feat(user-metadata): correct user metadata management

GZTimeWalker · GZTimeWalker · commit a676bd9547c4 · 2025-12-28T01:03:30.000+08:00
diff --git a/src/Directory.Packages.props b/src/Directory.Packages.props
@@ -71,4 +71,4 @@
     <PackageVersion Include="coverlet.msbuild" Version="6.0.4" />
     <PackageVersion Include="ZstdSharp.Port" Version="0.8.6" />
   </ItemGroup>
-</Project>
+</Project>
diff --git a/src/GZCTF.Test/UnitTests/Models/UserInfoTests.cs b/src/GZCTF.Test/UnitTests/Models/UserInfoTests.cs
@@ -10,19 +10,23 @@ namespace GZCTF.Test.UnitTests.Models;
 public class UserInfoTests
 {
     [Fact]
-    public void UpdateUserInfo_ProfileUpdateModel_UpdatesMetadata()
+    public void UpdateUserInfo_ProfileUpdateModel_UpdatesBioAndPhone()
     {
         var user = new UserInfo();
-        var metadata = new SortedDictionary<string, JsonDocument?>
+        var model = new ProfileUpdateModel
         {
-            ["key1"] = JsonSerializer.Deserialize<JsonDocument>("\"value1\"")
+            Bio = "new bio",
+            Phone = "new phone",
+            Metadata = new SortedDictionary<string, JsonDocument?>
+            {
+                ["key1"] = JsonSerializer.Deserialize<JsonDocument>("\"value1\"")
+            }
         };
-        var model = new ProfileUpdateModel { Metadata = metadata };
 
         user.UpdateUserInfo(model);
 
-        Assert.NotNull(user.Metadata);
-        Assert.Equal("value1", user.Metadata["key1"]?.RootElement.GetString());
+        Assert.Equal("new bio", user.Bio);
+        Assert.Equal("new phone", user.PhoneNumber);
     }
 
     [Fact]
diff --git a/src/GZCTF/Controllers/AccountController.cs b/src/GZCTF/Controllers/AccountController.cs
@@ -1,5 +1,4 @@
 ﻿using System.Net.Mime;
-using System.Text.Json;
 using GZCTF.Extensions;
 using GZCTF.Middlewares;
 using GZCTF.Models.Internal;
@@ -356,7 +355,7 @@ public async Task<IActionResult> LogOut()
     [ProducesResponseType(typeof(RequestResponse), StatusCodes.Status400BadRequest)]
     public async Task<IActionResult> Update([FromBody] ProfileUpdateModel model, CancellationToken token = default)
     {
-        var user = await userManager.GetUserAsync(User);
+        var user = (await userManager.GetUserAsync(User))!;
 
         if (model.UserName is not null && model.UserName != user!.UserName)
         {
@@ -371,25 +370,12 @@ public async Task<IActionResult> Update([FromBody] ProfileUpdateModel model, Can
                 user, TaskStatus.Success);
         }
 
-        if (model.Metadata is not null)
+        if (model.Metadata is { Count: > 0 })
         {
-            var fields = await metadataRepository.GetAllAsync(token);
-            var fieldMap = fields.ToDictionary(f => f.Key);
-
-            foreach ((string key, JsonDocument? value) in model.Metadata)
-            {
-                if (!fieldMap.TryGetValue(key, out var field))
-                    return BadRequest(
-                        new RequestResponse(localizer[nameof(Resources.Program.Model_UnknownMetadataField), key]));
-
-                if (field.Locked)
-                    return BadRequest(new RequestResponse(localizer[nameof(Resources.Program.Model_FieldIsLocked),
-                        field.DisplayName]));
-
-                if (!field.Validate(value, localizer, out var error))
-                    return BadRequest(new RequestResponse(
-                        localizer[nameof(Resources.Program.Model_FieldValidationFailed), field.DisplayName, error]));
-            }
+            var fieldDefs = await metadataRepository.GetAllAsync(token);
+            if (fieldDefs.Count > 0)
+                if (!user.UpdateUserMetadataByUser(model.Metadata, localizer, fieldDefs, out var errorResponse))
+                    return BadRequest(new RequestResponse(errorResponse));
         }
 
         user!.UpdateUserInfo(model);
diff --git a/src/GZCTF/Controllers/AdminController.cs b/src/GZCTF/Controllers/AdminController.cs
@@ -37,8 +37,9 @@ public class AdminController(
     IConfigService configService,
     IGameRepository gameRepository,
     ITeamRepository teamRepository,
-    IContainerRepository containerRepository,
     IServiceProvider serviceProvider,
+    IContainerRepository containerRepository,
+    IUserMetadataFieldRepository metadataRepository,
     IParticipationRepository participationRepository,
     IStringLocalizer<Program> localizer) : ControllerBase
 {
@@ -261,7 +262,7 @@ public async Task<IActionResult> AddUsers([FromBody] UserCreateModel[] model, Ca
             }
 
             var teams = new List<Team>();
-            foreach (var (user, teamName) in users)
+            foreach ((UserInfo user, var teamName) in users)
             {
                 if (teamName is null)
                     continue;
@@ -389,7 +390,8 @@ public async Task<IActionResult> UpdateTeam([FromRoute] int id, [FromBody] Admin
     [HttpPut("Users/{userid}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(RequestResponse), StatusCodes.Status404NotFound)]
-    public async Task<IActionResult> UpdateUserInfo(string userid, [FromBody] AdminUserInfoModel model)
+    public async Task<IActionResult> UpdateUserInfo(string userid,
+        [FromBody] AdminUserInfoModel model, CancellationToken token)
     {
         var user = await userManager.FindByIdAsync(userid);
 
@@ -413,6 +415,14 @@ public async Task<IActionResult> UpdateUserInfo(string userid, [FromBody] AdminU
                 return HandleIdentityError(result.Errors);
         }
 
+        if (model.Metadata is { Count: > 0 })
+        {
+            var fieldDefs = await metadataRepository.GetAllAsync(token);
+            if (fieldDefs.Count > 0)
+                if (!user.UpdateUserMetadataByAdmin(model.Metadata, localizer, fieldDefs, out var errorResponse))
+                    return BadRequest(new RequestResponse(errorResponse));
+        }
+
         user.UpdateUserInfo(model);
         await userManager.UpdateAsync(user);
 
diff --git a/src/GZCTF/Controllers/GameController.cs b/src/GZCTF/Controllers/GameController.cs
@@ -844,7 +844,7 @@ public async Task<IActionResult> ScoreboardSheet([FromRoute] int id,
         try
         {
             var scoreboard = await gameRepository.GetScoreboardWithMembers(game, token);
-            var stream = excelHelper.GetScoreboardExcel(scoreboard, metadataFields);
+            var stream = excelHelper.GetScoreboardExcel(scoreboard, metadataFields.Values);
             stream.Seek(0, SeekOrigin.Begin);
 
             return File(stream,
diff --git a/src/GZCTF/Controllers/InfoController.cs b/src/GZCTF/Controllers/InfoController.cs
@@ -194,6 +194,9 @@ public async Task<IActionResult> PowChallenge(CancellationToken token = default)
     /// <response code="200">Successfully retrieved metadata fields</response>
     [HttpGet("Metadata")]
     [ProducesResponseType(typeof(UserMetadataField[]), StatusCodes.Status200OK)]
-    public Task<UserMetadataField[]> GetMetadataFields(CancellationToken token) =>
-        metadataRepository.GetAllAsync(token);
+    public async Task<IEnumerable<UserMetadataField>> GetMetadataFields(CancellationToken token)
+    {
+        var metadataFields = await metadataRepository.GetAllAsync(token);
+        return metadataFields.Values;
+    }
 }
diff --git a/src/GZCTF/Controllers/MetadataController.cs b/src/GZCTF/Controllers/MetadataController.cs
@@ -21,7 +21,11 @@ public class MetadataController(IUserMetadataFieldRepository metadataRepository,
     /// <returns></returns>
     [HttpGet]
     [ProducesResponseType(typeof(UserMetadataField[]), StatusCodes.Status200OK)]
-    public Task<UserMetadataField[]> Get(CancellationToken token) => metadataRepository.GetAllAsync(token);
+    public async Task<IEnumerable<UserMetadataField>> Get(CancellationToken token)
+    {
+        var fields = await metadataRepository.GetAllAsync(token);
+        return fields.Values;
+    }
 
     /// <summary>
     /// Create a new metadata field
diff --git a/src/GZCTF/Extensions/UserMetadataExtension.cs b/src/GZCTF/Extensions/UserMetadataExtension.cs
@@ -173,6 +173,103 @@ public bool Validate(JsonDocument? value, IStringLocalizer<Program> localizer,
             return true;
         }
     }
+
+    extension(UserInfo user)
+    {
+        /// <summary>
+        /// Update user metadata by user input
+        /// </summary>
+        /// <param name="metadata">The new metadata from user</param>
+        /// <param name="localizer">String localizer for error messages</param>
+        /// <param name="fieldDefs">Field definitions</param>
+        /// <param name="errorResponse">Error response if validation fails</param>
+        /// <returns>>True if update is successful, false otherwise</returns>
+        internal bool UpdateUserMetadataByUser(MetadataStore metadata,
+            IStringLocalizer<Program> localizer,
+            Dictionary<string, UserMetadataField> fieldDefs,
+            [MaybeNullWhen(true)] out string errorResponse)
+        {
+            var newMetadata = new MetadataStore();
+
+            foreach ((var key, JsonDocument? value) in metadata)
+            {
+                // Skip fields that are locked or not defined
+                if (!fieldDefs.TryGetValue(key, out var field) || field.Locked)
+                    continue;
+
+                // Validate field value
+                if (!field.Validate(value, localizer, out var error))
+                {
+                    errorResponse = localizer[nameof(Resources.Program.Model_FieldValidationFailed),
+                        field.DisplayName, error];
+                    return false;
+                }
+
+                newMetadata[key] = value;
+            }
+
+            if (user.Metadata is not null)
+            {
+                foreach ((var key, JsonDocument? value) in user.Metadata)
+                {
+                    // Preserve locked fields
+                    if (fieldDefs.TryGetValue(key, out var field) && field.Locked)
+                        newMetadata[key] = value;
+                }
+            }
+
+            user.Metadata = newMetadata;
+            errorResponse = null;
+            return true;
+        }
+
+        /// <summary>
+        /// Update user metadata by admin input
+        /// </summary>
+        /// <param name="metadata">The new metadata from user</param>
+        /// <param name="localizer">String localizer for error messages</param>
+        /// <param name="fieldDefs">Field definitions</param>
+        /// <param name="errorResponse">Error response if validation fails</param>
+        /// <returns>>True if update is successful, false otherwise</returns>
+        internal bool UpdateUserMetadataByAdmin(MetadataStore metadata,
+            IStringLocalizer<Program> localizer,
+            Dictionary<string, UserMetadataField> fieldDefs,
+            [MaybeNullWhen(true)] out string errorResponse)
+        {
+            var newMetadata = new MetadataStore();
+
+            foreach ((var key, JsonDocument? value) in metadata)
+            {
+                // Skip fields that are locked or not defined
+                if (!fieldDefs.TryGetValue(key, out var field))
+                    continue;
+
+                // Validate field value
+                if (!field.Validate(value, localizer, out var error))
+                {
+                    errorResponse = localizer[nameof(Resources.Program.Model_FieldValidationFailed),
+                        field.DisplayName, error];
+                    return false;
+                }
+
+                newMetadata[key] = value;
+            }
+
+            if (user.Metadata is not null)
+            {
+                foreach ((var key, JsonDocument? value) in user.Metadata)
+                {
+                    // Preserve old fields that are not being updated
+                    if (!newMetadata.ContainsKey(key) && fieldDefs.ContainsKey(key))
+                        newMetadata[key] = value;
+                }
+            }
+
+            user.Metadata = newMetadata;
+            errorResponse = null;
+            return true;
+        }
+    }
 }
 
 public sealed record UserMetadataFieldValue(UserMetadataFieldValueType Type, JsonDocument? Value) : IDisposable
diff --git a/src/GZCTF/Models/Data/UserInfo.cs b/src/GZCTF/Models/Data/UserInfo.cs
@@ -84,11 +84,11 @@ public void UpdateByHttpContext(HttpContext context)
     internal void UpdateUserInfo(AdminUserInfoModel model)
     {
         // use SetUserNameAsync and SetEmailAsync to update UserName and Email
+        // use UpdateUserMetadataByAdmin to update Metadata
         Bio = model.Bio ?? Bio;
         Role = model.Role ?? Role;
         PhoneNumber = model.Phone ?? PhoneNumber;
         EmailConfirmed = model.EmailConfirmed ?? EmailConfirmed;
-        Metadata = model.Metadata ?? Metadata;
     }
 
     /// <summary>
@@ -107,9 +107,9 @@ internal void UpdateUserInfo(UserCreateModel model)
     internal void UpdateUserInfo(ProfileUpdateModel model)
     {
         // use SetUserNameAsync to update UserName
+        // use UpdateUserMetadataByUser to update Metadata
         Bio = model.Bio ?? Bio;
         PhoneNumber = model.Phone ?? PhoneNumber;
-        Metadata = model.Metadata ?? Metadata;
     }
 
     #region Db Relationship
diff --git a/src/GZCTF/Repositories/Interface/IUserMetadataFieldRepository.cs b/src/GZCTF/Repositories/Interface/IUserMetadataFieldRepository.cs
@@ -15,7 +15,7 @@ public interface IUserMetadataFieldRepository : IRepository
     /// </summary>
     /// <param name="token">Cancellation token</param>
     /// <returns>Array of fields</returns>
-    Task<UserMetadataField[]> GetAllAsync(CancellationToken token = default);
+    Task<Dictionary<string, UserMetadataField>> GetAllAsync(CancellationToken token = default);
 
     /// <summary>
     /// Create a new user metadata field
diff --git a/src/GZCTF/Repositories/UserMetadataFieldRepository.cs b/src/GZCTF/Repositories/UserMetadataFieldRepository.cs
@@ -13,12 +13,13 @@ public class UserMetadataFieldRepository(
     public Task<UserMetadataField?> GetByKeyAsync(string key, CancellationToken token = default)
         => Context.UserMetadataFields.FirstOrDefaultAsync(f => f.Key == key, token);
 
-    public Task<UserMetadataField[]> GetAllAsync(CancellationToken token = default) =>
+    public Task<Dictionary<string, UserMetadataField>> GetAllAsync(CancellationToken token = default) =>
         cacheHelper.GetOrCreateAsync(logger, CacheKey.UserMetadataFields,
             entry =>
             {
                 entry.SlidingExpiration = TimeSpan.FromDays(1);
-                return Context.UserMetadataFields.OrderBy(f => f.Order).ToArrayAsync(token);
+                return Context.UserMetadataFields.OrderBy(f => f.Order)
+                    .ToDictionaryAsync(f => f.Key, token);
             },
             token: token);
 
diff --git a/src/GZCTF/Utils/ExcelHelper.cs b/src/GZCTF/Utils/ExcelHelper.cs
@@ -39,7 +39,7 @@ public class ExcelHelper(IStringLocalizer<Program> localizer)
         localizer[nameof(Resources.Program.Header_Email)]
     ];
 
-    public MemoryStream GetScoreboardExcel(ScoreboardModel scoreboard, UserMetadataField[] metadataFields)
+    public MemoryStream GetScoreboardExcel(ScoreboardModel scoreboard, IEnumerable<UserMetadataField> metadataFields)
     {
         if (scoreboard.Items.Values.FirstOrDefault()?.TeamInfo is null)
             throw new ArgumentException(localizer[nameof(Resources.Program.Scoreboard_TeamNotLoaded)]);
@@ -116,7 +116,7 @@ private void WriteSubmissionContent(ISheet sheet, IEnumerable<Submission> submis
     }
 
     private int[] WriteBoardHeader(ISheet sheet, ICellStyle style, ScoreboardModel scoreboard,
-        UserMetadataField[] metadataFields)
+        IEnumerable<UserMetadataField> metadataFields)
     {
         var row = sheet.CreateRow(0);
         var colIndex = 0;
@@ -164,7 +164,7 @@ private int[] WriteBoardHeader(ISheet sheet, ICellStyle style, ScoreboardModel s
     }
 
     private static void WriteBoardContent(ISheet sheet, ScoreboardModel scoreboard, int[] challIds,
-        UserMetadataField[] metadataFields)
+        IEnumerable<UserMetadataField> metadataFields)
     {
         var rowIndex = 1;
         var withDiv = scoreboard.Divisions.Count > 0;

Original file line number	Diff line number	Diff line change
`@@ -844,7 +844,7 @@ public async Task<IActionResult> ScoreboardSheet([FromRoute] int id,`
`844`	`844`	`try`
`845`	`845`	`{`
`846`	`846`	`var scoreboard = await gameRepository.GetScoreboardWithMembers(game, token);`
`847`		`- var stream = excelHelper.GetScoreboardExcel(scoreboard, metadataFields);`
	`847`	`+ var stream = excelHelper.GetScoreboardExcel(scoreboard, metadataFields.Values);`
`848`	`848`	`stream.Seek(0, SeekOrigin.Begin);`
`849`	`849`
`850`	`850`	`return File(stream,`
Original file line number	Diff line number	Diff line change
`@@ -84,11 +84,11 @@ public void UpdateByHttpContext(HttpContext context)`
`84`	`84`	`internal void UpdateUserInfo(AdminUserInfoModel model)`
`85`	`85`	`{`
`86`	`86`	`// use SetUserNameAsync and SetEmailAsync to update UserName and Email`
	`87`	`+ // use UpdateUserMetadataByAdmin to update Metadata`
`87`	`88`	`Bio = model.Bio ?? Bio;`
`88`	`89`	`Role = model.Role ?? Role;`
`89`	`90`	`PhoneNumber = model.Phone ?? PhoneNumber;`
`90`	`91`	`EmailConfirmed = model.EmailConfirmed ?? EmailConfirmed;`
`91`		`- Metadata = model.Metadata ?? Metadata;`
`92`	`92`	`}`
`93`	`93`
`94`	`94`	`/// <summary>`
`@@ -107,9 +107,9 @@ internal void UpdateUserInfo(UserCreateModel model)`
`107`	`107`	`internal void UpdateUserInfo(ProfileUpdateModel model)`
`108`	`108`	`{`
`109`	`109`	`// use SetUserNameAsync to update UserName`
	`110`	`+ // use UpdateUserMetadataByUser to update Metadata`
`110`	`111`	`Bio = model.Bio ?? Bio;`
`111`	`112`	`PhoneNumber = model.Phone ?? PhoneNumber;`
`112`		`- Metadata = model.Metadata ?? Metadata;`
`113`	`113`	`}`
`114`	`114`
`115`	`115`	`#region Db Relationship`