public virtual IActionResult PasswordChange([FromForm] String password, [FromForm] String newpassword, [FromForm] String newpasswordconfirm)
{
// Get the blog that is for this controller instance
if (Current != null)
{
// Get the provider reference (shorthand)
IBlogDataProvider provider = Current.Parameters.Provider;
if (provider != null)
{
BlogLogin changedUser = provider.ChangePassword(loginManager.CurrentUser.Username, password, newpassword, newpasswordconfirm);
if (changedUser != null)
{
loginManager.CurrentUser = changedUser;
}
}
// Generate the view model to pass
LoginViewModel viewModel = new LoginViewModel()
{
Templates = Current.Templates.ContainsKey(BlogControllerView.Login) ?
Current.Templates[BlogControllerView.Login] : new BlogViewTemplates(),
Username = loginManager.CurrentUser.Username
};
// Pass the view model
return(View(this.ViewLocation("login"), viewModel));
}
else
{
return(View(this.ViewLocation("login"), new LoginViewModel()));
}
}
/// <summary>
/// Set a given user as logged in
/// </summary>
/// <param name="user"></param>
private Boolean LoginUser(BlogLogin user)
{
// Remove old logins with the same token or username should there be one
try
{
// No logins yet? Create the array if it is null for some reason
if (blog.LoginAuths == null)
{
blog.LoginAuths = new BlogUsers();
}
// Set the token and the expiry date
user.Token = Guid.NewGuid();
user.ExpiryDate = DateTime.Now.AddSeconds(securityTokenExirySeconds);
// Remove the old logins
blog.LoginAuths.Logins.RemoveAll(login =>
((login.Username ?? "").Trim() == (user.Username ?? "").Trim()));
// Add the new user token
blog.LoginAuths.Logins.Add(user);
// Add the token to the session and return if successful
return(sessionHelper.SetGuid(context.Session, securityTokenKey, user.Token.Value));
}
catch
{
// Failed to log in, it's a generic fail anyway so allow a fail
}
// Bombed out so return a failure
return(false);
}
=> base.AuthenticateUser(username, password); // Normally not have an override but for future ..
/// <summary>
/// Change the user's password
/// </summary>
/// <param name="username">The username to change</param>
/// <param name="password">The current password</param>
/// <param name="newpassword">the new password</param>
/// <param name="newpasswordconfirm">The new password confirmation</param>
/// <returns></returns>
public override BlogLogin ChangePassword(String username, String password, String newpassword, String newpasswordconfirm)
{
// Call the base password change functionality
BlogLogin updated = base.ChangePassword(username, password, newpassword, newpasswordconfirm);
// Changed ok?
if (updated != null)
{
SaveUsers(users); // Save the users
}
// Return the tokenised user
return(updated);
}
/// <summary>
/// Validate the login credentials
/// </summary>
/// <param name="username">The user to validate</param>
/// <param name="password">The password to check against</param>
/// <param name="Login">Actually log them in, or just validate?</param>
/// <returns></returns>
public Boolean ValidateLogin(String username, String password, Boolean Login)
{
// Get the current security token from the session
Nullable <Guid> currentToken = UserToken;
// Get the security token if the user is authenticated
BlogLogin user = blog.Parameters.Provider.AuthenticateUser(username, password);
// Set the token in the session state if requested to be logged in
if (user != null)
{
return(Login ? LoginUser(user) : true);
}
// Failed to return a positive so exit with a fail at this point
return(false);
}
/// <summary>
/// Render the content of the login box password change functionality
/// </summary>
/// <param name="viewModel"></param>
/// <returns>The content of the password change functionality</returns>
public static IHtmlContent AuthBoxChangePassword(LoginViewModel viewModel, BlogLoginManager loginManager)
{
// Logged in?
BlogLogin loggedInUser = loginManager.CurrentUser;
if (loggedInUser != null)
{
return(ContentFill(BlogViewTemplatePart.Auth_LoginBox_PasswordChange,
new List <BlogViewTemplateReplacement>()
{
new BlogViewTemplateReplacement(BlogViewTemplateField.Common_Controller_Url, viewModel.ControllerUrl, false),
new BlogViewTemplateReplacement(BlogViewTemplateField.Login_Username, viewModel.Username, false)
}, viewModel));
}
else
{
return(new HtmlContentBuilder());
}
}
/// <summary>
/// Change the user's password
/// </summary>
/// <param name="username">The username to change</param>
/// <param name="password">The current password</param>
/// <param name="newpassword">the new password</param>
/// <param name="newpasswordconfirm">The new password confirmation</param>
/// <returns></returns>
public virtual BlogLogin ChangePassword(String username, String password, String newpassword, String newpasswordconfirm)
{
// Check that the new password meets the correct criteria
if (((newpassword ?? "") == "") ||
((newpassword ?? "").Trim().ToLower() != (newpasswordconfirm ?? "").Trim().ToLower()))
{
return(null);
}
// Get the current login that matches the credentials
BlogLogin result = AuthenticateUser(username, password);
// Did we find a match?
if (result != null)
{
// Start the crypto helper to check the password
CryptoHelper cryptoHelper = new CryptoHelper();
// Encode the new password and mark the login as not needing changing anymore
result.PasswordChange = false;
result.PasswordHash = cryptoHelper.CalculateHash(newpassword);
// Save the result to the users lookup (so that the overriden method can save the users)
users.Logins.ForEach(login =>
{
// Update this user if the username matches
if (login.Username == username)
{
// Set the properties
login.PasswordChange = result.PasswordChange;
login.PasswordHash = result.PasswordHash;
}
});
}
// Send the tokenised user back to the caller
return(result);
}
/// <summary>
/// Authenticate a user, will return a token (Guid) if the user is authenticated
/// </summary>
/// <param name="username">The username as cleartext</param>
/// <param name="password">The password as cleartext but as a secure string (no clear memory footprint)</param>
/// <returns>The authentication token</returns>
public virtual BlogLogin AuthenticateUser(String username, String password)
{
// Define a false response by default
BlogLogin result = null;
// Start the crypto helper to check the password
CryptoHelper cryptoHelper = new CryptoHelper();
// Get the hash for the username
username = username ?? "";
BlogLogin login = users.Logins.Where(user => user.Username.Trim().ToLower() == username.Trim().ToLower()).FirstOrDefault();
if (login != null)
{
// Check the match from the password to the admin hash
if (cryptoHelper.CheckMatch((login.PasswordHash ?? ""), (password ?? "").Trim()))
{
result = login;
}
}
// Send the tokenised user back to the caller
return(result);
}
public Boolean LogOutUser(BlogLogin user)
{
// If this is the user that is currently logged in
if (this.CurrentUser.Username == user.Username)
{
// No logins yet? Create the array if it is null for some reason
if (blog.LoginAuths == null)
{
blog.LoginAuths = new BlogUsers();
}
// Set the expiry date
user.ExpiryDate = DateTime.Now.AddSeconds(-1);
// Remove the old login
blog.LoginAuths.Logins.RemoveAll(login =>
((login.Username ?? "").Trim() == (user.Username ?? "").Trim()));
// Add the token to the session and return if successful
return(sessionHelper.Remove(context.Session, securityTokenKey));
}
return(false);
}
