public async Task <IActionResult> ChangePassword(ChangePasswordRequest req)
{
if (HttpContext.User.IsAnonymous())
{
return(Challenge());
}
if (!ModelState.IsValid)
{
return(View());
}
var user = await Db.Users
.SingleOrDefaultAsync(x => x.Id == HttpContext.User.GetUserId());
byte[] newHash = AuthUtils.GetHashFor(req.OldPassword, user.PasswordSalt);
if (!Enumerable.SequenceEqual(newHash, user.PasswordHash))
{
ModelState.AddModelError("", "Incorrect password");
return(View());
}
user.PasswordSalt = AuthUtils.GetRandomData(64);
user.PasswordHash = AuthUtils.GetHashFor(req.NewPassword, user.PasswordSalt);
await Db.SaveChangesAsync();
return(RedirectToAction("News", "Issue"));
}
public async Task <IActionResult> Register(RegisterRequest req, [FromQuery] string redirect = "")
{
if (!ModelState.IsValid)
{
return(View());
}
try
{
ViewData["RedirectTo"] = new PathString(redirect);
}
catch (ArgumentException)
{
ViewData["RedirectTo"] = new PathString("");
}
var user = await Db.Users.SingleOrDefaultAsync(x => x.Username == req.Username && x.FullName == req.FullName);
if (user != null)
{
ModelState.AddModelError("", "User already exists");
return(View());
}
Invite inv = await Db.Invites
.SingleAsync(x => x.Uid == req.InviteID);
User newUser = new User()
{
RoleId = inv.RoleId, // Anonymous role
Username = req.Username,
FullName = req.FullName,
PasswordSalt = AuthUtils.GetRandomData(64)
};
newUser.PasswordHash = AuthUtils.GetHashFor(req.Password, newUser.PasswordSalt);
await Db.AddAsync(newUser);
Db.Remove(inv);
await Db.SaveChangesAsync();
var userIdentity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
userIdentity.AddClaims(new Claim[] {
new Claim(ClaimTypes.PrimarySid, newUser.Id.ToString()),
new Claim(ClaimTypes.NameIdentifier, newUser.Username),
new Claim(ClaimTypes.Name, newUser.FullName),
new Claim(ClaimTypes.Role, newUser.RoleId.ToString())
});
var principal = new ClaimsPrincipal(userIdentity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
try
{
return(Redirect(new PathString(redirect)));
}
catch (ArgumentException)
{
return(RedirectToAction("News", "Issue"));
}
}
public async Task <IActionResult> CreateInvite(CreateInviteRequest req)
{
await Db.Invites.AddAsync(new Invite()
{
RoleId = req.RoleID,
Uid = Convert.ToBase64String(AuthUtils.GetRandomData(48))
.Replace('/', '_')
.Replace('+', '-')
});
await Db.SaveChangesAsync();
return(RedirectToAction("ViewInvites"));
}
public async Task <string> StoreAsync(AuthenticationTicket ticket)
{
using (var ctx = new PBugContext(dbOptions))
{
Session s = (await ctx.AddAsync(new Session()
{
Id = AuthUtils.GetRandomData(64),
SessionData = TicketSerializer.Default.Serialize(ticket),
Expires = ticket.Properties.ExpiresUtc
})).Entity;
await ctx.SaveChangesAsync();
return(Convert.ToBase64String(s.Id));
}
}
public static void BuildDb()
{
var cfg = new ConfigurationBuilder()
.AddJsonFile("appsettings.json")
.Build();
var dbOpts = new DbContextOptionsBuilder <PBugContext>().UseMySql(cfg.GetConnectionString("Database"));
using (var ctx = new PBugContext(dbOpts.Options))
{
var logger = LoggerFactory.Create(opts => opts.AddConsole()).CreateLogger("PBug");
logger.LogInformation("Ensuring creation of DB");
ctx.Database.EnsureCreated();
if (!ctx.Users.Any())
{
Role anonymous = new Role()
{
Name = "Anonymous",
Permissions = ""
};
Role admin = new Role()
{
Name = "Administrator",
Permissions = "**"
};
ctx.AddRange(anonymous, admin);
User system = new User()
{
Role = admin,
Username = "******",
FullName = "PBug System"
};
string password = Convert.ToBase64String(AuthUtils.GetRandomData(64));
system.PasswordSalt = AuthUtils.GetRandomData(64);
system.PasswordHash = AuthUtils.GetHashFor(password, system.PasswordSalt);
ctx.Add(system);
ctx.SaveChanges();
File.WriteAllText("systempass.txt", password);
logger.LogInformation("Created database. System password is in systempass.txt", password);
}
}
}
public async Task <IActionResult> EditIssue([FromRoute] uint id, EditIssueRequest req)
{
if (!ModelState.IsValid)
{
return(View());
}
Issue i = await Db.Issues.FindAsync(id);
if (!HttpContext.UserCan("issue.editissue.all") &&
!(HttpContext.UserCan("issue.editissue.own") && ((int?)i.AuthorId ?? -1) == HttpContext.User.GetUserId()))
{
if (HttpContext.User.IsAnonymous())
{
return(Challenge());
}
else
{
return(Forbid());
}
}
string[] filesremovedproc = JsonSerializer.Deserialize <string[]>(req.RemovedFiles);
if (filesremovedproc.Length > 0 ||
req.NewName != i.Name ||
req.NewTags != i.Tags ||
req.NewDescription != i.Description ||
req.NewProjectID != i.ProjectId ||
req.NewAssigneeID != i.AssigneeId ||
req.NewStatus != i.Status ||
HttpContext.Request.Form.Files.Count > 0)
{
await Db.IssueActivities.AddIssueActivity(HttpContext, id, new EditIssueActivity()
{
OldName = i.Name,
NewName = req.NewName,
OldTags = i.Tags,
NewTags = req.NewTags ?? "",
OldDescription = i.Description,
NewDescription = req.NewDescription,
OldProjectId = i.ProjectId,
NewProjectId = req.NewProjectID,
OldAssigneeId = i.AssigneeId,
NewAssigneeId = req.NewAssigneeID == -1 ? null : new uint?((uint)req.NewAssigneeID),
OldStatus = i.Status,
NewStatus = req.NewStatus
});
i.Name = req.NewName;
i.Tags = req.NewTags ?? "";
i.Description = req.NewDescription;
i.ProjectId = req.NewProjectID;
i.AssigneeId = req.NewAssigneeID == -1 ? null : new uint?((uint)req.NewAssigneeID);
i.Status = req.NewStatus;
foreach (string uid in filesremovedproc)
{
if (Path.GetFileName(uid) != uid)
{
// Something's fishy...
return(Forbid());
}
Db.Remove(await Db.IssueFiles.FirstAsync(x => x.FileId == uid));
System.IO.File.Delete(Path.Combine("files", uid));
}
List <(IssueFile, IFormFile)> toProcess = new List <(IssueFile, IFormFile)>();
foreach (IFormFile file in HttpContext.Request.Form.Files)
{
toProcess.Add((
(await Db.IssueFiles.AddAsync(new IssueFile()
{
Issue = i,
FileName = file.FileName,
FileId = Convert.ToBase64String(AuthUtils.GetRandomData(12))
.Replace('/', '_')
.Replace('+', '-')
})).Entity,
file));
}
await Db.SaveChangesAsync();
foreach ((IssueFile, IFormFile)pack in toProcess)
{
using (FileStream fs = System.IO.File.OpenWrite(Path.Combine("files", pack.Item1.FileId)))
await pack.Item2.CopyToAsync(fs);
}
}
return(RedirectToAction("ViewTalk", new { id = id }));
}
public async Task <IActionResult> Create(CreateIssueRequest req)
{
if (!ModelState.IsValid)
{
return(View());
}
if (HttpContext.Request.Form.Files.Sum(x => x.Length) >= 128 * 1024 * 1024)
{
ModelState.AddModelError("", "File size too large.");
return(View());
}
Issue i = (await Db.Issues.AddAsync(new Issue()
{
Name = req.Name,
Tags = req.Tags ?? "",
Description = req.Description,
ProjectId = req.ProjectID,
AssigneeId = req.AssigneeID == -1 ? null : new uint?((uint)req.AssigneeID),
AuthorId = HttpContext.User.IsAnonymous() ? null : new uint?((uint)HttpContext.User.GetUserId()),
DateOfCreation = DateTime.UtcNow,
Status = IssueStatus.Open
})).Entity;
if (!HttpContext.User.IsAnonymous())
{
await Db.AddAsync(new IssueWatcher()
{
Issue = i,
WatcherId = (uint)HttpContext.User.GetUserId()
});
}
await Db.IssueActivities.AddIssueActivity(HttpContext, 0, new CreateIssueActivity()
{
Issue = i,
Name = req.Name,
Description = req.Description,
Tags = req.Tags ?? "",
ProjectId = req.ProjectID,
AssigneeId = req.AssigneeID == -1 ? null : new uint?((uint)req.AssigneeID),
});
List <(IssueFile, IFormFile)> toProcess = new List <(IssueFile, IFormFile)>();
foreach (IFormFile file in HttpContext.Request.Form.Files)
{
toProcess.Add((
(await Db.IssueFiles.AddAsync(new IssueFile()
{
Issue = i,
FileName = file.FileName,
FileId = Convert.ToBase64String(AuthUtils.GetRandomData(12))
.Replace('/', '_')
.Replace('+', '-')
})).Entity,
file));
}
await Db.SaveChangesAsync();
foreach ((IssueFile, IFormFile)pack in toProcess)
{
using (FileStream fs = System.IO.File.OpenWrite(Path.Combine("files", pack.Item1.FileId)))
await pack.Item2.CopyToAsync(fs);
}
return(RedirectToAction("ViewTalk", new { id = i.Id }));
}
