public virtual async Task <IActionResult> Login(string returnUrl = null)
{
if (AccountService.IsSignedIn(User))
{
return(this.RedirectToSiteRoot(CurrentSite));
}
returnUrl = IdentityServerIntegration.EnsureFolderSegmentIfNeeded(CurrentSite, returnUrl);
//identityserver integration point
var idProvider = await IdentityServerIntegration.GetAuthorizationContextAsync(returnUrl);
if (!string.IsNullOrEmpty(idProvider))
{
// if IdP is passed, then bypass showing the login screen
return(ExternalLogin(idProvider, returnUrl));
}
ViewData["Title"] = StringLocalizer["Log In"];
ViewData["ReturnUrl"] = returnUrl;
var model = new LoginViewModel();
var recaptchaKeys = await RecaptchaKeysProvider.GetKeys().ConfigureAwait(false);
if ((CurrentSite.CaptchaOnLogin) && (!string.IsNullOrEmpty(recaptchaKeys.PublicKey)))
{
model.RecaptchaSiteKey = recaptchaKeys.PublicKey;
model.UseInvisibleCaptcha = recaptchaKeys.Invisible;
}
model.UseEmailForLogin = CurrentSite.UseEmailForLogin;
model.LoginInfoTop = CurrentSite.LoginInfoTop;
model.LoginInfoBottom = CurrentSite.LoginInfoBottom;
var externalSchemes = await AccountService.GetExternalAuthenticationSchemes();
model.ExternalAuthenticationList = externalSchemes.ToList();
// don't disable db auth if there are no social auth providers configured
model.DisableDbAuth = CurrentSite.DisableDbAuth && CurrentSite.HasAnySocialAuthEnabled();
return(View(model));
}
public virtual async Task <IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
ViewData["Title"] = StringLocalizer["Log In"];
ViewData["ReturnUrl"] = returnUrl;
Analytics.HandleLoginSubmit("Onsite").Forget();
var recaptchaKeys = await RecaptchaKeysProvider.GetKeys().ConfigureAwait(false);
if ((CurrentSite.CaptchaOnLogin) && (!string.IsNullOrEmpty(recaptchaKeys.PublicKey)))
{
model.RecaptchaSiteKey = recaptchaKeys.PublicKey;
model.UseInvisibleCaptcha = recaptchaKeys.Invisible;
}
model.UseEmailForLogin = CurrentSite.UseEmailForLogin;
model.LoginInfoTop = CurrentSite.LoginInfoTop;
model.LoginInfoBottom = CurrentSite.LoginInfoBottom;
model.ExternalAuthenticationList = await AccountService.GetExternalAuthenticationSchemes();
// don't disable db auth if there are no social auth providers configured
model.DisableDbAuth = CurrentSite.DisableDbAuth && CurrentSite.HasAnySocialAuthEnabled();
if (!ModelState.IsValid)
{
var errors = ModelState.Keys.Where(k => ModelState[k].Errors.Count > 0).Select(k => new { propertyName = k, errorMessage = ModelState[k].Errors[0].ErrorMessage });
var trackedError = errors.FirstOrDefault().errorMessage;
Analytics.HandleLoginFail("Onsite", trackedError).Forget();
return(View(model));
}
if ((CurrentSite.CaptchaOnLogin) && (!string.IsNullOrEmpty(recaptchaKeys.PrivateKey)))
{
var captchaResponse = await RecaptchaServerSideValidator.ValidateRecaptcha(Request, CurrentSite.RecaptchaPrivateKey);
if (!captchaResponse.Success)
{
Analytics.HandleLoginFail("Onsite", "reCAPTCHA Error").Forget();
ModelState.AddModelError("recaptchaerror", StringLocalizer["reCAPTCHA Error occured. Please try again"]);
return(View(model));
}
}
var result = await AccountService.TryLogin(model);
if (result.SignInResult.Succeeded)
{
return(await HandleLoginSuccess(result, returnUrl));
}
foreach (var reason in result.RejectReasons)
{
//these reasons are not meant to be shown in the ui
// but we can log them so admin will see failed attempts in the log along with reasons
Log.LogWarning(reason);
}
if (result.SignInResult.IsNotAllowed)
{
return(await HandleLoginNotAllowed(result, returnUrl));
}
if (result.SignInResult.RequiresTwoFactor)
{
return(await HandleRequiresTwoFactor(result, returnUrl, model.RememberMe));
}
if (result.SignInResult.IsLockedOut)
{
return(await HandleLockout(result));
}
else
{
Analytics.HandleLoginFail("Onsite", StringLocalizer["Invalid login attempt."]).Forget();
Log.LogInformation($"login did not succeed for {model.Email}");
ModelState.AddModelError(string.Empty, StringLocalizer["Invalid login attempt."]);
return(View(model));
}
}