From c554af94790e7e13c9bdb70182286e28b55d7330 Mon Sep 17 00:00:00 2001
From: LD-Reborn <lucretia.dietz@gmx.de>
Date: Sun, 23 Nov 2025 13:57:02 +0100
Subject: [PATCH 1/3] Implemented user settings view

---
 src/Controllers/SettingsController.cs     |  57 +++++++++-
 src/Controllers/UsersController.cs        |  14 +--
 src/Helpers/UsersHelper.cs                |  10 ++
 src/Models/SettingsRequestModels.cs       |   9 ++
 src/Models/SettingsResponseModels.cs      |   8 ++
 src/Models/UserSettingsModel.cs           |   6 +
 src/Resources/Views.Settings.User.de.resx |  67 +++++++++++
 src/Views/Settings/User.cshtml            | 133 +++++++++++++++++++++-
 8 files changed, 286 insertions(+), 18 deletions(-)
 create mode 100644 src/Models/UserSettingsModel.cs
 create mode 100644 src/Resources/Views.Settings.User.de.resx

diff --git a/src/Controllers/SettingsController.cs b/src/Controllers/SettingsController.cs
index 713cc57..bcdb255 100644
--- a/src/Controllers/SettingsController.cs
+++ b/src/Controllers/SettingsController.cs
@@ -3,11 +3,7 @@ using Microsoft.AspNetCore.Mvc;
 using Novell.Directory.Ldap;
 using Berufsschule_HAM.Models;
 using Berufsschule_HAM.Helpers;
-using System.Security.Cryptography;
-using System.Text;
 using Microsoft.AspNetCore.Authorization;
-using System.Text.Json;
-using System.Buffers.Text;
 
 [Authorize]
 [Route("[controller]")]
@@ -23,11 +19,60 @@ public class SettingsController : Controller
     }
 
     [HttpGet("User")]
-    public new IActionResult User()
+    public async Task<IActionResult> UserAsync()
     {
-        return View();
+        try
+        {
+            var userID = User.Identity?.Name ?? throw new Exception("No name specified");
+            UserSettingsModel userSettingsModel = new()
+            {
+                userModel = await _ldap.GetUserByUidAsync(userID)
+            };
+            return View(userSettingsModel);
+        } catch (Exception ex)
+        {
+            _logger.LogWarning("An exception happened when trying to show user settings view: {ex.Message} - {ex.StackTrace}", [ex.Message, ex.StackTrace]);
+            return Redirect("/Home/Logout");
+        }
     }
 
+    [HttpPut("User")]
+    public async Task<UserUpdateResponseModel> UpdateUserAsync([FromBody]UserUpdateRequestModel userUpdateRequestModel)
+    {
+        if (userUpdateRequestModel is null)
+        {
+            return new() {Success = false, ErrorMessage = "userUpdateRequestModel is null"};
+        }
+        try
+        {
+            var userID = User.Identity?.Name ?? throw new Exception("No name specified");
+            bool anyUpdated = false;
+            if (userUpdateRequestModel.Password is not null && userUpdateRequestModel.Password.Length > 0)
+            {
+                await _ldap.UpdateUser(userID, "userPassword", await UsersHelper.HashPassword(_ldap, userUpdateRequestModel.Password));
+                anyUpdated = true;
+            }
+            if (userUpdateRequestModel.Image is not null && userUpdateRequestModel.Image.Length > 0)
+            {
+                await _ldap.UpdateUser(userID, "jpegPhoto", userUpdateRequestModel.Image);
+                anyUpdated = true;
+            }
+            if (anyUpdated)
+            {
+                return new() {Success = true};
+            }
+            else
+            {
+                return new() {Success = false, ErrorMessage = "Nothing was updated"};
+            }
+        } catch (Exception ex)
+        {
+            _logger.LogWarning("An exception happened when trying to update a user: {ex.Message} - {ex.StackTrace}", [ex.Message, ex.StackTrace]);
+            return new() {Success = false, ErrorMessage = ex.Message};
+        }
+    }
+
+
     [Authorize(Roles = "CanManageSettings")]
     [HttpGet("Admin")]
     public async Task<IActionResult> AdminAsync()
diff --git a/src/Controllers/UsersController.cs b/src/Controllers/UsersController.cs
index 5e4fd51..76b5378 100644
--- a/src/Controllers/UsersController.cs
+++ b/src/Controllers/UsersController.cs
@@ -70,7 +70,6 @@ public class UsersController : Controller
         }
         try
         {
-            Task<AdminSettingsModel> settingsTask = _ldap.GetAdminSettingsModelAsync();
             string? jpegPhoto = requestModel.JpegPhoto;
             string? title = requestModel.Title;
             string userPassword = requestModel.UserPassword ?? "";
@@ -81,10 +80,7 @@ public class UsersController : Controller
             description ??= new() {Address = new(), BirthDate = "", Workplace = "", Groups = []};
             if (!userPassword.StartsWith('{'))
             {
-                AdminSettingsModel settings = await settingsTask;
-                byte[] passwordBytes = Encoding.UTF8.GetBytes(userPassword);
-                byte[] hashedPassword = settings.hashAlgorithm?.ComputeHash(passwordBytes) ?? throw new Exception("Hash algorithm not instantiated yet");
-                userPassword = $"{{{settings.DefaultHashAlgorithm.ToUpperInvariant()}}}{Convert.ToBase64String(hashedPassword)}";
+                userPassword = await UsersHelper.HashPassword(_ldap, userPassword);
             }
 
             LdapAttributeSet attributeSet =
@@ -118,7 +114,6 @@ public class UsersController : Controller
         }
         try
         {
-            Task<AdminSettingsModel> settingsTask = _ldap.GetAdminSettingsModelAsync();
             string uid = requestModel.Uid;
             UserModel? user = null;
             if (requestModel.NewUid is not null && requestModel.NewUid.Length > 0)
@@ -140,11 +135,8 @@ public class UsersController : Controller
                 await _ldap.UpdateUser(uid, "jpegPhoto", requestModel.JpegPhoto);
             }
             if (requestModel.UserPassword is not null && requestModel.UserPassword.Length > 0)
-            {
-                AdminSettingsModel settings = await settingsTask;
-                byte[] passwordBytes = Encoding.UTF8.GetBytes(requestModel.UserPassword);
-                byte[] hashedPassword = settings.hashAlgorithm?.ComputeHash(passwordBytes) ?? throw new Exception("Hash algorithm not instantiated yet");
-                requestModel.UserPassword = $"{{{settings.DefaultHashAlgorithm.ToUpperInvariant()}}}{Convert.ToBase64String(hashedPassword)}";
+            {                
+                requestModel.UserPassword = await UsersHelper.HashPassword(_ldap, requestModel.UserPassword);
                 await _ldap.UpdateUser(uid, "userPassword", requestModel.UserPassword);
             }
 
diff --git a/src/Helpers/UsersHelper.cs b/src/Helpers/UsersHelper.cs
index 41edf60..975fd85 100644
--- a/src/Helpers/UsersHelper.cs
+++ b/src/Helpers/UsersHelper.cs
@@ -1,6 +1,8 @@
 using System.Globalization;
 using System.Text;
 using System.Text.RegularExpressions;
+using Berufsschule_HAM.Models;
+using Berufsschule_HAM.Services;
 namespace Berufsschule_HAM.Helpers;
 
 public static partial class UsersHelper
@@ -39,6 +41,14 @@ public static partial class UsersHelper
         return cleaned;
     }
 
+    public static async Task<string> HashPassword(LdapService ldapService, string password)
+    {
+        AdminSettingsModel settings = await ldapService.GetAdminSettingsModelAsync();
+        byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
+        byte[] hashedPassword = settings.hashAlgorithm?.ComputeHash(passwordBytes) ?? throw new Exception("Hash algorithm not instantiated yet");
+        return $"{{{settings.DefaultHashAlgorithm.ToUpperInvariant()}}}{Convert.ToBase64String(hashedPassword)}";
+    }
+
     [GeneratedRegex("[^a-z]")]
     private static partial Regex AtoZ();
 }
\ No newline at end of file
diff --git a/src/Models/SettingsRequestModels.cs b/src/Models/SettingsRequestModels.cs
index 1979cee..f57623e 100644
--- a/src/Models/SettingsRequestModels.cs
+++ b/src/Models/SettingsRequestModels.cs
@@ -2,6 +2,15 @@ using System.Text.Json.Serialization;
 
 namespace Berufsschule_HAM.Models;
 
+public class UserUpdateRequestModel
+{
+    [JsonPropertyName("Password")]
+    public string? Password { get; set; }
+
+    [JsonPropertyName("Image")]
+    public string? Image { get; set; }
+}
+
 public class AdminUpdateRequestModel
 {
     [JsonPropertyName("AdminSettingsModel")]
diff --git a/src/Models/SettingsResponseModels.cs b/src/Models/SettingsResponseModels.cs
index 8687996..7e0dbc2 100644
--- a/src/Models/SettingsResponseModels.cs
+++ b/src/Models/SettingsResponseModels.cs
@@ -2,6 +2,14 @@ using System.Text.Json.Serialization;
 
 namespace Berufsschule_HAM.Models;
 
+public class UserUpdateResponseModel
+{
+    [JsonPropertyName("Success")]
+    public required bool Success { get; set; }
+    [JsonPropertyName("ErrorMessage")]
+    public string? ErrorMessage { get; set; }
+}
+
 public class AdminUpdateResponseModel
 {
     [JsonPropertyName("Success")]
diff --git a/src/Models/UserSettingsModel.cs b/src/Models/UserSettingsModel.cs
new file mode 100644
index 0000000..8adddbc
--- /dev/null
+++ b/src/Models/UserSettingsModel.cs
@@ -0,0 +1,6 @@
+using Berufsschule_HAM.Models;
+
+public class UserSettingsModel
+{
+    public required UserModel userModel;
+}
\ No newline at end of file
diff --git a/src/Resources/Views.Settings.User.de.resx b/src/Resources/Views.Settings.User.de.resx
new file mode 100644
index 0000000..532804f
--- /dev/null
+++ b/src/Resources/Views.Settings.User.de.resx
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+    <resheader name="resmimetype">
+        <value>text/microsoft-resx</value>
+    </resheader>
+    <resheader name="version">
+        <value>2.0</value>
+    </resheader>
+    <resheader name="reader">
+        <value>System.Resources.ResXResourceReader, System.Windows.Forms, ...</value>
+    </resheader>
+    <resheader name="writer">
+        <value>System.Resources.ResXResourceWriter, System.Windows.Forms, ...</value>
+    </resheader>
+
+  <data name="User settings" xml:space="preserve">
+    <value>Einstellungen</value>
+  </data>
+  <data name="Personal data" xml:space="preserve">
+    <value>Persönliche Daten</value>
+  </data>
+  <data name="Username" xml:space="preserve">
+    <value>Benutzername</value>
+  </data>
+  <data name="Title" xml:space="preserve">
+    <value>Anrede</value>
+  </data>
+  <data name="Name" xml:space="preserve">
+    <value>Name</value>
+  </data>
+  <data name="Surname" xml:space="preserve">
+    <value>Nachname</value>
+  </data>
+  <data name="Birth date" xml:space="preserve">
+    <value>Geburtsdatum</value>
+  </data>
+  <data name="Address" xml:space="preserve">
+    <value>Adresse</value>
+  </data>
+  <data name="Account" xml:space="preserve">
+    <value>Konto</value>
+  </data>
+  <data name="Workplace" xml:space="preserve">
+    <value>Arbeitsplatz</value>
+  </data>
+  <data name="Password" xml:space="preserve">
+    <value>Passwort</value>
+  </data>
+  <data name="Photo" xml:space="preserve">
+    <value>Profilbild</value>
+  </data>
+  <data name="Apply settings" xml:space="preserve">
+    <value>Änderungen anwenden</value>
+  </data>
+  <data name="Password must be at least 8 characters long and include upper, lower, number, and special character" xml:space="preserve">
+    <value>Passwort muss mindestens 8 Zeichen lang sein und Groß- und Kleinbuchstaben, sowie Zahlen und Sonderzeichen enthalten</value>
+  </data>
+  <data name="Settings updated successfully" xml:space="preserve">
+    <value>Einstellungen erfolgreich aktualisiert</value>
+  </data>
+  <data name="Unknown error" xml:space="preserve">
+    <value>Unbekannter Fehler</value>
+  </data>
+  <data name="Error contacting server" xml:space="preserve">
+    <value>Fehler bei der Kommunikation mit dem Server</value>
+  </data>
+</root>
diff --git a/src/Views/Settings/User.cshtml b/src/Views/Settings/User.cshtml
index e9c7309..e64adff 100644
--- a/src/Views/Settings/User.cshtml
+++ b/src/Views/Settings/User.cshtml
@@ -1 +1,132 @@
-<h3>Empty view lol</h3>
\ No newline at end of file
+@using Microsoft.AspNetCore.Mvc.Localization
+@using Berufsschule_HAM.Models
+@model UserSettingsModel
+@inject IViewLocalizer T
+@inject IConfiguration Configuration
+@{
+    ViewData["Title"] = T["User settings"];
+    string barcodeType = Configuration["BarcodeType"] ?? "EAN13";
+}
+
+
+<form id="updateSettings" method="post" asp-controller="Settings" asp-action="User">
+    <h4 class="fw-bold">@T["Account"]</h4>
+    <div class="row g-3 mb-3">
+        <div class="col-md-4">
+            <label class="form-label" for="username">@T["Username"]</label>
+            <input type="text" id="username" class="form-control" value="@Model.userModel.Uid" readonly/>
+        </div>
+        <div class="col-md-4">
+            <label class="form-label" for="password">@T["Password"]</label>
+            <input type="password" id="password" name="Password" class="form-control" />
+        </div>
+    </div>
+    <div class="row g-3 mb-3">
+        <div class="col-md-4">
+            <label class="form-label" for="updatePhotoFile">@T["Photo"]</label>
+            <input type="file" id="updatePhotoFile" accept="image/*" class="form-control" />
+            <input type="hidden" id="updateJpegPhoto" name="Image" />
+            <div class="mt-2 text-center">
+                <img id="updatePhotoPreview" src="" alt="Preview" class="img-thumbnail" style="max-height: 150px; display: none;" />
+            </div>
+        </div>
+    </div>
+    <h4 class="fw-bold">@T["Personal data"]</h4>
+    <div class="row g-3 mb-3">
+        <div class="col-md-1">
+            <label class="form-label" for="title">@T["Title"]</label>
+            <input type="text" id="title" class="form-control" value="@Model.userModel.Title" readonly/>
+        </div>
+        <div class="col-md-4">
+            <label class="form-label" for="name">@T["Name"]</label>
+            <input type="text" id="name" class="form-control" value="@Model.userModel.Cn" readonly/>
+        </div>
+        <div class="col-md-4">
+            <label class="form-label" for="surname">@T["Surname"]</label>
+            <input type="text" id="surname" class="form-control" value="@Model.userModel.Sn" readonly/>
+        </div>
+    </div>
+    <div class="row g-3 mb-3">
+        <div class="col-md-2">
+            <label class="form-label" for="birthdate">@T["Birth date"]</label>
+            <input type="text" id="birthdate" class="form-control" value="@Model.userModel.Description?.BirthDate" readonly/>
+        </div>
+        <div class="col-md-4">
+            <label class="form-label" for="address">@T["Address"]</label>
+            <input type="text" id="address" class="form-control" value="@Model.userModel.Description?.BirthDate" readonly/>
+        </div>
+        <div class="col-md-3">
+            <label class="form-label" for="workplace">@T["Workplace"]</label>
+            <input type="text" id="workplace" class="form-control" value="@Model.userModel.Description?.Workplace" readonly/>
+        </div>
+    </div>
+    <div class="row g-3 mb-3">
+        <div class="col-md-12">
+            <button type="submit" class="btn btn-warning float-end mt-3">@T["Apply settings"]</button>
+        </div>
+    </div>
+</form>
+
+
+<script defer>
+    document.addEventListener('DOMContentLoaded', () => {
+        const photoInput = document.getElementById('updatePhotoFile');
+        const photoPreview = document.getElementById('updatePhotoPreview');
+        const photoHidden = document.getElementById('updateJpegPhoto');
+
+        const updateForm = document.getElementById('updateSettings');
+        updateForm.addEventListener('submit', async e => {
+            e.preventDefault();
+            const password = updateForm.querySelector('#password').value;
+            if (password != null && password.length > 0 && !validatePassword(password)) {
+                showToast('@T["Password must be at least 8 characters long and include upper, lower, number, and special character"]', 'danger');
+                return;
+            }
+            const url = `/Settings/User`;
+            const dataFromEntries = Object.fromEntries(new FormData(updateForm).entries());
+            var data = unflatten(dataFromEntries);
+            try {
+                const response = await fetch(url, {
+                    method: 'PUT',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'Accept': 'application/json'
+                    },
+                    body: JSON.stringify(data)
+                });
+
+                const result = await response.json();
+
+                if (result.Success) {
+                    showToast('@T["Settings updated successfully"]', 'success');
+                    let userDropdown = document.getElementById("userDropdown");
+                    userDropdown.children[0].src = userDropdown.children[0].src + "&cachebuster=" + Date.now(); // Force refresh user image
+                    photoHidden.value = "";
+                    photoPreview.src = "";
+                    photoPreview.style.display = 'none';
+                    updateForm.reset();
+                } else {
+                    showToast(`${result.reason}: ${result.exception || '@T["Unknown error"]'}`, 'danger');
+                }
+            } catch (error) {
+                console.error(error);
+                showToast('@T["Error contacting server"]', 'danger');
+            }
+        });
+
+        photoInput.addEventListener('change', () => {
+            const file = photoInput.files[0];
+            if (!file) return;
+
+            const reader = new FileReader();
+            reader.onload = e => {
+                const base64 = e.target.result.split(',')[1]; // strip data:image/jpeg;base64,
+                photoHidden.value = base64;
+                photoPreview.src = e.target.result;
+                photoPreview.style.display = 'block';
+            };
+            reader.readAsDataURL(file);
+        });
+    });
+
+</script>
\ No newline at end of file

From 1c6bbcfe1d70172e9a9bdbebd395d1f316a69d7e Mon Sep 17 00:00:00 2001
From: LD-Reborn <lucretia.dietz@gmx.de>
Date: Sun, 23 Nov 2025 13:57:20 +0100
Subject: [PATCH 2/3] Fixed admin settings page title

---
 src/Resources/Views.Settings.Admin.de.resx | 4 ++--
 src/Views/Settings/Admin.cshtml            | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Resources/Views.Settings.Admin.de.resx b/src/Resources/Views.Settings.Admin.de.resx
index 1dc9306..b8644ee 100644
--- a/src/Resources/Views.Settings.Admin.de.resx
+++ b/src/Resources/Views.Settings.Admin.de.resx
@@ -13,8 +13,8 @@
         <value>System.Resources.ResXResourceWriter, System.Windows.Forms, ...</value>
     </resheader>
 
-  <data name="Users" xml:space="preserve">
-    <value>Benutzer</value>
+  <data name="Admin settings" xml:space="preserve">
+    <value>Administration</value>
   </data>
 
   <data name="General settings" xml:space="preserve">
diff --git a/src/Views/Settings/Admin.cshtml b/src/Views/Settings/Admin.cshtml
index 53915f3..79ea760 100644
--- a/src/Views/Settings/Admin.cshtml
+++ b/src/Views/Settings/Admin.cshtml
@@ -10,7 +10,7 @@
 @inject IViewLocalizer T
 @inject LdapService ldap
 @{
-    ViewData["Title"] = T["Users"];
+    ViewData["Title"] = T["Admin settings"];
     List<string> supportedBarcodeTypes = ["code128c", "ean13", "ean8", "upc", "itf14", "itf"];
     string userImageCacheSize = ImageHelper.ToHumanReadableSize(ImageHelper.GetImageCacheSize());
 }

From bf17c755fc288a6d1b2131630e09afcb1877c5cf Mon Sep 17 00:00:00 2001
From: LD-Reborn <lucretia.dietz@gmx.de>
Date: Sun, 23 Nov 2025 13:57:33 +0100
Subject: [PATCH 3/3] Fixed skip link not visible

---
 src/Views/Shared/_Layout.cshtml |  4 ++--
 src/wwwroot/css/site.css        | 11 +++++++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/Views/Shared/_Layout.cshtml b/src/Views/Shared/_Layout.cshtml
index 0b60559..c8471b6 100644
--- a/src/Views/Shared/_Layout.cshtml
+++ b/src/Views/Shared/_Layout.cshtml
@@ -103,12 +103,12 @@
                     {
                         <ul class="navbar-nav ms-auto">
                             <li class="nav-item dropdown">
-                                <div class="nav-link dropdown-toggle d-flex align-items-center" href="#" id="userDropdown" role="button"
+                                <a class="nav-link dropdown-toggle d-flex align-items-center" href="#" id="userDropdown" role="button"
                                 data-bs-toggle="dropdown" aria-expanded="false">
                                     <img src="/Home/UserPhoto?uid=@User.Identity.Name&size=30" alt="Profile"
                                         class="rounded-circle me-2" width="30" height="30" alt="Photo" />
                                     <span>@User.Identity.Name</span>
-                                </div>
+                                </a>
                                 <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="userDropdown">
                                     <li><a class="dropdown-item" asp-controller="Settings" asp-action="User">@T["User settings"]</a></li>
                                     @if (User.HasClaim(ClaimTypes.Role, "CanManageSettings"))
diff --git a/src/wwwroot/css/site.css b/src/wwwroot/css/site.css
index bf7a71c..3f3a52d 100644
--- a/src/wwwroot/css/site.css
+++ b/src/wwwroot/css/site.css
@@ -78,7 +78,14 @@ h4.fw-bold, h4.card-title {
 }
 
 .skip-link:focus {
-  left: 10px;
+  left: 10px !important;
   top: 10px;
   outline: none;
-}
\ No newline at end of file
+}
+
+input[readonly] {
+  background-color: #343a40 !important;
+  box-shadow: none;
+  opacity: 1;
+  border-color: var(--bs-border-color) !important;
+}