partial void DeleteUserHistory(UserHistory instance);
partial void InsertUserHistory(UserHistory instance);
partial void UpdateUserHistory(UserHistory instance);
/// <summary>
/// Change this users password, recording in their history that they have done so.
/// </summary>
public void ChangePassword(DateTime now, string newPassword, string comment = null)
{
var changeEvent = new UserHistory
{
Comment = comment ?? "Changed Password",
CreationDate = now,
UserHistoryTypeId = UserHistoryTypeId.PasswordChanged,
IP = Current.RemoteIP,
UserId = Id
};
Current.WriteDB.UserHistory.InsertOnSubmit(changeEvent);
var thisUser = Current.WriteDB.Users.Single(u => u.Id == this.Id);
string salt;
var pwdHash = Current.SecureHash(newPassword, out salt);
thisUser.PasswordSalt = salt;
thisUser.PasswordHash = pwdHash;
thisUser.LastActivityDate = now;
thisUser.PasswordVersion = null; // We have a strong password now, regardless of what was there before
Current.WriteDB.SubmitChanges();
}
public ActionResult EditUserSubmit(string id)
{
if (!id.HasValue()) return NotFound();
Guid providerId;
if (!Guid.TryParse(id, out providerId)) return NotFound();
var toUpdate = Current.WriteDB.Users.SingleOrDefault(u => u.ProviderId == providerId);
if (toUpdate == null) return NotFound();
if (toUpdate.Id != Current.LoggedInUser.Id && !Current.LoggedInUser.IsAdministrator) return IrrecoverableError("Cannot modify that user", "You can only modify profiles you are logged into.");
var db = Current.WriteDB;
var now = Current.Now;
foreach (var p in Request.Form.AllKeys)
{
var value = Request.Form[p];
if (p == "realname")
{
var old = toUpdate.RealName;
if (old == value || (old.IsNullOrEmpty() && value.IsNullOrEmpty())) continue;
var hadPreviously = old.HasValue();
string errorMessage;
if (!toUpdate.UpdateAttribute(value.IsNullOrEmpty() ? null : value, UserAttributeTypeId.RealName, out errorMessage))
{
if (Current.LoggedInUser.Id == toUpdate.Id)
{
return RecoverableError(errorMessage, new { });
}
else
{
// Hack: URL structure means administrators cannot *really* recover from this error.
return IrrecoverableError("Admin edit failed", errorMessage);
}
}
string comment = "Changed";
if (hadPreviously && value.IsNullOrEmpty()) comment = "Removed";
if (!hadPreviously && value.HasValue()) comment = "Added";
var editedRealName =
new UserHistory
{
Comment = comment,
CreationDate = now,
IP = Current.RemoteIP,
UserHistoryTypeId = UserHistoryTypeId.RealNameChanged,
UserId = toUpdate.Id
};
db.UserHistory.InsertOnSubmit(editedRealName);
}
if (p == "vanity")
{
var old = toUpdate.VanityProviderId;
if (old == value || (old.IsNullOrEmpty() && value.IsNullOrEmpty())) continue;
var hadPreviously = old.HasValue();
string errorMsg;
if (value.HasValue() && !Models.User.IsValidVanityId(value, out errorMsg))
{
return RecoverableError(errorMsg, new { realname = Request.Form["realname"], vanity = value });
}
if (value.HasValue() && db.Users.Any(u => u.VanityProviderId == value)) return RecoverableError("That Vanity OpenId is already in use", new { realname = Request.Form["realname"], vanity = value });
toUpdate.VanityProviderId = value.IsNullOrEmpty() ? null : value;
string comment = "Changed";
if (hadPreviously && value.IsNullOrEmpty()) comment = "Removed";
if (!hadPreviously && value.HasValue()) comment = "Added";
var editedVanity =
new UserHistory
{
Comment = comment,
CreationDate = now,
IP = Current.RemoteIP,
UserHistoryTypeId = UserHistoryTypeId.VanityIdChanged,
UserId = toUpdate.Id
};
db.UserHistory.InsertOnSubmit(editedVanity);
}
}
db.SubmitChanges();
// post submit sanity check to make sure we've got no duplicate vanity id's out there
// this is a bit of hack, to work around the inability to set a meaningful unique constraint
// on a nullable column
if (toUpdate.VanityProviderId.HasValue())
{
if (db.Users.Count(u => u.VanityProviderId == toUpdate.VanityProviderId) != 1)
{
toUpdate.VanityProviderId = null;
var editedVanity =
new UserHistory
{
Comment = "Removed",
CreationDate = now,
IP = "127.0.0.1",
UserHistoryTypeId = UserHistoryTypeId.VanityIdChanged,
UserId = toUpdate.Id
};
db.UserHistory.InsertOnSubmit(editedVanity);
db.SubmitChanges();
}
}
return
SafeRedirect(
(Func<ActionResult>)this.ViewUser
);
}
/// <summary>
/// Record a login event for a user, run any needed cleanup, and give the user a session.
/// </summary>
public void Login(DateTime now)
{
// Kill the anonymous cookie
Current.KillCookie(Current.AnonymousCookieName);
// Write a login event
var loginEvent = new UserHistory
{
Comment = "Logged In",
CreationDate = now,
UserHistoryTypeId = UserHistoryTypeId.Login,
UserId = Id,
IP = Current.RemoteIP
};
Current.WriteDB.UserHistory.InsertOnSubmit(loginEvent);
// Generate and write a session
var session = Convert.ToBase64String(Current.Random(32));
var sessionHash = Current.WeakHash(session);
SessionHash = sessionHash;
SessionCreationDate = now;
LastActivityDate = now;
// Add the user session cookie
Current.AddCookie(Current.UserCookieName, session, TimeSpan.FromDays(7));
Current.WriteDB.SubmitChanges();
}
/// <summary>
/// Record a logout event for the user, destoy their cookie, and invalidate their session.
/// </summary>
public void Logout(DateTime now, string careOfHost = null)
{
// Delete this users session cookie
Current.KillCookie(Current.UserCookieName);
var comment = "Logged Out";
if (careOfHost.HasValue())
{
var cleanHost = careOfHost.ToLowerInvariant();
if (cleanHost.Length + 3 + comment.Length > 400)
{
cleanHost = cleanHost.Substring(0, 400 - 3 - comment.Length);
}
comment += " (" + cleanHost + ")";
}
var logoutEvent = new UserHistory
{
Comment = comment,
CreationDate = now,
UserHistoryTypeId = UserHistoryTypeId.Logout,
UserId = Id,
IP = Current.RemoteIP
};
Current.WriteDB.UserHistory.InsertOnSubmit(logoutEvent);
SessionHash = null;
SessionCreationDate = null;
LastActivityDate = now;
Current.WriteDB.SubmitChanges();
}
public void AuthenticatedTo(DateTime now, string host)
{
var authenticatedEvent = new UserHistory
{
Comment = "Authenticated to "+host,
CreationDate = now,
UserHistoryTypeId = UserHistoryTypeId.AuthenticatedTo,
UserId = Id,
IP = Current.RemoteIP
};
Current.WriteDB.UserHistory.InsertOnSubmit(authenticatedEvent);
LastActivityDate = now;
Current.WriteDB.SubmitChanges();
}
public void UserHistoryInsertWithUserId()
{
var r = new Restrictions();
var history = new UserHistory
{
UserId = 1
};
var updates = new Dictionary<object, Restrictions.ShadowModifiedMember[]>();
string ignored;
Assert.IsTrue(r.IsValidChangeSet(updates, new List<object>(), new List<object>() { history }, new List<object>(), new List<int>() { 1 }, out ignored));
}
public void NoUserHistoryUpdates()
{
var r = new Restrictions();
var history = new UserHistory
{
Id = 1
};
var updates = new Dictionary<object, Restrictions.ShadowModifiedMember[]>();
updates[history] = new Restrictions.ShadowModifiedMember[]
{
new Restrictions.ShadowModifiedMember
{
Member = typeof(UserHistory).GetProperty("Id"),
CurrentValue = history.Id,
OriginalValue = 2
}
};
string ignored;
Assert.IsFalse(r.IsValidChangeSet(updates, new List<object>(), new List<object>(), new List<object>() { history }, new List<int>() { 1 }, out ignored));
}
