public ActionResult HandleAffiliateLogin(string email, string password, string background, string color)
{
var now = Current.Now;
if (!Models.User.IsValidEmail(ref email))
{
// Standard recoverable error stuff doesn't work here, so do it manually
ViewData["error_message"] = "Invalid email address";
ViewData["email"] = email;
ViewData["affId"] = CurrentAffiliate.Id;
return(LoginIFrame(null, background, color));
}
var cookie = System.Web.HttpContext.Current.CookieSentOrReceived(Current.AnonymousCookieName);
var user = Models.User.FindUserByEmail(email);
if (user == null)
{
// Standard recoverable error stuff doesn't work here, so do it manually
ViewData["error_message"] = "No account with this email found";
ViewData["email"] = email;
ViewData["affId"] = CurrentAffiliate.Id;
IPBanner.BadLoginAttempt(user, Current.RemoteIP);
return(LoginIFrame(null, background, color));
}
if (!user.PasswordMatch(password))
{
// Standard recoverable error stuff doesn't work here, so do it manually
ViewData["error_message"] = "Incorrect password";
ViewData["email"] = email;
ViewData["affId"] = CurrentAffiliate.Id;
IPBanner.BadLoginAttempt(user, Current.RemoteIP);
return(LoginIFrame(null, background, color));
}
var callback = Current.GetFromCache <string>(CallbackKey(cookie));
Current.RemoveFromCache(CallbackKey(cookie));
user.Login(now);
if (callback == null)
{
return(IrrecoverableError("No Callback Found", "We were unable to find a callback to finish the authentication session."));
}
return(AffiliateRedirect(AddIdentifier(callback, Current.LoggedInUser.GetClaimedIdentifier())));
}
public ActionResult DoLogin(string email, string password, string session)
{
var now = Current.Now;
if (!Models.User.IsValidEmail(ref email))
{
return(RecoverableError("Invalid email address", new { email, session }));
}
var user = Models.User.FindUserByEmail(email);
if (user == null)
{
IPBanner.BadLoginAttempt(user, Current.RemoteIP);
return(RecoverableError("No account with this email found", new { email, session }));
}
if (!user.PasswordMatch(password))
{
IPBanner.BadLoginAttempt(user, Current.RemoteIP);
return(RecoverableError("Incorrect password", new { email, session }));
}
user.Login(now);
if (session.HasValue())
{
return
(SafeRedirect(
(Func <string, string, ActionResult>)(new OpenIdController()).ResumeAfterLogin,
new
{
session
}
));
}
return
(SafeRedirect(
(Func <ActionResult>)(new UserController()).ViewUser
));
}
public ActionResult SendRecovery(string email)
{
IPBanner.AttemptedToSendRecoveryEmail(Current.RemoteIP);
var user = Models.User.FindUserByEmail(email);
if (user == null)
{
return(RecoverableError("No account with that email was found", new { email }));
}
var now = Current.Now;
var token = Current.UniqueId().ToString();
var toInsert =
new PasswordReset
{
CreationDate = now,
TokenHash = Current.WeakHash(token),
UserId = user.Id
};
Current.WriteDB.PasswordResets.InsertOnSubmit(toInsert);
Current.WriteDB.SubmitChanges();
var toReset =
SafeRedirect(
(Func <string, string, string, ActionResult>)NewPassword,
new { token }
);
var resetLink = Current.Url(toReset.Url);
if (!Current.Email.SendEmail(email, Email.Template.ResetPassword, new { RecoveryLink = resetLink.AsLink() }))
{
return(IrrecoverableError("An error occurred sending the email", "This has been recorded, and will be looked into shortly"));
}
return(SuccessEmail("Password Recovery Email Sent to " + email, "Check your email for the link to reset your password."));
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
using (MiniProfiler.Current.Step("OnActionExecuting"))
{
Current.Controller = filterContext.Controller;
var path = filterContext.HttpContext.Request.Url.AbsolutePath.ToLowerInvariant();
// Sometimes we know that we want to reject a request, but also want to show the user
// something when it happens, so we check here.
// Special exception for /openid/provider, since its a "special" route that dodges all our Route magic
if (path != "/openid/provider" && path != "/affiliate/form/switch" && Current.RejectRequest)
{
filterContext.Result = NotFound();
return;
}
if (IPBanner.IsBanned(Current.RemoteIP))
{
filterContext.Result = Banned();
return;
}
// On prod, we can either be running with IIS handling SSL, *or* behind an SSL accelerator
// If we're not getting direct SSL, check against the a trusted port we've locked down
// for discussion between the accelerator(s) and the web tier
#if !DEBUG
if (!filterContext.HttpContext.Request.IsSecureConnection)
{
var serverVars = filterContext.HttpContext.Request.ServerVariables;
var originatingIP = serverVars["REMOTE_ADDR"];
var forwardedProto = filterContext.HttpContext.Request.Headers["X-Forwarded-Proto"];
if (forwardedProto != "https" || !Current.LoadBalancerIPs.Contains(originatingIP))
{
Current.LogException(new Exception("Warning! Something is talking to the OpenIdProvider nefariously"));
filterContext.Result = GenericSecurityError();
return;
}
}
#endif
// Handle Acccept-Encoding
// As a site note: why, in the year 2011 (offically "the future") do we have to opt into this stuff?
var acceptEncoding = filterContext.HttpContext.Request.Headers["Accept-Encoding"];
if (acceptEncoding.HasValue())
{
acceptEncoding = acceptEncoding.ToLowerInvariant();
var response = filterContext.HttpContext.Response;
if (acceptEncoding.Contains("gzip"))
{
response.AppendHeader("Content-Encoding", "gzip");
response.Filter = new GZipStream(response.Filter, CompressionMode.Compress);
}
else
{
if (acceptEncoding.Contains("deflate"))
{
response.AppendHeader("Content-Encoding", "deflate");
response.Filter = new DeflateStream(response.Filter, CompressionMode.Compress);
}
}
}
base.OnActionExecuting(filterContext);
}
}
