public JsonResult ValidateOldPassword(string password) { if (!_tokenManager.GenerateToken()) { return(Json(null, JsonRequestBehavior.AllowGet)); } int userId = Convert.ToInt32(Session["USERID"]); _ISpartan_SettingsApiConsumer.SetAuthHeader(_tokenManager.Token); _ISpartan_User_Historical_PasswordApiConsumer.SetAuthHeader(_tokenManager.Token); var CountSamePasswordDB = _ISpartan_SettingsApiConsumer.GetByKey("CountSamePassword", false).Resource; int CountSamePassword = Convert.ToInt32(CountSamePasswordDB.Valor); bool wasUsed = false; var listOldPasswords = _ISpartan_User_Historical_PasswordApiConsumer.ListaSelAll(0, 10, "Spartan_User_Historical_Password.Usuario=" + userId, "").Resource; if (listOldPasswords.RowCount > 0) { foreach (var oldPass in listOldPasswords.Spartan_User_Historical_Passwords) { if (oldPass.Password == EncryptHelper.CalculateMD5Hash(password) && DateTime.Now.AddDays(CountSamePassword * -1) < oldPass.Fecha_de_Registro) { wasUsed = true; } } } return(Json(wasUsed, JsonRequestBehavior.AllowGet)); }
public ActionResult UpdatePassword(string action, string oldpassword, string password, int iduser) { try { if (action == "cancel") { //cancel return(Json(new { valor = 0, href = Url.Action("Login", "Account") })); } else { //guardar if (!_tokenManager.GenerateToken("pepe", EncryptHelper.CalculateMD5Hash(password))) { ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword); } var userApi = new Spartan_UserApiConsumer(); userApi.SetAuthHeader(_tokenManager.Token); var tmpuser = userApi.GetByKey(iduser, false); if (tmpuser != null && tmpuser.Resource != null) { if (oldpassword == password) { return(Json(new { valor = 2, message = Resources.LoginResources.ErrorNewPassword })); } tmpuser.Resource.Password = EncryptHelper.CalculateMD5Hash(password); var rta = userApi.Update(tmpuser.Resource, null, null); var userhistApi = new Spartan_User_Historical_PasswordApiConsumer(); userhistApi.SetAuthHeader(_tokenManager.Token); rta = userhistApi.Insert(new Core.Domain.Spartan_User_Historical_Password.Spartan_User_Historical_Password() { Fecha_de_Registro = DateTime.Now, Usuario = iduser, Password = EncryptHelper.CalculateMD5Hash(password) }, null, null); return(Json(new { valor = 1, href = Url.Action("Login", "Account") })); } else { return(null); } } } catch (Exception ex) { //error return(null); } }
public ActionResult ValidateLogin(string username, string password) { try { string passEncripted = EncryptHelper.CalculateMD5Hash(password); var UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Password = '******' COLLATE SQL_Latin1_General_CP1_CS_AS").Resource; if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count() > 0) { if (!_tokenManager.GenerateToken(username, EncryptHelper.CalculateMD5Hash(password))) { ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword); } if (UserDetails.Spartan_Users.FirstOrDefault().Status == 2) { ModelState.AddModelError("", Resources.LoginResources.DeactivateAccount); return(Json(new { valor = 0 })); } var histPasswordApi = new Spartan_User_Historical_PasswordApiConsumer(); histPasswordApi.SetAuthHeader(_tokenManager.Token); var histUser = histPasswordApi.ListaSelAll(0, 9999, "Spartan_User_Historical_Password.Usuario=" + UserDetails.Spartan_Users[0].Id_User, "").Resource; //validacion de cantidades de logins realizados if (histUser.RowCount > 0) { //validacion de expirtacion _ISpartan_SettingsApiConsumer.SetAuthHeader(_tokenManager.Token); var ExpirationDaysDB = _ISpartan_SettingsApiConsumer.GetByKey("ExpirationDays", false).Resource; int ExpirationDays = Convert.ToInt32(ExpirationDaysDB.Valor); //TODO: obtener cantidad de dias para expirtacion de pwd var lastLogin = histUser.Spartan_User_Historical_Passwords.OrderByDescending(h => h.Clave).FirstOrDefault(); if ((DateTime.Now - Convert.ToDateTime(lastLogin.Fecha_de_Registro)).TotalDays > ExpirationDays) { //debe cambiar la password por expiracion Session["tmpExpira"] = 1; Session["tmpIdUser"] = UserDetails.Spartan_Users[0].Id_User; Session["tmpUsername"] = username; Session["tmpPassword"] = password; return(Json(new { valor = 1 })); } else { //inicia sesion normalmente return(Json(new { valor = 2 })); } } else { //debe cambiar la password por ser el primer login Session["tmpExpira"] = 0; Session["tmpIdUser"] = UserDetails.Spartan_Users[0].Id_User; Session["tmpUsername"] = username; Session["tmpPassword"] = password; return(Json(new { valor = 1 })); } } //credenciales incorrectas return(Json(new { valor = 0 })); } catch (Exception ex) { //error return(null); } }
public JsonResult ForgotPassword(ForgotPasswordViewModel model) { if (ModelState.IsValid) { try { Spartan_User_Core UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Email = '" + model.Email + "'").Resource; if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count() > 0) { if (System.IO.File.Exists(Server.MapPath("~/HTMLTemplates/ForgotPassword.html"))) { // Get HTML Template for Forgot password StreamReader sread = new StreamReader(Server.MapPath("~/HTMLTemplates/ForgotPassword.html")); string strBodyTemplate = sread.ReadToEnd(); // Replace User Full Name strBodyTemplate = strBodyTemplate.Replace("*|fullname|*", UserDetails.Spartan_Users[0].Name); strBodyTemplate = strBodyTemplate.Replace("*|username|*", UserDetails.Spartan_Users[0].Username); strBodyTemplate = strBodyTemplate.Replace("*|email|*", UserDetails.Spartan_Users[0].Email); //strBodyTemplate = strBodyTemplate.Replace("*|password|*", UserDetails.Spartan_Users[0].Password); //Replace text for apropiates values in Resources strBodyTemplate = strBodyTemplate.Replace("*|text1|*", Resources.LoginResources.Hello); strBodyTemplate = strBodyTemplate.Replace("*|text2|*", Resources.LoginResources.textTemplateEmail1); strBodyTemplate = strBodyTemplate.Replace("*|text3|*", Resources.LoginResources.UserName.ToString()); strBodyTemplate = strBodyTemplate.Replace("*|text4|*", Resources.LoginResources.Email.ToString()); strBodyTemplate = strBodyTemplate.Replace("*|text5|*", Resources.LoginResources.Password); strBodyTemplate = strBodyTemplate.Replace("*|text6|*", Resources.LoginResources.textTemplateEmail2.ToString()); if (!_tokenManager.GenerateToken("admin", "admin")) { return(null); } var userApi = new Spartan_UserApiConsumer(); userApi.SetAuthHeader(_tokenManager.Token); var tmpuser = userApi.GetByKey(UserDetails.Spartan_Users[0].Id_User, false); var pass = System.Web.Security.Membership.GeneratePassword(7, 0); pass = Regex.Replace(pass, @"[^a-zA-Z0-9]", m => "9") + "$"; tmpuser.Resource.Password = EncryptHelper.CalculateMD5Hash(pass); var res = userApi.Update(tmpuser.Resource, null, null); var userhistApi = new Spartan_User_Historical_PasswordApiConsumer(); userhistApi.SetAuthHeader(_tokenManager.Token); res = userhistApi.Insert(new Core.Domain.Spartan_User_Historical_Password.Spartan_User_Historical_Password() { Fecha_de_Registro = DateTime.Now, Usuario = tmpuser.Resource.Id_User, Password = tmpuser.Resource.Password }, null, null); strBodyTemplate = strBodyTemplate.Replace("*|password|*", pass); // Replace ForgotPassword Link with Token and Encrypted Email List <string> emails = new List <string>(); emails.Add(model.Email); if (Helper.SendEmail(emails, string.Format(Resources.LoginResources.ForgotPasswordEmailSubject, model.UserName), strBodyTemplate)) { return(Json(new { data = string.Format(Resources.LoginResources.ForgotPasswordSuccess, model.Email), valid = true })); } else { return(Json(new { data = Resources.LoginResources.ForgotPasswordEmailError, valid = false })); } } else { return(Json(new { data = Resources.LoginResources.ForgotPasswordEmailError, valid = false })); } } else { return(Json(new { data = Resources.LoginResources.InvalidEmailUserName, valid = false })); } } catch (Exception) { return(Json(new { data = Resources.LoginResources.InvalidEmailUserName, valid = false })); } } else { return(Json(Resources.LoginResources.InvalidEmailUserName)); } }
public ActionResult ReLogin(LoginViewModel model, string returnUrl) { if (ModelState.ContainsKey("LanguageList")) { ModelState["LanguageList"].Errors.Clear(); } SessionHelper.Relogin = true; if (Session.Count <= 1) { LoginViewModel oLoginViewModel = new LoginViewModel(); oLoginViewModel.LanguageList = GetLanguage(); oLoginViewModel.UserName = model.UserName; oLoginViewModel.Password = model.Password; return(Login(oLoginViewModel)); } if (ModelState.IsValid) { if (!_tokenManager.GenerateToken(model.UserName, EncryptHelper.CalculateMD5Hash(model.Password))) { ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword); return(Json(Resources.LoginResources.InvalidUserPassword)); } _IUseroApiConsumer.SetAuthHeader(_tokenManager.Token); // Call Validate User API for user Exists in application Spartan_User_Core UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Password = '******' COLLATE SQL_Latin1_General_CP1_CS_AS").Resource; if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count() > 0) { //return Json(string.Empty); if (UserDetails.Spartan_Users[0].Status == 1) { TTUsuario user = new TTUsuario { IdUsuario = Convert.ToInt16(UserDetails.Spartan_Users[0].Id_User), Nombre = Convert.ToString(UserDetails.Spartan_Users[0].Name), Clave_de_Acceso = UserDetails.Spartan_Users[0].Username, //Activo = UserDetails.Spartan_Users[0].Status }; SetAuthentication(UserDetails); //_authenticationService.SignIn(user, model.RememberMe); //Saving Credentials SessionHelper.UserCredential = new Spartane_Credential { Password = EncryptHelper.CalculateMD5Hash(model.Password), UserName = model.UserName, }; // save role id in session SessionHelper.Role = UserDetails.Spartan_Users[0].Role; // save role object in session SessionHelper.Sprtan_Role = new RoleSpartanUserRole { Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Id, Description = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Description, Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status, Status_Spartan_User_Role_Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status_Spartan_User_Role_Status, User_Role_Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id, }; Session["USERID"] = user.IdUsuario; Session["USERROLEID"] = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id; Session.Timeout = Convert.ToInt32(ConfigurationManager.AppSettings["SessionTimeOut"]); SessionHelper.Relogin = false; return(Json(string.Empty)); } else { ModelState.AddModelError("", Resources.LoginResources.DeactivateAccount); return(Json(Resources.LoginResources.DeactivateAccount)); } } else { ModelState.AddModelError("", Resources.LoginResources.InvalidPassword); return(Json(Resources.LoginResources.InvalidPassword)); } } return(Json("SessionExpired")); }
public ActionResult Login(LoginViewModel model, string returnUrl = "") { Session["BlockUser"] = null; if (ModelState.ContainsKey("LanguageList")) { ModelState["LanguageList"].Errors.Clear(); } if (ModelState.IsValid) { string passwordEncripted = EncryptHelper.CalculateMD5Hash(model.Password); if (!_tokenManager.GenerateToken(model.UserName, passwordEncripted)) { ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword); if (SessionHelper.Relogin) { return(Json(Resources.LoginResources.InvalidUserPassword)); } } _ISpartan_SettingsApiConsumer.SetAuthHeader(_tokenManager.Token); var FailedAttemptDB = _ISpartan_SettingsApiConsumer.GetByKey("FailedAttempts", false).Resource; int FailedAttempts = Convert.ToInt32(FailedAttemptDB.Valor); model.MaxFailedAttempts = FailedAttempts; if (Session["UserName"] != null && Session["UserName"].ToString() != model.UserName) { model.FailedAttempts = 1; } Session["UserName"] = model.UserName; _IUseroApiConsumer.SetAuthHeader(_tokenManager.Token); Spartan_Security_Log oSecurityLog = new Spartan_Security_Log(); var UsersByName = _IUseroApiConsumer.ListaSelAll(0, 10, "Spartan_User.Username = '******'", "").Resource; if (UsersByName.RowCount == 0) { ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword); model.LanguageList = GetLanguage(); SessionHelper.Relogin = false; return(View(model)); } // Call Validate User API for user Exists in application Spartan_User_Core UserDetails = _IUseroApiConsumer.ValidateUser(1, 10, "Username = '******' COLLATE SQL_Latin1_General_CP1_CS_AS And Password = '******' COLLATE SQL_Latin1_General_CP1_CS_AS").Resource; if (UserDetails.Spartan_Users != null && UserDetails.Spartan_Users.Count() > 0) { if (UserDetails.Spartan_Users[0].Status == 1) { var spartan_user = new Core.Domain.Spartan_User.Spartan_User { Id_User = UserDetails.Spartan_Users[0].Id_User, Name = UserDetails.Spartan_Users[0].Name, Password = UserDetails.Spartan_Users[0].Password }; TTUsuario user = new TTUsuario { IdUsuario = Convert.ToInt16(UserDetails.Spartan_Users[0].Id_User), Nombre = Convert.ToString(UserDetails.Spartan_Users[0].Name), Clave_de_Acceso = UserDetails.Spartan_Users[0].Username, //Activo = UserDetails.Spartan_Users[0].Status }; SetSecurityLogging(ref oSecurityLog, (short)Event_Type.Login, UserDetails.Spartan_Users[0].Id_User, UserDetails.Spartan_Users[0].Role, (short)Result_Type.Granted); int SecurityLogId = _ISpartanSecurityApiConsumer.Insert(oSecurityLog).Resource; SetAuthentication(UserDetails); //_authenticationService.SignIn(user, model.RememberMe); //Adding user Core entity Data SessionHelper.UserEntity = UserDetails.Spartan_Users[0]; //Getting User Image _ISpartane_FileApiConsumer.SetAuthHeader(_tokenManager.Token); var userImage = _ISpartane_FileApiConsumer.GetByKey(Convert.ToInt32(UserDetails.Spartan_Users[0].Image)) .Resource; if (userImage != null && userImage.File != null) { SessionHelper.UserImage = userImage.File; } Response.Cookies["UserSettings"]["SecurityLogId"] = SecurityLogId.ToString(); Spartan_Session_Log oSessionLog = new Spartan_Session_Log(); SetSessionLogging(ref oSessionLog, (short)Event_Type.Login, (short)Event_Type.Login, SecurityLogId, UserDetails.Spartan_Users[0].Id_User, UserDetails.Spartan_Users[0].Role, (short)Result_Type.Granted); _ISpartanSessionApiConsumer.Insert(oSessionLog); //Saving Credentials SessionHelper.UserCredential = new Spartane_Credential { Password = EncryptHelper.CalculateMD5Hash(model.Password), UserName = model.UserName, }; // save role id in session SessionHelper.Role = UserDetails.Spartan_Users[0].Role; // save role object in session SessionHelper.Sprtan_Role = new RoleSpartanUserRole { Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Id, Description = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Description, Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status, Status_Spartan_User_Role_Status = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.Status_Spartan_User_Role_Status, User_Role_Id = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id, }; Session["USERID"] = user.IdUsuario; Session["USERROLEID"] = UserDetails.Spartan_Users[0].Role_Spartan_User_Role.User_Role_Id; Session.Timeout = Convert.ToInt32(ConfigurationManager.AppSettings["SessionTimeOut"]); Session["LANGUAGEID"] = (model.SelectedLanguage.HasValue) ? model.SelectedLanguage.Value : 1; SessionHelper.Relogin = false; return(RedirectToLocal("~/Frontal/Home/Index")); } else { SetSecurityLogging(ref oSecurityLog, (short)Event_Type.Login, null, null, (short)Result_Type.Denied); _ISpartanSecurityApiConsumer.Insert(oSecurityLog); ModelState.AddModelError("", Resources.LoginResources.DeactivateAccount); if (SessionHelper.Relogin) { return(Json(Resources.LoginResources.DeactivateAccount)); } } } else { SetSecurityLogging(ref oSecurityLog, (short)Event_Type.Login, null, null, (short)Result_Type.Denied); _ISpartanSecurityApiConsumer.Insert(oSecurityLog); ModelState.AddModelError("", Resources.LoginResources.InvalidUserPassword); if (model.FailedAttempts < model.MaxFailedAttempts) { model.FailedAttempts = model.FailedAttempts + 1; } else { if (UsersByName.RowCount == 1) { var UserByName = UsersByName.Spartan_Users.First(); UserByName.Status = 2; int status = _IUseroApiConsumer.Update(UserByName, null, null).Resource; model.FailedAttempts = 1; } Session["BlockUser"] = true; } if (SessionHelper.Relogin) { return(Json(Resources.LoginResources.InvalidUserPassword)); } } } model.LanguageList = GetLanguage(); // If we got this far, something failed, redisplay form return(View(model)); }
public ActionResult ChangePassword(Spartan_User spartan_user) { if (!_tokenManager.GenerateToken()) { return(Json(null, JsonRequestBehavior.AllowGet)); } int userId = Convert.ToInt32(Session["USERID"]); _ISpartan_UserApiConsumer.SetAuthHeader(_tokenManager.Token); _ISpartan_ChangePasswordAutorizationApiConsumer.SetAuthHeader(_tokenManager.Token); var user = _ISpartan_UserApiConsumer.GetByKey(userId, false).Resource; if (Session["EstatusChangePassword"].ToString() == "0" || Session["EstatusChangePassword"].ToString() == "4") { Spartan_ChangePasswordAutorization newChange = new Spartan_ChangePasswordAutorization(); newChange.Estatus = 1; newChange.Fecha_de_Registro = DateTime.Now; newChange.Hora_de_Registro = DateTime.Now.Hour.ToString() + ":" + DateTime.Now.Minute.ToString(); newChange.Usuario = userId; newChange.Email = user.Email; var result = _ISpartan_ChangePasswordAutorizationApiConsumer.Insert(newChange, null, null).Resource; //SEND EMAIL TO ADMIN var usersAdmin = _ISpartan_UserApiConsumer.ListaSelAll(0, 10, "Spartan_User.Role = 1", "").Resource; List <string> to = new List <string>(); if (usersAdmin.RowCount > 0) { foreach (var userAdmin in usersAdmin.Spartan_Users) { to.Add(userAdmin.Email); } Helper.SendEmail(to, "Pedido de cambio de Password", "El usuario " + user.Name + " con ID=" + user.Id_User + " ha solicitado cambio de password."); } } else { _ISpartan_UserApiConsumer.SetAuthHeader(_tokenManager.Token); _ISpartan_User_Historical_PasswordApiConsumer.SetAuthHeader(_tokenManager.Token); var model = _ISpartan_UserApiConsumer.GetByKey(spartan_user.Id_User, false).Resource; model.Password = EncryptHelper.CalculateMD5Hash(spartan_user.Password); _ISpartan_UserApiConsumer.Update(model, null, null); _ISpartan_SettingsApiConsumer.SetAuthHeader(_tokenManager.Token); var ExpirationDaysDB = _ISpartan_SettingsApiConsumer.GetByKey("ExpirationDays", false).Resource; int ExpirationDays = Convert.ToInt32(ExpirationDaysDB.Valor); DateTime newDateExpiracion = DateTime.Now.AddDays(ExpirationDays); var fechaJSON = _ISpartaneQueryApiConsumer.ExecuteRawQuery("UPDATE Spartan_User SET Fecha_de_Expiracion = '" + newDateExpiracion.ToString("yyyy-MM-dd") + "' where Id_User="******"Spartan_ChangePasswordAutorization.Estatus=2", "").Resource; if (changes.RowCount > 0) { var lastChange = changes.Spartan_ChangePasswordAutorizations.First(); lastChange.Estatus = 4; var result = _ISpartan_ChangePasswordAutorizationApiConsumer.Update(lastChange, null, null).Resource; } //ADD TO HISTORICAL Spartan_User_Historical_Password newData = new Spartan_User_Historical_Password(); newData.Fecha_de_Registro = DateTime.Now; newData.Password = EncryptHelper.CalculateMD5Hash(spartan_user.Password); newData.Usuario = spartan_user.Id_User; var resultInsert = _ISpartan_User_Historical_PasswordApiConsumer.Insert(newData, null, null).Resource; } return(Redirect("~/")); }