public async Task <IActionResult> OnPostAsync()
{
foreach (var t in _context.ServiceToken.Where(t => t.URL == AccessURL))
{
t.Resolved = true;
t.URL = "";
}
await _context.SaveChangesAsync();
ViewData.Remove("warn");
ViewData.Remove("Username");
ViewData["message"] = "Successfully activated account. You may now log in.";
return(Page());
}
public async Task <IActionResult> OnPostAsync()
{
// session magic
byte[] q_bytes;
HttpContext.Session.TryGetValue("reset_question", out q_bytes);
int q_id = BitConverter.ToInt32(q_bytes);
// verify security question
int u_id = _context.ServiceToken.Where(t => t.URL == AccessURL).FirstOrDefault().UserID;
if (!_context.SecurityAnswer.Where(a => a.UserID == u_id && a.QuestionID == q_id).FirstOrDefault().Answer.Contains(Answer.ToLower().Replace(" ", "").Replace("\t", "").Replace("\n", "")))
{
ViewData["warn"] = "You have answered the security question incorrectly.";
return(Page());
}
// generate salt and password
Models.Hasher hasher = new Models.Hasher();
string Salt = hasher.GenerateSalt(32);
this.Password = hasher.HashPassword(this.Password, Salt, 100, 32);
Models.ServiceToken t_token = _context.ServiceToken.Where(t => t.URL == AccessURL && t.Action == "password" && t.Resolved == false).FirstOrDefault();
var U = _context.User.Where(u => u.UserID == t_token.UserID).FirstOrDefault();
U.Salt = Salt;
U.Password = Password;
t_token.Resolved = true;
t_token.URL = "";
await _context.SaveChangesAsync();
ViewData["message"] = "Password reset successfully. You may now log in.";
return(Page());
}
public async Task <IActionResult> OnPostAsync()
{
if (!ModelState.IsValid)
{
ViewData["warn"] = "Invalid Username.";
return(Page());
}
if (!string.IsNullOrEmpty(Email))
{
if (_context.User.Any(u => u.Email == Email.ToLower()))
{
// get user ID
int id = _context.User.Where(u => u.Email == Email).FirstOrDefault().UserID;
// remove pending resets
foreach (var t in _context.ServiceToken.Where(t => t.UserID == id && t.Action == "password" && t.Resolved == false))
{
_context.ServiceToken.Remove(t);
}
// misuse password hasher to make an activation URL
Models.Hasher hasher = new Models.Hasher();
string Salt = hasher.GenerateSalt(8);
string url;
do
{
int i = 0;
url = hasher.HashPassword("p" + id + DateTime.UtcNow, "", 10 + i, 8 + (i / 8));
} while (_context.ServiceToken.Any(t => t.URL == url));
// make reset token
Models.ServiceToken newToken;
try
{
newToken = new Models.ServiceToken
{
UserID = id,
Action = "password",
URL = url,
Creation = DateTime.UtcNow,
Expiration = DateTime.UtcNow.AddHours(12),
Resolved = false
};
}
catch (Exception ex)
{
ViewData["message"] = "There was an error creating your password reset token.";
return(Page());
}
await _context.ServiceToken.AddAsync(newToken);
await _context.SaveChangesAsync();
Models.ServiceToken token = _context.ServiceToken.Where(t => t.UserID == id && t.Action == "password" && t.Resolved == false).FirstOrDefault();
// TODO: replace with email
//return RedirectToPage("./ResetPassword/" + token.URL);
ViewData["reset_link"] = "./ResetPassword/" + token.URL;
return(Page());
}
else
{
ViewData["message"] = "There are no accounts with that email address. "
+ "\nIn the future, we will send password resets to you via email.";
return(Page());
}
}
return(Page());
}
public async Task <bool> TrySignup(UserManagement.Data.UserManagementContext _context)
{
// verify all fields filled
if (string.IsNullOrEmpty(Email) || string.IsNullOrEmpty(Username) || string.IsNullOrEmpty(Password) ||
string.IsNullOrEmpty(FirstName) || string.IsNullOrEmpty(LastName))
{
return(false);
}
Username = Username.ToLower();
Email = Email.ToLower();
// make sure not already in use
if (_context.User.Count() > 0 && (_context.User.Any(u => u.Username == this.Username || u.Email == this.Email)))
{
return(false);
}
// verify questions
foreach (var q in SecurityQuestions)
{
if (string.IsNullOrEmpty(q.Question))
{
return(false);
}
q.QuestionID = _context.SecurityQuestion.Where(x => x.Question == q.Question).FirstOrDefault().QuestionID;
}
// verify answers
for (int i = 0; i < SecurityAnswers.Count(); i++)
{
var a = SecurityAnswers[i];
a.QuestionID = SecurityQuestions[i].QuestionID;
if (string.IsNullOrEmpty(a.Answer))
{
return(false);
}
}
// generate salt and password
Hasher hasher = new Hasher();
string Salt = hasher.GenerateSalt(32);
this.Password = hasher.HashPassword(this.Password, Salt, 100, 32);
User NewUser;
try
{
NewUser = new User
{
Username = this.Username
,
FirstName = this.FirstName
,
LastName = this.LastName
,
Email = this.Email
,
Salt = Salt
,
Password = this.Password
};
}
catch (Exception ex)
{
return(false);
}
// add user
await _context.User.AddAsync(
NewUser
);
await _context.SaveChangesAsync();
// get id to assign answer
int id = _context.User.FirstOrDefault(u => u.Username == NewUser.Username).UserID;
if (id < 1)
{
return(false);
}
// assign answers
foreach (SecurityAnswer a in SecurityAnswers)
{
await _context.SecurityAnswer.AddAsync(
new SecurityAnswer
{
UserID = id
//make matching easier
, Answer = a.Answer.ToLower().Replace(" ", "").Replace("\t", "").Replace("\n", "")
, QuestionID = a.QuestionID
}
);
}
await _context.SaveChangesAsync();
// misuse password hasher to make an activation URL
Salt = hasher.GenerateSalt(8);
string url;
do
{
int i = 0;
url = hasher.HashPassword("a" + id + DateTime.UtcNow, "", 10 + i, 8 + (i / 8));
} while (_context.ServiceToken.Any(t => t.URL == url));
// make activation token
ServiceToken newToken;
try
{
newToken = new ServiceToken {
UserID = id,
Action = "activate",
URL = url,
Creation = DateTime.UtcNow,
Expiration = DateTime.UtcNow.AddDays(365),
Resolved = false
};
}
catch (Exception ex)
{
return(false);
}
await _context.ServiceToken.AddAsync(newToken);
await _context.SaveChangesAsync();
return(true);
}