protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
var status = AuthenticationStatus.Failed;
if (!String.IsNullOrEmpty(Username) && !String.IsNullOrEmpty(Password))
{
var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials {
LoginId = Username, Password = Password
});
_currentUser = result.User;
status = result.Status;
if (result.User != null)
{
switch (result.Status)
{
case AuthenticationStatus.Authenticated:
case AuthenticationStatus.AuthenticatedMustChangePassword:
case AuthenticationStatus.AuthenticatedWithOverridePassword:
case AuthenticationStatus.Deactivated:
_authenticationManager.LogIn(new HttpContextWrapper(HttpContext.Current), _currentUser, AuthenticationStatus.Authenticated);
break;
default:
_currentUser = null;
break;
}
}
}
if (_currentUser != null)
{
_userSessionsCommand.CreateUserLogin(new UserLogin {
UserId = _currentUser.Id, IpAddress = Request.UserHostAddress, AuthenticationStatus = status
});
// This specific page is like a vertical landing page, so set the context.
var vertical = _verticalsQuery.GetVertical(VerticalName);
if (vertical != null)
{
ActivityContext.Current.Set(vertical);
}
// Redirect to the appropriate page.
ReadOnlyUrl referrer = null;
var refParameter = Request.QueryString["ref"];
if (refParameter != null)
{
referrer = new ReadOnlyApplicationUrl(refParameter);
}
NavigationManager.Redirect(referrer ?? SearchRoutes.Search.GenerateUrl());
}
}
public ActionResult Account(Login loginModel, [Bind(Include = "RememberMe")] CheckBoxValue rememberMe)
{
try
{
// Process the post to check validations etc.
loginModel.RememberMe = rememberMe != null && rememberMe.IsChecked;
loginModel.Prepare();
loginModel.Validate();
Save(loginModel, new EmployerJoin(), false);
// Authenticate.
var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials {
LoginId = loginModel.LoginId, PasswordHash = LoginCredentials.HashToString(loginModel.Password)
});
switch (result.Status)
{
// Don't stop the user from purchasing if they need to change their password, they can do that next time they log in.
case AuthenticationStatus.Authenticated:
case AuthenticationStatus.AuthenticatedMustChangePassword:
case AuthenticationStatus.AuthenticatedWithOverridePassword:
// Log in.
_authenticationManager.LogIn(HttpContext, result.User, result.Status);
break;
default:
throw new AuthenticationFailedException();
}
// Go to the next page.
return(Next());
}
catch (UserException ex)
{
ModelState.AddModelError(ex, new NewOrderErrorHandler());
}
// Show the user the errors.
var coupon = GetCoupon(Pageflow.CouponId);
var order = PrepareOrder(Pageflow.ContactProductId, coupon, Pageflow.UseDiscount, Pageflow.CreditCard);
return(AccountView(order, loginModel, null, false));
}
private ActionResult ChangePassword(bool mustChange, ChangePasswordModel changePassword)
{
changePassword.MustChange = mustChange;
changePassword.IsAdministrator = CurrentRegisteredUser.UserType == UserType.Administrator;
try
{
// Make sure everything is in order.
changePassword.Validate();
// Check the current credentials.
var userId = CurrentRegisteredUser.Id;
var loginId = _loginCredentialsQuery.GetLoginId(userId);
var credentials = new LoginCredentials {
LoginId = loginId, Password = changePassword.Password
};
var result = _loginAuthenticationCommand.AuthenticateUser(credentials);
switch (result.Status)
{
case AuthenticationStatus.Failed:
throw new AuthenticationFailedException();
}
// Check that the password has been changed.
if (changePassword.Password == changePassword.NewPassword)
{
throw new ValidationErrorsException(new NotChangedValidationError("Password", ""));
}
// Change it.
_loginCredentialsCommand.ChangePassword(userId, credentials, changePassword.NewPassword);
// Redirect.
return(RedirectToUrlWithConfirmation(HttpContext.GetReturnUrl(), "Your password has been changed."));
}
catch (UserException ex)
{
ModelState.AddModelError(ex, new StandardErrorHandler());
}
return(View("ChangePassword", changePassword));
}
public void TestCreateUser()
{
// Create a member account.
const string userId = "*****@*****.**";
_memberAccountsCommand.CreateTestMember(userId, false);
// Authenticate the user, who is deactivated when first created.
var credentials = new LoginCredentials {
LoginId = userId, PasswordHash = LoginCredentials.HashToString("password")
};
Assert.AreEqual(AuthenticationStatus.Deactivated, _loginAuthenticationCommand.AuthenticateUser(credentials).Status);
var profile = _membersQuery.GetMember(userId);
Assert.IsNotNull(profile);
}
public ActionResult ChangePassword(ChangePasswordModel changePassword)
{
try
{
// Make sure everything is in order.
changePassword.Validate();
// Check the passed-in credentials.
var credentials = new LoginCredentials {
LoginId = changePassword.LoginId, Password = changePassword.Password
};
var result = _loginAuthenticationCommand.AuthenticateUser(credentials);
if (result.Status == AuthenticationStatus.Failed)
{
throw new AuthenticationFailedException();
}
// Check that the password has been changed.
if (changePassword.Password == changePassword.NewPassword)
{
throw new ValidationErrorsException(new NotChangedValidationError("Password", ""));
}
// Change it.
_loginCredentialsCommand.ChangePassword(result.User.Id, credentials, changePassword.NewPassword);
}
catch (UserException ex)
{
ModelState.AddModelError(ex, new StandardErrorHandler());
}
return(Json(new JsonResponseModel()));
}
public void ProcessLogin(bool usedRememberMe)
{
const string method = "ProcessLogin";
Page.Validate(LoginFormValidationGroup);
if (!Page.IsValid)
{
return;
}
string userId = UserId;
string password = Password;
if (userId.Length == 0 || password.Length == 0)
{
lblLoginMsg.Text = ValidationErrorMessages.LOGIN_ENTER_DATA;
phLoginMsg.Visible = true;
return;
}
var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials {
LoginId = userId, Password = password
});
_currentUser = result.User;
if (result.User != null)
{
switch (result.Status)
{
case AuthenticationStatus.AuthenticatedWithOverridePassword:
// Authenticated with the override password, so give them access to developer
// features as well (like viewing exception details).
_devAuthenticationManager.LogIn(HttpContext.Current);
goto case AuthenticationStatus.Authenticated;
case AuthenticationStatus.AuthenticatedMustChangePassword:
CompleteAuthenticatedLogin(result.Status, true);
break;
case AuthenticationStatus.Authenticated:
CompleteAuthenticatedLogin(result.Status, false);
break;
case AuthenticationStatus.Disabled:
CompleteDisabledLogin();
break;
case AuthenticationStatus.Deactivated:
// Employers and administrators should not be affected by this flag so try to let them through.
if (_currentUser is Employer || _currentUser is Administrator)
{
CompleteAuthenticatedLogin(result.Status, false);
}
else
{
CompleteDeactivatedLogin(result.Status);
}
break;
}
}
if (result.Status == AuthenticationStatus.Failed)
{
EventSource.Raise(Event.Trace, method, string.Format("User login has failed. LoginId = '{0}'", userId));
lblLoginMsg.Text = ValidationErrorMessages.LOGIN_FAILED_ONE_LINE;
phLoginMsg.Visible = true;
// POST requests from external forms will not populate txtUserId.
// This ensures it's populated when we bounce users after a failure.
if (Request.RequestType == "POST" && !IsPostBack)
{
txtUserId.Text = UserId;
}
SetFocusOnControl(txtPassword);
}
}
public ActionResult Account(Guid jobAdId, JobAdFeaturePack?featurePack, Login loginModel, [Bind(Include = "RememberMe")] CheckBoxValue rememberMe)
{
try
{
// Get the job ad.
var anonymousUser = CurrentAnonymousUser;
var jobAd = GetJobAd(anonymousUser.Id, jobAdId);
if (jobAd == null)
{
return(NotFound("job ad", "id", jobAdId));
}
// Process the post to check validations etc.
loginModel.RememberMe = rememberMe != null && rememberMe.IsChecked;
loginModel.Prepare();
loginModel.Validate();
// Authenticate.
var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials {
LoginId = loginModel.LoginId, PasswordHash = LoginCredentials.HashToString(loginModel.Password)
});
switch (result.Status)
{
// Don't stop the user from purchasing if they need to change their password, they can do that next time they log in.
case AuthenticationStatus.Authenticated:
case AuthenticationStatus.AuthenticatedMustChangePassword:
case AuthenticationStatus.AuthenticatedWithOverridePassword:
// Log in.
_authenticationManager.LogIn(HttpContext, result.User, result.Status);
break;
default:
throw new AuthenticationFailedException();
}
// Now that the user has logged in, transfer the job ad and publish it.
var employer = (IEmployer)result.User;
_employerJobAdsCommand.TransferJobAd(employer, jobAd);
return(CheckPublish(employer, jobAd, featurePack));
}
catch (UserException ex)
{
ModelState.AddModelError(ex, new StandardErrorHandler());
}
// Show the user the errors.
return(View(new AccountModel
{
Login = loginModel,
Join = new EmployerJoin(),
AcceptTerms = false,
Industries = _industriesQuery.GetIndustries()
}));
}
AuthenticationResult IAccountsManager.TryAutoLogIn(HttpContextBase context)
{
var credentials = _cookieManager.ParsePersistantUserCookie(context);
if (string.IsNullOrEmpty(credentials.LoginId) || string.IsNullOrEmpty(credentials.Password))
{
return new AuthenticationResult {
Status = AuthenticationStatus.Failed
}
}
;
// Authenticate.
var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials {
LoginId = credentials.LoginId, Password = credentials.Password
});
switch (result.Status)
{
case AuthenticationStatus.Authenticated:
// Automatically log in.
result.Status = AuthenticationStatus.AuthenticatedAutomatically;
_authenticationManager.LogIn(context, result.User, result.Status);
break;
default:
// If it didn't work then ensure the cookies are removed.
_cookieManager.DeletePersistantUserCookie(context);
break;
}
return(result);
}
AuthenticationResult IAccountsManager.LogIn(HttpContextBase context, Login login)
{
// Process the post to check validations etc.
login.Prepare();
login.Validate();
// Authenticate.
var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials {
LoginId = login.LoginId, PasswordHash = LoginCredentials.HashToString(login.Password)
});
switch (result.Status)
{
case AuthenticationStatus.Authenticated:
case AuthenticationStatus.AuthenticatedMustChangePassword:
case AuthenticationStatus.AuthenticatedWithOverridePassword:
case AuthenticationStatus.Deactivated:
// Log in.
_authenticationManager.LogIn(context, result.User, result.Status);
// Remember me.
if (login.RememberMe)
{
_cookieManager.CreatePersistantUserCookie(context, result.User.UserType, new LoginCredentials {
LoginId = login.LoginId, Password = login.Password
}, result.Status);
}
else
{
_cookieManager.DeletePersistantUserCookie(context);
}
// Vertical.
SetVertical(result.User);
break;
}
// Also log them in as a dev if they used the override password.
if (result.Status == AuthenticationStatus.AuthenticatedWithOverridePassword)
{
_devAuthenticationManager.LogIn(context);
}
return(result);
}
void IAccountsManager.LogOut(HttpContextBase context)
{
// Maintain the vertical.
Vertical vertical = null;
var verticalId = ActivityContext.Current.Vertical.Id;
if (verticalId != null)
{
vertical = _verticalsQuery.GetVertical(verticalId.Value);
}
// Clean out remember me and any external authentication cookie.
_cookieManager.DeletePersistantUserCookie(context);
_cookieManager.DeleteExternalCookie(context, vertical == null ? null : vertical.ExternalCookieDomain);
// Log out.
_authenticationManager.LogOut(context);
// Clean up the session but don't abandon it.
context.Session.Clear();
// Reset the vertical.
if (vertical != null)
{
ActivityContext.Current.Set(vertical);
}
}
Member IAccountsManager.Join(HttpContextBase context, MemberAccount account, AccountLoginCredentials accountCredentials, bool requiresActivation)
{
account.Prepare();
account.Validate();
accountCredentials.Prepare();
accountCredentials.Validate();
// Check for an existing login.
if (_loginCredentialsQuery.DoCredentialsExist(new LoginCredentials {
LoginId = accountCredentials.LoginId
}))
{
throw new DuplicateUserException();
}
// Create the member.
var member = CreateMember(account, requiresActivation);
var credentials = new LoginCredentials
{
LoginId = accountCredentials.LoginId,
PasswordHash = LoginCredentials.HashToString(accountCredentials.Password),
};
_memberAccountsCommand.CreateMember(member, credentials, GetMemberAffiliateId());
// Log the user in.
_authenticationManager.LogIn(context, member, AuthenticationStatus.Authenticated);
// Initialise.
_referralsManager.CreateReferral(context.Request, member.Id);
InitialiseMemberProfile(member.Id);
return(member);
}
Employer IAccountsManager.Join(HttpContextBase context, EmployerAccount account, AccountLoginCredentials accountCredentials)
{
accountCredentials.Prepare();
accountCredentials.Validate();
// Check for an existing login.
if (_loginCredentialsQuery.DoCredentialsExist(new LoginCredentials {
LoginId = accountCredentials.LoginId
}))
{
throw new DuplicateUserException();
}
return(Join(
context,
account,
e => _employerAccountsCommand.CreateEmployer(e, new LoginCredentials {
LoginId = accountCredentials.LoginId, PasswordHash = LoginCredentials.HashToString(accountCredentials.Password)
})));
}
Employer IAccountsManager.Join(HttpContextBase context, EmployerAccount account, LinkedInProfile profile)
{
return(Join(
context,
account,
e => _employerAccountsCommand.CreateEmployer(e, profile)));
}