public ActionResult Login(PartnerCredentialDTO credential)
{
if (ModelState.IsValid)
{
PartnerSessionBLL sessionBLL = new PartnerSessionBLL(WebApp.Connector);
PartnerSessionBLL.LoginResult result = sessionBLL.Login(credential, IPAddress.Parse(Request.UserHostAddress), false, out PartnerSessionDTO session);
switch (result)
{
case PartnerSessionBLL.LoginResult.OK:
Session.Abandon();
Response.Cookies.Add(new HttpCookie("Session", FormatHelper.FromArrayToHexString(session.Id)));
return(RedirectToAction("Home", "Management"));
case PartnerSessionBLL.LoginResult.AccountDoesntExist:
case PartnerSessionBLL.LoginResult.EmailAddressHasNotBeenVerified:
case PartnerSessionBLL.LoginResult.AccountIsLocked:
AddError("Username", result.ToString());
return(View(credential));
case PartnerSessionBLL.LoginResult.PasswordDoesntMatch:
AddError("Password", result.ToString());
return(View(credential));
default: return(BadRequest());
}
}
else
{
return(BadRequestWithErrors(credential));
}
}
public ActionResult SignupStep1(PartnerCredentialDTO credential)
{
if (ModelState.IsValid)
{
Session["Signup$Credential"] = credential;
return(RedirectToAction("SignupStep2"));
}
else
{
return(BadRequestWithErrors(credential));
}
}
public ActionResult SignupStep4(PartnerPreferencesDTO preferences)
{
if (ModelState.IsValid)
{
PartnerBLL partnerBLL = new PartnerBLL(WebApp.Connector)
{
EmailAddressVerificationSubject = LocalizationProvider["VerifyYourEmailAddress"],
EmailAddressVerificationTemplate = LocalizationProvider["EmailVerificationTemplate"]
};
PartnerDTO partner = new PartnerDTO();
PartnerCredentialDTO credential = Session["Signup$Credential"] as PartnerCredentialDTO;
PartnerPersonalInfoDTO personalInfo = Session["Signup$PersonalInfo"] as PartnerPersonalInfoDTO;
PartnerCompanyInfoDTO companyInfo = Session["Signup$CompanyInfo"] as PartnerCompanyInfoDTO;
partner.Join(credential);
partner.Join(personalInfo);
partner.Join(companyInfo);
partner.Join(preferences);
Uri requestUrl = Request.Url;
string baseUrl = new UriBuilder(requestUrl.Scheme, requestUrl.Host, requestUrl.Port).ToString();
PartnerBLL.SignupResult result = partnerBLL.Signup(partner, baseUrl, Url.Action("VerifyEmailAddress"));
switch (result)
{
case PartnerBLL.SignupResult.OK:
Session["Signup$Preferences"] = preferences;
return(RedirectToAction("VerifyEmailAddress"));
case PartnerBLL.SignupResult.UsernameAlreadyUsed:
TempData["Errors"] = new Dictionary <string, string>()
{
{ "Username", result.ToString() }
};
return(RedirectToAction("SignupStep1"));
case PartnerBLL.SignupResult.EmailAddressAlreadyUsed:
TempData["Errors"] = new Dictionary <string, string>()
{
{ "EmailAddress", result.ToString() }
};
return(RedirectToAction("SignupStep2"));
default: return(BadRequest());
}
}
else
{
return(BadRequestWithErrors(preferences));
}
}
public ActionResult SignupStep1()
{
PartnerCredentialDTO credential = Session["Signup$credential"] as PartnerCredentialDTO;
return(View(credential));
}
public LoginResult Login(PartnerCredentialDTO credential, IPAddress ipAddress, bool keepOpened, out PartnerSessionDTO session)
{
Connector.IsTransaction = true;
PartnerBLL partnerBLL = new PartnerBLL(Connector);
PartnerDTO partner = partnerBLL.ReadByUsername(credential.Username);
if (partner != null)
{
if (!partner.IsLocked)
{
byte[] credentialPassword = SHA512Hasher.Hash(credential.Password);
if (BinaryComparer.AreEqual(credentialPassword, partner.Password))
{
if (partner.HasEmailAddressBeenVerified)
{
DateTime loggedAt = DateTime.UtcNow;
session = new PartnerSessionDTO()
{
Partner = partner,
IPAddress = ipAddress,
LoggedAt = loggedAt
};
if (!keepOpened)
{
session.ExpiresOn = loggedAt.AddMinutes(16);
}
Create(session);
Connector.CommitTransaction();
return(LoginResult.OK);
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.EmailAddressHasNotBeenVerified);
}
}
else
{
PartnerLoginAttemptBLL loginAttemptBLL = new PartnerLoginAttemptBLL(Connector);
PartnerLoginAttemptDTO loginAttempt = new PartnerLoginAttemptDTO()
{
Partner = partner,
IPAddress = ipAddress
};
loginAttemptBLL.Create(loginAttempt);
Guid partnerId = partner.Id;
PartnerSessionDTO lastSession = ReadLastByPartner(partnerId);
List <PartnerLoginAttemptDTO> loginAttempts = loginAttemptBLL.ReadByPartnerAndTimeStampAsDate(partnerId, lastSession?.LoggedAt ?? DateTime.UtcNow.Date).ToList();
if (loginAttempts.Count >= 3)
{
partnerBLL.Update(partnerId, new Dictionary <string, object>()
{
{ "IsLocked", true }
});
}
Connector.CommitTransaction();
session = null;
return(LoginResult.PasswordDoesntMatch);
}
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.AccountIsLocked);
}
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.AccountDoesntExist);
}
}
