public static string GetOTLoginLink(string url, string user)
{
var ot = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = user,
Expires = DateTime.Now.AddHours(24)
};
DbUtil.Db.OneTimeLinks.InsertOnSubmit(ot);
DbUtil.Db.SubmitChanges();
return($"{Util.CmsHost2}Logon?ReturnUrl={HttpUtility.UrlEncode(url)}&otltoken={ot.Id.ToCode()}");
}
public static string GetAuthenticatedLink(User user, CMSDataContext db, string url)
{
OneTimeLink ot = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = user.Username,
Expires = DateTime.Now.AddMinutes(15)
};
db.OneTimeLinks.InsertOnSubmit(ot);
db.SubmitChanges();
var returnUrl = HttpUtility.UrlEncode(url);
return($"{db.ServerLink($"Logon?otltoken={ot.Id.ToCode()}&ReturnUrl={returnUrl}")}");
}
public LinkInfo(string link, string from, string id, bool hasorg = true)
{
this.link = link;
this.from = from;
try
{
if (!id.HasValue())
{
throw LinkException("missing id");
}
var guid = id.ToGuid();
if (guid == null)
{
throw LinkException("invalid id");
}
ot = DbUtil.Db.OneTimeLinks.SingleOrDefault(oo => oo.Id == guid.Value);
if (ot == null)
{
throw LinkException("missing link");
}
a = ot.Querystring.SplitStr(",", 5);
if (hasorg)
{
oid = a[0].ToInt();
}
pid = a[1].ToInt();
#if DEBUG
#else
if (ot.Used)
{
throw LinkException("link used");
}
if (ot.Expires.HasValue && ot.Expires < DateTime.Now)
{
throw LinkException("link expired");
}
#endif
}
catch (Exception ex)
{
error = ex.Message;
}
}
private string ExternalLink(string setting)
{
var url = setting;
if (setting.Contains("{token}"))
{
var expirationWindow = CurrentDatabase.Setting("OTLTokenExpirationMinutes", "5").ToInt();
var otl = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = Util.UserPeopleId.ToString(),
Expires = DateTime.Now.AddMinutes(expirationWindow)
};
CurrentDatabase.OneTimeLinks.InsertOnSubmit(otl);
CurrentDatabase.SubmitChanges();
url = url.Replace("{token}", otl.Id.ToCode());
}
return(url);
}
public void SendOneTimeLink(string from, string url, string subject, string body)
{
var ot = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = "{0},{1}".Fmt(divid ?? orgid ?? masterorgid, PeopleId)
};
var Db = DbUtil.Db;
Db.OneTimeLinks.InsertOnSubmit(ot);
Db.SubmitChanges();
var message = body.Replace("{url}", url + ot.Id.ToCode(), ignoreCase: true);
message = message.Replace("{name}", person.Name, ignoreCase: true);
message = message.Replace("{first}", person.PreferredName, ignoreCase: true);
Db.Email(from, person, subject, message);
}
public ActionResult GetOneTimeRegisterLink(int OrgId, int PeopleId)
{
var ret = AuthenticateDeveloper();
if (ret.StartsWith("!"))
{
return(Content("/"));
}
var ot = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = "{0},{1},0".Fmt(OrgId, PeopleId),
Expires = DateTime.Now.AddMinutes(10),
};
DbUtil.Db.OneTimeLinks.InsertOnSubmit(ot);
DbUtil.Db.SubmitChanges();
DbUtil.LogActivity("APIPerson GetOneTimeRegisterLink {0}, {1}".Fmt(OrgId, PeopleId));
return(Content(Util.CmsHost2 + "OnlineReg/RegisterLink/" + ot.Id.ToCode()));
}
public void Should_SubmitChanges_In_OneTimeLinks()
{
Guid id;
using (var db = CMSDataContext.Create(DatabaseFixture.Host))
{
OneTimeLink otl = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = DatabaseTestBase.RandomString(),
Used = false,
Expires = DateTime.Now.AddDays(1)
};
db.OneTimeLinks.InsertOnSubmit(otl);
db.SubmitChanges();
id = otl.Id;
var result = db.OneTimeLinks.SingleOrDefault(o => o.Id == id);
result.ShouldNotBeNull();
}
}
public static string GetOTLoginLink(string url, string user)
{
var ot = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = user,
Expires = DateTime.Now.AddHours(24)
};
DbUtil.Db.OneTimeLinks.InsertOnSubmit(ot);
DbUtil.Db.SubmitChanges();
var b = DbUtil.Db.ServerLink();
if (url.StartsWith(b))
{
url = url.Substring(b.Length - (b.EndsWith("/") ? 1 : 0));
}
return($"{Util.CmsHost2}Logon?ReturnUrl={HttpUtility.UrlEncode(url)}&otltoken={ot.Id.ToCode()}");
}
public void Should_Get_LinkInfo(string link, string from)
{
Guid id;
using (var db = CMSDataContext.Create(DatabaseFixture.Host))
{
OneTimeLink otl = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = $"0,0,0,{"supportlink"}:1",
Used = false,
Expires = DateTime.Now.AddDays(1)
};
db.OneTimeLinks.InsertOnSubmit(otl);
db.SubmitChanges();
id = otl.Id;
var linkInfo = new LinkInfo(db, link, from, id.ToCode());
linkInfo.ShouldNotBeNull();
}
}
public ActionResult GetOneTimeRegisterLink(int OrgId, int PeopleId)
{
var ret = AuthenticateDeveloper();
if (ret.StartsWith("!"))
{
return(Content("/"));
}
var ot = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = $"{OrgId},{PeopleId},0",
Expires = DateTime.Now.AddMinutes(10)
};
CurrentDatabase.OneTimeLinks.InsertOnSubmit(ot);
CurrentDatabase.SubmitChanges();
DbUtil.LogActivity($"APIPerson GetOneTimeRegisterLink {OrgId}, {PeopleId}");
return(Content(CurrentDatabase.ServerLink() + "OnlineReg/RegisterLink/" + ot.Id.ToCode()));
}
public void SendOneTimeLink(string from, string url, string subject, string body, string appendQueryString = "")
{
var ot = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = $"{divid ?? orgid ?? masterorgid},{PeopleId}"
};
//var Db = Db;
CurrentDatabase.OneTimeLinks.InsertOnSubmit(ot);
CurrentDatabase.SubmitChanges();
url = $"{url}{ot.Id.ToCode()}{(!string.IsNullOrWhiteSpace(appendQueryString) ? $"?{appendQueryString}" : string.Empty)}";
var message = body.Replace("{url}", url, ignoreCase: true);
message = message.Replace(WebUtility.UrlEncode("{url}"), url, ignoreCase: true);
message = message.Replace("{name}", person.Name, ignoreCase: true);
message = message.Replace("{first}", person.PreferredName, ignoreCase: true);
CurrentDatabase.Email(from, person, subject, message);
}
public string GetOTLoginLink(string url, string user)
{
//todo: static?
var ot = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = user,
Expires = DateTime.Now.AddHours(24)
};
CurrentDatabase.OneTimeLinks.InsertOnSubmit(ot);
CurrentDatabase.SubmitChanges();
var rootUrl = CurrentDatabase.ServerLink();
if (url.StartsWith(rootUrl))
{
url = url.Substring(rootUrl.Length);
}
return($"{rootUrl}/Logon?ReturnUrl={HttpUtility.UrlEncode(url)}&otltoken={ot.Id.ToCode()}");
}
public static void ForgotPassword(string username)
{
// first find a user with the email address or username
string msg = null;
var path = new StringBuilder();
username = username.Trim();
var q = DbUtil.Db.Users.Where(uu =>
uu.Username == username ||
uu.Person.EmailAddress == username ||
uu.Person.EmailAddress2 == username
);
if (!q.Any())
{
path.Append("u0");
// could not find a user to match
// so we look for a person without an account, to match the email address
var minage = DbUtil.Db.Setting("MinimumUserAge", "16").ToInt();
var q2 = from uu in DbUtil.Db.People
where uu.EmailAddress == username || uu.EmailAddress2 == username
where uu.Age == null || uu.Age >= minage
select uu;
if (q2.Any())
{
path.Append("p+");
// we found person(s), not a user
// we will compose an email for each of them to create an account
foreach (var p in q2)
{
var ot = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = p.PeopleId.ToString()
};
DbUtil.Db.OneTimeLinks.InsertOnSubmit(ot);
DbUtil.Db.SubmitChanges();
var url = DbUtil.Db.ServerLink($"/Account/CreateAccount/{ot.Id.ToCode()}");
msg = DbUtil.Db.ContentHtml("ForgotPasswordReset", Resource1.AccountModel_ForgotPasswordReset);
msg = msg.Replace("{name}", p.Name);
msg = msg.Replace("{first}", p.PreferredName);
msg = msg.Replace("{email}", username);
msg = msg.Replace("{resetlink}", url);
Util.SendMsg(ConfigurationManager.AppSettings["sysfromemail"],
DbUtil.Db.CmsHost, Util.FirstAddress(DbUtil.AdminMail),
"touchpointsoftware new password link", msg, Util.ToMailAddressList(p.EmailAddress ?? p.EmailAddress2), 0, null);
}
DbUtil.LogActivity($"ForgotPassword ('{username}', {path})");
return;
}
path.Append("p0");
if (!Util.ValidEmail(username))
{
DbUtil.LogActivity($"ForgotPassword ('{username}', {path})");
return;
}
path.Append("n0");
msg = DbUtil.Db.ContentHtml("ForgotPasswordBadEmail", Resource1.AccountModel_ForgotPasswordBadEmail);
msg = msg.Replace("{email}", username);
Util.SendMsg(ConfigurationManager.AppSettings["sysfromemail"],
DbUtil.Db.CmsHost, Util.FirstAddress(DbUtil.AdminMail),
"Forgot password request for " + DbUtil.Db.Setting("NameOfChurch", "bvcms"),
msg, Util.ToMailAddressList(username), 0, null);
DbUtil.LogActivity($"ForgotPassword ('{username}', {path})");
return;
}
path.Append("u+");
// we found users who match,
// so now we send the users who match the username or email a set of links to all their usernames
var sb = new StringBuilder();
var addrlist = new List <MailAddress>();
foreach (var user in q)
{
Util.AddGoodAddress(addrlist, user.EmailAddress);
user.ResetPasswordCode = Guid.NewGuid();
user.ResetPasswordExpires = DateTime.Now.AddHours(DbUtil.Db.Setting("ResetPasswordExpiresHours", "24").ToInt());
var link = DbUtil.Db.ServerLink($"/Account/SetPassword/{user.ResetPasswordCode}");
sb.Append($@"{user.Name}, <a href=""{link}"">{user.Username}</a><br>");
DbUtil.Db.SubmitChanges();
}
msg = DbUtil.Db.ContentHtml("ForgotPasswordReset2", Resource1.AccountModel_ForgotPasswordReset2);
msg = msg.Replace("{email}", username);
msg = msg.Replace("{resetlink}", sb.ToString());
Util.SendMsg(ConfigurationManager.AppSettings["sysfromemail"],
DbUtil.Db.CmsHost, Util.FirstAddress(DbUtil.AdminMail),
"TouchPoint password reset link", msg, addrlist, 0, null);
DbUtil.LogActivity($"ForgotPassword ('{username}', {path})");
}
public static string ForgotPassword(string username)
{
username = username.Trim();
var q = DbUtil.Db.Users.Where(uu =>
uu.Username == username ||
uu.Person.EmailAddress == username ||
uu.Person.EmailAddress2 == username
);
var list = q.ToList();
if (list.Count == 0)
{
var minage = DbUtil.Db.Setting("MinimumUserAge", "16").ToInt();
var q2 = from uu in DbUtil.Db.People
where uu.EmailAddress == username || uu.EmailAddress2 == username
where uu.Age == null || uu.Age >= minage
select uu;
if (q2.Count() == 1)
{
var p = q2.Single();
var ot = new OneTimeLink
{
Id = Guid.NewGuid(),
Querystring = p.PeopleId.ToString()
};
DbUtil.Db.OneTimeLinks.InsertOnSubmit(ot);
DbUtil.Db.SubmitChanges();
var url = Util.ServerLink("/Account/CreateAccount/{0}".Fmt(ot.Id.ToCode()));
var message = DbUtil.Db.ContentHtml("ForgotPasswordReset", Resource1.AccountModel_ForgotPasswordReset);
message = message.Replace("{email}", username);
message = message.Replace("{resetlink}", url);
Util.SendMsg(ConfigurationManager.AppSettings["sysfromemail"],
DbUtil.Db.CmsHost, Util.FirstAddress(DbUtil.AdminMail),
"bvcms new password link", message, Util.ToMailAddressList(p.EmailAddress ?? p.EmailAddress2), 0, null);
return(Util.ObscureEmail(p.EmailAddress ?? p.EmailAddress2));
}
if (Util.ValidEmail(username)) // did not find their email address, let them know this
{
var message = DbUtil.Db.ContentHtml("ForgotPasswordBadEmail", Resource1.AccountModel_ForgotPasswordBadEmail);
message = message.Replace("{email}", username);
Util.SendMsg(ConfigurationManager.AppSettings["sysfromemail"],
DbUtil.Db.CmsHost, Util.FirstAddress(DbUtil.AdminMail),
"Forgot password request for " + DbUtil.Db.Setting("NameOfChurch", "bvcms"),
message, Util.ToMailAddressList(username), 0, null);
return(Util.ObscureEmail(username));
}
return(null);
}
else
{
var sb = new StringBuilder();
var addrlist = new List <MailAddress>();
foreach (var user in list)
{
Util.AddGoodAddress(addrlist, user.EmailAddress);
user.ResetPasswordCode = Guid.NewGuid();
user.ResetPasswordExpires = DateTime.Now.AddHours(DbUtil.Db.Setting("ResetPasswordExpiresHours", "24").ToInt());
var link = Util.ServerLink("/Account/SetPassword/" + user.ResetPasswordCode.ToString());
sb.AppendFormat(@"{0}, <a href=""{1}"">{2}</a><br>", user.Name, link, user.Username);
DbUtil.Db.SubmitChanges();
}
var message = DbUtil.Db.ContentHtml("ForgotPasswordReset2", Resource1.AccountModel_ForgotPasswordReset2);
message = message.Replace("{email}", username);
message = message.Replace("{resetlink}", sb.ToString());
Util.SendMsg(ConfigurationManager.AppSettings["sysfromemail"],
DbUtil.Db.CmsHost, Util.FirstAddress(DbUtil.AdminMail),
"bvcms password reset link", message, addrlist, 0, null);
if (addrlist.Count > 0)
{
return(Util.ObscureEmail(addrlist[0].Address));
}
return("no email address");
}
}
