public async Task <IActionResult> OnGetAsync()
{
// no token provided
if (string.IsNullOrEmpty(AccessURL))
{
return(RedirectToPage("./Error"));
}
// find activation token with url
Models.ServiceToken t_token = _context.ServiceToken.Where(t => t.URL == AccessURL && t.Action == "activate").FirstOrDefault();
// no such token
if (t_token == null)
{
return(RedirectToPage("./Error"));
}
// expiration
if (DateTime.UtcNow >= t_token.Expiration)
{
ViewData["warn"] = "This token is expired.";
return(Page());
}
// already done
if (t_token.Resolved)
{
ViewData["warn"] = "This account is already activated.";
return(Page());
}
Models.User t_user = _context.User.Where(u => u.UserID == t_token.UserID).FirstOrDefault();
ViewData["Username"] = t_user.Username;
//ViewData["token_id"] = TokenID = t_token.ID;
return(Page());
}
public async Task <IActionResult> OnPostAsync()
{
// session magic
byte[] q_bytes;
HttpContext.Session.TryGetValue("reset_question", out q_bytes);
int q_id = BitConverter.ToInt32(q_bytes);
// verify security question
int u_id = _context.ServiceToken.Where(t => t.URL == AccessURL).FirstOrDefault().UserID;
if (!_context.SecurityAnswer.Where(a => a.UserID == u_id && a.QuestionID == q_id).FirstOrDefault().Answer.Contains(Answer.ToLower().Replace(" ", "").Replace("\t", "").Replace("\n", "")))
{
ViewData["warn"] = "You have answered the security question incorrectly.";
return(Page());
}
// generate salt and password
Models.Hasher hasher = new Models.Hasher();
string Salt = hasher.GenerateSalt(32);
this.Password = hasher.HashPassword(this.Password, Salt, 100, 32);
Models.ServiceToken t_token = _context.ServiceToken.Where(t => t.URL == AccessURL && t.Action == "password" && t.Resolved == false).FirstOrDefault();
var U = _context.User.Where(u => u.UserID == t_token.UserID).FirstOrDefault();
U.Salt = Salt;
U.Password = Password;
t_token.Resolved = true;
t_token.URL = "";
await _context.SaveChangesAsync();
ViewData["message"] = "Password reset successfully. You may now log in.";
return(Page());
}
public async Task <IActionResult> OnPostAsync()
{
if (!ModelState.IsValid)
{
ViewData["warn"] = "Invalid Username.";
return(Page());
}
if (!string.IsNullOrEmpty(Email))
{
if (_context.User.Any(u => u.Email == Email.ToLower()))
{
// get user ID
int id = _context.User.Where(u => u.Email == Email).FirstOrDefault().UserID;
// remove pending resets
foreach (var t in _context.ServiceToken.Where(t => t.UserID == id && t.Action == "password" && t.Resolved == false))
{
_context.ServiceToken.Remove(t);
}
// misuse password hasher to make an activation URL
Models.Hasher hasher = new Models.Hasher();
string Salt = hasher.GenerateSalt(8);
string url;
do
{
int i = 0;
url = hasher.HashPassword("p" + id + DateTime.UtcNow, "", 10 + i, 8 + (i / 8));
} while (_context.ServiceToken.Any(t => t.URL == url));
// make reset token
Models.ServiceToken newToken;
try
{
newToken = new Models.ServiceToken
{
UserID = id,
Action = "password",
URL = url,
Creation = DateTime.UtcNow,
Expiration = DateTime.UtcNow.AddHours(12),
Resolved = false
};
}
catch (Exception ex)
{
ViewData["message"] = "There was an error creating your password reset token.";
return(Page());
}
await _context.ServiceToken.AddAsync(newToken);
await _context.SaveChangesAsync();
Models.ServiceToken token = _context.ServiceToken.Where(t => t.UserID == id && t.Action == "password" && t.Resolved == false).FirstOrDefault();
// TODO: replace with email
//return RedirectToPage("./ResetPassword/" + token.URL);
ViewData["reset_link"] = "./ResetPassword/" + token.URL;
return(Page());
}
else
{
ViewData["message"] = "There are no accounts with that email address. "
+ "\nIn the future, we will send password resets to you via email.";
return(Page());
}
}
return(Page());
}
public async Task OnPostAsync()
{
if (string.IsNullOrEmpty(Credentials.Email) || string.IsNullOrEmpty(Credentials.Username) || string.IsNullOrEmpty(Credentials.Password) ||
string.IsNullOrEmpty(Credentials.FirstName) || string.IsNullOrEmpty(Credentials.LastName))
{
await OnGetAsync();
return;
}
// verify questions
foreach (var q in Credentials.SecurityQuestions)
{
if (string.IsNullOrEmpty(q.Question))
{
await OnGetAsync();
return;
}
}
// verify answers
for (int i = 0; i < Credentials.SecurityAnswers.Count(); i++)
{
var a = Credentials.SecurityAnswers[i];
a.QuestionID = Credentials.SecurityQuestions[i].QuestionID;
if (string.IsNullOrEmpty(a.Answer))
{
await OnGetAsync();
return;
}
}
if (_context.User.Count() > 0)
{
if (_context.User.Any(u => u.Username == Credentials.Username))
{
ViewData["warn"] = "Username \"" + Credentials.Username + "\" is taken.";
await OnGetAsync();
return;
}
if (_context.User.Any(u => u.Email == Credentials.Email))
{
ViewData["warn"] = "Email \"" + Credentials.Email + "\" is already in use.";
await OnGetAsync();
return;
}
}
if (await Credentials.TrySignup(_context))
{
// provide activation token directly until email is enabled
// TODO: replace with email
Models.User user = _context.User.Where(u => u.Username == Credentials.Username && u.Password == Credentials.Password).FirstOrDefault();
Models.ServiceToken token = _context.ServiceToken.Where(t => t.UserID == user.UserID && t.Action == "activate").FirstOrDefault();
HttpContext.Session.Set("activation_token", Models.UMSerializer.SerializeToken(token));
Response.Redirect("./Register/Success");
return;
}
else
{
ViewData["warn"] = "An error has occurred while creating your account (Username:"******"). Please contact an administrator.";
await OnGetAsync();
return;
}
//Response.Redirect("../Index");
}
public async Task <IActionResult> OnGetAsync()
{
// no token provided
if (string.IsNullOrEmpty(AccessURL))
{
return(RedirectToPage("/Error"));
}
// find activation token with url
Models.ServiceToken t_token = _context.ServiceToken.Where(t => t.URL == AccessURL && t.Action == "password").FirstOrDefault();
// no such token
if (t_token == null)
{
return(RedirectToPage("/Error"));
}
// expiration
if (DateTime.UtcNow >= t_token.Expiration)
{
ViewData["warn"] = "This token is expired.";
return(Page());
}
// already done
if (t_token.Resolved)
{
ViewData["warn"] = "This token is expired.";
return(Page());
}
int id = t_token.UserID;
Models.User t_user = _context.User.Where(u => u.UserID == id).FirstOrDefault();
ViewData["Username"] = t_user.Username;
ViewData["Email"] = t_user.Email;
// select question
var Answers = _context.SecurityAnswer.Where(a => a.UserID == id);
Question = "";
Random rand = new Random();
while (string.IsNullOrEmpty(Question))
{
foreach (var a in Answers)
{
if (rand.Next(2) == 1)
{
var q = _context.SecurityQuestion.Where(q => q.QuestionID == a.QuestionID).FirstOrDefault();
HttpContext.Session.Set("reset_question", BitConverter.GetBytes(q.QuestionID));
Question = q.Question;
ViewData["Question"] = Question;
break;
}
}
}
return(Page());
}
