Beispiel #1
0
        public ActionResult AppError(Exception exception, GStoreData.Exceptions.ErrorPage? errorPage, int? httpStatusCode)
        {
            if (exception == null)
            {
                throw new ArgumentNullException("Exception");
            }
            if (!errorPage.HasValue)
            {
                throw new ArgumentNullException("ErrorPage");
            }
            if (!httpStatusCode.HasValue)
            {
                throw new ArgumentNullException("httpStatusCode");
            }

            TryDisplayErrorView(exception, errorPage.Value, httpStatusCode.Value, true);
            return null;
        }
Beispiel #2
0
        public static bool ValidatePageUrl(this IGstoreDb db, GStoreData.ControllerBase.BaseController controller, string url, int storeFrontId, int clientId, int? currentPageId)
        {
            string urlField = (controller.ModelState.ContainsKey("PageEditViewModel_Url") ? "PageEditViewModel_Url" : "Url");

            if (string.IsNullOrWhiteSpace(url))
            {
                string errorMessage = "Url is required \n Please enter a url starting with /";
                controller.ModelState.AddModelError(urlField, errorMessage);
                return false;
            }

            if (!url.StartsWith("/"))
            {
                string errorMessage = "Invalid Url: '" + url + "'. Url must start with a slash. Example / for home page or /Food";
                controller.ModelState.AddModelError(urlField, errorMessage);
                return false;
            }

            if (url.Contains(" "))
            {
                string errorMessage = "Invalid Url: '" + url + "'. Url Cannot have spaces. Be sure to remove spaces from Url. You may replace spaces with underscore _ ";
                controller.ModelState.AddModelError(urlField, errorMessage);
                return false;
            }

            if (url.Contains("?"))
            {
                string errorMessage = "Invalid Url: '" + url + "'. Url Cannot have a question Mark ? in it. You may might choose to replace it with an underscore _ or dash -";
                controller.ModelState.AddModelError(urlField, errorMessage);
                return false;
            }

            if (url.Contains('~') || url.Contains('|') || url.Contains(':') || url.Contains("*") || url.Contains('\"') || url.Contains('<') || url.Contains('>'))
            {
                string errorMessage = "Invalid Url: '" + url + "'. These characters are not allowed in Urls. ~ | : * \\ < > . You might choose to replace these characters with underscore or dash -";
                controller.ModelState.AddModelError(urlField, errorMessage);
                return false;
            }

            if (!System.Uri.IsWellFormedUriString("http://www.test.com" + url, UriKind.Absolute))
            {
                string errorMessage = "Invalid Url: '" + url + "'. Url is not a valid URL. Example: /food   or /food/page1";
                controller.ModelState.AddModelError(urlField, errorMessage);
                return false;
            }

            string trimUrl = "/" + url.Trim().Trim('~').Trim('/').ToLower();
            string[] blockedUrls = { "Account", "Blog", "BlogAdmin", "Bundles", "Category", "Catalog", "CatalogAdmin", "CatalogContent", "Cart", "Chat", "Checkout", "Content", "Edit", "Fonts", "GStore", "Images", "JS", "Notifications", "Order", "OrderAdmin", "Pages", "Products", "Profile", "Styles", "Scripts", "StoreAdmin", "ShareByEmail", "SubmitForm", "SystemAdmin", "Themes", "UpdatePageAjax", "UpdateSectionAjax", "View" };

            foreach (string blockedUrl in blockedUrls)
            {
                if (trimUrl.StartsWith(blockedUrl.ToLower()))
                {
                    string errorMessage = "Url '" + url + "' is invalid. Url cannot start with '" + blockedUrl + "' because the system already has built-in " + blockedUrl + " pages. \n Please choose a different url";
                    controller.ModelState.AddModelError(urlField, errorMessage);
                    return false;
                }
            }

            if (Settings.AppEnableStoresVirtualFolders)
            {
                if (trimUrl.StartsWith("stores"))
                {
                    string errorMessage = "Url '" + url + "' is invalid. Url cannot start with 'Stores' because the system already has built-in Stores pages. \n Please choose a different url";
                    controller.ModelState.AddModelError(urlField, errorMessage);
                    return false;
                }
            }

            Page conflict = db.Pages.Where(p => p.ClientId == clientId && p.StoreFrontId == storeFrontId && p.Url.ToLower() == trimUrl && (p.PageId != currentPageId)).FirstOrDefault();

            if (conflict == null)
            {
                return true;
            }

            string errorConflictMessage = "Url '" + url + "' is already in use for page '" + conflict.Name + "' [" + conflict.PageId + "] in Store Front '" + conflict.StoreFront.CurrentConfig().Name.ToHtml() + "' [" + conflict.StoreFrontId + "]. \n You must enter a unique Url or change the conflicting page Url.";

            controller.ModelState.AddModelError(urlField, errorConflictMessage);
            return false;
        }
Beispiel #3
0
        public static void SetBasicFields(this Models.BaseClasses.EventLogBase record, HttpContextBase httpContext, RouteData routeData, string source, string message, bool anonymous, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string siteId = httpContext.ApplicationInstance.Server.MachineName
                + ":" + System.Web.Hosting.HostingEnvironment.SiteName
                + httpContext.Request.ApplicationPath;

            record.StartDateTimeUtc = DateTime.UtcNow;
            record.EndDateTimeUtc = DateTime.UtcNow;

            if (controller != null)
            {
                try
                {
                    record.StoreFrontId = controller.CurrentStoreFrontIdOrNull;
                }
                catch (Exception)
                {
                    record.StoreFrontId = null;
                }
                try
                {
                    record.ClientId = controller.CurrentClientIdOrNull;
                }
                catch (Exception)
                {
                    record.ClientId = null;
                }
            }

            if (routeData != null)
            {
                if (routeData.DataTokens.ContainsKey("area"))
                {
                    record.Area = routeData.DataTokens["area"].ToString();
                }
                record.Controller = routeData.Values["controller"].ToString();
                record.ActionName = routeData.Values["action"].ToString();
                record.ActionParameters = string.Empty;

                bool isFirst = true;
                foreach (var item in routeData.Values)
                {
                    if (!isFirst)
                    {
                        record.ActionParameters += ", ";
                    }
                    record.ActionParameters += item.Key + " = " + item.Value;
                    isFirst = false;
                }
            }
            else
            {
                record.Controller = string.Empty;
                record.ActionName = string.Empty;
                record.ActionParameters = string.Empty;
            }

            record.ServerName = httpContext.Server.MachineName;
            record.ApplicationPath = httpContext.Request.ApplicationPath;
            record.HostName = httpContext.Request.Url.Host;
            record.HttpMethod = httpContext.Request.HttpMethod;
            record.IsSecureConnection = httpContext.Request.IsSecureConnection;
            record.UserHostAddress = httpContext.Request.UserHostAddress;
            record.UrlReferrer = (httpContext.Request.UrlReferrer == null ? "" : httpContext.Request.UrlReferrer.ToString());
            record.UserAgent = httpContext.Request.UserAgent;
            record.RawUrl = httpContext.Request.RawUrl;
            record.Url = httpContext.Request.Url.ToString();
            record.Querystring = httpContext.Request.QueryString.ToString();
            record.Source = source;
            record.Message = message;
            record.Anonymous = anonymous;
            record.SessionId = httpContext.Session.SessionID;

            if (profile == null)
            {
                record.UserId = null;
                record.UserName = null;
                record.UserProfileId = null;
                record.FullName = null;
            }
            else
            {
                record.UserId = profile.UserId;
                record.UserName = profile.UserName;
                record.UserProfileId = profile.UserProfileId;
                record.FullName = profile.FullName;
            }
        }
Beispiel #4
0
        public static SystemEvent LogSystemEvent(this IGstoreDb ctx, HttpContextBase httpContext, RouteData routeData, string source, SystemEventLevel level, string message, string exceptionMessage, string baseExceptionMessage, string baseExceptionToString, GStoreData.ControllerBase.BaseController controller)
        {
            IGstoreDb newctx = ctx.NewContext();

            SystemEvent newEvent = newEvent = newctx.SystemEvents.Create();
            newEvent.SetBasicFields(httpContext, routeData, source, message, !httpContext.User.IsRegistered(), ctx.GetCurrentUserProfile(false, false), controller);

            newEvent.Level = (int)level;
            newEvent.LevelText = level.ToString();
            newEvent.ExceptionMessage = exceptionMessage;
            newEvent.BaseExceptionMessage = baseExceptionMessage;
            newEvent.BaseExceptionToString = baseExceptionToString;

            string simpleInfo = newEvent.SimpleInfo();
            System.Diagnostics.Trace.Indent();
            System.Diagnostics.Trace.WriteLine("--System Event: " + newEvent.SimpleInfo());
            System.Diagnostics.Trace.Unindent();

            if (Settings.AppLogSystemEventsToDb)
            {
                try
                {
                    newctx.SystemEvents.Add(newEvent);
                    newctx.SaveChanges();
                }
                catch (Exception ex)
                {
                    //can't save to database, attempt save to file
                    ex.LogToFile(httpContext, routeData);
                    newEvent.LogToFile(httpContext);
                }
            }
            if (Settings.AppLogSystemEventsToFile)
            {
                newEvent.LogToFile(httpContext);
            }

            return newEvent;
        }
Beispiel #5
0
        public static void LogSecurityEvent_VerificationCodeSuccess(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string code, string provider, string returnUrl, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "Verification code confirmed: " + code + " Provider: " + provider + " ReturnUrl: " + returnUrl;
            if (profile != null)
            {
                message += " \n-Email: " + profile.Email
                + " \n-Name: " + profile.FullName
                + " \n-UserId: " + profile.UserId
                + " \n-UserProfileId: " + profile.UserProfileId;
            }

            ctx.LogSecurityEvent(mvcHttpContext, routeData, "Verification Code Success", SecurityEventLevel.VerificationCodeSuccess, true, true, "(unknown)", profile, message, controller);
        }
Beispiel #6
0
 public static void LogSecurityEvent_PasswordResetSuccess(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string email, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
 {
     string message = "Password reset successfully for User Email: " + email;
     if (profile != null)
     {
         message += " \n-Email: " + profile.Email
         + " \n-Name: " + profile.FullName
         + " \n-UserId: " + profile.UserId
         + " \n-UserProfileId: " + profile.UserProfileId;
     }
     ctx.LogSecurityEvent(mvcHttpContext, routeData, "Password Reset Success", SecurityEventLevel.PasswordResetSuccess, true, false, email, profile, message, controller);
 }
Beispiel #7
0
        public static void LogSecurityEvent_PasswordResetFailed(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string email, IEnumerable<string> resultErrors, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "Password reset failed for User Email: " + email;
            foreach (string error in resultErrors)
            {
                message += " \n-Error: " + error;

            }
            if (profile != null)
            {
                message += " \n-Email: " + profile.Email
                + " \n-Name: " + profile.FullName
                + " \n-UserId: " + profile.UserId
                + " \n-UserProfileId: " + profile.UserProfileId;
            }
            ctx.LogSecurityEvent(mvcHttpContext, routeData, "Password Reset Failed", SecurityEventLevel.PasswordResetFailed, false, true, email, profile, message, controller);
        }
Beispiel #8
0
        public static void LogSecurityEvent_LogOff(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "LogOff for " + mvcHttpContext.User.Identity.Name
                + " \n\n-Email: " + mvcHttpContext.User.Identity.Name
                + " \n-Name: " + mvcHttpContext.User.Identity.Name
                + " \n-UserId: " + mvcHttpContext.User.Identity.Name
                + " \n-UserProfileId: " + mvcHttpContext.User.Identity.Name;

            if (profile != null)
            {
                message = "LogOff for " + profile.UserName
                    + " \n\n-Email: " + profile.Email
                    + " \n-Name: " + profile.FullName
                    + " \n-UserId: " + profile.UserId
                    + " \n-UserProfileId: " + profile.UserProfileId;
            }

            ctx.LogSecurityEvent(mvcHttpContext, routeData, "LogOff", SecurityEventLevel.LogOff, true, false, mvcHttpContext.User.Identity.Name, profile, message, controller);
        }
Beispiel #9
0
        public static void LogSecurityEvent_EmailConfirmFailed(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string userId, string codeAttempted, IEnumerable<string> resultErrors, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "Email Confirm Failed for User: "******" Code : " + codeAttempted;
            foreach (string error in resultErrors)
            {
                message += " \n-Error: " + error;
            }

            if (profile != null)
            {
                message += " \n-Email: " + profile.Email
                + " \n-Name: " + profile.FullName
                + " \n-UserId: " + profile.UserId
                + " \n-UserProfileId: " + profile.UserProfileId;
            }
            ctx.LogSecurityEvent(mvcHttpContext, routeData, "Email Confirmed", SecurityEventLevel.EmailConfirmFailed, false, false, userId, profile, message, controller);
        }
Beispiel #10
0
        public static SecurityEvent LogSecurityEvent(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string source, SecurityEventLevel level, bool success, bool anonymous, string userName, UserProfile profile, string message, GStoreData.ControllerBase.BaseController controller)
        {
            IGstoreDb newctx = ctx.NewContext(userName);

            SecurityEvent newEvent = newctx.SecurityEvents.Create();

            newEvent.SetBasicFields(mvcHttpContext, routeData, source, message, anonymous, profile, controller);

            newEvent.Level = (int)level;
            newEvent.LevelText = level.ToString();
            newEvent.Success = success;

            string simpleInfo = newEvent.SimpleInfo();
            System.Diagnostics.Trace.Indent();
            System.Diagnostics.Trace.WriteLine("--Security Event: " + newEvent.SimpleInfo());
            System.Diagnostics.Trace.Unindent();

            if (Settings.AppLogSecurityEventsToDb)
            {
                try
                {
                    newctx.SecurityEvents.Add(newEvent);
                    newctx.SaveChanges();
                }
                catch (Exception ex)
                {
                    //can't save to database, attempt save to file
                    ex.LogToFile(mvcHttpContext, routeData);
                    newEvent.LogToFile(mvcHttpContext);
                }
            }
            if (Settings.AppLogSecurityEventsToFile)
            {
                newEvent.LogToFile(mvcHttpContext);
            }

            return newEvent;
        }
Beispiel #11
0
        public static FileNotFoundLog LogFileNotFound(this IGstoreDb ctx, HttpContextBase httpContext, RouteData routeData, GStoreData.ControllerBase.BaseController controller)
        {
            IGstoreDb newctx = ctx.NewContext();

            FileNotFoundLog newLog = newctx.FileNotFoundLogs.Create();
            string message = "404 File Not Found: " + httpContext.Request.RawUrl;
            string source = "App";
            if (routeData != null)
            {
                source = routeData.ToSourceString();
            }

            newLog.SetBasicFields(httpContext, routeData, source, message, !httpContext.User.IsRegistered(), ctx.GetCurrentUserProfile(false, false), controller);

            string simpleInfo = newLog.SimpleInfo();
            System.Diagnostics.Trace.Indent();
            System.Diagnostics.Trace.WriteLine("--File Not Found Event: " + newLog.SimpleInfo());
            System.Diagnostics.Trace.Unindent();

            if (Settings.AppLogFileNotFoundEventsToDb)
            {
                try
                {
                    newctx.FileNotFoundLogs.Add(newLog);
                    newctx.SaveChanges();
                }
                catch (Exception ex)
                {
                    //can't save to database, attempt save to file
                    ex.LogToFile(httpContext, routeData);
                    newLog.LogToFile(httpContext);
                }
            }
            if (Settings.AppLogFileNotFoundEventsToFile)
            {
                newLog.LogToFile(httpContext);
            }

            return newLog;
        }
Beispiel #12
0
        public static Page CreateAutoHomePage(this IGstoreDb db, HttpRequestBase request, StoreFrontConfiguration storeFrontConfig, GStoreData.ControllerBase.BaseController baseController)
        {
            if (db == null)
            {
                throw new ArgumentNullException("db");
            }
            if (request == null)
            {
                throw new ArgumentNullException("request");
            }
            if (baseController == null)
            {
                throw new ArgumentNullException("baseController");
            }
            if (storeFrontConfig == null)
            {
                throw new ArgumentNullException("storeFrontConfig");
            }

            UserProfile userProfile = db.SeedAutoMapUserBestGuess();
            db.CachedStoreFront = null;
            db.CachedUserProfile = userProfile;
            db.UserName = userProfile.UserName;

            PageTemplate pageTemplate = null;
            if (!db.PageTemplates.IsEmpty())
            {
                pageTemplate = db.PageTemplates.Where(pt => pt.ClientId == storeFrontConfig.ClientId).ApplyDefaultSort().FirstOrDefault();
            }
            else
            {
                //no page templates in database, create seed one
                pageTemplate = db.CreateSeedPageTemplate(Settings.AppDefaultPageTemplateName, Settings.AppDefaultPageTemplateViewName, storeFrontConfig.Client);
            }

            Page page = db.CreateSeedPage(storeFrontConfig.Name, storeFrontConfig.Name, "/", 1000, storeFrontConfig, pageTemplate, true);

            string message = "--Auto-Created Home Page for StoreFront '" + storeFrontConfig.Name + "' [" + storeFrontConfig.StoreFrontId + "]"
                + " For HostName: " + request.BindingHostName() + " Port: " + request.BindingPort() + " RootPath: " + request.BindingRootPath()
                + " From RawUrl: " + request.RawUrl + " QueryString: " + request.QueryString + " ContentLength: " + request.ContentLength
                + " HTTPMethod: " + request.HttpMethod + " Client IP: " + request.UserHostAddress;

            System.Diagnostics.Trace.WriteLine(message);

            EventLogExtensions.LogSystemEvent(db, baseController.HttpContext, baseController.RouteData, baseController.RouteData.ToSourceString(), SystemEventLevel.Information, message, string.Empty, string.Empty, string.Empty, baseController);

            return page;
        }
Beispiel #13
0
        public static StoreBinding CreatAutoMapStoreBindingToCurrentUrl(this IGstoreDb storeDb, GStoreData.ControllerBase.BaseController baseController)
        {
            if (HttpContext.Current == null)
            {
                throw new ApplicationException("Cannot create auto-map binding when HttpContext.Current is null");
            }
            HttpRequestBase request = baseController.Request;

            UserProfile profile = storeDb.SeedAutoMapUserBestGuess();
            StoreFrontConfiguration storeFrontConfig = storeDb.SeedAutoMapStoreFrontConfigBestGuess();

            IGstoreDb systemDb = storeDb.NewContext(profile.UserName, storeFrontConfig.StoreFront, storeFrontConfig, profile);
            StoreBinding binding = systemDb.CreateSeedStoreBindingToCurrentUrl(storeFrontConfig);

            string message = "--Bindings auto-mapped to StoreFront '" + binding.StoreFront.CurrentConfigOrAny().Name + "' [" + binding.StoreFront.StoreFrontId + "]"
                + " For HostName: " + binding.HostName + " Port: " + binding.Port + " RootPath: " + binding.RootPath
                + " UseUrlStoreName: " + binding.UseUrlStoreName.ToString() + " UrlStoreName: " + binding.UrlStoreName.ToString()
                + " From RawUrl: " + request.RawUrl + " QueryString: " + request.QueryString + " ContentLength: " + request.ContentLength
                + " HTTPMethod: " + request.HttpMethod + " Client IP: " + request.UserHostAddress;

            System.Diagnostics.Trace.WriteLine(message);
            EventLogExtensions.LogSystemEvent(systemDb, baseController.HttpContext, baseController.RouteData, baseController.RouteData.ToSourceString(), SystemEventLevel.Information, message, string.Empty, string.Empty, string.Empty, baseController);

            return binding;
        }
Beispiel #14
0
        public static bool ValidateWebFormName(this IGstoreDb db, GStoreData.ControllerBase.BaseController controller, string name, int clientId, int? currentWebFormId)
        {
            string nameField = "Name";
            if (string.IsNullOrWhiteSpace(name))
            {
                controller.ModelState.AddModelError(nameField, "Name is required. Please enter a name for this web form.");
                return false;
            }

            WebForm conflict = db.WebForms.Where(wf => wf.ClientId == clientId && wf.Name.ToLower() == name && (wf.WebFormId != currentWebFormId)).FirstOrDefault();

            if (conflict == null)
            {
                return true;
            }

            string errorConflictMessage = "Name '" + name + "' is already in use for Web Form '" + conflict.Name + "' [" + conflict.WebFormId + "] in Client '" + conflict.Client.Name.ToHtml() + "' [" + conflict.ClientId + "]. \n You must enter a unique Name or change the conflicting Web Form name.";

            controller.ModelState.AddModelError(nameField, errorConflictMessage);
            return false;
        }
Beispiel #15
0
        public static bool ValidateValueListName(this IGstoreDb db, GStoreData.ControllerBase.BaseController controller, string name, int clientId, int? currentValueListId)
        {
            string nameField = "Name";

            if (string.IsNullOrWhiteSpace(name))
            {
                string errorMessage = "Name is required \n Please enter a unique name for this Value List";
                controller.ModelState.AddModelError(nameField, errorMessage);
                return false;
            }

            ValueList conflict = db.ValueLists.Where(p => p.ClientId == clientId && p.Name.ToLower() == name.ToLower() && (p.ValueListId != currentValueListId)).FirstOrDefault();

            if (conflict == null)
            {
                return true;
            }

            string errorConflictMessage = "Name '" + name + "' is already in use for Value List '" + conflict.Name + "' [" + conflict.ValueListId + "] in Client '" + conflict.Client.Name.ToHtml() + "' [" + conflict.ClientId + "]. \n You must enter a unique Name or change the conflicting Value List Name.";

            controller.ModelState.AddModelError(nameField, errorConflictMessage);
            return false;
        }
Beispiel #16
0
        public static void LogSecurityEvent_LoginNeedsVerification(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string login, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "Login needs email or phone verification for account: " + login;
            if (profile != null)
            {
                message += " \n-Email: " + profile.Email
                + " \n-Name: " + profile.FullName
                + " \n-UserId: " + profile.UserId
                + " \n-UserProfileId: " + profile.UserProfileId
                + " \n-LastLogonDateTimeUtc: " + profile.LastLogonDateTimeUtc
                + " \n-Failed Attempts: " + profile.AspNetIdentityUser().AccessFailedCount
                + " \n-Locked Out: " + profile.AspNetIdentityUser().LockoutEndDateUtc.HasValue.ToString();
                if (profile.AspNetIdentityUser().LockoutEndDateUtc.HasValue)
                {
                    message += " \n-Locked Out Until: " + profile.AspNetIdentityUser().LockoutEndDateUtc;
                }
            }

            ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Needs Verification", SecurityEventLevel.LoginNeedsVerification, true, false, login, profile, message, controller);
        }
Beispiel #17
0
        public static void LogSecurityEvent_LoginSuccess(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "Login success for " + profile.UserName
                + " \n\n-Email: " + profile.Email
                + " \n-Name: " + profile.FullName
                + " \n-UserId: " + profile.UserId
                + " \n-UserProfileId: " + profile.UserProfileId;

            ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Success", SecurityEventLevel.LoginSuccess, true, false, profile.UserName, profile, message, controller);
        }
Beispiel #18
0
 public static void LogSecurityEvent_EmailConfirmFailedUserNotFound(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string userNameAttempted, string codeAttempted, GStoreData.ControllerBase.BaseController controller)
 {
     string message = "Email Confirm Failed. Unknown user: "******" Code: " + codeAttempted;
     ctx.LogSecurityEvent(mvcHttpContext, routeData, "Email Confirmed", SecurityEventLevel.EmailConfirmFailedUnknownUser, false, true, userNameAttempted, null, message, controller);
 }
Beispiel #19
0
        public static void LogSecurityEvent_NewRegister(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "New user signup: " + profile.UserName;
            if (profile != null)
            {
                message += " \n-Email: " + profile.Email
                + " \n-Name: " + profile.FullName
                + " \n-UserId: " + profile.UserId
                + " \n-UserProfileId: " + profile.UserProfileId;
            }

            ctx.LogSecurityEvent(mvcHttpContext, routeData, "New User Registration", SecurityEventLevel.NewRegister, true, false, profile.UserName, profile, message, controller);
        }
Beispiel #20
0
 public static void LogSecurityEvent_ForgotPasswordEmailNotFound(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string email, GStoreData.ControllerBase.BaseController controller)
 {
     string message = "Forgot Password Failed. No user with Email: " + email;
     ctx.LogSecurityEvent(mvcHttpContext, routeData, "Forgot Password Failed Unknown User", SecurityEventLevel.ForgotPasswordFailedUnknownUser, false, true, email, null, message, controller);
 }
Beispiel #21
0
 public static void LogSecurityEvent_PasswordResetFailedUnknownUser(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string email, GStoreData.ControllerBase.BaseController controller)
 {
     string message = "Password reset invalid. No user with Email: " + email;
     ctx.LogSecurityEvent(mvcHttpContext, routeData, "Password Reset Failed Unknown User", SecurityEventLevel.PasswordResetFailedUnknownUser, false, true, email, null, message, controller);
 }
Beispiel #22
0
 public static void LogSecurityEvent_ForgotPasswordProfileNotFound(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string email, GStoreData.ControllerBase.BaseController controller)
 {
     string message = "Forgot Password Failed. User Profile not found for Email: " + email;
     ctx.LogSecurityEvent(mvcHttpContext, routeData, "Forgot Password Failed Profile Not Found", SecurityEventLevel.ForgotPasswordFailedProfileNotFound, false, true, email, null, message, controller);
 }
Beispiel #23
0
        public static void LogSecurityEvent_PhoneConfirmed(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string phoneNumber, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "Phone Confirmed for user: "******" Phone: " + phoneNumber;
            if (profile != null)
            {
                message += " \n-Email: " + profile.Email
                + " \n-Name: " + profile.FullName
                + " \n-UserId: " + profile.UserId
                + " \n-UserProfileId: " + profile.UserProfileId;
            }

            ctx.LogSecurityEvent(mvcHttpContext, routeData, "Phone Confirmed", SecurityEventLevel.PhoneConfirmed, true, false, profile.UserName, profile, message, controller);
        }
Beispiel #24
0
        public static void LogSecurityEvent_LoginFailed(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string loginAttempted, string passwordAttempted, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "Login failed for logon: " + loginAttempted
                + " \n\n-" + (profile == null ? "Unknown user" : "Existing user")
                + " \n-Password attempted: " + passwordAttempted;

            if (profile != null)
            {
                message += " \n-Email: " + profile.Email
                + " \n-Name: " + profile.FullName
                + " \n-UserId: " + profile.UserId
                + " \n-UserProfileId: " + profile.UserProfileId
                + " \n-LastLogonDateTimeUtc: " + profile.LastLogonDateTimeUtc
                + " \n-Failed Attempts: " + profile.AspNetIdentityUser().AccessFailedCount
                + " \n-Locked Out: " + profile.AspNetIdentityUser().LockoutEndDateUtc.HasValue.ToString();
                if (profile.AspNetIdentityUser().LockoutEndDateUtc.HasValue)
                {
                    message += " \n-Locked Out Until: " + profile.AspNetIdentityUser().LockoutEndDateUtc;
                }
            }

            ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Failed", SecurityEventLevel.LoginFailure, false, true, loginAttempted, profile, message, controller);
        }
Beispiel #25
0
        public static SmsSent LogSmsSent(this IGstoreDb ctx, HttpContextBase httpContext, RouteData routeData, GStoreData.ControllerBase.BaseController controller, string toPhone, string fromPhone, string textBody, string textSignature, bool success, string exceptionString)
        {
            IGstoreDb newctx = ctx.NewContext();

            SmsSent newLog = newctx.SmssSent.Create();
            string message = "Sms sent to '" + toPhone + "' from '" + fromPhone +"'";
            string source = "App";
            if (routeData != null)
            {
                source = routeData.ToSourceString();
            }

            newLog.SetBasicFields(httpContext, routeData, source, message, !httpContext.User.IsRegistered(), ctx.GetCurrentUserProfile(false, false), controller);

            newLog.ToPhone = toPhone.OrDefault("(blank)");
            newLog.FromPhone = fromPhone.OrDefault("(blank)");
            newLog.TextBody = textBody.OrDefault("(blank)");
            newLog.TextSignature = textSignature;
            newLog.Success = success;
            newLog.ExceptionString = exceptionString;

            string simpleInfo = newLog.SimpleInfo();
            System.Diagnostics.Trace.Indent();
            System.Diagnostics.Trace.WriteLine("--Sms Sent Event: " + newLog.SimpleInfo());
            System.Diagnostics.Trace.Unindent();

            if (Settings.AppLogSmsSentToDb)
            {
                try
                {
                    newctx.SmssSent.Add(newLog);
                    newctx.SaveChanges();
                }
                catch (Exception ex)
                {
                    //can't save to database, attempt save to file
                    ex.LogToFile(httpContext, routeData);
                    newLog.LogToFile(httpContext);
                }
            }
            if (Settings.AppLogSmsSentToFile)
            {
                newLog.LogToFile(httpContext);
            }

            return newLog;
        }
Beispiel #26
0
        public static void LogSecurityEvent_LoginFailedNoStoreFront(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "Post Login check failed, No Store Front Found. Logon: " + profile.UserName
                + " \n\n-Email: " + profile.Email
                + " \n-Name: " + profile.FullName
                + " \n-UserId: " + profile.UserId
                + " \n-UserProfileId: " + profile.UserProfileId;

            ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Failed No StoreFront", SecurityEventLevel.LoginFailureNoStoreFront, false, false, profile.UserName, profile, message, controller);
        }
Beispiel #27
0
        public static UserActionEvent LogUserActionEvent(this IGstoreDb ctx, HttpContextBase httpContext, RouteData routeData, GStoreData.ControllerBase.BaseController controller, UserActionCategoryEnum category, UserActionActionEnum action, string label, bool success, int? cartId = null, string categoryUrlName = null, string discountCode = null, string emailAddress = null, int? notificationId = null, string orderNumber = null, int? orderItemId = null, int? pageId = null, string productUrlName = null, string productBundleUrlName = null, int? blogId = null, int? blogEntryId = null, string smsPhone = null, string uploadFileName = null)
        {
            if (!Settings.AppEnableUserActionLog)
            {
                return null;
            }

            IGstoreDb newctx = ctx.NewContext();

            UserActionEvent newEvent = newctx.UserActionEvents.Create();

            string source = routeData.ToSourceString();

            string message = "User Action Event"
                + " \n-Category: " + category.ToString()
                + " \n-Action: " + action.ToString()
                + " \n-Label: " + label.ToString()
                + " \n-Success: " + success.ToString();

            newEvent.SetBasicFields(httpContext, routeData, source, message, !httpContext.User.IsRegistered(), newctx.GetCurrentUserProfile(false, false), controller);
            newEvent.CartId = cartId;
            newEvent.Category = category;
            newEvent.CategoryUrlName = categoryUrlName;
            newEvent.DiscountCode = discountCode;
            newEvent.EmailAddress = emailAddress;
            newEvent.Label = label;

            newEvent.BlogId = blogId;
            newEvent.BlogEntryId = blogEntryId;

            newEvent.NotificationId = notificationId;
            newEvent.OrderNumber = orderNumber;
            newEvent.OrderItemId = orderItemId;
            newEvent.PageId = pageId;
            newEvent.ProductUrlName = productUrlName;
            newEvent.ProductBundleUrlName = productBundleUrlName;
            newEvent.SmsPhone = smsPhone;
            newEvent.Success = success;
            newEvent.UploadFileName = uploadFileName;
            newEvent.Action = action;
            newEvent.Label = label;

            string simpleInfo = newEvent.SimpleInfo();
            System.Diagnostics.Trace.Indent();
            System.Diagnostics.Trace.WriteLine("--User Action Event: " + newEvent.SimpleInfo());
            System.Diagnostics.Trace.Unindent();

            if (Settings.AppLogUserActionEventsToDb)
            {
                try
                {
                    newctx.UserActionEvents.Add(newEvent);
                    newctx.SaveChanges();
                }
                catch (Exception ex)
                {
                    //can't save to database, attempt save to file
                    ex.LogToFile(httpContext, routeData);
                    newEvent.LogToFile(httpContext);
                }
            }
            if (Settings.AppLogUserActionEventsToFile)
            {
                newEvent.LogToFile(httpContext);
            }

            return newEvent;
        }
Beispiel #28
0
        public static void LogSecurityEvent_LoginFailedNoStoreFrontConfig(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, int storeFrontId, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "Post Login check failed, No Configuration was found for Store Front Id [" + storeFrontId + "]. Logon: " + profile.UserName
                + " \n\n-Email: " + profile.Email
                + " \n-Name: " + profile.FullName
                + " \n-UserId: " + profile.UserId
                + " \n-UserProfileId: " + profile.UserProfileId;

            ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Failed StoreFrontConfigInactive", SecurityEventLevel.LoginFailureNoStoreFrontConfig, false, false, profile.UserName, profile, message, controller);
        }
Beispiel #29
0
        public static void LogSecurityEvent_LoginFailedStoreFrontInactive(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string storeFrontName, int storeFrontId, UserProfile profile, GStoreData.ControllerBase.BaseController controller)
        {
            string message = "Post Login check failed, Store Front '" + storeFrontName + "' [" + storeFrontId + "] is Inactive. Logon: " + profile.UserName
                + " \n\n-Email: " + profile.Email
                + " \n-Name: " + profile.FullName
                + " \n-UserId: " + profile.UserId
                + " \n-UserProfileId: " + profile.UserProfileId;

            ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Failed StoreFrontInactive", SecurityEventLevel.LoginFailureStoreFrontInactive, false, false, profile.UserName, profile, message, controller);
        }
Beispiel #30
0
        public static Page UpdatePage(this IGstoreDb db, ViewModels.PageEditViewModel viewModel, GStoreData.ControllerBase.BaseController controller, StoreFront storeFront, UserProfile userProfile)
        {
            //find existing record, update it

            bool templateChanged = false;
            Page page = storeFront.Pages.SingleOrDefault(p => p.PageId == viewModel.PageId);
            if (page == null)
            {
                throw new ApplicationException("Page not found in storefront pages. PageId: " + viewModel.PageId);
            }

            page.BodyBottomScriptTag = viewModel.BodyBottomScriptTag;
            page.BodyTopScriptTag = viewModel.BodyTopScriptTag;
            page.EndDateTimeUtc = viewModel.EndDateTimeUtc;
            page.ForAnonymousOnly = viewModel.ForAnonymousOnly;
            page.ForRegisteredOnly = viewModel.ForRegisteredOnly;
            page.IsPending = viewModel.IsPending;
            page.MetaDescription = viewModel.MetaDescription;
            page.MetaKeywords = viewModel.MetaKeywords;
            page.MetaApplicationName = viewModel.MetaApplicationName;
            page.MetaApplicationTileColor = viewModel.MetaApplicationTileColor;
            page.Name = viewModel.Name;
            page.Order = viewModel.Order;
            page.PageTitle = viewModel.PageTitle;
            page.StartDateTimeUtc = viewModel.StartDateTimeUtc;
            page.ThemeId = viewModel.ThemeId;
            page.Url = viewModel.Url;
            if (page.PageTemplateId != viewModel.PageTemplateId)
            {
                if (controller != null)
                {
                    controller.AddUserMessage("Page Template Changed", "Page Template has been changed. Be sure to edit the new template sections for template '" + page.PageTemplate.Name.ToHtml() + "' [" + page.PageTemplateId + "].", AppHtmlHelpers.UserMessageType.Info);
                }
                page.PageTemplateId = viewModel.PageTemplateId;
                templateChanged = true;
            }

            page.WebFormId = viewModel.WebFormId;
            page.WebFormSaveToDatabase = viewModel.WebFormSaveToDatabase;
            page.WebFormSaveToFile = viewModel.WebFormSaveToFile;
            page.WebFormSendToEmail = viewModel.WebFormSendToEmail;
            page.WebFormEmailToAddress = viewModel.WebFormEmailToAddress;
            page.WebFormEmailToName = viewModel.WebFormEmailToName;
            page.WebFormSuccessPageId = viewModel.WebFormSuccessPageId;
            page.WebFormThankYouTitle = viewModel.WebFormThankYouTitle;
            page.WebFormThankYouMessage = viewModel.WebFormThankYouMessage;
            page.WebFormSaveToDatabase = viewModel.WebFormSaveToDatabase;

            db.Pages.Update(page);
            db.SaveChanges();

            int variablesUpdated = 0;
            int variablesCreated = 0;
            if (!templateChanged && viewModel.Variables != null && viewModel.Variables.Count != 0)
            {
                foreach (PageVariableEditViewModel variable in viewModel.Variables)
                {
                    if (!variable.PageSectionId.HasValue)
                    {
                        PageSection newVariable = db.CreatePageVariable(variable, storeFront, userProfile);
                        variablesCreated++;
                    }
                    else
                    {
                        PageSection updatedVariable = db.UpdatePageVariable(variable, storeFront, userProfile);
                        variablesUpdated++;
                    }
                }
            }

            return page;
        }