public async Task <ActionResult> VerifyCode(VerifyCodeViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
// The following code protects for brute force attacks against the two factor codes.
// If a user enters incorrect codes for a specified amount of time then the user account
// will be locked out for a specified amount of time.
// You can configure the account lockout settings in IdentityConfig
var result = await SignInManager.TwoFactorSignInAsync(model.Provider, model.Code, isPersistent : model.RememberMe, rememberBrowser : model.RememberBrowser);
switch (result)
{
case SignInStatus.Success:
UserProfile profile = CurrentUserProfileOrThrow;
if (!PostLoginAuthCheck(profile))
{
return(RedirectToAction("Login", new { CheckingOut = model.CheckingOut }));
}
profile.LastLogonDateTimeUtc = DateTime.UtcNow;
GStoreDb.SaveChangesDirect();
GStoreDb.LogSecurityEvent_VerificationCodeSuccess(HttpContext, RouteData, model.Code, model.Provider, model.ReturnUrl, profile, this);
StoreFront storeFront = CurrentStoreFrontOrNull;
if (storeFront != null)
{
Cart cart = storeFront.GetCart(Session.SessionID, null);
cart = storeFront.MigrateCartToProfile(GStoreDb, cart, profile, this);
}
if (profile.NotifyAllWhenLoggedOn)
{
string title = User.Identity.Name;
if (profile != null)
{
title = profile.FullName;
}
string message = "Logged on";
Microsoft.AspNet.SignalR.IHubContext hubCtx = Microsoft.AspNet.SignalR.GlobalHost.ConnectionManager.GetHubContext <GStoreWeb.Hubs.NotifyHub>();
hubCtx.Clients.All.addNewMessageToPage(title, message);
}
if (model.CheckingOut.HasValue && model.CheckingOut.Value)
{
return(RedirectToAction("Index", "Cart"));
}
return(RedirectToLocal(model.ReturnUrl));
case SignInStatus.LockedOut:
GStoreDb.LogSecurityEvent_VerificationCodeFailedLockedOut(HttpContext, RouteData, model.Code, model.Provider, model.ReturnUrl, null, this);
ViewBag.CheckingOut = model.CheckingOut;
return(View("Lockout"));
case SignInStatus.Failure:
default:
GStoreDb.LogSecurityEvent_VerificationCodeFailedInvalidCode(HttpContext, RouteData, model.Code, model.Provider, model.ReturnUrl, null, this);
ModelState.AddModelError("", "Invalid code.");
return(View(model));
}
}
public async Task <ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout : true);
switch (result)
{
case SignInStatus.Success:
AspNetIdentityUser user = SignInManager.UserManager.Users.Single(u => u.UserName.ToLower() == model.Email.ToLower());
string userId = user.Id;
UserProfile profile = GStoreDb.GetUserProfileByEmail(user.Email);
if (!PostLoginAuthCheck(profile))
{
return(RedirectToAction("Login", new { CheckingOut = model.CheckingOut }));
}
profile.LastLogonDateTimeUtc = DateTime.UtcNow;
GStoreDb.SaveChangesDirect();
GStoreDb.LogSecurityEvent_LoginSuccess(this.HttpContext, this.RouteData, profile, this);
StoreFront storeFront = CurrentStoreFrontOrNull;
if (storeFront != null)
{
Cart cart = storeFront.GetCart(Session.SessionID, null);
cart = storeFront.MigrateCartToProfile(GStoreDb, cart, profile, this);
}
if (profile.NotifyAllWhenLoggedOn)
{
string title = user.UserName;
if (profile != null)
{
title = profile.FullName;
}
string message = "Logged on";
Microsoft.AspNet.SignalR.IHubContext hubCtx = Microsoft.AspNet.SignalR.GlobalHost.ConnectionManager.GetHubContext <GStoreWeb.Hubs.NotifyHub>();
hubCtx.Clients.All.addNewMessageToPage(title, message);
}
if (model.CheckingOut ?? false)
{
return(RedirectToAction("Index", "Checkout", new { ContinueAsLogin = true }));
}
return(RedirectToLocal(returnUrl));
case SignInStatus.LockedOut:
UserProfile profileLockout = GStoreDb.GetUserProfileByEmail(model.Email);
GStoreDb.LogSecurityEvent_LoginLockedOut(this.HttpContext, RouteData, model.Email, profileLockout, this);
string notificationBaseUrl = Url.Action("Details", "Notifications", new { id = "" });
string forgotPasswordUrl = Request.Url.Host + (Request.Url.IsDefaultPort ? string.Empty : ":" + Request.Url.Port) + Url.Action("ForgotPassword", "Account");
CurrentStoreFrontOrThrow.HandleLockedOutNotification(GStoreDb, Request, profileLockout, notificationBaseUrl, forgotPasswordUrl);
ViewBag.CheckingOut = model.CheckingOut;
return(View("Lockout"));
case SignInStatus.RequiresVerification:
//allow pass-through even if storefront config is inactive because user may be an admin
UserProfile profileVerify = GStoreDb.GetUserProfileByEmail(model.Email);
GStoreDb.LogSecurityEvent_LoginNeedsVerification(this.HttpContext, RouteData, model.Email, profileVerify, this);
return(RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe, CheckingOut = model.CheckingOut }));
case SignInStatus.Failure:
default:
UserProfile userProfileFailure = GStoreDb.GetUserProfileByEmail(model.Email, false);
GStoreDb.LogSecurityEvent_LoginFailed(this.HttpContext, RouteData, model.Email, model.Password, userProfileFailure, this);
if (userProfileFailure == null)
{
//unknown user, maybe ask to sign up?
ModelState.AddModelError("", "User Name or Password is invalid. Please correct it and try again. ");
}
else
{
//looks like an existing user but wrong password
ModelState.AddModelError("", "User Name or Password is invalid. Please check your password and try again. ");
}
return(View(model));
}
}
public async Task <ActionResult> Register(RegisterViewModel model)
{
StoreFront storeFront = CurrentStoreFrontOrNull;
StoreFrontConfiguration storeFrontConfig = CurrentStoreFrontConfigOrNull;
if ((storeFront != null) && (storeFrontConfig != null) && (storeFrontConfig.RegisterWebForm != null) && storeFrontConfig.RegisterWebForm.IsActiveBubble())
{
FormProcessorExtensions.ValidateFields(this, storeFrontConfig.RegisterWebForm);
}
if (ModelState.IsValid)
{
var user = new AspNetIdentityUser(model.Email)
{
UserName = model.Email, Email = model.Email
};
user.TwoFactorEnabled = Settings.IdentityEnableTwoFactorAuth;
IdentityResult result = null;
try
{
result = await UserManager.CreateAsync(user, model.Password);
}
catch (System.Data.Entity.Validation.DbEntityValidationException exDbEx)
{
foreach (System.Data.Entity.Validation.DbEntityValidationResult valResult in exDbEx.EntityValidationErrors)
{
ICollection <System.Data.Entity.Validation.DbValidationError> valErrors = valResult.ValidationErrors;
foreach (System.Data.Entity.Validation.DbValidationError error in valErrors)
{
ModelState.AddModelError(error.PropertyName, error.ErrorMessage);
}
}
return(View(model));
}
catch (Exception ex)
{
string error = ex.ToString();
throw;
}
if (result.Succeeded)
{
await SignInManager.SignInAsync(user, isPersistent : true, rememberBrowser : false);
// For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=320771
IGstoreDb ctx = GStoreDb;
UserProfile newProfile = ctx.UserProfiles.Create();
newProfile.UserId = user.Id;
newProfile.UserName = user.UserName;
newProfile.Email = user.Email;
newProfile.FullName = model.FullName;
newProfile.NotifyOfSiteUpdatesToEmail = model.NotifyOfSiteUpdates;
newProfile.SendMoreInfoToEmail = model.SendMeMoreInfo;
newProfile.SignupNotes = model.SignupNotes;
newProfile.NotifyAllWhenLoggedOn = true;
newProfile.IsPending = false;
newProfile.Order = CurrentStoreFrontOrThrow.UserProfiles.Max(up => up.Order) + 10;
newProfile.EntryDateTime = Session.EntryDateTime().Value;
newProfile.EntryRawUrl = Session.EntryRawUrl();
newProfile.EntryReferrer = Session.EntryReferrer();
newProfile.EntryUrl = Session.EntryUrl();
newProfile.StartDateTimeUtc = DateTime.UtcNow.AddMinutes(-1);
newProfile.EndDateTimeUtc = DateTime.UtcNow.AddYears(100);
newProfile.StoreFrontId = CurrentStoreFrontOrThrow.StoreFrontId;
newProfile.StoreFront = CurrentStoreFrontOrThrow;
newProfile.ClientId = this.CurrentClientOrThrow.ClientId;
newProfile.Client = this.CurrentClientOrThrow;
newProfile = ctx.UserProfiles.Add(newProfile);
ctx.SaveChanges();
ctx.UserName = user.UserName;
ctx.CachedUserProfile = null;
string customFields = string.Empty;
if (storeFrontConfig != null && storeFrontConfig.RegisterWebForm != null && storeFrontConfig.RegisterWebForm.IsActiveBubble())
{
FormProcessorExtensions.ProcessWebForm(this, storeFrontConfig.RegisterWebForm, null, true, null);
customFields = FormProcessorExtensions.BodyTextCustomFieldsOnly(this, storeFrontConfig.RegisterWebForm);
}
bool confirmResult = SendEmailConfirmationCode(user.Id, newProfile);
ctx.LogSecurityEvent_NewRegister(this.HttpContext, RouteData, newProfile, this);
string notificationBaseUrl = Url.Action("Details", "Notifications", new { id = "" });
CurrentStoreFrontOrThrow.HandleNewUserRegisteredNotifications(this.GStoreDb, Request, newProfile, notificationBaseUrl, true, true, customFields);
if (storeFront != null)
{
Cart cart = storeFront.GetCart(Session.SessionID, null);
cart = storeFront.MigrateCartToProfile(GStoreDb, cart, newProfile, this);
storeFront.MigrateOrdersToNewProfile(GStoreDb, newProfile, this);
}
if (Settings.IdentityEnableNewUserRegisteredBroadcast && CurrentClientOrThrow.EnableNewUserRegisteredBroadcast)
{
string title = model.FullName;
string message = "Newly registered!";
Microsoft.AspNet.SignalR.IHubContext hubCtx = Microsoft.AspNet.SignalR.GlobalHost.ConnectionManager.GetHubContext <GStoreWeb.Hubs.NotifyHub>();
hubCtx.Clients.All.addNewMessageToPage(title, message);
}
if (model.CheckingOut ?? false)
{
return(RedirectToAction("LoginOrGuest", "Checkout", new { ContinueAsLogin = true }));
}
if (storeFrontConfig != null && storeFrontConfig.RegisterSuccess_PageId.HasValue)
{
return(Redirect(storeFrontConfig.RegisterSuccessPage.UrlResolved(this.Url)));
}
return(RedirectToAction("RegisterSuccess"));
}
AddErrors(result);
}
// If we got this far, something failed, redisplay form
return(View(model));
}