Ejemplo n.º 1
0
        public async Task <ActionResult> LoginAs(int userId)
        {
            await Resource.ResourceAccess.LoginAsAsync(userId);

            string url = Manager.CurrentSite.HomePageUrl;

            url = QueryHelper.AddRando(url); // to defeat client-side caching
            return(Redirect(url));
        }
Ejemplo n.º 2
0
        public async Task <ActionResult> LoginDirectDemoUser(string name, string url)
        {
            url = QueryHelper.AddRando(url ?? Manager.CurrentSite.HomePageUrl); // to defeat client-side caching

            using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
                UserDefinition user = await userDP.GetItemAsync(name);

                if (user == null || !user.RolesList.Contains(new Role {
                    RoleId = Resource.ResourceAccess.GetUserDemoRoleId()
                }, new RoleComparer()))
                {
                    Manager.CurrentResponse.StatusCode = 401;
                }
                else
                {
                    await Resource.ResourceAccess.LoginAsAsync(user.UserId);
                }
                return(Redirect(url));
            }
        }
Ejemplo n.º 3
0
        /// <summary>
        /// Log off
        /// </summary>
        public async Task <ActionResult> Logoff(string nextUrl)
        {
            Manager.SetSuperUserRole(false);// explicit logoff clears superuser state
            await LoginModuleController.UserLogoffAsync();

            LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();

            string url = nextUrl;

            if (string.IsNullOrWhiteSpace(url))
            {
                url = config.LoggedOffUrl;
            }
            if (string.IsNullOrWhiteSpace(url))
            {
                url = Manager.CurrentSite.HomePageUrl;
            }
            // Because this is a plain MVC controller, this Redirect really redirects (no Unified Page Set handling) which is the desired behavior
            url = QueryHelper.AddRando(url); // to defeat client-side caching
            return(Redirect(url));
        }
Ejemplo n.º 4
0
        public async Task <ActionResult> Login()
        {
            // verify that the user already entered the name/password correctly
            int    userId       = Manager.SessionSettings.SiteSettings.GetValue <int>(IDENTITY_TWOSTEP_USERID, 0);
            bool   closeOnLogin = Manager.SessionSettings.SiteSettings.GetValue <bool>(IDENTITY_TWOSTEP_CLOSEONLOGIN, false);
            string returnUrl    = Manager.SessionSettings.SiteSettings.GetValue <string>(IDENTITY_TWOSTEP_NEXTURL);

            Manager.SessionSettings.SiteSettings.ClearValue(LoginTwoStepController.IDENTITY_TWOSTEP_USERID);
            Manager.SessionSettings.SiteSettings.ClearValue(LoginTwoStepController.IDENTITY_TWOSTEP_NEXTURL);
            Manager.SessionSettings.SiteSettings.ClearValue(LoginTwoStepController.IDENTITY_TWOSTEP_CLOSEONLOGIN);
            Manager.SessionSettings.SiteSettings.Save();
            if (userId == 0)
            {
                return(Redirect(Manager.CurrentSite.HomePageUrl));
            }

            // verify that the TwoStepAuthorization provider just verified this user
            TwoStepAuth twoStep = new TwoStepAuth();

            if (!await twoStep.VerifyTwoStepAutheticationDoneAsync(userId))
            {
                return(Redirect(Manager.CurrentSite.HomePageUrl));
            }
            await twoStep.ClearTwoStepAutheticationAsync(userId);

            await Resource.ResourceAccess.LoginAsAsync(userId);

            if (closeOnLogin)
            {
                return(View("YetaWF_Identity_TwoStepDone"));
            }
            else
            {
                returnUrl = QueryHelper.AddRando(returnUrl); // to defeat client-side caching
                return(Redirect(returnUrl));
            }
        }
Ejemplo n.º 5
0
        public async Task <IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
        {
            if (remoteError != null)
            {
                throw new Error(this.__ResStr("extErr", "The external login provider reported this error: {0}", remoteError));
            }

            SignInManager <UserDefinition> _signinManager = (SignInManager <UserDefinition>)YetaWFManager.ServiceProvider.GetService(typeof(SignInManager <UserDefinition>));
            ExternalLoginInfo loginInfo = await _signinManager.GetExternalLoginInfoAsync();

            if (loginInfo == null)
            {
                Logging.AddErrorLog("AuthenticationManager.GetExternalLoginInfoAsync() returned null");
                return(Redirect(Helper.GetSafeReturnUrl(Manager.CurrentSite.LoginUrl)));
            }
            using (LoginConfigDataProvider logConfigDP = new LoginConfigDataProvider()) {
                List <LoginConfigDataProvider.LoginProviderDescription> loginProviders = await logConfigDP.GetActiveExternalLoginProvidersAsync();

                if ((from l in loginProviders where l.InternalName == loginInfo.LoginProvider select l).FirstOrDefault() == null)
                {
                    Logging.AddErrorLog("Callback from external login provider {0} which is not active", loginInfo.LoginProvider);
                    return(Redirect(Helper.GetSafeReturnUrl(Manager.CurrentSite.LoginUrl)));
                }
            }

            // get our registration defaults
            LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();

            // Sign in the user with this external login provider if the user already has a login
            UserDefinition user = await Managers.GetUserManager().FindByLoginAsync(loginInfo.LoginProvider, loginInfo.ProviderKey);

            if (user == null)
            {
                // If the user does not have an account, then prompt the user to create an account
                // we will go to a page where the user can set up a local account
                Manager.OriginList = new List <Origin>();
                if (!string.IsNullOrWhiteSpace(returnUrl))
                {
                    Manager.OriginList.Add(new Origin()
                    {
                        Url = returnUrl
                    });                                                      // where to go after setup
                }
                Manager.OriginList.Add(new Origin()
                {
                    Url = Helper.GetSafeReturnUrl(Manager.CurrentSite.ExternalAccountSetupUrl)
                });                                                                                                                  // setup
                return(Redirect(Manager.ReturnToUrl));
            }

            if (string.IsNullOrWhiteSpace(returnUrl) && Manager.HaveReturnToUrl)
            {
                returnUrl = Manager.ReturnToUrl;
            }
            if (string.IsNullOrWhiteSpace(returnUrl))
            {
                returnUrl = await Resource.ResourceAccess.GetUserPostLoginUrlAsync((from u in user.RolesList select u.RoleId).ToList());
            }
            if (string.IsNullOrWhiteSpace(returnUrl))
            {
                returnUrl = Manager.CurrentSite.PostLoginUrl;
            }
            returnUrl = Helper.GetSafeReturnUrl(returnUrl);

            // determine what to do based on account status
            if (user.UserStatus == UserStatusEnum.Approved)
            {
                await LoginModuleController.UserLoginAsync(user);

                Logging.AddLog("User {0} - logged on", user.UserName);
                returnUrl = QueryHelper.AddRando(returnUrl); // to defeat client-side caching
                return(Redirect(returnUrl));
            }
            else if (user.UserStatus == UserStatusEnum.Rejected)
            {
                await LoginModuleController.UserLogoffAsync();

                Logging.AddErrorLog("User {0} - rejected user", user.UserName);
                if (string.IsNullOrWhiteSpace(config.RejectedUrl))
                {
                    return(Redirect(MessageUrl("Your account has been rejected by the site administrator.")));
                }
                return(Redirect(Helper.GetSafeReturnUrl(config.RejectedUrl)));
            }
            else if (user.UserStatus == UserStatusEnum.Suspended)
            {
                await LoginModuleController.UserLogoffAsync();

                Logging.AddErrorLog("User {0} - suspended user", user.UserName);
                if (string.IsNullOrWhiteSpace(config.SuspendedUrl))
                {
                    return(Redirect(MessageUrl("Your account has been suspended by the site administrator.")));
                }
                return(Redirect(Helper.GetSafeReturnUrl(config.SuspendedUrl)));
            }
            else if (user.UserStatus == UserStatusEnum.NeedValidation)
            {
                await LoginModuleController.UserLogoffAsync();

                Logging.AddErrorLog("User {0} - not yet validated", user.UserName);
                if (string.IsNullOrWhiteSpace(config.VerificationPendingUrl))
                {
                    return(Redirect(MessageUrl(this.__ResStr("notValidated", "Your account has not yet been verified. You will receive an email with verification information. Once received, please use the information in the email to complete the registration."))));
                }
                return(Redirect(Helper.GetSafeReturnUrl(config.VerificationPendingUrl)));
            }
            else if (user.UserStatus == UserStatusEnum.NeedApproval)
            {
                await LoginModuleController.UserLogoffAsync();

                Logging.AddErrorLog("User {0} - not yet approved", user.UserName);
                if (string.IsNullOrWhiteSpace(config.ApprovalPendingUrl))
                {
                    return(Redirect(MessageUrl(this.__ResStr("notApproved", "Your account has not yet been approved by the site administrator. You will receive an email confirmation as soon as your account is active."))));
                }
                return(Redirect(Helper.GetSafeReturnUrl(config.ApprovalPendingUrl)));
            }
            else
            {
                await LoginModuleController.UserLogoffAsync();

                throw new InternalError("badUserStatus", "Unexpected account status {0}", user.UserStatus);
            }
        }