/// <summary>
/// Resets the user password and sends the user an email with the new password.
/// The email is sent using parameters specified in Web.config appSettings.
/// </summary>
static AuthResult ResetPassword(HttpContext context, Hashtable parms)
{
// get parameters
var email = parms["email"] as string;
// retrieve user by email
var ctx = new UsersEntities();
var user = ctx.Users.FirstOrDefault(u => u.email == email);
if (user == null)
{
return(new AuthResult(AuthError.UserNotFound));
}
// create new password
var pw = MakeRandomString(Math.Max(MIN_PASSWORD_LENGTH, 6));
Debug.Assert(IsValidPassword(pw));
// notify user
if (!NotifyUser(user.email, user.name, pw))
{
return(new AuthResult(AuthError.CannotSendMail));
}
// reset the password
user.password = MakePasswordHash(email, pw, null);
Debug.Assert(CheckPasswordHash(email, pw, user.password));
ctx.SaveChanges();
// all done
return(new AuthResult(AuthError.None));
}
/// <summary>
/// Logs a user in.
/// </summary>
static AuthResult LogIn(HttpContext context, Hashtable parms)
{
// get parameters
var email = parms["email"] as string;
var pw = parms["pw"] as string;
var keep = parms["keep"] as string;
// if email and password not provided, log in from cookie
if (string.IsNullOrEmpty(email) && string.IsNullOrEmpty(pw))
{
return(LoginFromCookie(context));
}
// get and validate user
var ctx = new UsersEntities();
//System.Diagnostics.Debug.WriteLine("** number of users: {0}", ctx.Users.Count());
var user = ctx.Users.FirstOrDefault(u => u.email == email);
if (user == null)
{
return(new AuthResult(AuthError.UserNotFound));
}
else if (!CheckPasswordHash(email, pw, user.password))
{
return(new AuthResult(AuthError.WrongPassword));
}
// log in
user.lastaccess = DateTime.Now;
ctx.SaveChanges();
var result = new AuthResult(user);
UpdateUserCookie(context, result, keep);
return(result);
}
//-------------------------------------------------------------------------------
#region ** other public methods
/// <summary>
/// Gets the user that is currently logged in.
/// This method can be used to check for authorization from other services.
/// </summary>
public static IPrincipal GetCurrentUser(HttpContext context)
{
var email = ParseUserCookie(context);
var ctx = new UsersEntities();
var user = ctx.Users.FirstOrDefault(u => u.email == email);
return(new AuthUser(user) as IPrincipal);
}
/// <summary>
/// Logs a user in from information in the user cookie.
/// </summary>
static AuthResult LoginFromCookie(HttpContext context)
{
var result = new AuthResult(AuthError.None);
var email = ParseUserCookie(context);
if (!string.IsNullOrEmpty(email))
{
var ctx = new UsersEntities();
var user = ctx.Users.FirstOrDefault(u => u.email == email);
if (user != null)
{
user.lastaccess = DateTime.Now;
ctx.SaveChanges();
result.user = new AuthUser(user);
UpdateUserCookie(context, result, "true");
}
}
return(result);
}
//-------------------------------------------------------------------------------
#region ** implementation
/// <summary>
/// Creates a new user in the database.
/// Returns an AuthResult with an error if not successful.
/// </summary>
static AuthResult CreateUser(string email, string name, string pw, string provider)
{
// check that the user doesn't exist yet
var ctx = new UsersEntities();
var user = ctx.Users.FirstOrDefault(u => u.email == email);
if (user != null)
{
return(new AuthResult(AuthError.EmailTaken));
}
// validate data
if (!IsValidEmail(email))
{
return(new AuthResult(AuthError.InvalidEmail));
}
if (!IsValidName(name))
{
return(new AuthResult(AuthError.InvalidName));
}
if (!IsValidPassword(pw) && string.IsNullOrEmpty(provider))
{
return(new AuthResult(AuthError.InvalidPassword));
}
// create new user
user = new User();
user.name = name;
user.email = email;
user.password = MakePasswordHash(email, pw, null);
user.provider = provider;
user.created = DateTime.Now;
user.lastaccess = user.created;
ctx.Users.Add(user);
ctx.SaveChanges();
// check that hash is working OK
Debug.Assert(CheckPasswordHash(email, pw, user.password));
// all done
return(new AuthResult(user));
}
/// <summary>
/// Updates the information (name and/or password) for the current user.
/// </summary>
static AuthResult UpdateUser(HttpContext context, Hashtable parms)
{
// get parameters
var pw = parms["pw"] as string;
var newName = parms["newname"] as string;
var newPassword = parms["newpw"] as string;
var email = ParseUserCookie(context);
// retrieve user email from cookie
var ctx = new UsersEntities();
var user = ctx.Users.FirstOrDefault(u => u.email == email);
if (user == null)
{
return(new AuthResult(AuthError.UserNotFound));
}
// check current password
if (!CheckPasswordHash(email, pw, user.password))
{
return(new AuthResult(AuthError.WrongPassword));
}
// change name
if (IsValidName(newName))
{
user.name = newName;
}
// change password
if (IsValidPassword(newPassword))
{
user.password = MakePasswordHash(email, newPassword, null);
}
// save changes and be done
ctx.SaveChanges();
var result = new AuthResult(user);
UpdateUserCookie(context, result, "true");
return(result);
}
/// <summary>
/// Gets or sets a string containing application data for a user.
/// </summary>
static AuthResult SetUserData(HttpContext context, Hashtable parms)
{
// get parameters
var data = parms["data"] as string;
var email = ParseUserCookie(context);
// get user
if (string.IsNullOrEmpty(email))
{
return(new AuthResult(AuthError.UserNotFound));
}
var ctx = new UsersEntities();
var user = ctx.Users.FirstOrDefault(u => u.email == email);
if (user == null)
{
return(new AuthResult(AuthError.UserNotFound));
}
user.data = data;
user.lastaccess = DateTime.Now;
ctx.SaveChanges();
System.Diagnostics.Debug.WriteLine("- user data saved");
return(new AuthResult(user));
}
/// <summary>
/// Logs a user in using an OAuth provider.
/// </summary>
static AuthResult LogInOAuth(HttpContext context, Hashtable parms)
{
// get parameters
var provider = parms["provider"] as string;
var token = parms["token"] as string;
var keep = parms["keep"] as string;
// check that we got a provider and a token
if (string.IsNullOrEmpty(provider) || string.IsNullOrEmpty(token))
{
throw new Exception("Missing OAuth provider and/or token");
}
// use token to get the user name and email
var name = string.Empty;
var email = string.Empty;
var wc = new WebClient();
var js = new JavaScriptSerializer();
switch (provider.ToLower())
{
case "google":
{
// use token to get user data from google
var url = "https://www.googleapis.com/oauth2/v1/userinfo?access_token=" + token;
var r = wc.DownloadString(url);
dynamic userInfo = js.Deserialize <object>(r);
// get user name and email from response
name = userInfo["given_name"];
email = userInfo["email"];
}
break;
case "facebook":
{
// use token to get user data from facebook
var url = "https://graph.facebook.com/me?access_token=" + token;
var r = wc.DownloadString(url);
dynamic userInfo = js.Deserialize <object>(r);
// get user name and email from response
name = userInfo["first_name"];
email = userInfo["email"];
}
break;
default:
throw new Exception("OAuth provider missing or not supported: " + provider);
}
// get or create user
AuthResult result;
var ctx = new UsersEntities();
var user = ctx.Users.FirstOrDefault(u => u.email == email);
if (user != null)
{
user.provider = provider;
ctx.SaveChanges();
result = new AuthResult(user);
}
else
{
result = CreateUser(email, name, null, provider);
}
// no error? log in
if (result.error == 0)
{
UpdateUserCookie(context, result, keep);
}
// return result
return(result);
}
