/// <summary> /// Resets the user password and sends the user an email with the new password. /// The email is sent using parameters specified in Web.config appSettings. /// </summary> static AuthResult ResetPassword(HttpContext context, Hashtable parms) { // get parameters var email = parms["email"] as string; // retrieve user by email var ctx = new UsersEntities(); var user = ctx.Users.FirstOrDefault(u => u.email == email); if (user == null) { return(new AuthResult(AuthError.UserNotFound)); } // create new password var pw = MakeRandomString(Math.Max(MIN_PASSWORD_LENGTH, 6)); Debug.Assert(IsValidPassword(pw)); // notify user if (!NotifyUser(user.email, user.name, pw)) { return(new AuthResult(AuthError.CannotSendMail)); } // reset the password user.password = MakePasswordHash(email, pw, null); Debug.Assert(CheckPasswordHash(email, pw, user.password)); ctx.SaveChanges(); // all done return(new AuthResult(AuthError.None)); }
/// <summary> /// Logs a user in. /// </summary> static AuthResult LogIn(HttpContext context, Hashtable parms) { // get parameters var email = parms["email"] as string; var pw = parms["pw"] as string; var keep = parms["keep"] as string; // if email and password not provided, log in from cookie if (string.IsNullOrEmpty(email) && string.IsNullOrEmpty(pw)) { return(LoginFromCookie(context)); } // get and validate user var ctx = new UsersEntities(); //System.Diagnostics.Debug.WriteLine("** number of users: {0}", ctx.Users.Count()); var user = ctx.Users.FirstOrDefault(u => u.email == email); if (user == null) { return(new AuthResult(AuthError.UserNotFound)); } else if (!CheckPasswordHash(email, pw, user.password)) { return(new AuthResult(AuthError.WrongPassword)); } // log in user.lastaccess = DateTime.Now; ctx.SaveChanges(); var result = new AuthResult(user); UpdateUserCookie(context, result, keep); return(result); }
//------------------------------------------------------------------------------- #region ** other public methods /// <summary> /// Gets the user that is currently logged in. /// This method can be used to check for authorization from other services. /// </summary> public static IPrincipal GetCurrentUser(HttpContext context) { var email = ParseUserCookie(context); var ctx = new UsersEntities(); var user = ctx.Users.FirstOrDefault(u => u.email == email); return(new AuthUser(user) as IPrincipal); }
/// <summary> /// Logs a user in from information in the user cookie. /// </summary> static AuthResult LoginFromCookie(HttpContext context) { var result = new AuthResult(AuthError.None); var email = ParseUserCookie(context); if (!string.IsNullOrEmpty(email)) { var ctx = new UsersEntities(); var user = ctx.Users.FirstOrDefault(u => u.email == email); if (user != null) { user.lastaccess = DateTime.Now; ctx.SaveChanges(); result.user = new AuthUser(user); UpdateUserCookie(context, result, "true"); } } return(result); }
//------------------------------------------------------------------------------- #region ** implementation /// <summary> /// Creates a new user in the database. /// Returns an AuthResult with an error if not successful. /// </summary> static AuthResult CreateUser(string email, string name, string pw, string provider) { // check that the user doesn't exist yet var ctx = new UsersEntities(); var user = ctx.Users.FirstOrDefault(u => u.email == email); if (user != null) { return(new AuthResult(AuthError.EmailTaken)); } // validate data if (!IsValidEmail(email)) { return(new AuthResult(AuthError.InvalidEmail)); } if (!IsValidName(name)) { return(new AuthResult(AuthError.InvalidName)); } if (!IsValidPassword(pw) && string.IsNullOrEmpty(provider)) { return(new AuthResult(AuthError.InvalidPassword)); } // create new user user = new User(); user.name = name; user.email = email; user.password = MakePasswordHash(email, pw, null); user.provider = provider; user.created = DateTime.Now; user.lastaccess = user.created; ctx.Users.Add(user); ctx.SaveChanges(); // check that hash is working OK Debug.Assert(CheckPasswordHash(email, pw, user.password)); // all done return(new AuthResult(user)); }
/// <summary> /// Updates the information (name and/or password) for the current user. /// </summary> static AuthResult UpdateUser(HttpContext context, Hashtable parms) { // get parameters var pw = parms["pw"] as string; var newName = parms["newname"] as string; var newPassword = parms["newpw"] as string; var email = ParseUserCookie(context); // retrieve user email from cookie var ctx = new UsersEntities(); var user = ctx.Users.FirstOrDefault(u => u.email == email); if (user == null) { return(new AuthResult(AuthError.UserNotFound)); } // check current password if (!CheckPasswordHash(email, pw, user.password)) { return(new AuthResult(AuthError.WrongPassword)); } // change name if (IsValidName(newName)) { user.name = newName; } // change password if (IsValidPassword(newPassword)) { user.password = MakePasswordHash(email, newPassword, null); } // save changes and be done ctx.SaveChanges(); var result = new AuthResult(user); UpdateUserCookie(context, result, "true"); return(result); }
/// <summary> /// Gets or sets a string containing application data for a user. /// </summary> static AuthResult SetUserData(HttpContext context, Hashtable parms) { // get parameters var data = parms["data"] as string; var email = ParseUserCookie(context); // get user if (string.IsNullOrEmpty(email)) { return(new AuthResult(AuthError.UserNotFound)); } var ctx = new UsersEntities(); var user = ctx.Users.FirstOrDefault(u => u.email == email); if (user == null) { return(new AuthResult(AuthError.UserNotFound)); } user.data = data; user.lastaccess = DateTime.Now; ctx.SaveChanges(); System.Diagnostics.Debug.WriteLine("- user data saved"); return(new AuthResult(user)); }
/// <summary> /// Logs a user in using an OAuth provider. /// </summary> static AuthResult LogInOAuth(HttpContext context, Hashtable parms) { // get parameters var provider = parms["provider"] as string; var token = parms["token"] as string; var keep = parms["keep"] as string; // check that we got a provider and a token if (string.IsNullOrEmpty(provider) || string.IsNullOrEmpty(token)) { throw new Exception("Missing OAuth provider and/or token"); } // use token to get the user name and email var name = string.Empty; var email = string.Empty; var wc = new WebClient(); var js = new JavaScriptSerializer(); switch (provider.ToLower()) { case "google": { // use token to get user data from google var url = "https://www.googleapis.com/oauth2/v1/userinfo?access_token=" + token; var r = wc.DownloadString(url); dynamic userInfo = js.Deserialize <object>(r); // get user name and email from response name = userInfo["given_name"]; email = userInfo["email"]; } break; case "facebook": { // use token to get user data from facebook var url = "https://graph.facebook.com/me?access_token=" + token; var r = wc.DownloadString(url); dynamic userInfo = js.Deserialize <object>(r); // get user name and email from response name = userInfo["first_name"]; email = userInfo["email"]; } break; default: throw new Exception("OAuth provider missing or not supported: " + provider); } // get or create user AuthResult result; var ctx = new UsersEntities(); var user = ctx.Users.FirstOrDefault(u => u.email == email); if (user != null) { user.provider = provider; ctx.SaveChanges(); result = new AuthResult(user); } else { result = CreateUser(email, name, null, provider); } // no error? log in if (result.error == 0) { UpdateUserCookie(context, result, keep); } // return result return(result); }