private static UserValidationResult ValidateUserBeforeLogin(string userName, string url, User user, bool userExists, int failedPasswordCount = 0, bool impersonating = false)
{
var maxInvalidPasswordAttempts = CMSMembershipProvider.provider.MaxInvalidPasswordAttempts;
const string DEFAULT_PROBLEM = "There is a problem with your username and password combination. If you are using your email address, it must match the one we have on record. Try again or use one of the links below.";
if (user == null && userExists)
{
DbUtil.LogActivity($"failed password #{failedPasswordCount} by {userName}");
if (failedPasswordCount == maxInvalidPasswordAttempts)
{
return(UserValidationResult.Invalid(UserValidationStatus.TooManyFailedPasswordAttempts,
"Your account has been locked out for too many failed attempts, use the forgot password link, or notify an Admin"));
}
return(UserValidationResult.Invalid(UserValidationStatus.IncorrectPassword, DEFAULT_PROBLEM));
}
if (user == null)
{
DbUtil.LogActivity("attempt to login by non-user " + userName);
return(UserValidationResult.Invalid(UserValidationStatus.NoUserFound, DEFAULT_PROBLEM));
}
if (user.IsLockedOut)
{
NotifyAdmins($"{userName} locked out #{user.FailedPasswordAttemptCount} on {url}",
$"{userName} tried to login at {Util.Now} but is locked out");
return(UserValidationResult.Invalid(UserValidationStatus.LockedOut,
$"Your account has been locked out for {maxInvalidPasswordAttempts} failed attempts in a short window of time, please use the forgot password link or notify an Admin"));
}
if (!user.IsApproved)
{
NotifyAdmins($"unapproved user {userName} logging in on {url}",
$"{userName} tried to login at {Util.Now} but is not approved");
return(UserValidationResult.Invalid(UserValidationStatus.UserNotApproved, DEFAULT_PROBLEM));
}
if (impersonating)
{
if (user.Roles.Contains("Finance"))
{
NotifyAdmins($"cannot impersonate Finance user {userName} on {url}",
$"{userName} tried to login at {Util.Now}");
return(UserValidationResult.Invalid(UserValidationStatus.CannotImpersonateFinanceUser, DEFAULT_PROBLEM));
}
}
if (user.Roles.Contains("APIOnly"))
{
return(UserValidationResult.Invalid(UserValidationStatus.NoUserFound,
"Api User is limited to API use only, no interactive login allowed."));
}
return(UserValidationResult.Valid(user));
}
public static UserValidationResult ResetSessionExpiration(string sessionToken)
{
if (string.IsNullOrEmpty(sessionToken))
{
return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null));
}
//throw new ArgumentNullException("sessionToken");
var userStatus = AuthenticateMobile(requirePin: true);
if (userStatus.Status == UserValidationStatus.Success ||
userStatus.Status == UserValidationStatus.PinExpired ||
userStatus.Status == UserValidationStatus.SessionTokenExpired)
{
var result = ApiSessionModel.ResetSessionExpiration(userStatus.User, HttpContext.Current.Request.Headers["PIN"].ToInt2());
if (!result)
{
return(UserValidationResult.Invalid(UserValidationStatus.PinInvalid));
}
userStatus.Status = UserValidationStatus.Success;
}
return(userStatus);
}
private static UserValidationResult GetUserViaSessionToken(bool requirePin)
{
var sessionToken = HttpContext.Current.Request.Headers["SessionToken"];
if (string.IsNullOrEmpty(sessionToken))
{
//DbUtil.LogActivity("GetUserViaSession==null");
return(null);
}
var result = ApiSessionModel.DetermineApiSessionStatus(Guid.Parse(sessionToken), requirePin, HttpContext.Current.Request.Headers["PIN"].ToInt2());
//DbUtil.LogActivity("GetUserViaSession==" + result.Status.ToString());
switch (result.Status)
{
case ApiSessionStatus.SessionTokenNotFound:
return(UserValidationResult.Invalid(UserValidationStatus.SessionTokenNotFound));
case ApiSessionStatus.SessionTokenExpired:
return(UserValidationResult.Invalid(UserValidationStatus.SessionTokenExpired, user: result.User));
case ApiSessionStatus.PinExpired:
return(UserValidationResult.Invalid(UserValidationStatus.PinExpired, user: result.User));
case ApiSessionStatus.PinInvalid:
return(UserValidationResult.Invalid(UserValidationStatus.PinInvalid));
}
return(ValidateUserBeforeLogin(result.User.Username, HttpContext.Current.Request.Url.OriginalString, result.User, userExists: true));
}
public ActionResult Login(string userName, string password, bool?rememberMe, string returnURL)
{
UserValidationResult vldRslt = _membershipService.IsUserValid(userName, password);
if (string.IsNullOrEmpty(returnURL))
{
ViewBag.returnURL = "";
}
else
{
ViewBag.returnURL = returnURL;
}
if (vldRslt == UserValidationResult.UserNotFound || vldRslt == UserValidationResult.UserNotApproved)
{
ViewBag.Message = "Kullanıcı kaydı bulunamadı!";
}
else if (vldRslt == UserValidationResult.PasswordNotValid)
{
ViewBag.Message = "Kullanıcı bilgisi hatası!";
}
else
{
if (rememberMe == null)
{
rememberMe = false;
}
FormsAuthentication.SetAuthCookie(userName, rememberMe.Value);
if (!string.IsNullOrEmpty(returnURL))
{
return(Redirect(returnURL));
}
return(RedirectToAction("Index", "Dashboard"));
}
return(View());
}
private static void ThrowIfUserIsInvalid(UserValidationResult validationResult)
{
var invalidUser = (validationResult as InvalidUser);
if (invalidUser != null)
{
throw new Exception(invalidUser.Message);
}
}
public static UserValidationResult AuthenticateLogon(string userName, string password, string url)
{
var userQuery = DbUtil.Db.Users.Where(uu =>
uu.Username == userName ||
uu.Person.EmailAddress == userName ||
uu.Person.EmailAddress2 == userName
);
var impersonating = false;
User user = null;
var userExists = false;
try
{
userExists = userQuery.Any();
}
catch
{
return(UserValidationResult.Invalid(UserValidationStatus.BadDatabase, "bad database"));
}
var failedPasswordCount = 0;
foreach (var u in userQuery.ToList())
{
if (u.TempPassword != null && password == u.TempPassword)
{
u.TempPassword = null;
if (password == "bvcms") // set this up so Admin/bvcms works until password is changed
{
u.Password = "";
u.MustChangePassword = true;
}
u.IsLockedOut = false;
DbUtil.Db.SubmitChanges();
user = u;
break;
}
if (password == DbUtil.Db.Setting("ImpersonatePassword", Guid.NewGuid().ToString()))
{
user = u;
impersonating = true;
break;
}
if (Membership.Provider.ValidateUser(u.Username, password))
{
DbUtil.Db.Refresh(RefreshMode.OverwriteCurrentValues, u);
user = u;
break;
}
failedPasswordCount = Math.Max(failedPasswordCount, u.FailedPasswordAttemptCount);
}
return(ValidateUserBeforeLogin(userName, url, user, userExists, failedPasswordCount, impersonating));
}
public static UserValidationResult AuthenticateLogon(string userName, string password, HttpRequestBase Request, CMSDataContext db, CMSImageDataContext idb)
{
var status = AuthenticateLogon(userName, password, Request.Url.OriginalString, db);
if (status.IsValid)
{
return(UserValidationResult.Valid(status.User));
}
return(UserValidationResult.Invalid(UserValidationStatus.IncorrectPassword, status.ErrorMessage));
}
public static UserValidationResult AuthenticateMobile(string role = null, bool checkOrgLeadersOnly = false, bool requirePin = false)
{
var userStatus = GetUserViaCredentials() ?? GetUserViaSessionToken(requirePin);
if (userStatus == null)
{
return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null));
}
//throw new Exception("Could not authenticate user, Authorization or SessionToken headers likely missing.");
if (!userStatus.IsValid)
{
return(userStatus);
}
var user = userStatus.User;
var roleProvider = CMSRoleProvider.provider;
if (role == null)
{
role = "Access";
}
if (roleProvider.RoleExists(role))
{
if (!roleProvider.IsUserInRole(user.Username, role))
{
userStatus.Status = UserValidationStatus.UserNotInRole;
return(userStatus);
}
}
UserName2 = user.Username;
SetUserInfo(user.Username, HttpContext.Current.Session, deleteSpecialTags: false);
//DbUtil.LogActivity("iphone auth " + user.Username);
if (checkOrgLeadersOnly && !Util2.OrgLeadersOnlyChecked)
{
DbUtil.LogActivity("iphone leadersonly check " + user.Username);
if (!Util2.OrgLeadersOnly && roleProvider.IsUserInRole(user.Username, "OrgLeadersOnly"))
{
Util2.OrgLeadersOnly = true;
DbUtil.Db.SetOrgLeadersOnly();
DbUtil.LogActivity("SetOrgLeadersOnly");
}
Util2.OrgLeadersOnlyChecked = true;
}
ApiSessionModel.SaveApiSession(userStatus.User, requirePin, HttpContext.Current.Request.Headers["PIN"].ToInt2());
return(userStatus);
}
private UserValidationResult AuthenticateUser(bool requirePin = false)
{
// Username and password checks are only necessary for the old iOS application
var hasInvalidAuthHeaders = (string.IsNullOrEmpty(Request.Headers["Authorization"]) && (string.IsNullOrEmpty(Request.Headers["username"]) || string.IsNullOrEmpty(Request.Headers["password"])));
var hasInvalidSessionTokenHeader = string.IsNullOrEmpty(Request.Headers["SessionToken"]);
if (hasInvalidAuthHeaders && hasInvalidSessionTokenHeader)
{
//DbUtil.LogActivity("authentication headers bad");
return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Either the Authorization or SessionToken headers are required.", null));
}
//DbUtil.LogActivity("calling authenticatemobile2");
return(AccountModel.AuthenticateMobile2(requirePin: requirePin, checkOrgMembersOnly: true));
}
public string AddUser(string name, string surname, string login, string email, string password, bool getNewsOnEmail)
{
UserValidationResult validationResult = new UserValidationResult();
validationResult.ValidateUser(name, surname, login, email, password);
if (!validationResult.IsValid())
{
return($"{{\"success\":false,\"result\":{validationResult.AsJson()}}}");
}
var lastUserId = dbContent.Users.Max(u => u.Id);
var url = $"id#{(lastUserId + 1).ToString()}";
var picture = "https://i.ibb.co/YyHyyKh/Rew-Swan-Pic.png";
var user = new User {
Name = name,
Surname = surname,
Password = password,
Login = login,
Email = email,
GetNewsOnEmail = getNewsOnEmail,
Photo = picture,
UserUrl = url,
Balance = 0,
IsAdmin = false
};
try
{
dbContent.Users.Add(user);
dbContent.SaveChanges();
}
catch (Exception)
{
return($"{{\"success\":false,\"result\":{validationResult.AsJson()}}}");
}
return($"{{\"success\":true,\"result\":{validationResult.AsJson()}}}");
}
public static UserValidationResult AuthenticateMobile2(CMSDataContext cmsdb, CMSImageDataContext cmsidb, bool checkOrgLeadersOnly = false, bool requirePin = false)
{
var userStatus = GetUserViaCredentials() ?? GetUserViaSessionToken(cmsdb, requirePin);
if (userStatus == null)
{
//DbUtil.LogActivity("userStatus==null");
return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null));
//throw new Exception("Could not authenticate user, Authorization or SessionToken headers likely missing.");
}
if (!userStatus.IsValid)
{
return(userStatus);
}
var user = userStatus.User;
var roleProvider = CMSRoleProvider.provider;
UserName2 = user.Username;
SetUserInfo(cmsdb, cmsidb, user.Username, deleteSpecialTags: false);
if (checkOrgLeadersOnly && !Util2.OrgLeadersOnlyChecked)
{
if (!Util2.OrgLeadersOnly && roleProvider.IsUserInRole(user.Username, "OrgLeadersOnly"))
{
Util2.OrgLeadersOnly = true;
cmsdb.SetOrgLeadersOnly();
CmsData.DbUtil.LogActivity("SetOrgLeadersOnly");
}
Util2.OrgLeadersOnlyChecked = true;
}
CMSMembershipProvider.provider.SetAuthCookie(user.Username, false);
ApiSessionModel.SaveApiSession(cmsdb, userStatus.User, requirePin, HttpContextFactory.Current.Request.Headers["PIN"].ToInt2());
return(userStatus);
}
public static UserValidationResult ResetSessionExpiration(CMSDataContext cmsdb, CMSImageDataContext cmsidb, string sessionToken)
{
if (string.IsNullOrEmpty(sessionToken))
{
return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null));
}
var userStatus = AuthenticateMobile(cmsdb, cmsidb, requirePin: true);
if (userStatus.Status == UserValidationStatus.Success ||
userStatus.Status == UserValidationStatus.PinExpired ||
userStatus.Status == UserValidationStatus.SessionTokenExpired)
{
var result = ApiSessionModel.ResetSessionExpiration(cmsdb, userStatus.User, HttpContextFactory.Current.Request.Headers["PIN"].ToInt2());
if (!result)
{
return(UserValidationResult.Invalid(UserValidationStatus.PinInvalid));
}
userStatus.Status = UserValidationStatus.Success;
}
return(userStatus);
}
private static BaseMessage AuthorizationError(UserValidationResult result)
{
return(BaseMessage.createErrorReturn(result.ErrorMessage ?? "You are not authorized!", MapStatusToError(result.Status)));
}
public static UserValidationResult AuthenticateLogon(string userName, string password, string url, CMSDataContext db)
{
var userQuery = db.Users.Where(uu =>
uu.Username == userName ||
uu.Person.EmailAddress == userName ||
uu.Person.EmailAddress2 == userName
);
var impersonating = false;
User user = null;
var userExists = false;
try
{
userExists = userQuery.Any();
}
catch (Exception ex)
{
Elmah.ErrorLog.Default.Log(new Elmah.Error(ex));
return(UserValidationResult.Invalid(UserValidationStatus.BadDatabase, "bad database"));
}
var failedPasswordCount = 0;
foreach (var u in userQuery.ToList())
{
if (u.TempPassword != null && password == u.TempPassword)
{
u.TempPassword = null;
if (password == "bvcms") // set this up so Admin/bvcms works until password is changed
{
u.Password = "";
u.MustChangePassword = true;
}
else
{
var mu = CMSMembershipProvider.provider.GetUser(userName, false);
mu?.UnlockUser();
CMSMembershipProvider.provider.AdminOverride = true;
mu?.ChangePassword(mu.ResetPassword(), password);
CMSMembershipProvider.provider.AdminOverride = false;
u.MustChangePassword = true;
}
u.IsLockedOut = false;
db.SubmitChanges();
user = u;
break;
}
if (password == db.Setting("ImpersonatePassword", Guid.NewGuid().ToString()))
{
user = u;
impersonating = true;
HttpContextFactory.Current.Session["IsNonFinanceImpersonator"] = "true";
break;
}
if (CMSMembershipProvider.provider.ValidateUser(u.Username, password))
{
db.Refresh(RefreshMode.OverwriteCurrentValues, u);
user = u;
break;
}
failedPasswordCount = Math.Max(failedPasswordCount, u.FailedPasswordAttemptCount);
}
return(ValidateUserBeforeLogin(userName, url, user, userExists, failedPasswordCount, impersonating));
}
private async Task OnSignedIn(CookieSignedInContext ctx)
{
var userJson = ctx.HttpContext.Items["User"];
var steamId = ctx.Principal.GetSteamId();
var steamApiKey = Configuration.GetSection("Steam").GetSection("ApiKey").Value;
var url = $"https://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key={steamApiKey}&steamids={steamId}";
if (userJson == null)
{
userJson = await new HttpClient().GetStringAsync(url);
}
DatabaseModel.User user;
try
{
var res = new Regex(@"(https://steamcdn-a.akamaihd.net/steamcommunity/public/images/avatars/|\.jpg)")
.Replace(userJson.ToString(), "");
user = SteamPlayerMapping.GetUserFromSteamObject(res);
}
catch (Exception e)
{
throw new InvalidJsonFromSteamException("Can't convert from steamJsonPlayer data to a user", e);
}
if (steamId != user.SteamId)
{
throw new ArgumentException("SteamId is not the same!");
}
var firstTimeUser = await IoC.Container.Resolve <IUserService>().UserLoggedIn(user);
if (firstTimeUser)
{
UserValidationResult userValidationResult = new UserValidationResult
{
Error = "Unknown error",
ShouldReviceItems = false
};
try
{
var playerInfo = await IoC.Container.Resolve <ISteamService>().GetPlayerInfoAsync(user.SteamId);
userValidationResult = new UserValidationResult(userJson.ToString(), playerInfo);
if (userValidationResult.ShouldReviceItems)
{
var userToSendFrom = await IoC.Container.Resolve <IUserService>().FindAsync(Constants.OurRandomSteamId);
var itemToSend = await GetItemToSend(userToSendFrom);
if (itemToSend.Count != 0)
{
await SendItems(user, itemToSend, userToSendFrom);
}
else
{
userValidationResult.Error = "Out of items";
userValidationResult.ShouldReviceItems = false;
}
}
}
catch (Exception e)
{
Console.WriteLine(e);
}
var redirectUrl =
$"{ctx.Request.Scheme}://{ctx.Request.Host.Host}/coinflip/create?success={userValidationResult.ShouldReviceItems.ToString()}&reason={userValidationResult.Error}";
ctx.Response.Redirect(redirectUrl);
var ste = ctx.HttpContext.Response.Body;
var s = new StreamWriter(ste);
await s.WriteAsync("");
await s.FlushAsync();
ctx.Response.Body = ste;
}
}
void SetModelError(UserValidationResult? result, LoginModel model)
{
string errorMessage;
switch (result)
{
case UserValidationResult.InvalidUser:
errorMessage = String.Format("Cannot find user with email '{0}'", model.UserName);
break;
case UserValidationResult.PasswordMismatch:
errorMessage = "The user name or password provided is incorrect.";
break;
case UserValidationResult.NotActivated:
errorMessage =
"Your account is currently not activated, please visit your inbox to confirm your email address. If you have not received your confirmation email, please contact Administrator.";
break;
default:
errorMessage = null;
break;
}
if (errorMessage != null)
ModelState.AddModelError("", errorMessage);
}
