/// <summary>
/// Loads the user and his rights and audits to the session object.
/// </summary>
/// <param name="session">The session the method works on</param>
/// <param name="user">The user to be added to the session.</param>
public static async Task LoadUserSessionDataAsync(this ISession session, UserEntity user)
{
session.AddUserObject(user);
session.AddSystemActionRights(await SecurityGuiHelper.GetSystemActionRightsForUserAsync(user.UserID));
session.AddAuditActions(await SecurityGuiHelper.GetAuditActionsForUserAsync(user.UserID));
session.AddForumsActionRights(await SecurityGuiHelper.GetForumsActionRightsForUserAsync(user.UserID));
if ((user.UserID > 0) && (user.LastVisitedDate.HasValue))
{
session.AddLastVisitDate(user.LastVisitedDate.Value);
}
else
{
session.AddLastVisitDate(DateTime.Now);
}
}
/// <summary>
/// Initializes the session with the initial static data for the user.
/// </summary>
/// <param name="session"></param>
/// <param name="context"></param>
public static async Task InitializeAsync(this ISession session, HttpContext context)
{
if (session.GetInt32(SessionKeys.SessionInitialized) == 1)
{
// already initialized
return;
}
bool useEntityBasedLastVisitDateTracking = false;
UserEntity user = null;
if (context.User.Identity.IsAuthenticated)
{
user = await UserGuiHelper.GetUserAsync(context.User.Identity.Name);
if (user == null)
{
user = await UserGuiHelper.GetUserAsync(0); // 0 is UserID of Anonymous Coward;
}
else
{
// if the lastvisited date is null in the user entity, we'll use the cookie approach first
useEntityBasedLastVisitDateTracking = user.LastVisitedDate.HasValue;
}
}
else
{
user = await UserGuiHelper.GetUserAsync(0); // 0 is UserID of Anonymous Coward
}
if (user == null || user.IsBanned)
{
// banned user, revert to AC
user = await UserGuiHelper.GetUserAsync(0);
useEntityBasedLastVisitDateTracking = false;
}
if (user == null || user.UserID <= 0)
{
await session.LoadAnonymousSessionDataAsync();
}
else
{
await session.LoadUserSessionDataAsync(user);
}
bool isLastVisitDateValid = false;
DateTime lastVisitDate = DateTime.Now;
string lastVisitDateCookieName = ApplicationAdapter.GetSiteName() + " LastVisitDate";
// the last visited date is either stored in a cookie or on the server. Older versions of this forum system used cookie based last visited date storage,
// newer versions use server side storage in the User entity. For non-logged in users, cookie based storage is still used.
if (useEntityBasedLastVisitDateTracking)
{
lastVisitDate = user.LastVisitedDate.Value;
isLastVisitDateValid = true;
}
else
{
// read last visit date from cookie collection sent
if (context.Request.Cookies[lastVisitDateCookieName] != null)
{
string lastVisitDateAsString = context.Request.Cookies[lastVisitDateCookieName];
// convert to datetime
lastVisitDate = new DateTime(
int.Parse(lastVisitDateAsString.Substring(4, 4)), // Year
int.Parse(lastVisitDateAsString.Substring(2, 2)), // Month
int.Parse(lastVisitDateAsString.Substring(0, 2)), // Day
int.Parse(lastVisitDateAsString.Substring(8, 2)), // Hour
int.Parse(lastVisitDateAsString.Substring(10, 2)), // Minute
0); // Seconds
isLastVisitDateValid = true;
}
else
{
lastVisitDate = DateTime.Now;
}
}
if (isLastVisitDateValid)
{
// store in session object
session.AddLastVisitDate(lastVisitDate);
}
// update date
if (useEntityBasedLastVisitDateTracking || (user != null && user.UserID != 0 && !user.LastVisitedDate.HasValue))
{
await UserManager.UpdateLastVisitDateForUserAsync(user.UserID);
}
// always write new cookie
// cookie path is set to '/', to avoid path name casing mismatches. The cookie has a unique name anyway.
context.Response.Cookies.Append(lastVisitDateCookieName, DateTime.Now.ToString("ddMMyyyyHHmm"),
new CookieOptions()
{
Expires = new DateTimeOffset(DateTime.Now.AddYears(1)),
Path = "/",
SameSite = SameSiteMode.Lax,
HttpOnly = true // no js accessibility
});
if (session.CheckIfNeedsAuditing(AuditActions.AuditLogin))
{
await SecurityManager.AuditLoginAsync(session.GetUserID());
}
// mark the session as initialized.
session.SetInt32(SessionKeys.SessionInitialized, 1);
}
