Exemple #1
0
        public async Task <ActionResult> ForgotPassword(ForgotPassword model)
        {
            if (!string.IsNullOrEmpty(AppConfig.ReCAPTCHAKey))
            {
                var captchaResult = await ReCaptcha2.ValidateAsync(new AspNetCoreHttpRequest(Request), AppConfig.ReCAPTCHAKey);

                if (!captchaResult.Success)
                {
                    ModelState.AddModelError("CAPTCHA", ViewRes.User.ForgotPasswordStrings.CaptchaIsInvalid);
                }
            }

            if (!ModelState.IsValid)
            {
                return(View());
            }

            try
            {
                await Data.RequestPasswordReset(model.Username, model.Email, AppConfig.HostAddress + Url.Action("ResetPassword", "User"));
            }
            catch (UserNotFoundException) { }

            TempData.SetStatusMessage(ViewRes.User.ForgotPasswordStrings.MessageSent);

            return(RedirectToAction("Login"));
        }
Exemple #2
0
        public async Task <ActionResult> Create(RegisterModel model)
        {
            string restrictedErr = "Sorry, access from your host is restricted. It is possible this restriction is no longer valid. If you think this is the case, please contact support.";

            if (!ModelState.IsValidField("Extra"))
            {
                log.Warn("An attempt was made to fill the bot decoy field from {0} with the value '{1}'.", Hostname, ModelState["Extra"]);
                ipRuleManager.AddTempBannedIP(Hostname, "Attempt to fill the bot decoy field");
                return(View(model));
            }

            if (config.SiteSettings.SignupsDisabled)
            {
                ModelState.AddModelError(string.Empty, "Signups are disabled");
            }

            var recaptchaResult = await ReCaptcha2.ValidateAsync(Request, AppConfig.ReCAPTCHAKey);

            if (!recaptchaResult.Success)
            {
                ErrorLogger.LogMessage(Request, string.Format("Invalid CAPTCHA (error {0})", recaptchaResult.Error), LogLevel.Warn);
                otherService.AuditLog("failed CAPTCHA", Hostname, AuditLogCategory.UserCreateFailCaptcha);
                ModelState.AddModelError("CAPTCHA", ViewRes.User.CreateStrings.CaptchaInvalid);
            }

            if (!ModelState.IsValid)
            {
                return(View(model));
            }

            if (!ipRuleManager.IsAllowed(Hostname))
            {
                log.Warn("Restricting blocked IP {0}.", Hostname);
                ModelState.AddModelError("Restricted", restrictedErr);
                return(View(model));
            }

            var time = TimeSpan.FromTicks(DateTime.Now.Ticks - model.EntryTime);

            // Attempt to register the user
            try {
                var url  = VocaUriBuilder.CreateAbsolute(Url.Action("VerifyEmail", "User")).ToString();
                var user = await Data.Create(model.UserName, model.Password, model.Email ?? string.Empty, Hostname,
                                             Request.UserAgent,
                                             WebHelper.GetInterfaceCultureName(Request),
                                             time, ipRuleManager, url);

                FormsAuthentication.SetAuthCookie(user.Name, false);
                return(RedirectToAction("Index", "Home"));
            } catch (UserNameAlreadyExistsException) {
                ModelState.AddModelError("UserName", ViewRes.User.CreateStrings.UsernameTaken);
                return(View(model));
            } catch (UserEmailAlreadyExistsException) {
                ModelState.AddModelError("Email", ViewRes.User.CreateStrings.EmailTaken);
                return(View(model));
            } catch (InvalidEmailFormatException) {
                ModelState.AddModelError("Email", ViewRes.User.MySettingsStrings.InvalidEmail);
                return(View(model));
            } catch (TooFastRegistrationException) {
                ModelState.AddModelError("Restricted", restrictedErr);
                return(View(model));
            } catch (RestrictedIPException) {
                ModelState.AddModelError("Restricted", restrictedErr);
                return(View(model));
            }
        }