public async Task <ActionResult> DeleteUser_Perform(ActionWithUserSearchData data, string submitAction) { if (!this.HttpContext.Session.HasSystemActionRights() || !this.HttpContext.Session.HasSystemActionRight(ActionRights.UserManagement)) { return(RedirectToAction("Index", "Home")); } if (submitAction != "Delete") { return(RedirectToAction("Index", "Home")); } if (data.FindUserData.SelectedUserIDs == null || data.FindUserData.SelectedUserIDs.Count <= 0) { return(await DeleteUser_Find(data)); } int userIdToDelete = data.FindUserData.SelectedUserIDs.FirstOrDefault(); var user = await UserGuiHelper.GetUserAsync(userIdToDelete); bool result = await UserManager.DeleteUserAsync(userIdToDelete); if (result) { ApplicationAdapter.AddUserToListToBeLoggedOutByForce(user.NickName); } await FillUserDataForStateAsync(data.FindUserData, AdminFindUserState.PostAction, string.Empty, string.Empty); var viewData = new ActionWithUserSearchData(data.FindUserData); viewData.FinalActionResult = result ? "The user has been deleted" : "Deleting the user failed, perhaps you selected a user that couldn't be deleted?"; return(View("~/Views/Admin/DeleteUser.cshtml", viewData)); }
private async Task <(bool proceedWithInit, bool incorrectlyConfigured)> ShouldPerformInitAsync() { bool proceedWithInit = false; bool incorrectlyConfigured = false; // check if there's an anonymous user in the database var anonymous = await UserGuiHelper.GetUserAsync(0); // use hardcoded 0 id. if (anonymous == null) { proceedWithInit = true; } else { if (anonymous.NickName != "Anonymous") { incorrectlyConfigured = true; } } if (proceedWithInit) { var admin = await UserGuiHelper.GetUserAsync(1); // use hardcoded 1 id. if (admin != null) { proceedWithInit = false; incorrectlyConfigured = true; // anonymous wasn't there, but admin was... } } return(proceedWithInit, incorrectlyConfigured); }
public async Task <ActionResult> EditUserInfo_FinalAction(EditUserInfoData data) { if (!this.HttpContext.Session.HasSystemActionRights() || !this.HttpContext.Session.HasSystemActionRight(ActionRights.UserManagement)) { return(RedirectToAction("Index", "Home")); } data.UserTitles = await UserGuiHelper.GetAllUserTitlesAsync(); data.Roles = await SecurityGuiHelper.GetAllRolesAsync(); if (!ModelState.IsValid) { return(View("~/Views/Admin/EditUserInfo.cshtml", data)); } data.Sanitize(); data.StripProtocolsFromUrls(); bool result = false; var user = await UserGuiHelper.GetUserAsync(data.UserId); if (user != null) { result = await UserManager.UpdateUserProfileAsync(data.UserId, data.DateOfBirth, data.EmailAddress, user.EmailAddressIsPublic ?? false, data.IconURL, data.Location, data.Occupation, data.NewPassword, data.Signature, data.Website, data.UserTitleId, user.AutoSubscribeToThread, user.DefaultNumberOfMessagesPerPage, data.IsBanned, data.RoleIDs); } data.InfoEdited = result; return(View("~/Views/Admin/EditUserInfo.cshtml", data)); }
public async Task <ActionResult> EditProfile() { var user = await UserGuiHelper.GetUserAsync(this.HttpContext.Session.GetUserID()); if (user == null) { // not found return(RedirectToAction("Index", "Home")); } var data = new EditProfileData() { AutoSubscribeToThread = user.AutoSubscribeToThread, EmailAddress = user.EmailAddress, EmailAddressIsPublic = user.EmailAddressIsPublic ?? false, NickName = user.NickName, DateOfBirth = user.DateOfBirth, Occupation = user.Occupation ?? string.Empty, Location = user.Location ?? string.Empty, Signature = user.Signature ?? string.Empty, Website = user.Website ?? string.Empty, IconURL = user.IconURL ?? string.Empty, DefaultNumberOfMessagesPerPage = user.DefaultNumberOfMessagesPerPage }; data.Sanitize(); return(View(data)); }
public async Task <ActionResult> EditUserInfo_UserSelected(ActionWithUserSearchData data, string submitAction) { if (!this.HttpContext.Session.HasSystemActionRights() || !this.HttpContext.Session.HasSystemActionRight(ActionRights.UserManagement)) { return(RedirectToAction("Index", "Home")); } if (submitAction == "SearchAgain") { return(await EditUserInfo()); } if (submitAction != "PerformAction") { return(RedirectToAction("Index", "Home")); } if (data.FindUserData.SelectedUserIDs == null || data.FindUserData.SelectedUserIDs.Count <= 0) { return(await EditUserInfo_Find(data)); } var user = await UserGuiHelper.GetUserAsync(data.FindUserData.SelectedUserIDs.FirstOrDefault()); if (user == null) { // not found return(RedirectToAction("Index", "Home")); } var newData = new EditUserInfoData() { UserId = user.UserID, EmailAddress = user.EmailAddress, NickName = user.NickName, DateOfBirth = user.DateOfBirth, Occupation = user.Occupation ?? string.Empty, Location = user.Location ?? string.Empty, Signature = user.Signature ?? string.Empty, Website = user.Website ?? string.Empty, IconURL = user.IconURL ?? string.Empty, UserTitleId = user.UserTitleID, IPAddress = user.IPNumber, LastVisitDate = user.LastVisitedDate.HasValue ? user.LastVisitedDate.Value.ToString("f") : "Never", IsBanned = user.IsBanned, RoleIDs = await SecurityGuiHelper.GetAllRoleIDsForUserAsync(user.UserID), Roles = await SecurityGuiHelper.GetAllRolesAsync(), UserTitles = await UserGuiHelper.GetAllUserTitlesAsync(), }; newData.Sanitize(); return(View("~/Views/Admin/EditUserInfo.cshtml", newData)); }
private static async Task RedirectToInitIfRequired(HttpContext context) { // check if there's an anonymous user in the database var anonymous = await UserGuiHelper.GetUserAsync(0); // use hardcoded 0 id. This also makes sure a misconfigured db isn't used further. if (anonymous == null) { // database is empty context.Request.Path = ApplicationAdapter.GetVirtualRoot() + "Admin/Init"; } else { if (anonymous.NickName != "Anonymous") { // Misconfigured. context.Request.Path = ApplicationAdapter.GetVirtualRoot() + "Error/1337"; } } }
public async Task <ActionResult> BanUnbanUser_Perform(ActionWithUserSearchData data, string submitAction) { if (!this.HttpContext.Session.HasSystemActionRights() || !this.HttpContext.Session.HasSystemActionRight(ActionRights.UserManagement)) { return(RedirectToAction("Index", "Home")); } if (submitAction != "ToggleBanFlag") { return(RedirectToAction("Index", "Home")); } if (data.FindUserData.SelectedUserIDs == null || data.FindUserData.SelectedUserIDs.Count <= 0) { return(await BanUnbanUser_Find(data)); } int userIdToToggleBanFlagOf = data.FindUserData.SelectedUserIDs.FirstOrDefault(); var(toggleResult, newBanFlagValue) = await UserManager.ToggleBanFlagValueAsync(userIdToToggleBanFlagOf); if (newBanFlagValue) { var user = await UserGuiHelper.GetUserAsync(userIdToToggleBanFlagOf); ApplicationAdapter.AddUserToListToBeLoggedOutByForce(user.NickName); } await FillUserDataForStateAsync(data.FindUserData, AdminFindUserState.PostAction, string.Empty, string.Empty); var viewData = new ActionWithUserSearchData(data.FindUserData); if (toggleResult) { viewData.FinalActionResult = newBanFlagValue ? "The user is now banned" : "The user has been unbanned"; } else { viewData.FinalActionResult = "Toggling the ban flag failed."; } return(View("~/Views/Admin/BanUnbanUser.cshtml", viewData)); }
public async Task <ActionResult> ShowAuditInfoUser_UserSelected(ActionWithUserSearchData data, string submitAction, string filterAsString, string foundUserIds) { if (!this.HttpContext.Session.HasSystemActionRights() || !this.HttpContext.Session.HasSystemActionRight(ActionRights.UserManagement)) { return(RedirectToAction("Index", "Home")); } if (submitAction == "SearchAgain") { return(await ShowAuditInfoUser()); } if (submitAction != "PerformAction") { return(RedirectToAction("Index", "Home")); } if (data.FindUserData.SelectedUserIDs == null || data.FindUserData.SelectedUserIDs.Count <= 0 || string.IsNullOrWhiteSpace(foundUserIds)) { return(await ShowAuditInfoUser_Find(data)); } int selectedUserId = data.FindUserData.SelectedUserIDs.FirstOrDefault(); var auditDataForView = new ShowAuditInfoUserData(data.FindUserData) { AuditData = await SecurityGuiHelper.GetAllAuditsForUserAsync(selectedUserId), AuditedUser = await UserGuiHelper.GetUserAsync(selectedUserId) }; data.FindUserData.OverrideFilterAsString(filterAsString); // we'll keep the search form open so we can quickly view data of multiple users without searching again. This means we'll keep the finduserdata state // as it is, as this is the end state of this action anyway. data.FindUserData.ActionButtonText = "View audit info"; data.FindUserData.FindUserState = AdminFindUserState.UsersFound; var userIDsFoundAsString = foundUserIds.Split(','); var userIDsOfUsersToLoad = userIDsFoundAsString.Select(us => Convert.ToInt32(us)).ToList(); data.FindUserData.FoundUsers = await UserGuiHelper.GetUsersAsync(userIDsOfUsersToLoad); return(View("~/Views/Admin/ShowAuditInfoUser.cshtml", auditDataForView)); }
public async Task <IActionResult> ResetPassword(ResetPasswordData data) { if (!ModelState.IsValid) { return(View(data)); } // check if the email address specified is the one registered with the user. If not, redirect to home var user = await UserGuiHelper.GetUserAsync(data.NickName); if (string.Compare(user.EmailAddress, data.EmailAddress, StringComparison.OrdinalIgnoreCase) != 0) { // not the same, ignore request return(RedirectToAction("Index", "Home")); } await PerformResetPasswordAsync(data); return(View(data)); }
/// <summary> /// Initializes the session with the initial static data for the user. /// </summary> /// <param name="session"></param> /// <param name="context"></param> public static async Task InitializeAsync(this ISession session, HttpContext context) { if (session.GetInt32(SessionKeys.SessionInitialized) == 1) { // already initialized return; } bool useEntityBasedLastVisitDateTracking = false; UserEntity user = null; if (context.User.Identity.IsAuthenticated) { user = await UserGuiHelper.GetUserAsync(context.User.Identity.Name); if (user == null) { user = await UserGuiHelper.GetUserAsync(0); // 0 is UserID of Anonymous Coward; } else { // if the lastvisited date is null in the user entity, we'll use the cookie approach first useEntityBasedLastVisitDateTracking = user.LastVisitedDate.HasValue; } } else { user = await UserGuiHelper.GetUserAsync(0); // 0 is UserID of Anonymous Coward } if (user == null || user.IsBanned) { // banned user, revert to AC user = await UserGuiHelper.GetUserAsync(0); useEntityBasedLastVisitDateTracking = false; } if (user == null || user.UserID <= 0) { await session.LoadAnonymousSessionDataAsync(); } else { await session.LoadUserSessionDataAsync(user); } bool isLastVisitDateValid = false; DateTime lastVisitDate = DateTime.Now; string lastVisitDateCookieName = ApplicationAdapter.GetSiteName() + " LastVisitDate"; // the last visited date is either stored in a cookie or on the server. Older versions of this forum system used cookie based last visited date storage, // newer versions use server side storage in the User entity. For non-logged in users, cookie based storage is still used. if (useEntityBasedLastVisitDateTracking) { lastVisitDate = user.LastVisitedDate.Value; isLastVisitDateValid = true; } else { // read last visit date from cookie collection sent if (context.Request.Cookies[lastVisitDateCookieName] != null) { string lastVisitDateAsString = context.Request.Cookies[lastVisitDateCookieName]; // convert to datetime lastVisitDate = new DateTime( int.Parse(lastVisitDateAsString.Substring(4, 4)), // Year int.Parse(lastVisitDateAsString.Substring(2, 2)), // Month int.Parse(lastVisitDateAsString.Substring(0, 2)), // Day int.Parse(lastVisitDateAsString.Substring(8, 2)), // Hour int.Parse(lastVisitDateAsString.Substring(10, 2)), // Minute 0); // Seconds isLastVisitDateValid = true; } else { lastVisitDate = DateTime.Now; } } if (isLastVisitDateValid) { // store in session object session.AddLastVisitDate(lastVisitDate); } // update date if (useEntityBasedLastVisitDateTracking || (user != null && user.UserID != 0 && !user.LastVisitedDate.HasValue)) { await UserManager.UpdateLastVisitDateForUserAsync(user.UserID); } // always write new cookie // cookie path is set to '/', to avoid path name casing mismatches. The cookie has a unique name anyway. context.Response.Cookies.Append(lastVisitDateCookieName, DateTime.Now.ToString("ddMMyyyyHHmm"), new CookieOptions() { Expires = new DateTimeOffset(DateTime.Now.AddYears(1)), Path = "/", SameSite = SameSiteMode.Lax, HttpOnly = true // no js accessibility }); if (session.CheckIfNeedsAuditing(AuditActions.AuditLogin)) { await SecurityManager.AuditLoginAsync(session.GetUserID()); } // mark the session as initialized. session.SetInt32(SessionKeys.SessionInitialized, 1); }
public async Task <ActionResult> Add(int threadId = 0, int messageIdToQuote = 0) { if (this.HttpContext.Session.IsAnonymousUser()) { return(RedirectToAction("Index", "Home")); } var(userMayAddMessages, thread) = await PerformAddMessageSecurityChecksAsync(threadId); if (!userMayAddMessages) { return(RedirectToAction("Index", "Home")); } MessageEntity messageToQuote = null; UserEntity userOfMessageToQuote = null; if (messageIdToQuote > 0) { messageToQuote = await MessageGuiHelper.GetMessageAsync(messageIdToQuote); if (messageToQuote == null || messageToQuote.ThreadID != threadId) { // doesn't exist, or is in another thread, ignore. return(RedirectToAction("Index", "Home")); } userOfMessageToQuote = await UserGuiHelper.GetUserAsync(messageToQuote.PostedByUserID); if (userOfMessageToQuote == null) { return(RedirectToAction("Index", "Home")); } } var forum = await _cache.GetForumAsync(thread.ForumID); if (forum == null) { return(RedirectToAction("Index", "Home")); } string messageTextForEditor = messageToQuote == null ? string.Empty : string.Format("@quote {0}{1}{2}{1}@end{1}", userOfMessageToQuote.NickName, Environment.NewLine, messageToQuote.MessageText); var messageData = new MessageData() { MessageText = messageTextForEditor, CurrentUserID = this.HttpContext.Session.GetUserID(), ForumID = forum.ForumID, ThreadID = thread.ThreadID, ForumName = forum.ForumName, SectionName = await _cache.GetSectionNameAsync(forum.SectionID), ThreadSubject = thread.Subject, PageNo = 1, LastMessageInThread = await ThreadGuiHelper.GetLastMessageInThreadDtoAsync(threadId), }; return(View(messageData)); }