public async Task <IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
ChipsUser user = await _userManager.FindByNameAsync(Input.UserName);
// if user exists but not active, display error
if (user != null && !user.Active)
{
ModelState.AddModelError(string.Empty, "This account is not enabled. Contact an administrator for help.");
return(Page());
}
var result = await _signInManager.PasswordSignInAsync(Input.UserName, Input.Password, Input.RememberMe, lockoutOnFailure : true);
// if password correct and all other requirements fulfilled, redirect to home
if (result.Succeeded)
{
_logger.LogInformation("User logged in.");
return(RedirectToAction("Index", "Home"));
}
// if user has two-factor authentication set up, redirect to page
if (result.RequiresTwoFactor)
{
return(RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe }));
}
// if user is locked out, log and redirect
if (result.IsLockedOut)
{
_logger.LogWarning("User attempted login with locked account.");
return(RedirectToPage("./Lockout"));
}
// if all else fails, username or password are invalid
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return(Page());
}
// Model state invalid
return(Page());
}
public async Task <IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
var user = new ChipsUser {
UserName = Input.UserName, Email = Input.Email, FirstName = Input.FirstName,
LastName = Input.LastName, PhoneNumber = Input.Phone, Active = true
};
var result = await _userManager.CreateAsync(user, Input.Password);
if (result.Succeeded)
{
await _userManager.AddToRoleAsync(user, UserRoles.Technician.ToString());
_logger.LogInformation("User created a new account with password.");
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var callbackUrl = Url.Page(
"/Account/ConfirmEmail",
pageHandler: null,
values: new { userId = user.Id, code = code },
protocol: Request.Scheme);
await _emailSender.SendEmailAsync(Input.Email, "Confirm your email",
$"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
await _signInManager.SignInAsync(user, isPersistent : false);
return(LocalRedirect(returnUrl));
}
foreach (var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
}
// If we got this far, something failed, redisplay form
return(Page());
}
public static void SeedUsers(UserManager <ChipsUser> userManager)
{
if (userManager.FindByEmailAsync("*****@*****.**").Result == null)
{
ChipsUser user = new ChipsUser
{
FirstName = "CHIPS",
LastName = "Admin",
Active = true,
UserName = "******",
NormalizedUserName = "******",
Email = "*****@*****.**",
NormalizedEmail = "*****@*****.**",
LockoutEnabled = false,
};
// initial password
string password = "******";
// password must be 6-100 chars and have at least one uppercase, one digit,
// and one non-alphanumeric character.
// TODO add requirement to change password on first sign-in?
IdentityResult result = userManager.CreateAsync(user, password).Result;
if (result.Succeeded)
{
userManager.AddToRoleAsync(user, "Administrator").Wait();
}
else
{
throw new FormatException("Initial admin password format invalid.");
// TODO error handling to pass along failed initial admin pw requirements
}
}
}
