search

tugberkugurlu / AspNet.Identity.RavenDB

Fully asynchronous, new and sweet ASP.NET Identity implementation for RavenDB
MIT License
42 stars 28 forks source link

UserSecretStore and UserLoginStore relies on the user existence poorly #1

Closed tugberkugurlu closed 11 years ago

tugberkugurlu commented 11 years ago

This's from IdentityStoreManager's CreateLocalUser method:

if (await this.Context.Users.Create(user) && await this.Context.Secrets.Create(new UserSecret(user.UserName, password)) && await this.Context.Logins.Add(new UserLogin(user.Id, this.LocalLoginProvider, user.UserName)))
{
    await this.Context.SaveChanges();
    result = true;
}

As seen here, there are no user changes persisted before setting the UserSecret and UserLogin here. With the current store implementations, such a behavior won't work as RavenUserSecretStore and RavenUserLoginStore relies on the existence of RavenUser.

However, UserLogin instance needs the user id which is not there yet. How does this even work?