protected override bool TryCreatePrincipal(string emailAddress, string password, out IPrincipal principal) {
principal = null;
if (String.IsNullOrEmpty(password)) {
Log.Error().Message("The password \"{0}\" is invalid.", password).Write();
return false;
}
if (String.Equals(emailAddress, "client", StringComparison.OrdinalIgnoreCase)) {
var projectRepository = Resolver.GetService<IProjectRepository>();
if (projectRepository == null) {
Log.Error().Message("Unable to resolve IProjectRepository").Write();
return false;
}
Project project = projectRepository.GetByApiKey(password);
if (project == null) {
Log.Error().Message("Unable to find a project with the Api Key: \"{0}\".", password).Write();
return false;
}
var organizationRepository = Resolver.GetService<IOrganizationRepository>();
if (organizationRepository == null) {
Log.Error().Message("Unable to resolve IOrganizationRepository").Write();
return false;
}
var organization = organizationRepository.GetByIdCached(project.OrganizationId);
if (organization == null) {
Log.Error().Message("Unable to find organization: \"{0}\".", project.OrganizationId).Write();
return false;
}
if (organization.IsSuspended) {
Log.Error().Message("Rejecting authentication because the organization \"{0}\" is suspended.", project.OrganizationId).Write();
AuthDeniedReason = "Account has been suspended.";
return false;
}
principal = new ExceptionlessPrincipal(project);
return true;
}
var userRepository = Resolver.GetService<IUserRepository>();
if (userRepository == null) {
Log.Error().Message("Unable to resolve IUserRepository").Write();
return false;
}
User user = userRepository.GetByEmailAddress(emailAddress);
if (user == null) {
Log.Error().Message("Unable to find user a with the email address: \"{0}\".", emailAddress).Write();
return false;
}
var membershipSecurity = Resolver.GetService<IMembershipSecurity>();
if (membershipSecurity == null) {
Log.Error().Message("Unable to resolve IMembershipSecurity").Write();
return false;
}
if (!String.Equals(user.Password, membershipSecurity.GetSaltedHash(password, user.Salt))) {
Log.Error().Message("Invalid password").Write();
return false;
}
principal = new ExceptionlessPrincipal(user);
return true;
}
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e) {
if (!RequestRequiresAuth())
return;
if (!User.Identity.IsAuthenticated)
return;
if (User is ExceptionlessPrincipal)
return;
CheckDbOrCacheDown();
try {
var userRepository = DependencyResolver.Current.GetService<IUserRepository>();
User user = userRepository.GetByEmailAddress(User.Identity.Name);
if (user == null) {
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
return;
}
var principal = new ExceptionlessPrincipal(user);
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
HttpContext.Current.User = principal;
} catch (MongoConnectionException ex) {
Log.Error().Exception(ex).Message("Error getting user: {0}", ex.Message).Report().Write();
MarkDbDown();
RedirectToMaintenancePage();
} catch (SocketException ex) {
Log.Error().Exception(ex).Message("Error getting user: {0}", ex.Message).Report().Write();
MarkDbDown();
RedirectToMaintenancePage();
}
}
protected override bool TryCreatePrincipal(string emailAddress, string password, out IPrincipal principal)
{
principal = null;
if (String.IsNullOrEmpty(password))
{
Log.Error().Message("The password \"{0}\" is invalid.", password).Write();
return(false);
}
if (String.Equals(emailAddress, "client", StringComparison.OrdinalIgnoreCase))
{
var projectRepository = Resolver.GetService <IProjectRepository>();
if (projectRepository == null)
{
Log.Error().Message("Unable to resolve IProjectRepository").Write();
return(false);
}
Project project = projectRepository.GetByApiKey(password);
if (project == null)
{
Log.Error().Message("Unable to find a project with the Api Key: \"{0}\".", password).Write();
return(false);
}
var organizationRepository = Resolver.GetService <IOrganizationRepository>();
if (organizationRepository == null)
{
Log.Error().Message("Unable to resolve IOrganizationRepository").Write();
return(false);
}
var organization = organizationRepository.GetByIdCached(project.OrganizationId);
if (organization == null)
{
Log.Error().Message("Unable to find organization: \"{0}\".", project.OrganizationId).Write();
return(false);
}
if (organization.IsSuspended)
{
Log.Error().Message("Rejecting authentication because the organization \"{0}\" is suspended.", project.OrganizationId).Write();
AuthDeniedReason = "Account has been suspended.";
return(false);
}
principal = new ExceptionlessPrincipal(project);
return(true);
}
var userRepository = Resolver.GetService <IUserRepository>();
if (userRepository == null)
{
Log.Error().Message("Unable to resolve IUserRepository").Write();
return(false);
}
User user = userRepository.GetByEmailAddress(emailAddress);
if (user == null)
{
Log.Error().Message("Unable to find user a with the email address: \"{0}\".", emailAddress).Write();
return(false);
}
var membershipSecurity = Resolver.GetService <IMembershipSecurity>();
if (membershipSecurity == null)
{
Log.Error().Message("Unable to resolve IMembershipSecurity").Write();
return(false);
}
if (!String.Equals(user.Password, membershipSecurity.GetSaltedHash(password, user.Salt)))
{
Log.Error().Message("Invalid password").Write();
return(false);
}
principal = new ExceptionlessPrincipal(user);
return(true);
}
//[ValidateJsonAntiForgeryToken]
public ActionResult Manage(ManageModel model) {
ModelState state = ModelState["OldPassword"];
if (state != null)
state.Errors.Clear();
state = ModelState["NewPassword"];
if (state != null)
state.Errors.Clear();
state = ModelState["ConfirmPassword"];
if (state != null)
state.Errors.Clear();
User user = User.UserEntity;
if (ModelState.IsValid) {
try {
_userRepository.InvalidateCache(user);
if (!String.Equals(user.EmailAddress, model.EmailAddress, StringComparison.OrdinalIgnoreCase)) {
if (_userRepository.GetByEmailAddress(model.EmailAddress) != null)
throw new InvalidOperationException("A user with this email address already exists.");
user.IsEmailAddressVerified = user.OAuthAccounts.Count(oa => String.Equals(oa.EmailAddress(), model.EmailAddress, StringComparison.OrdinalIgnoreCase)) > 0;
}
user.EmailAddress = model.EmailAddress;
user.EmailNotificationsEnabled = model.EmailNotificationsEnabled;
user.FullName = model.FullName;
_membershipProvider.UpdateAccount(user);
// NOTE: If a user is updating their profile but hasn't verified the email address.. I think we should send them a notification every time..
if (!user.IsEmailAddressVerified) {
user.VerifyEmailAddressToken = _membershipProvider.GenerateVerifyEmailToken(user.EmailAddress);
_mailer.SendVerifyEmailAsync(user);
}
var principal = new ExceptionlessPrincipal(user);
Thread.CurrentPrincipal = principal;
if (System.Web.HttpContext.Current != null)
System.Web.HttpContext.Current.User = principal;
} catch (Exception e) {
ModelState.AddModelError("", e.Message);
}
}
if (!ModelState.IsValid) {
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return Json(ModelState.ToDictionary());
}
return Json(new { IsVerified = user.IsEmailAddressVerified });
}
