From 14ab2127ed74984650b7e610b48ce0cb307c3f9c Mon Sep 17 00:00:00 2001
From: Konstantin Savosteev <Konstantin.Savosteev@virtoway.com>
Date: Mon, 3 Jun 2024 10:02:36 +0200
Subject: [PATCH] VCST-885: check contact lock on register by invitation (#76)

---
 .../RegisterByInvitationCommandHandler.cs     | 39 +++++++++++--------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Commands/RegisterByInvitationCommandHandler.cs b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Commands/RegisterByInvitationCommandHandler.cs
index c187a957..975cf9d7 100644
--- a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Commands/RegisterByInvitationCommandHandler.cs
+++ b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Commands/RegisterByInvitationCommandHandler.cs
@@ -52,6 +52,20 @@ public virtual async Task<IdentityResultResponse> Handle(RegisterByInvitationCom
                 return SetResponse(IdentityResult.Failed(errors));
             }
 
+            var contact = await _memberService.GetByIdAsync(user.MemberId) as Contact;
+            if (contact == null)
+            {
+                var errors = _environment.IsDevelopment() ? new[] { new IdentityError { Code = "ContactNotFound", Description = "Contact not found" } } : null;
+                return SetResponse(IdentityResult.Failed(errors));
+            }
+
+            // check lockout
+            if (contact.Status == ModuleConstants.ContactStatuses.Locked)
+            {
+                var errors = _environment.IsDevelopment() ? new[] { new IdentityError { Code = "ContactLocked", Description = "Contact locked" } } : null;
+                return SetResponse(IdentityResult.Failed(errors));
+            }
+
             var identityResult = await userManager.ResetPasswordAsync(user, Uri.UnescapeDataString(request.Token), request.Password);
             if (!identityResult.Succeeded)
             {
@@ -71,27 +85,18 @@ public virtual async Task<IdentityResultResponse> Handle(RegisterByInvitationCom
                 return SetResponse(identityResult);
             }
 
-            var contact = await _memberService.GetByIdAsync(user.MemberId) as Contact;
-            if (contact == null)
-            {
-                var errors = _environment.IsDevelopment() ? new[] { new IdentityError { Code = "ContactNotFound", Description = "Contact not found" } } : null;
-                identityResult = IdentityResult.Failed(errors);
-            }
-            else
-            {
-                UpdateContact(contact, request);
-
-                await _memberService.SaveChangesAsync(new Member[] { contact });
+            UpdateContact(contact, request);
 
-                // associate order
-                if (!string.IsNullOrEmpty(request.CustomerOrderId))
-                {
-                    await TransferOrderAsync(request.CustomerOrderId, user.Id, contact.FullName, cancellationToken);
-                }
+            await _memberService.SaveChangesAsync([contact]);
 
-                await SendRegistrationNotificationAsync(user, contact, cancellationToken);
+            // associate order
+            if (!string.IsNullOrEmpty(request.CustomerOrderId))
+            {
+                await TransferOrderAsync(request.CustomerOrderId, user.Id, contact.FullName, cancellationToken);
             }
 
+            await SendRegistrationNotificationAsync(user, contact, cancellationToken);
+
             return SetResponse(identityResult);
         }