/// <summary>
        /// Authorizes spam prevention responses. If validation fails, updates model state accordingly.
        /// </summary>
        /// <param name="httpContext">The request's HTTP context.</param>
        /// <param name="modelState">The request's model state.</param>
        /// <param name="captchaValidator">The CAPTCHA validator to use to validate a CAPTCHA response, if present.</param>
        public void Authorize(
            HttpContextBase httpContext,
            ModelStateDictionary modelState,
            ICaptchaValidator captchaValidator)
        {
            if (httpContext == null)
                throw new ArgumentNullException("httpContext");
            if (modelState == null)
                throw new ArgumentNullException("modelState");
            if (captchaValidator == null)
                throw new ArgumentNullException("captchaValidator");

            // First check to see if the polite "noCAPTCHA" spam prevention worked.
            var noCaptchaResponseIsValid = ValidateNoCaptchaResponse(httpContext);
            if (noCaptchaResponseIsValid)
                return;

            // If there wasn't a valid "noCAPTCHA" response, we then check for a CAPTCHA response (the fallback for spam prevention).
            var captchaResponseIsValid = captchaValidator.Validate(httpContext);
            if (captchaResponseIsValid)
                return;

            // This model state error serves two purposes: it means the action can check ModelState.IsValid as normal,
            // and it's also a signal to the HTML helper that the spam prevention check failed, and therefore to show a captcha.
            modelState.AddModelError(
                Const.ModelStateKey,
                string.Empty);
        }
Beispiel #2
0
        public async Task <IActionResult> Register([FromBody] RegisterModel model)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (!model.Email.ToLower().EndsWith("pxl.be"))
            {
                return(BadRequest("Only PXL email adresses are allowed."));
            }

            var validationResult = await _captchaValidator.Validate(model.CaptchaToken, Request.HttpContext.Connection.RemoteIpAddress);

            if (!validationResult.Success)
            {
                return(BadRequest("Could not verify captcha."));
            }

            var user = new User
            {
                UserName  = model.Email,
                Email     = model.Email,
                FirstName = model.FirstName,
                LastName  = model.LastName
            };

            var result = await _userManager.CreateAsync(user, model.Password);

            if (result.Succeeded)
            {
                var role = user.Email.ToLower().EndsWith("student.pxl.be") ? Role.Constants.Student : Role.Constants.Lector;
                await _userManager.AddToRoleAsync(user, role);
                await SendConfirmUserEmailMessage(user);

                return(Ok());
            }

            foreach (var error in result.Errors)
            {
                ModelState.AddModelError(error.Code, error.Description);
            }
            return(BadRequest(ModelState));
        }
        public ActionResult Authenticate()
        {
            /*
             * The salt passed to the method below can by dynamic, so you can include
             * some extra information like id, etc... something that you usually add
             * into hidden input.
             */
            ValidateAntiForgeryToken(AntiForgeryTokenSaltNames.Login
                                     /*, Request.Form["id"], RouteData.Values["id"] as string */);

            if (User.Identity.IsAuthenticated)
            {
                return(Ajax(RedirectToAction("index", "home")));
            }

            var viewData = new LogonViewData();

            if (!TryUpdateModel(viewData)
                | !TryUpdateModel(viewData.Details)
                | !validationService.Validate(viewData) ||
                !captchaValidator.Validate() ||
                !membershipService.ValidateUser(viewData.Details))
            {
                ModelState.ResetModelValue("TuringNumber");
                return(AlternatePartialView(viewData));
            }

            formsAuthentication.SignIn(
                viewData.Details.UserName,
                viewData.RememberMe,
                Guid.NewGuid().Shrink()

                /*
                 * You can read this value using formsAuthentication.UserData()
                 * at any place of the authenticated request
                 */);
            if (!String.IsNullOrEmpty(viewData.ReturnUrl))
            {
                return(Redirect(viewData.ReturnUrl));
            }

            return(Ajax(RedirectToAction("index", "home")));
        }
        /// <summary>
        /// Authorizes spam prevention responses. If validation fails, updates model state accordingly.
        /// </summary>
        /// <param name="httpContext">The request's HTTP context.</param>
        /// <param name="modelState">The request's model state.</param>
        /// <param name="captchaValidator">The CAPTCHA validator to use to validate a CAPTCHA response, if present.</param>
        public void Authorize(
            HttpContextBase httpContext,
            ModelStateDictionary modelState,
            ICaptchaValidator captchaValidator)
        {
            if (httpContext == null)
            {
                throw new ArgumentNullException("httpContext");
            }
            if (modelState == null)
            {
                throw new ArgumentNullException("modelState");
            }
            if (captchaValidator == null)
            {
                throw new ArgumentNullException("captchaValidator");
            }

            // First check to see if the polite "noCAPTCHA" spam prevention worked.
            var noCaptchaResponseIsValid = ValidateNoCaptchaResponse(httpContext);

            if (noCaptchaResponseIsValid)
            {
                return;
            }

            // If there wasn't a valid "noCAPTCHA" response, we then check for a CAPTCHA response (the fallback for spam prevention).
            var captchaResponseIsValid = captchaValidator.Validate(httpContext);

            if (captchaResponseIsValid)
            {
                return;
            }

            // This model state error serves two purposes: it means the action can check ModelState.IsValid as normal,
            // and it's also a signal to the HTML helper that the spam prevention check failed, and therefore to show a captcha.
            modelState.AddModelError(
                Const.ModelStateKey,
                string.Empty);
        }