public async Task <IActionResult> OnGetAsync() { // no token provided if (string.IsNullOrEmpty(AccessURL)) { return(RedirectToPage("./Error")); } // find activation token with url Models.ServiceToken t_token = _context.ServiceToken.Where(t => t.URL == AccessURL && t.Action == "activate").FirstOrDefault(); // no such token if (t_token == null) { return(RedirectToPage("./Error")); } // expiration if (DateTime.UtcNow >= t_token.Expiration) { ViewData["warn"] = "This token is expired."; return(Page()); } // already done if (t_token.Resolved) { ViewData["warn"] = "This account is already activated."; return(Page()); } Models.User t_user = _context.User.Where(u => u.UserID == t_token.UserID).FirstOrDefault(); ViewData["Username"] = t_user.Username; //ViewData["token_id"] = TokenID = t_token.ID; return(Page()); }
public async Task <IActionResult> OnPostAsync() { // session magic byte[] q_bytes; HttpContext.Session.TryGetValue("reset_question", out q_bytes); int q_id = BitConverter.ToInt32(q_bytes); // verify security question int u_id = _context.ServiceToken.Where(t => t.URL == AccessURL).FirstOrDefault().UserID; if (!_context.SecurityAnswer.Where(a => a.UserID == u_id && a.QuestionID == q_id).FirstOrDefault().Answer.Contains(Answer.ToLower().Replace(" ", "").Replace("\t", "").Replace("\n", ""))) { ViewData["warn"] = "You have answered the security question incorrectly."; return(Page()); } // generate salt and password Models.Hasher hasher = new Models.Hasher(); string Salt = hasher.GenerateSalt(32); this.Password = hasher.HashPassword(this.Password, Salt, 100, 32); Models.ServiceToken t_token = _context.ServiceToken.Where(t => t.URL == AccessURL && t.Action == "password" && t.Resolved == false).FirstOrDefault(); var U = _context.User.Where(u => u.UserID == t_token.UserID).FirstOrDefault(); U.Salt = Salt; U.Password = Password; t_token.Resolved = true; t_token.URL = ""; await _context.SaveChangesAsync(); ViewData["message"] = "Password reset successfully. You may now log in."; return(Page()); }
public async Task <IActionResult> OnPostAsync() { if (!ModelState.IsValid) { ViewData["warn"] = "Invalid Username."; return(Page()); } if (!string.IsNullOrEmpty(Email)) { if (_context.User.Any(u => u.Email == Email.ToLower())) { // get user ID int id = _context.User.Where(u => u.Email == Email).FirstOrDefault().UserID; // remove pending resets foreach (var t in _context.ServiceToken.Where(t => t.UserID == id && t.Action == "password" && t.Resolved == false)) { _context.ServiceToken.Remove(t); } // misuse password hasher to make an activation URL Models.Hasher hasher = new Models.Hasher(); string Salt = hasher.GenerateSalt(8); string url; do { int i = 0; url = hasher.HashPassword("p" + id + DateTime.UtcNow, "", 10 + i, 8 + (i / 8)); } while (_context.ServiceToken.Any(t => t.URL == url)); // make reset token Models.ServiceToken newToken; try { newToken = new Models.ServiceToken { UserID = id, Action = "password", URL = url, Creation = DateTime.UtcNow, Expiration = DateTime.UtcNow.AddHours(12), Resolved = false }; } catch (Exception ex) { ViewData["message"] = "There was an error creating your password reset token."; return(Page()); } await _context.ServiceToken.AddAsync(newToken); await _context.SaveChangesAsync(); Models.ServiceToken token = _context.ServiceToken.Where(t => t.UserID == id && t.Action == "password" && t.Resolved == false).FirstOrDefault(); // TODO: replace with email //return RedirectToPage("./ResetPassword/" + token.URL); ViewData["reset_link"] = "./ResetPassword/" + token.URL; return(Page()); } else { ViewData["message"] = "There are no accounts with that email address. " + "\nIn the future, we will send password resets to you via email."; return(Page()); } } return(Page()); }
public async Task OnPostAsync() { if (string.IsNullOrEmpty(Credentials.Email) || string.IsNullOrEmpty(Credentials.Username) || string.IsNullOrEmpty(Credentials.Password) || string.IsNullOrEmpty(Credentials.FirstName) || string.IsNullOrEmpty(Credentials.LastName)) { await OnGetAsync(); return; } // verify questions foreach (var q in Credentials.SecurityQuestions) { if (string.IsNullOrEmpty(q.Question)) { await OnGetAsync(); return; } } // verify answers for (int i = 0; i < Credentials.SecurityAnswers.Count(); i++) { var a = Credentials.SecurityAnswers[i]; a.QuestionID = Credentials.SecurityQuestions[i].QuestionID; if (string.IsNullOrEmpty(a.Answer)) { await OnGetAsync(); return; } } if (_context.User.Count() > 0) { if (_context.User.Any(u => u.Username == Credentials.Username)) { ViewData["warn"] = "Username \"" + Credentials.Username + "\" is taken."; await OnGetAsync(); return; } if (_context.User.Any(u => u.Email == Credentials.Email)) { ViewData["warn"] = "Email \"" + Credentials.Email + "\" is already in use."; await OnGetAsync(); return; } } if (await Credentials.TrySignup(_context)) { // provide activation token directly until email is enabled // TODO: replace with email Models.User user = _context.User.Where(u => u.Username == Credentials.Username && u.Password == Credentials.Password).FirstOrDefault(); Models.ServiceToken token = _context.ServiceToken.Where(t => t.UserID == user.UserID && t.Action == "activate").FirstOrDefault(); HttpContext.Session.Set("activation_token", Models.UMSerializer.SerializeToken(token)); Response.Redirect("./Register/Success"); return; } else { ViewData["warn"] = "An error has occurred while creating your account (Username:"******"). Please contact an administrator."; await OnGetAsync(); return; } //Response.Redirect("../Index"); }
public async Task <IActionResult> OnGetAsync() { // no token provided if (string.IsNullOrEmpty(AccessURL)) { return(RedirectToPage("/Error")); } // find activation token with url Models.ServiceToken t_token = _context.ServiceToken.Where(t => t.URL == AccessURL && t.Action == "password").FirstOrDefault(); // no such token if (t_token == null) { return(RedirectToPage("/Error")); } // expiration if (DateTime.UtcNow >= t_token.Expiration) { ViewData["warn"] = "This token is expired."; return(Page()); } // already done if (t_token.Resolved) { ViewData["warn"] = "This token is expired."; return(Page()); } int id = t_token.UserID; Models.User t_user = _context.User.Where(u => u.UserID == id).FirstOrDefault(); ViewData["Username"] = t_user.Username; ViewData["Email"] = t_user.Email; // select question var Answers = _context.SecurityAnswer.Where(a => a.UserID == id); Question = ""; Random rand = new Random(); while (string.IsNullOrEmpty(Question)) { foreach (var a in Answers) { if (rand.Next(2) == 1) { var q = _context.SecurityQuestion.Where(q => q.QuestionID == a.QuestionID).FirstOrDefault(); HttpContext.Session.Set("reset_question", BitConverter.GetBytes(q.QuestionID)); Question = q.Question; ViewData["Question"] = Question; break; } } } return(Page()); }