public ActionResult AppError(Exception exception, GStoreData.Exceptions.ErrorPage? errorPage, int? httpStatusCode) { if (exception == null) { throw new ArgumentNullException("Exception"); } if (!errorPage.HasValue) { throw new ArgumentNullException("ErrorPage"); } if (!httpStatusCode.HasValue) { throw new ArgumentNullException("httpStatusCode"); } TryDisplayErrorView(exception, errorPage.Value, httpStatusCode.Value, true); return null; }
public static bool ValidatePageUrl(this IGstoreDb db, GStoreData.ControllerBase.BaseController controller, string url, int storeFrontId, int clientId, int? currentPageId) { string urlField = (controller.ModelState.ContainsKey("PageEditViewModel_Url") ? "PageEditViewModel_Url" : "Url"); if (string.IsNullOrWhiteSpace(url)) { string errorMessage = "Url is required \n Please enter a url starting with /"; controller.ModelState.AddModelError(urlField, errorMessage); return false; } if (!url.StartsWith("/")) { string errorMessage = "Invalid Url: '" + url + "'. Url must start with a slash. Example / for home page or /Food"; controller.ModelState.AddModelError(urlField, errorMessage); return false; } if (url.Contains(" ")) { string errorMessage = "Invalid Url: '" + url + "'. Url Cannot have spaces. Be sure to remove spaces from Url. You may replace spaces with underscore _ "; controller.ModelState.AddModelError(urlField, errorMessage); return false; } if (url.Contains("?")) { string errorMessage = "Invalid Url: '" + url + "'. Url Cannot have a question Mark ? in it. You may might choose to replace it with an underscore _ or dash -"; controller.ModelState.AddModelError(urlField, errorMessage); return false; } if (url.Contains('~') || url.Contains('|') || url.Contains(':') || url.Contains("*") || url.Contains('\"') || url.Contains('<') || url.Contains('>')) { string errorMessage = "Invalid Url: '" + url + "'. These characters are not allowed in Urls. ~ | : * \\ < > . You might choose to replace these characters with underscore or dash -"; controller.ModelState.AddModelError(urlField, errorMessage); return false; } if (!System.Uri.IsWellFormedUriString("http://www.test.com" + url, UriKind.Absolute)) { string errorMessage = "Invalid Url: '" + url + "'. Url is not a valid URL. Example: /food or /food/page1"; controller.ModelState.AddModelError(urlField, errorMessage); return false; } string trimUrl = "/" + url.Trim().Trim('~').Trim('/').ToLower(); string[] blockedUrls = { "Account", "Blog", "BlogAdmin", "Bundles", "Category", "Catalog", "CatalogAdmin", "CatalogContent", "Cart", "Chat", "Checkout", "Content", "Edit", "Fonts", "GStore", "Images", "JS", "Notifications", "Order", "OrderAdmin", "Pages", "Products", "Profile", "Styles", "Scripts", "StoreAdmin", "ShareByEmail", "SubmitForm", "SystemAdmin", "Themes", "UpdatePageAjax", "UpdateSectionAjax", "View" }; foreach (string blockedUrl in blockedUrls) { if (trimUrl.StartsWith(blockedUrl.ToLower())) { string errorMessage = "Url '" + url + "' is invalid. Url cannot start with '" + blockedUrl + "' because the system already has built-in " + blockedUrl + " pages. \n Please choose a different url"; controller.ModelState.AddModelError(urlField, errorMessage); return false; } } if (Settings.AppEnableStoresVirtualFolders) { if (trimUrl.StartsWith("stores")) { string errorMessage = "Url '" + url + "' is invalid. Url cannot start with 'Stores' because the system already has built-in Stores pages. \n Please choose a different url"; controller.ModelState.AddModelError(urlField, errorMessage); return false; } } Page conflict = db.Pages.Where(p => p.ClientId == clientId && p.StoreFrontId == storeFrontId && p.Url.ToLower() == trimUrl && (p.PageId != currentPageId)).FirstOrDefault(); if (conflict == null) { return true; } string errorConflictMessage = "Url '" + url + "' is already in use for page '" + conflict.Name + "' [" + conflict.PageId + "] in Store Front '" + conflict.StoreFront.CurrentConfig().Name.ToHtml() + "' [" + conflict.StoreFrontId + "]. \n You must enter a unique Url or change the conflicting page Url."; controller.ModelState.AddModelError(urlField, errorConflictMessage); return false; }
public static void SetBasicFields(this Models.BaseClasses.EventLogBase record, HttpContextBase httpContext, RouteData routeData, string source, string message, bool anonymous, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string siteId = httpContext.ApplicationInstance.Server.MachineName + ":" + System.Web.Hosting.HostingEnvironment.SiteName + httpContext.Request.ApplicationPath; record.StartDateTimeUtc = DateTime.UtcNow; record.EndDateTimeUtc = DateTime.UtcNow; if (controller != null) { try { record.StoreFrontId = controller.CurrentStoreFrontIdOrNull; } catch (Exception) { record.StoreFrontId = null; } try { record.ClientId = controller.CurrentClientIdOrNull; } catch (Exception) { record.ClientId = null; } } if (routeData != null) { if (routeData.DataTokens.ContainsKey("area")) { record.Area = routeData.DataTokens["area"].ToString(); } record.Controller = routeData.Values["controller"].ToString(); record.ActionName = routeData.Values["action"].ToString(); record.ActionParameters = string.Empty; bool isFirst = true; foreach (var item in routeData.Values) { if (!isFirst) { record.ActionParameters += ", "; } record.ActionParameters += item.Key + " = " + item.Value; isFirst = false; } } else { record.Controller = string.Empty; record.ActionName = string.Empty; record.ActionParameters = string.Empty; } record.ServerName = httpContext.Server.MachineName; record.ApplicationPath = httpContext.Request.ApplicationPath; record.HostName = httpContext.Request.Url.Host; record.HttpMethod = httpContext.Request.HttpMethod; record.IsSecureConnection = httpContext.Request.IsSecureConnection; record.UserHostAddress = httpContext.Request.UserHostAddress; record.UrlReferrer = (httpContext.Request.UrlReferrer == null ? "" : httpContext.Request.UrlReferrer.ToString()); record.UserAgent = httpContext.Request.UserAgent; record.RawUrl = httpContext.Request.RawUrl; record.Url = httpContext.Request.Url.ToString(); record.Querystring = httpContext.Request.QueryString.ToString(); record.Source = source; record.Message = message; record.Anonymous = anonymous; record.SessionId = httpContext.Session.SessionID; if (profile == null) { record.UserId = null; record.UserName = null; record.UserProfileId = null; record.FullName = null; } else { record.UserId = profile.UserId; record.UserName = profile.UserName; record.UserProfileId = profile.UserProfileId; record.FullName = profile.FullName; } }
public static SystemEvent LogSystemEvent(this IGstoreDb ctx, HttpContextBase httpContext, RouteData routeData, string source, SystemEventLevel level, string message, string exceptionMessage, string baseExceptionMessage, string baseExceptionToString, GStoreData.ControllerBase.BaseController controller) { IGstoreDb newctx = ctx.NewContext(); SystemEvent newEvent = newEvent = newctx.SystemEvents.Create(); newEvent.SetBasicFields(httpContext, routeData, source, message, !httpContext.User.IsRegistered(), ctx.GetCurrentUserProfile(false, false), controller); newEvent.Level = (int)level; newEvent.LevelText = level.ToString(); newEvent.ExceptionMessage = exceptionMessage; newEvent.BaseExceptionMessage = baseExceptionMessage; newEvent.BaseExceptionToString = baseExceptionToString; string simpleInfo = newEvent.SimpleInfo(); System.Diagnostics.Trace.Indent(); System.Diagnostics.Trace.WriteLine("--System Event: " + newEvent.SimpleInfo()); System.Diagnostics.Trace.Unindent(); if (Settings.AppLogSystemEventsToDb) { try { newctx.SystemEvents.Add(newEvent); newctx.SaveChanges(); } catch (Exception ex) { //can't save to database, attempt save to file ex.LogToFile(httpContext, routeData); newEvent.LogToFile(httpContext); } } if (Settings.AppLogSystemEventsToFile) { newEvent.LogToFile(httpContext); } return newEvent; }
public static void LogSecurityEvent_VerificationCodeSuccess(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string code, string provider, string returnUrl, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "Verification code confirmed: " + code + " Provider: " + provider + " ReturnUrl: " + returnUrl; if (profile != null) { message += " \n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId; } ctx.LogSecurityEvent(mvcHttpContext, routeData, "Verification Code Success", SecurityEventLevel.VerificationCodeSuccess, true, true, "(unknown)", profile, message, controller); }
public static void LogSecurityEvent_PasswordResetSuccess(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string email, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "Password reset successfully for User Email: " + email; if (profile != null) { message += " \n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId; } ctx.LogSecurityEvent(mvcHttpContext, routeData, "Password Reset Success", SecurityEventLevel.PasswordResetSuccess, true, false, email, profile, message, controller); }
public static void LogSecurityEvent_PasswordResetFailed(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string email, IEnumerable<string> resultErrors, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "Password reset failed for User Email: " + email; foreach (string error in resultErrors) { message += " \n-Error: " + error; } if (profile != null) { message += " \n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId; } ctx.LogSecurityEvent(mvcHttpContext, routeData, "Password Reset Failed", SecurityEventLevel.PasswordResetFailed, false, true, email, profile, message, controller); }
public static void LogSecurityEvent_LogOff(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "LogOff for " + mvcHttpContext.User.Identity.Name + " \n\n-Email: " + mvcHttpContext.User.Identity.Name + " \n-Name: " + mvcHttpContext.User.Identity.Name + " \n-UserId: " + mvcHttpContext.User.Identity.Name + " \n-UserProfileId: " + mvcHttpContext.User.Identity.Name; if (profile != null) { message = "LogOff for " + profile.UserName + " \n\n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId; } ctx.LogSecurityEvent(mvcHttpContext, routeData, "LogOff", SecurityEventLevel.LogOff, true, false, mvcHttpContext.User.Identity.Name, profile, message, controller); }
public static void LogSecurityEvent_EmailConfirmFailed(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string userId, string codeAttempted, IEnumerable<string> resultErrors, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "Email Confirm Failed for User: "******" Code : " + codeAttempted; foreach (string error in resultErrors) { message += " \n-Error: " + error; } if (profile != null) { message += " \n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId; } ctx.LogSecurityEvent(mvcHttpContext, routeData, "Email Confirmed", SecurityEventLevel.EmailConfirmFailed, false, false, userId, profile, message, controller); }
public static SecurityEvent LogSecurityEvent(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string source, SecurityEventLevel level, bool success, bool anonymous, string userName, UserProfile profile, string message, GStoreData.ControllerBase.BaseController controller) { IGstoreDb newctx = ctx.NewContext(userName); SecurityEvent newEvent = newctx.SecurityEvents.Create(); newEvent.SetBasicFields(mvcHttpContext, routeData, source, message, anonymous, profile, controller); newEvent.Level = (int)level; newEvent.LevelText = level.ToString(); newEvent.Success = success; string simpleInfo = newEvent.SimpleInfo(); System.Diagnostics.Trace.Indent(); System.Diagnostics.Trace.WriteLine("--Security Event: " + newEvent.SimpleInfo()); System.Diagnostics.Trace.Unindent(); if (Settings.AppLogSecurityEventsToDb) { try { newctx.SecurityEvents.Add(newEvent); newctx.SaveChanges(); } catch (Exception ex) { //can't save to database, attempt save to file ex.LogToFile(mvcHttpContext, routeData); newEvent.LogToFile(mvcHttpContext); } } if (Settings.AppLogSecurityEventsToFile) { newEvent.LogToFile(mvcHttpContext); } return newEvent; }
public static FileNotFoundLog LogFileNotFound(this IGstoreDb ctx, HttpContextBase httpContext, RouteData routeData, GStoreData.ControllerBase.BaseController controller) { IGstoreDb newctx = ctx.NewContext(); FileNotFoundLog newLog = newctx.FileNotFoundLogs.Create(); string message = "404 File Not Found: " + httpContext.Request.RawUrl; string source = "App"; if (routeData != null) { source = routeData.ToSourceString(); } newLog.SetBasicFields(httpContext, routeData, source, message, !httpContext.User.IsRegistered(), ctx.GetCurrentUserProfile(false, false), controller); string simpleInfo = newLog.SimpleInfo(); System.Diagnostics.Trace.Indent(); System.Diagnostics.Trace.WriteLine("--File Not Found Event: " + newLog.SimpleInfo()); System.Diagnostics.Trace.Unindent(); if (Settings.AppLogFileNotFoundEventsToDb) { try { newctx.FileNotFoundLogs.Add(newLog); newctx.SaveChanges(); } catch (Exception ex) { //can't save to database, attempt save to file ex.LogToFile(httpContext, routeData); newLog.LogToFile(httpContext); } } if (Settings.AppLogFileNotFoundEventsToFile) { newLog.LogToFile(httpContext); } return newLog; }
public static Page CreateAutoHomePage(this IGstoreDb db, HttpRequestBase request, StoreFrontConfiguration storeFrontConfig, GStoreData.ControllerBase.BaseController baseController) { if (db == null) { throw new ArgumentNullException("db"); } if (request == null) { throw new ArgumentNullException("request"); } if (baseController == null) { throw new ArgumentNullException("baseController"); } if (storeFrontConfig == null) { throw new ArgumentNullException("storeFrontConfig"); } UserProfile userProfile = db.SeedAutoMapUserBestGuess(); db.CachedStoreFront = null; db.CachedUserProfile = userProfile; db.UserName = userProfile.UserName; PageTemplate pageTemplate = null; if (!db.PageTemplates.IsEmpty()) { pageTemplate = db.PageTemplates.Where(pt => pt.ClientId == storeFrontConfig.ClientId).ApplyDefaultSort().FirstOrDefault(); } else { //no page templates in database, create seed one pageTemplate = db.CreateSeedPageTemplate(Settings.AppDefaultPageTemplateName, Settings.AppDefaultPageTemplateViewName, storeFrontConfig.Client); } Page page = db.CreateSeedPage(storeFrontConfig.Name, storeFrontConfig.Name, "/", 1000, storeFrontConfig, pageTemplate, true); string message = "--Auto-Created Home Page for StoreFront '" + storeFrontConfig.Name + "' [" + storeFrontConfig.StoreFrontId + "]" + " For HostName: " + request.BindingHostName() + " Port: " + request.BindingPort() + " RootPath: " + request.BindingRootPath() + " From RawUrl: " + request.RawUrl + " QueryString: " + request.QueryString + " ContentLength: " + request.ContentLength + " HTTPMethod: " + request.HttpMethod + " Client IP: " + request.UserHostAddress; System.Diagnostics.Trace.WriteLine(message); EventLogExtensions.LogSystemEvent(db, baseController.HttpContext, baseController.RouteData, baseController.RouteData.ToSourceString(), SystemEventLevel.Information, message, string.Empty, string.Empty, string.Empty, baseController); return page; }
public static StoreBinding CreatAutoMapStoreBindingToCurrentUrl(this IGstoreDb storeDb, GStoreData.ControllerBase.BaseController baseController) { if (HttpContext.Current == null) { throw new ApplicationException("Cannot create auto-map binding when HttpContext.Current is null"); } HttpRequestBase request = baseController.Request; UserProfile profile = storeDb.SeedAutoMapUserBestGuess(); StoreFrontConfiguration storeFrontConfig = storeDb.SeedAutoMapStoreFrontConfigBestGuess(); IGstoreDb systemDb = storeDb.NewContext(profile.UserName, storeFrontConfig.StoreFront, storeFrontConfig, profile); StoreBinding binding = systemDb.CreateSeedStoreBindingToCurrentUrl(storeFrontConfig); string message = "--Bindings auto-mapped to StoreFront '" + binding.StoreFront.CurrentConfigOrAny().Name + "' [" + binding.StoreFront.StoreFrontId + "]" + " For HostName: " + binding.HostName + " Port: " + binding.Port + " RootPath: " + binding.RootPath + " UseUrlStoreName: " + binding.UseUrlStoreName.ToString() + " UrlStoreName: " + binding.UrlStoreName.ToString() + " From RawUrl: " + request.RawUrl + " QueryString: " + request.QueryString + " ContentLength: " + request.ContentLength + " HTTPMethod: " + request.HttpMethod + " Client IP: " + request.UserHostAddress; System.Diagnostics.Trace.WriteLine(message); EventLogExtensions.LogSystemEvent(systemDb, baseController.HttpContext, baseController.RouteData, baseController.RouteData.ToSourceString(), SystemEventLevel.Information, message, string.Empty, string.Empty, string.Empty, baseController); return binding; }
public static bool ValidateWebFormName(this IGstoreDb db, GStoreData.ControllerBase.BaseController controller, string name, int clientId, int? currentWebFormId) { string nameField = "Name"; if (string.IsNullOrWhiteSpace(name)) { controller.ModelState.AddModelError(nameField, "Name is required. Please enter a name for this web form."); return false; } WebForm conflict = db.WebForms.Where(wf => wf.ClientId == clientId && wf.Name.ToLower() == name && (wf.WebFormId != currentWebFormId)).FirstOrDefault(); if (conflict == null) { return true; } string errorConflictMessage = "Name '" + name + "' is already in use for Web Form '" + conflict.Name + "' [" + conflict.WebFormId + "] in Client '" + conflict.Client.Name.ToHtml() + "' [" + conflict.ClientId + "]. \n You must enter a unique Name or change the conflicting Web Form name."; controller.ModelState.AddModelError(nameField, errorConflictMessage); return false; }
public static bool ValidateValueListName(this IGstoreDb db, GStoreData.ControllerBase.BaseController controller, string name, int clientId, int? currentValueListId) { string nameField = "Name"; if (string.IsNullOrWhiteSpace(name)) { string errorMessage = "Name is required \n Please enter a unique name for this Value List"; controller.ModelState.AddModelError(nameField, errorMessage); return false; } ValueList conflict = db.ValueLists.Where(p => p.ClientId == clientId && p.Name.ToLower() == name.ToLower() && (p.ValueListId != currentValueListId)).FirstOrDefault(); if (conflict == null) { return true; } string errorConflictMessage = "Name '" + name + "' is already in use for Value List '" + conflict.Name + "' [" + conflict.ValueListId + "] in Client '" + conflict.Client.Name.ToHtml() + "' [" + conflict.ClientId + "]. \n You must enter a unique Name or change the conflicting Value List Name."; controller.ModelState.AddModelError(nameField, errorConflictMessage); return false; }
public static void LogSecurityEvent_LoginNeedsVerification(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string login, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "Login needs email or phone verification for account: " + login; if (profile != null) { message += " \n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId + " \n-LastLogonDateTimeUtc: " + profile.LastLogonDateTimeUtc + " \n-Failed Attempts: " + profile.AspNetIdentityUser().AccessFailedCount + " \n-Locked Out: " + profile.AspNetIdentityUser().LockoutEndDateUtc.HasValue.ToString(); if (profile.AspNetIdentityUser().LockoutEndDateUtc.HasValue) { message += " \n-Locked Out Until: " + profile.AspNetIdentityUser().LockoutEndDateUtc; } } ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Needs Verification", SecurityEventLevel.LoginNeedsVerification, true, false, login, profile, message, controller); }
public static void LogSecurityEvent_LoginSuccess(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "Login success for " + profile.UserName + " \n\n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId; ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Success", SecurityEventLevel.LoginSuccess, true, false, profile.UserName, profile, message, controller); }
public static void LogSecurityEvent_EmailConfirmFailedUserNotFound(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string userNameAttempted, string codeAttempted, GStoreData.ControllerBase.BaseController controller) { string message = "Email Confirm Failed. Unknown user: "******" Code: " + codeAttempted; ctx.LogSecurityEvent(mvcHttpContext, routeData, "Email Confirmed", SecurityEventLevel.EmailConfirmFailedUnknownUser, false, true, userNameAttempted, null, message, controller); }
public static void LogSecurityEvent_NewRegister(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "New user signup: " + profile.UserName; if (profile != null) { message += " \n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId; } ctx.LogSecurityEvent(mvcHttpContext, routeData, "New User Registration", SecurityEventLevel.NewRegister, true, false, profile.UserName, profile, message, controller); }
public static void LogSecurityEvent_ForgotPasswordEmailNotFound(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string email, GStoreData.ControllerBase.BaseController controller) { string message = "Forgot Password Failed. No user with Email: " + email; ctx.LogSecurityEvent(mvcHttpContext, routeData, "Forgot Password Failed Unknown User", SecurityEventLevel.ForgotPasswordFailedUnknownUser, false, true, email, null, message, controller); }
public static void LogSecurityEvent_PasswordResetFailedUnknownUser(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string email, GStoreData.ControllerBase.BaseController controller) { string message = "Password reset invalid. No user with Email: " + email; ctx.LogSecurityEvent(mvcHttpContext, routeData, "Password Reset Failed Unknown User", SecurityEventLevel.PasswordResetFailedUnknownUser, false, true, email, null, message, controller); }
public static void LogSecurityEvent_ForgotPasswordProfileNotFound(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string email, GStoreData.ControllerBase.BaseController controller) { string message = "Forgot Password Failed. User Profile not found for Email: " + email; ctx.LogSecurityEvent(mvcHttpContext, routeData, "Forgot Password Failed Profile Not Found", SecurityEventLevel.ForgotPasswordFailedProfileNotFound, false, true, email, null, message, controller); }
public static void LogSecurityEvent_PhoneConfirmed(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string phoneNumber, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "Phone Confirmed for user: "******" Phone: " + phoneNumber; if (profile != null) { message += " \n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId; } ctx.LogSecurityEvent(mvcHttpContext, routeData, "Phone Confirmed", SecurityEventLevel.PhoneConfirmed, true, false, profile.UserName, profile, message, controller); }
public static void LogSecurityEvent_LoginFailed(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string loginAttempted, string passwordAttempted, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "Login failed for logon: " + loginAttempted + " \n\n-" + (profile == null ? "Unknown user" : "Existing user") + " \n-Password attempted: " + passwordAttempted; if (profile != null) { message += " \n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId + " \n-LastLogonDateTimeUtc: " + profile.LastLogonDateTimeUtc + " \n-Failed Attempts: " + profile.AspNetIdentityUser().AccessFailedCount + " \n-Locked Out: " + profile.AspNetIdentityUser().LockoutEndDateUtc.HasValue.ToString(); if (profile.AspNetIdentityUser().LockoutEndDateUtc.HasValue) { message += " \n-Locked Out Until: " + profile.AspNetIdentityUser().LockoutEndDateUtc; } } ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Failed", SecurityEventLevel.LoginFailure, false, true, loginAttempted, profile, message, controller); }
public static SmsSent LogSmsSent(this IGstoreDb ctx, HttpContextBase httpContext, RouteData routeData, GStoreData.ControllerBase.BaseController controller, string toPhone, string fromPhone, string textBody, string textSignature, bool success, string exceptionString) { IGstoreDb newctx = ctx.NewContext(); SmsSent newLog = newctx.SmssSent.Create(); string message = "Sms sent to '" + toPhone + "' from '" + fromPhone +"'"; string source = "App"; if (routeData != null) { source = routeData.ToSourceString(); } newLog.SetBasicFields(httpContext, routeData, source, message, !httpContext.User.IsRegistered(), ctx.GetCurrentUserProfile(false, false), controller); newLog.ToPhone = toPhone.OrDefault("(blank)"); newLog.FromPhone = fromPhone.OrDefault("(blank)"); newLog.TextBody = textBody.OrDefault("(blank)"); newLog.TextSignature = textSignature; newLog.Success = success; newLog.ExceptionString = exceptionString; string simpleInfo = newLog.SimpleInfo(); System.Diagnostics.Trace.Indent(); System.Diagnostics.Trace.WriteLine("--Sms Sent Event: " + newLog.SimpleInfo()); System.Diagnostics.Trace.Unindent(); if (Settings.AppLogSmsSentToDb) { try { newctx.SmssSent.Add(newLog); newctx.SaveChanges(); } catch (Exception ex) { //can't save to database, attempt save to file ex.LogToFile(httpContext, routeData); newLog.LogToFile(httpContext); } } if (Settings.AppLogSmsSentToFile) { newLog.LogToFile(httpContext); } return newLog; }
public static void LogSecurityEvent_LoginFailedNoStoreFront(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "Post Login check failed, No Store Front Found. Logon: " + profile.UserName + " \n\n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId; ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Failed No StoreFront", SecurityEventLevel.LoginFailureNoStoreFront, false, false, profile.UserName, profile, message, controller); }
public static UserActionEvent LogUserActionEvent(this IGstoreDb ctx, HttpContextBase httpContext, RouteData routeData, GStoreData.ControllerBase.BaseController controller, UserActionCategoryEnum category, UserActionActionEnum action, string label, bool success, int? cartId = null, string categoryUrlName = null, string discountCode = null, string emailAddress = null, int? notificationId = null, string orderNumber = null, int? orderItemId = null, int? pageId = null, string productUrlName = null, string productBundleUrlName = null, int? blogId = null, int? blogEntryId = null, string smsPhone = null, string uploadFileName = null) { if (!Settings.AppEnableUserActionLog) { return null; } IGstoreDb newctx = ctx.NewContext(); UserActionEvent newEvent = newctx.UserActionEvents.Create(); string source = routeData.ToSourceString(); string message = "User Action Event" + " \n-Category: " + category.ToString() + " \n-Action: " + action.ToString() + " \n-Label: " + label.ToString() + " \n-Success: " + success.ToString(); newEvent.SetBasicFields(httpContext, routeData, source, message, !httpContext.User.IsRegistered(), newctx.GetCurrentUserProfile(false, false), controller); newEvent.CartId = cartId; newEvent.Category = category; newEvent.CategoryUrlName = categoryUrlName; newEvent.DiscountCode = discountCode; newEvent.EmailAddress = emailAddress; newEvent.Label = label; newEvent.BlogId = blogId; newEvent.BlogEntryId = blogEntryId; newEvent.NotificationId = notificationId; newEvent.OrderNumber = orderNumber; newEvent.OrderItemId = orderItemId; newEvent.PageId = pageId; newEvent.ProductUrlName = productUrlName; newEvent.ProductBundleUrlName = productBundleUrlName; newEvent.SmsPhone = smsPhone; newEvent.Success = success; newEvent.UploadFileName = uploadFileName; newEvent.Action = action; newEvent.Label = label; string simpleInfo = newEvent.SimpleInfo(); System.Diagnostics.Trace.Indent(); System.Diagnostics.Trace.WriteLine("--User Action Event: " + newEvent.SimpleInfo()); System.Diagnostics.Trace.Unindent(); if (Settings.AppLogUserActionEventsToDb) { try { newctx.UserActionEvents.Add(newEvent); newctx.SaveChanges(); } catch (Exception ex) { //can't save to database, attempt save to file ex.LogToFile(httpContext, routeData); newEvent.LogToFile(httpContext); } } if (Settings.AppLogUserActionEventsToFile) { newEvent.LogToFile(httpContext); } return newEvent; }
public static void LogSecurityEvent_LoginFailedNoStoreFrontConfig(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, int storeFrontId, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "Post Login check failed, No Configuration was found for Store Front Id [" + storeFrontId + "]. Logon: " + profile.UserName + " \n\n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId; ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Failed StoreFrontConfigInactive", SecurityEventLevel.LoginFailureNoStoreFrontConfig, false, false, profile.UserName, profile, message, controller); }
public static void LogSecurityEvent_LoginFailedStoreFrontInactive(this IGstoreDb ctx, HttpContextBase mvcHttpContext, RouteData routeData, string storeFrontName, int storeFrontId, UserProfile profile, GStoreData.ControllerBase.BaseController controller) { string message = "Post Login check failed, Store Front '" + storeFrontName + "' [" + storeFrontId + "] is Inactive. Logon: " + profile.UserName + " \n\n-Email: " + profile.Email + " \n-Name: " + profile.FullName + " \n-UserId: " + profile.UserId + " \n-UserProfileId: " + profile.UserProfileId; ctx.LogSecurityEvent(mvcHttpContext, routeData, "Login Failed StoreFrontInactive", SecurityEventLevel.LoginFailureStoreFrontInactive, false, false, profile.UserName, profile, message, controller); }
public static Page UpdatePage(this IGstoreDb db, ViewModels.PageEditViewModel viewModel, GStoreData.ControllerBase.BaseController controller, StoreFront storeFront, UserProfile userProfile) { //find existing record, update it bool templateChanged = false; Page page = storeFront.Pages.SingleOrDefault(p => p.PageId == viewModel.PageId); if (page == null) { throw new ApplicationException("Page not found in storefront pages. PageId: " + viewModel.PageId); } page.BodyBottomScriptTag = viewModel.BodyBottomScriptTag; page.BodyTopScriptTag = viewModel.BodyTopScriptTag; page.EndDateTimeUtc = viewModel.EndDateTimeUtc; page.ForAnonymousOnly = viewModel.ForAnonymousOnly; page.ForRegisteredOnly = viewModel.ForRegisteredOnly; page.IsPending = viewModel.IsPending; page.MetaDescription = viewModel.MetaDescription; page.MetaKeywords = viewModel.MetaKeywords; page.MetaApplicationName = viewModel.MetaApplicationName; page.MetaApplicationTileColor = viewModel.MetaApplicationTileColor; page.Name = viewModel.Name; page.Order = viewModel.Order; page.PageTitle = viewModel.PageTitle; page.StartDateTimeUtc = viewModel.StartDateTimeUtc; page.ThemeId = viewModel.ThemeId; page.Url = viewModel.Url; if (page.PageTemplateId != viewModel.PageTemplateId) { if (controller != null) { controller.AddUserMessage("Page Template Changed", "Page Template has been changed. Be sure to edit the new template sections for template '" + page.PageTemplate.Name.ToHtml() + "' [" + page.PageTemplateId + "].", AppHtmlHelpers.UserMessageType.Info); } page.PageTemplateId = viewModel.PageTemplateId; templateChanged = true; } page.WebFormId = viewModel.WebFormId; page.WebFormSaveToDatabase = viewModel.WebFormSaveToDatabase; page.WebFormSaveToFile = viewModel.WebFormSaveToFile; page.WebFormSendToEmail = viewModel.WebFormSendToEmail; page.WebFormEmailToAddress = viewModel.WebFormEmailToAddress; page.WebFormEmailToName = viewModel.WebFormEmailToName; page.WebFormSuccessPageId = viewModel.WebFormSuccessPageId; page.WebFormThankYouTitle = viewModel.WebFormThankYouTitle; page.WebFormThankYouMessage = viewModel.WebFormThankYouMessage; page.WebFormSaveToDatabase = viewModel.WebFormSaveToDatabase; db.Pages.Update(page); db.SaveChanges(); int variablesUpdated = 0; int variablesCreated = 0; if (!templateChanged && viewModel.Variables != null && viewModel.Variables.Count != 0) { foreach (PageVariableEditViewModel variable in viewModel.Variables) { if (!variable.PageSectionId.HasValue) { PageSection newVariable = db.CreatePageVariable(variable, storeFront, userProfile); variablesCreated++; } else { PageSection updatedVariable = db.UpdatePageVariable(variable, storeFront, userProfile); variablesUpdated++; } } } return page; }