public async Task <IActionResult> OnPostAsync() { if (!ModelState.IsValid) { return(Page()); } if (!await _recaptchaService.VerifyAsync(Request.Form["g-recaptcha-response"])) { ModelState.AddModelError(string.Empty, "Invalid Recaptcha"); return(Page()); } var user = await _userManager.FindByEmailAsync(Input.Email); if (user == null) { return(RedirectToPage("./ResetPasswordConfirmation")); } var result = await _userManager.ResetPasswordAsync(user, Input.Code, Input.Password); if (result.Succeeded) { return(RedirectToPage("./ResetPasswordConfirmation")); } foreach (var error in result.Errors) { ModelState.AddModelError(string.Empty, error.Description); } return(Page()); }
public async Task <IActionResult> Login([FromBody] Credentials credentials, CancellationToken cancellationToken) { var response = await _recaptchaService.VerifyAsync(credentials.RecaptchaToken, cancellationToken : cancellationToken); if (!response.Success) { _logger.LogError($"Recaptcha error: {JsonConvert.SerializeObject(response.ErrorCodes)}"); return(BadRequest()); } // Process login return(Ok()); }
public async Task <IActionResult> OnPostAsync() { if (!ModelState.IsValid) { return(Page()); } if (!await _recaptchaService.VerifyAsync(Request.Form["g-recaptcha-response"])) { ModelState.AddModelError(string.Empty, "Invalid Recaptcha"); return(Page()); } var user = await _userManager.FindByEmailAsync(Input.Email); if (user == null || !(await _userManager.IsEmailConfirmedAsync(user))) { return(RedirectToPage("./ForgotPasswordConfirmation")); } var code = await _userManager.GeneratePasswordResetTokenAsync(user); code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); var callbackUrl = Url.Page( "/ResetPassword", pageHandler: null, values: new { code }, protocol: Request.Scheme); await _emailService.SendAsync(Input.Email, "Reset Password", $@" Hello {HtmlEncoder.Default.Encode(user.UserName)}! <br/> <br/> Please reset your password by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>. <br/> <br/> Best Regards, <br/> ImaginaryCTF's Team "); return(RedirectToPage("./ForgotPasswordConfirmation")); }
public async Task <ActionResult> Store([FromBody] MessageEditForm form) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var ip = _accessor.HttpContext?.Connection?.RemoteIpAddress?.ToString(); bool recaptchaValid = await _recaptchaService.VerifyAsync(form.Token, ip); if (!recaptchaValid) { ModelState.AddModelError("recaptcha", "驗證失敗"); return(BadRequest(ModelState)); } var message = form.Message.MapEntity(_mapper, CurrentUserId); message = await _messagesService.CreateAsync(message); return(Ok(message.MapViewModel(_mapper))); }
public async Task Invoke(HttpContext httpContext) { var mode = _options.CurrentValue.InvalidRecaptchaResponseMode; if (httpContext.Request.Headers.All(x => !x.Key.Equals(Constants.ReCaptchaHeader, StringComparison.InvariantCultureIgnoreCase))) { await RejectRequestAsync(httpContext, mode); } var reCaptchaResponse = httpContext.Request.Headers.FirstOrDefault(x => x.Key.Equals(Constants.ReCaptchaHeader, StringComparison.InvariantCultureIgnoreCase)).Value; if (string.IsNullOrEmpty(reCaptchaResponse)) { await RejectRequestAsync(httpContext, mode); } var recaptchaVerificationResult = await _recaptchaService.VerifyAsync(reCaptchaResponse, CancellationToken.None); if (!recaptchaVerificationResult.Success) { const string msg = "Recaptcha verification failed"; switch (mode) { case InvalidRecaptchaResponseMode.ThrowRecaptchaException: throw new RecaptchaVerificationFailureException(msg); case InvalidRecaptchaResponseMode.ReturnBadRequest: httpContext.Response.StatusCode = 400; await httpContext.Response.WriteAsync(JsonConvert.SerializeObject(new { error = msg })); return; } } await _next.Invoke(httpContext); }
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { var mode = _options.CurrentValue.InvalidRecaptchaResponseMode; if (context.HttpContext.Request.Headers.All(x => !x.Key.Equals(Constants.ReCaptchaHeader, StringComparison.InvariantCultureIgnoreCase))) { RejectRequest(context, mode); return; } var reCaptchaResponse = context.HttpContext.Request.Headers.FirstOrDefault(x => x.Key.Equals(Constants.ReCaptchaHeader, StringComparison.InvariantCultureIgnoreCase)).Value; if (string.IsNullOrEmpty(reCaptchaResponse)) { RejectRequest(context, mode); return; } var recaptchaVerificationResult = await _recaptchaService.VerifyAsync(reCaptchaResponse, CancellationToken.None); if (!recaptchaVerificationResult.Success) { const string msg = "Recaptcha verification failed"; switch (mode) { case InvalidRecaptchaResponseMode.ThrowRecaptchaException: throw new RecaptchaVerificationFailureException(msg); case InvalidRecaptchaResponseMode.ReturnBadRequest: context.Result = new BadRequestObjectResult(new { error = msg }); break; } } await base.OnActionExecutionAsync(context, next); }
public async Task <IActionResult> OnPostAsync(string returnUrl = null) { string reCaptchaResponse = Request.Form["g-recaptcha-response"]; returnUrl ??= Url.Content("~/"); if (!await _recaptchaService.VerifyAsync(reCaptchaResponse)) { ModelState.AddModelError(string.Empty, "Invalid Recaptcha"); return(Page()); } if (!ModelState.IsValid) { return(Page()); } var existentUser = await _userManager.FindByEmailAsync(Input.Email); if (existentUser != null && !existentUser.EmailConfirmed) { await _userManager.DeleteAsync(existentUser); } var user = new ApplicationUser { UserName = Input.Username, Email = Input.Email, User = new User(), ApiKey = RandomHelper.GenerateRandomString() }; var result = await _userManager.CreateAsync(user, Input.Password); if (result.Succeeded) { var code = await _userManager.GenerateEmailConfirmationTokenAsync(user); code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); var callbackUrl = Url.Page( "/ConfirmEmail", pageHandler: null, values: new { area = "Account", userId = user.Id, code = code, returnUrl = returnUrl }, protocol: Request.Scheme); await _emailService.SendAsync(Input.Email, "ImaginaryCTF - Confirm your email", $@" Hello {HtmlEncoder.Default.Encode(user.UserName)}! <br/> <br/> Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>. <br/> <br/> Best Regards, <br/> ImaginaryCTF's Team "); return(RedirectToPage("/RegisterConfirmation", new { area = "Account" })); } foreach (var error in result.Errors) { ModelState.AddModelError(string.Empty, error.Description); } return(Page()); }