public ActionResult ChangePassword(ChangePassword changePassword)
{
try
{
string token = HttpContext.Current.Request.Headers["Token"];
if (!Security.ValidateToken(token, out List <Claim> claims))
{
return(new ActionResult
{
Message = "Please login",
Success = false
});
}
ActionResult actionResult = ServiceHelper.IsAnyNullOrEmpty(changePassword);
if (actionResult.Success)
{
actionResult.Success = false;
return(actionResult);
}
ApplicationUserManager manager = new ApplicationUserManager(new UserStore <ApplicationUser>(new ApplicationDbContext()));
ApplicationUser user = manager.FindByName(changePassword.Username);
if (user == null)
{
return(new ActionResult
{
Message = "User does not exist",
Success = false
});
}
IdentityResult result = manager.ChangePassword(user.Id, changePassword.OldPassword, changePassword.NewPassword);
if (result.Succeeded)
{
using (ESamhashoEntities entities = new ESamhashoEntities())
{
EmailTemplate emailBody = entities.EmailTemplates.FirstOrDefault(a => a.EmailTemplateId == (byte)EmailTemplateId.ResetPassword);
if (emailBody != null)
{
string body = emailBody.Body.Replace("{password}", changePassword.NewPassword)
.Replace("{accountname}", user.UserName);
string subject = "Esamhasho password reset";
OutgoingEmail outgoingEmail = new OutgoingEmail
{
Body = body,
Date = DateTime.Now,
Destination = user.Email,
Reference = user.Id,
Status = (byte)EmailStatus.Pending,
Subject = subject
};
entities.OutgoingEmails.Add(outgoingEmail);
entities.SaveChanges();
manager.SendEmail(user.Id, subject, body);
OutgoingEmail email = entities.OutgoingEmails.FirstOrDefault(a => a.Id == outgoingEmail.Id);
if (email != null)
{
email.Status = (byte)EmailStatus.Success;
}
entities.SaveChanges();
}
}
return(new ActionResult
{
Message = "Password successfully changed",
Success = true
});
}
string error = result.Errors.Aggregate(string.Empty, (current, resultError) => current + resultError + Environment.NewLine);
return(new ActionResult
{
Message = error
});
}
catch (Exception exception)
{
Dictionary <string, string> dictionary = changePassword.ToDictionary();
ServiceHelper.LogException(exception, dictionary, ErrorSource.Authentication);
return(new ActionResult
{
Success = false,
Message = "Error, failed to change password."
});
}
}
public ActionResult SignIn(SignInUser signInUser)
{
try
{
ActionResult actionResult = ServiceHelper.IsAnyNullOrEmpty(signInUser);
if (actionResult.Success)
{
actionResult.Success = false;
return(actionResult);
}
ApplicationSignInManager signinManager = HttpContext.Current.GetOwinContext().GetUserManager <ApplicationSignInManager>();
SignInStatus result = signinManager.PasswordSignIn(signInUser.Username, signInUser.Password, signInUser.RememberMe, false);
switch (result)
{
case SignInStatus.Success:
ApplicationUserManager userManager = HttpContext.Current.GetOwinContext().GetUserManager <ApplicationUserManager>();
ApplicationUser user = userManager.Find(signInUser.Username, signInUser.Password);
if (!userManager.IsEmailConfirmed(user.Id))
{
return(new ActionResult {
Success = false, Message = "You need to confirm your email."
});
}
IAuthenticationManager authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
ClaimsIdentity userIdentity = userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties {
IsPersistent = signInUser.RememberMe
}, userIdentity);
string token = Security.GenerateSecurityToken(user.Id, signInUser.Username, user.Email);
return(new ActionResult
{
Success = true,
Message = token
});
case SignInStatus.LockedOut:
userManager = HttpContext.Current.GetOwinContext().GetUserManager <ApplicationUserManager>();
user = userManager.FindByName(signInUser.Username);
user.LockoutEnabled = true;
userManager.Update(user);
return(new ActionResult
{
Success = false,
Message = "Your account has been locked out, please contact your system administrator."
});
case SignInStatus.RequiresVerification:
return(new ActionResult
{
Success = false,
Message = "Your account has not yet been verified, please contact your system administrator."
});
case SignInStatus.Failure:
ApplicationUserManager manager = HttpContext.Current.GetOwinContext().GetUserManager <ApplicationUserManager>();
ApplicationUser tryUser = manager.FindByName(signInUser.Username);
if (tryUser != null)
{
manager.AccessFailed(tryUser.Id);
}
return(new ActionResult
{
Success = false,
Message = "Invalid username/password combination."
});
default:
return(new ActionResult
{
Success = false,
Message = "Could not login\r\n" + result
});
}
}
catch (Exception exception)
{
Dictionary <string, string> dictionary = signInUser.ToDictionary();
ServiceHelper.LogException(exception, dictionary, ErrorSource.Authentication);
return(new ActionResult
{
Success = false,
Message = "Error, Failed to login."
});
}
}
public ActionResult ForgotPassword(string username)
{
try
{
ActionResult actionResult = ServiceHelper.IsAnyNullOrEmpty(username);
if (actionResult.Success)
{
actionResult.Success = false;
return(actionResult);
}
ApplicationUserManager manager = new ApplicationUserManager(new UserStore <ApplicationUser>(new ApplicationDbContext()));
ApplicationUser user = manager.FindByEmail(username);
if (user == null)
{
return(new ActionResult
{
Message = "User does not exist",
Success = false
});
}
if (!manager.IsEmailConfirmed(user.Id))
{
return new ActionResult
{
Success = false,
Message = "You need to confirm your email."
}
}
;
ApplicationUserManager userManager = HttpContext.Current.GetOwinContext().GetUserManager <ApplicationUserManager>();
string resetToken = userManager.GeneratePasswordResetToken(user.Id);
string newPassword = PasswordService.GeneratePassword(PasswordOptions.HasCapitals |
PasswordOptions.HasDigits |
PasswordOptions.HasLower |
PasswordOptions.HasSymbols |
PasswordOptions.NoRepeating);
IdentityResult result = userManager.ResetPassword(user.Id, resetToken, newPassword);
if (result.Succeeded)
{
using (ESamhashoEntities entities = new ESamhashoEntities())
{
EmailTemplate emailBody = entities.EmailTemplates.FirstOrDefault(a => a.EmailTemplateId == (byte)EmailTemplateId.ResetPassword);
if (emailBody != null)
{
string body = emailBody.Body.Replace("{password}", newPassword)
.Replace("{accountname}", user.UserName);
string subject = "Esamhasho password reset";
OutgoingEmail outgoingEmail = new OutgoingEmail
{
Body = body,
Date = DateTime.Now,
Destination = user.Email,
Reference = user.Id,
Status = (byte)EmailStatus.Pending,
Subject = subject
};
entities.OutgoingEmails.Add(outgoingEmail);
entities.SaveChanges();
manager.SendEmail(user.Id, subject, body);
OutgoingEmail email = entities.OutgoingEmails.FirstOrDefault(a => a.Id == outgoingEmail.Id);
if (email != null)
{
email.Status = (byte)EmailStatus.Success;
}
entities.SaveChanges();
}
}
return(new ActionResult
{
Message = "Password successfully reset. Check your email for your new password.",
Success = true
});
}
string error = result.Errors.Aggregate(string.Empty, (current, resultError) => current + resultError + Environment.NewLine);
return(new ActionResult {
Message = error, Success = result.Succeeded
});
}
catch (Exception exception)
{
Dictionary <string, string> dictionary = username.ToDictionary();
ServiceHelper.LogException(exception, dictionary, ErrorSource.Authentication);
return(new ActionResult
{
Success = false,
Message = "Error, failed to reset password."
});
}
}
public ActionResult SignUp(SignUp signUp)
{
try
{
ActionResult actionResult = ServiceHelper.IsAnyNullOrEmpty(signUp);
if (actionResult.Success)
{
actionResult.Success = false;
return(actionResult);
}
ApplicationUserManager manager = HttpContext.Current.GetOwinContext().GetUserManager <ApplicationUserManager>();
string password = PasswordService.GeneratePassword(PasswordOptions.HasCapitals |
PasswordOptions.HasDigits |
PasswordOptions.HasLower |
PasswordOptions.HasSymbols |
PasswordOptions.NoRepeating);
Guid userId = Guid.NewGuid();
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(10);
manager.MaxFailedAccessAttemptsBeforeLockout = 3;
manager.UserLockoutEnabledByDefault = true;
ApplicationUser applicationUser = new ApplicationUser
{
UserName = signUp.Username,
Email = signUp.Email,
PhoneNumber = signUp.PhoneNumber,
Id = userId.ToString(),
LockoutEnabled = true
};
IdentityResult result = manager.Create(applicationUser, password);
string error = result.Errors.Aggregate(string.Empty, (current, resultError) => current + resultError + Environment.NewLine);
if (!result.Succeeded)
{
return(new ActionResult
{
Success = false,
Message = error
});
}
string userRole = signUp.UserRole.ToString();
result = manager.AddToRole(applicationUser.Id, userRole);
using (ESamhashoEntities entities = new ESamhashoEntities())
{
string emailConfirmationToken = manager.GenerateEmailConfirmationToken(applicationUser.Id);
ActionResult guid = UserManagement.SaveVerificationDetails(applicationUser.Email, emailConfirmationToken);
if (!guid.Success)
{
return(new ActionResult
{
Success = false,
Message = "Failed to register new user."
});
}
Uri requestUrl = new Uri(HttpContext.Current.Request.Url, "/Backoffice/Authentication.svc/json/VerifyEmail/" + guid.Message);
EmailTemplate emailBody = entities.EmailTemplates.FirstOrDefault(a => a.EmailTemplateId == (byte)EmailTemplateId.SignUp);
if (emailBody != null)
{
string body = emailBody.Body.Replace("{activateaccount}", requestUrl.ToString())
.Replace("{email}", applicationUser.Email)
.Replace("{password}", password)
.Replace("{accountname}", applicationUser.UserName);
string subject = "Esamhasho registration confirmation";
OutgoingEmail outgoingEmail = new OutgoingEmail
{
Body = body,
Date = DateTime.Now,
Destination = applicationUser.Email,
Reference = applicationUser.Id,
Status = (byte)EmailStatus.Pending,
Subject = subject
};
entities.OutgoingEmails.Add(outgoingEmail);
entities.SaveChanges();
manager.SendEmail(applicationUser.Id, subject, body);
OutgoingEmail email = entities.OutgoingEmails.FirstOrDefault(a => a.Id == outgoingEmail.Id);
if (email != null)
{
email.Status = (byte)EmailStatus.Success;
}
entities.SaveChanges();
}
}
if (result.Succeeded)
{
return(new ActionResult
{
Success = true,
Message = "Successfully register new user. The user should check there email to avtivate there account."
});
}
error = result.Errors.Aggregate(string.Empty, (current, resultError) => current + resultError + Environment.NewLine);
return(new ActionResult
{
Success = false,
Message = error
});
}
catch (Exception exception)
{
Dictionary <string, string> dictionary = signUp.ToDictionary();
ServiceHelper.LogException(exception, dictionary, ErrorSource.Authentication);
return(new ActionResult
{
Success = false,
Message = "Error, failed to register new user."
});
}
}
