState.AddModelError("", "Signup rejected by Fraud Protection. You can try again as it has a random likelihood of happening in this sample site.");
return View("Register", model);
}
}
#endregion
var result = await _userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
{
AddErrors(result);
return View("Register", model);
}
await _signInManager.SignInAsync(user, isPersistent: false);
await TransferBasketToEmailAsync(user.Email);
return RedirectToLocal(returnUrl);
}