public void SignOut()
{
try
{
ActionLogs.AddActionLog(TSAuthentication.GetLoginUser(), ActionLogType.Insert, ReferenceType.Users, TSAuthentication.UserID, "Logged out");
TSEventLog.WriteEvent(TSEventLogEventType.LogoutSuccess, HttpContext.Current.Request, TSAuthentication.GetLoginUser().GetUser(), TSAuthentication.GetLoginUser().GetOrganization());
}
catch (Exception)
{
}
HttpContext.Current.Response.Cookies["sl"].Value = null;
HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName].Value = null;
//HttpContext.Current.Session.Clear();
//HttpContext.Current.Session.Abandon();
FormsAuthentication.SignOut();
}
private static SignInResult IsValid(LoginUser loginUser, string email, string password, int organizationId, ref User user, ref Organization organization)
{
SignInResult validation = new SignInResult();
organization = Organizations.GetOrganization(loginUser, organizationId);
bool isNewSignUp = DateTime.UtcNow.Subtract(organization.DateCreatedUtc).TotalMinutes < 10;
if (!organization.IsActive)
{
if (string.IsNullOrEmpty(organization.InActiveReason))
{
validation.Error = "Your account is no longer active. Please contact TeamSupport.com.";
validation.Result = LoginResult.Fail;
}
else
{
validation.Error = "Your company account is no longer active.<br />" + organization.InActiveReason;
validation.Result = LoginResult.Fail;
}
TSEventLog.WriteEvent(TSEventLogEventType.FailedLoginAttempt, HttpContext.Current.Request, null, organization, new string[] { "Email: " + email });
return(validation);
}
Users users = new Users(loginUser);
users.LoadByEmail(1, email);
if (users.Count == 1)
{
user = users[0];
}
else
{
foreach (User u in users)
{
if (u.OrganizationID == organizationId)
{
user = u;
break;
}
}
}
int attempts = LoginAttempts.GetAttemptCount(loginUser, user.UserID, 15);
validation.LoginFailedAttempts = attempts;
if (user != null && attempts <= MAXLOGINATTEMPTS)
{
validation.UserId = user.UserID;
validation.OrganizationId = user.OrganizationID;
if (IsSupportImpersonation(password))
{
_skipVerification = true;
validation.Result = LoginResult.Success;
validation.Error = string.Empty;
//vv Log this information!
}
else
{
if (user.CryptedPassword != EncryptPassword(password) && user.CryptedPassword != password && !isNewSignUp)
{
validation.Error = "Invalid email or password.";
validation.Result = LoginResult.Fail;
}
if (!organization.IsActive)
{
if (string.IsNullOrEmpty(organization.InActiveReason))
{
validation.Error = "Your account is no longer active. Please contact TeamSupport.com.";
validation.Result = LoginResult.Fail;
}
else
{
validation.Error = "Your company account is no longer active.<br />" + organization.InActiveReason;
validation.Result = LoginResult.Fail;
}
}
if (!user.IsActive)
{
validation.Error = "Your account is no longer active.   Please contact your administrator.";
validation.Result = LoginResult.Fail;
}
DateTime passwordCreatedDate = user.PasswordCreatedUtc != null ? (DateTime)user.PasswordCreatedUtc : user.DateCreated;
if (validation.Result != LoginResult.Fail && user.IsPasswordExpired || (organization.DaysBeforePasswordExpire > 0 && DateTime.UtcNow > passwordCreatedDate.AddDays(organization.DaysBeforePasswordExpire)))
{
validation.Error = "Your password has expired.";
validation.Result = LoginResult.PasswordExpired;
}
}
}
else if (user == null)
{
validation.Error = "Invalid email or password.";
validation.Result = LoginResult.Fail;
}
else
{
validation.Error = string.Format("Your account is temporarily locked, because of too many failed login attempts.{0}Try again in 15 minutes or use the forgot password link above to reset your password. ", Environment.NewLine);
validation.Result = LoginResult.Fail;
if (attempts == MAXLOGINATTEMPTS + 1)
{
TSEventLog.WriteEvent(TSEventLogEventType.AccountLocked, HttpContext.Current.Request, user, organization);
EmailPosts.SendTooManyAttempts(loginUser, user.UserID);
}
}
if (validation.Result != LoginResult.Success && validation.Result != LoginResult.Unknown && !string.IsNullOrEmpty(validation.Error))
{
TSEventLog.WriteEvent(TSEventLogEventType.FailedLoginAttempt, HttpContext.Current.Request, user, organization, new string[] { "Attempted Email: " + email });
LoginAttempts.AddAttempt(loginUser, user.UserID, false, HttpContext.Current.Request.UserHostAddress, HttpContext.Current.Request.Browser, HttpContext.Current.Request.UserAgent, GetDeviceID());
}
else
{
TSEventLog.WriteEvent(TSEventLogEventType.LoginSuccess, HttpContext.Current.Request, user, organization);
validation.Result = LoginResult.Success;
}
return(validation);
}
