Ejemplo n.º 1
0
        public async Task <IActionResult> OnGetAsync(int?id)
        {
            var sessid = Request.Cookies.Where(c => (c.Key == "sessid"));

            if (sessid.Count() == 0)
            {
                return(Redirect("/Login"));
            }
            var valid_sessions = _context.Session.Where(s => (s.ID == sessid.First().Value));

            if (valid_sessions.Count() == 0)
            {
                return(Redirect("/Login"));
            }

            _session = valid_sessions.First();

            if (_session.Role != UserRole.Admin)
            {
                return(Redirect("/Login"));
            }
            if (_session.Expires.CompareTo(DateTime.Now) <= 0)
            {
                _context.Session.Remove(_session);
                await _context.SaveChangesAsync();

                _session = null;
                return(Redirect("/Login"));
            }
            return(Page());
        }
Ejemplo n.º 2
0
        public async Task OnGetAsync()
        {
            Session = new List <Session>();
            var sessid = Request.Cookies.Where(c => (c.Key == "sessid"));

            if (sessid.Count() == 0)
            {
                Redirect("/Login");
                return;
            }
            var valid_sessions = _context.Session.Where(s => (s.ID == sessid.First().Value));

            if (valid_sessions.Count() == 0)
            {
                Redirect("/Login");
                return;
            }

            _session = valid_sessions.First();
            if (_session.Role != UserRole.Admin)
            {
                Redirect("/Login");
                return;
            }
            if (_session.Expires.CompareTo(DateTime.Now) <= 0)
            {
                _context.Session.Remove(_session);
                await _context.SaveChangesAsync();

                _session = null;
                Redirect("/Login");
                return;
            }
            Session = await _context.Session.ToListAsync();
        }
Ejemplo n.º 3
0
        // To protect from overposting attacks, enable the specific properties you want to bind to.
        // For more details, see https://aka.ms/RazorPagesCRUD.
        public async Task <IActionResult> OnPostAsync()
        {
            var sessid = Request.Cookies.Where(c => (c.Key == "sessid"));

            if (sessid.Count() == 0)
            {
                return(Redirect("/Login"));
            }
            var valid_sessions = _context.Session.Where(s => (s.ID == sessid.First().Value));

            if (valid_sessions.Count() == 0)
            {
                return(Redirect("/Login"));
            }

            _session = valid_sessions.First();

            if (_session.Role != UserRole.Admin)
            {
                return(Redirect("/Login"));
            }
            if (_session.Expires.CompareTo(DateTime.Now) <= 0)
            {
                _context.Session.Remove(_session);
                await _context.SaveChangesAsync();

                _session = null;
                return(Redirect("/Login"));
            }

            if (!ModelState.IsValid)
            {
                return(Page());
            }

            _context.Attach(User).State = EntityState.Modified;

            try
            {
                await _context.SaveChangesAsync();
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!UserExists(User.ID))
                {
                    return(NotFound());
                }
                else
                {
                    throw;
                }
            }

            return(RedirectToPage("./Index"));
        }
Ejemplo n.º 4
0
        public async Task <IActionResult> OnPostAsync(int?id)
        {
            var sessid = Request.Cookies.Where(c => (c.Key == "sessid"));

            if (sessid.Count() == 0)
            {
                return(Redirect("/Login"));
            }
            var valid_sessions = _context.Session.Where(s => (s.ID == sessid.First().Value));

            if (valid_sessions.Count() == 0)
            {
                return(Redirect("/Login"));
            }

            _session = valid_sessions.First();

            if (_session.Role != UserRole.Manager)
            {
                return(Redirect("/Login"));
            }
            if (_session.Expires.CompareTo(DateTime.Now) <= 0)
            {
                _context.Session.Remove(_session);
                await _context.SaveChangesAsync();

                _session = null;
                return(Redirect("/Login"));
            }
            if (id == null)
            {
                return(NotFound());
            }

            Assignment = await _context.Task.FindAsync(id);

            if (Assignment != null)
            {
                _context.Task.Remove(Assignment);
                await _context.SaveChangesAsync();
            }

            return(RedirectToPage("./Index"));
        }
Ejemplo n.º 5
0
        // To protect from overposting attacks, see https://aka.ms/RazorPagesCRUD
        public async Task <IActionResult> OnPostAsync()
        {
            if (_context.User.Any())
            {
                var sessid = Request.Cookies.Where(c => (c.Key == "sessid"));
                if (sessid.Count() == 0)
                {
                    return(Redirect("/Login"));
                }
                var valid_sessions = _context.Session.Where(s => (s.ID == sessid.First().Value));
                if (valid_sessions.Count() == 0)
                {
                    return(Redirect("/Login"));
                }

                _session = valid_sessions.First();
                if (_session.Role != UserRole.Admin)
                {
                    return(Redirect("/Login"));
                }
                if (_session.Expires.CompareTo(DateTime.Now) <= 0)
                {
                    _context.Session.Remove(_session);
                    await _context.SaveChangesAsync();

                    _session = null;
                    return(Redirect("/Login"));
                }
            }
            if (!ModelState.IsValid)
            {
                return(Page());
            }

            if (_context.User.Count(s => s.Username == Username) > 0)
            {
                return(Page());
            }

            if (Password.Replace(" ", "").Length < 12)
            {
                return(Page());
            }

            if (Password.Length > 128)
            {
                return(Page());
            }

            byte[] salt = new byte[128 / 8];

            using (var rng = RandomNumberGenerator.Create())
            {
                rng.GetBytes(salt);
            }

            string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
                                                       password: Password,
                                                       salt: salt,
                                                       prf: KeyDerivationPrf.HMACSHA512,
                                                       iterationCount: 10000,
                                                       numBytesRequested: 256 / 8));

            if (!_context.User.Any())
            {
                Role = UserRole.Admin;
            }

            _context.User.Add(new User {
                Username = Username, Password = hashed, Role = Role, Salt = Convert.ToBase64String(salt)
            });
            await _context.SaveChangesAsync();

            return(RedirectToPage("./Users/Index"));
        }