/// <summary>
/// This method executes when the user clicks the verify button in
/// the verify code section and it attempts to log the user in with
/// the code they entered
/// </summary>
/// <param name="sender">The btnVerifyCode DevEx button</param>
/// <param name="e">The Click event</param>
protected void btnVerifyCode_Click(object sender, EventArgs e)
{
//Only continue if the validation is successful
if (ASPxEdit.AreEditorsValid(this, btnVerifyCode.ValidationGroup))
{
//Try to sign the user in
var result = signinManager.TwoFactorSignIn <PyramidUser, string>(hfSelectedProvider.Value, txtCode.Text, isPersistent: false, rememberBrowser: chkRememberBrowser.Checked);
switch (result)
{
case SignInStatus.Success:
//Get the user ID
string userID = signinManager.GetVerifiedUserId <PyramidUser, string>();
//Get the user
var user = manager.FindById(userID);
//Get the user's program roles
List <UserProgramRole> userProgramRoles;
using (PyramidContext context = new PyramidContext())
{
userProgramRoles = context.UserProgramRole.Where(upr => upr.Username == user.UserName).ToList();
}
//Redirect the user based on the number of roles they have
if (userProgramRoles.Count > 1)
{
//Redirect the user to the select role page
Response.Redirect(String.Format("/Account/SelectRole.aspx?ReturnUrl={0}&message={1}",
(Request.QueryString["ReturnUrl"] != null ? Request.QueryString["ReturnUrl"].ToString() : "/Default.aspx"),
"TwoFactorVerified"));
}
else
{
//Get the UserProgramRole
UserProgramRole programRole = userProgramRoles.FirstOrDefault();
//Set the session variables
Session["CodeProgramRoleFK"] = programRole.CodeProgramRole.CodeProgramRolePK;
Session["ProgramRoleName"] = programRole.CodeProgramRole.RoleName;
Session["ProgramFK"] = programRole.ProgramFK;
Session["ProgramName"] = programRole.Program.ProgramName;
//Redirect the user
Response.Redirect(Request.QueryString["ReturnUrl"] != null ? Request.QueryString["ReturnUrl"].ToString() : "/Default.aspx?message=TwoFactorVerified");
}
break;
case SignInStatus.LockedOut:
Response.Redirect("/Account/Lockout");
break;
case SignInStatus.Failure:
default:
msgSys.ShowMessageToUser("danger", "Invalid Code", "The code you entered is invalid!", 25000);
break;
}
}
}
/// <summary>
/// This method fires when the user clicks the save button and
/// it attempts to add a new user to the system with the information
/// provided on the page
/// </summary>
/// <param name="sender">The submitUser control</param>
/// <param name="e">The Click event</param>
protected void submitUser_Click(object sender, EventArgs e)
{
//Get the user manager
var manager = Context.GetOwinContext().GetUserManager <ApplicationUserManager>();
//Create and fill the user object
PyramidUser newUser = new PyramidUser();
newUser.FirstName = txtFirstName.Value.ToString();
newUser.LastName = txtLastName.Value.ToString();
newUser.UserName = txtUsername.Value.ToString();
newUser.Email = txtEmail.Value.ToString();
newUser.EmailConfirmed = false;
newUser.TwoFactorEnabled = false;
newUser.PhoneNumber = (txtPhoneNumber.Value == null ? null : txtPhoneNumber.Value.ToString());
newUser.PhoneNumberConfirmed = false;
//Attempt to create the user
IdentityResult result = manager.Create(newUser, txtPassword.Value.ToString());
if (result.Succeeded)
{
//If the user creation succeeded, send the user an email to confirm their account
string emailcode = manager.GenerateEmailConfirmationToken(newUser.Id);
string callbackUrl = IdentityHelper.GetAccountConfirmationRedirectUrl(emailcode, newUser.Id, Request);
manager.SendEmail(newUser.Id, "Confirm your account", Utilities.GetEmailHTML(callbackUrl, "Confirm Account", true, "Welcome " + newUser.FirstName + " " + newUser.LastName + "!", "Your user account for the Pyramid Model Implementation Data System was created by an administrator.<br/>Your username for this system is:<br/><br/>" + newUser.UserName + "<br/><br/>Once you confirm your account and create your password, you will be able to start using the system.<br/>To get started, please click the link below.", Request));
//Add the user to their identity role
manager.AddToRole(newUser.Id, ddIdentityRole.SelectedItem.Text.ToString());
//Add the user to their program role
using (PyramidContext context = new PyramidContext())
{
//Create the UserProgramRole object and fill it
UserProgramRole userPrgRole = new UserProgramRole();
userPrgRole.CreateDate = DateTime.Now;
userPrgRole.Creator = User.Identity.Name;
userPrgRole.ProgramFK = Convert.ToInt32(ddProgram.Value);
userPrgRole.ProgramRoleCodeFK = Convert.ToInt32(ddProgramRole.Value);
userPrgRole.Username = newUser.UserName;
//Add the UserProgramRole to the database and save
context.UserProgramRole.Add(userPrgRole);
context.SaveChanges();
}
//Redirect the user
Response.Redirect("/Admin/UserManagement?message=CreateUserSuccess");
}
else
{
msgSys.ShowMessageToUser("danger", "Error", result.Errors.FirstOrDefault(), 120000);
}
}
/// <summary>
/// This method fires when the user clicks the Remove Role button and
/// it removes the Program Role from the user
/// </summary>
/// <param name="sender">The lbDeleteRole LinkButton</param>
/// <param name="e">The Click event</param>
protected void lbDeleteRole_Click(object sender, EventArgs e)
{
//Get the calling button
LinkButton deleteButton = (LinkButton)sender;
//Get the specific repeater item
RepeaterItem item = (RepeaterItem)deleteButton.Parent;
//Get the hidden field with the PK for deletion
HiddenField hfUserProgramRolePK = (HiddenField)item.FindControl("hfUserProgramRolePK");
//Get the PK from the hidden field
int?rowToRemovePK = (String.IsNullOrWhiteSpace(hfUserProgramRolePK.Value) ? (int?)null : Convert.ToInt32(hfUserProgramRolePK.Value));
//Remove the role if the PK is not null
if (rowToRemovePK != null)
{
using (PyramidContext context = new PyramidContext())
{
//Only remove the role if the user has another role
if (context.UserProgramRole.Where(upr => upr.Username == currentUser.UserName).ToList().Count > 1)
{
//Get the role to remove
UserProgramRole roleToRemove = context.UserProgramRole.Where(upr => upr.UserProgramRolePK == rowToRemovePK).FirstOrDefault();
context.UserProgramRole.Remove(roleToRemove);
context.SaveChanges();
//Show the changes
BindUserProgramRoles(context, currentUser);
//Show a success message
msgSys.ShowMessageToUser("success", "Success", "Successfully removed user's program role!", 10000);
}
else
{
//Show an error message
msgSys.ShowMessageToUser("danger", "Error", "You cannot remove a user's only program role!", 120000);
}
}
}
else
{
msgSys.ShowMessageToUser("danger", "Error", "An error occurred while attempting to remove the role!", 120000);
}
}
/// <summary>
/// This method fires when the user clicks the Add Role button and
/// it adds the selected Program Role to the user
/// </summary>
/// <param name="sender">The btnAddRole DevExpress Bootstrap button</param>
/// <param name="e">The Click event</param>
protected void btnAddRole_Click(object sender, EventArgs e)
{
//Only continue if the page is valid
if (ASPxEdit.AreEditorsValid(this, btnAddRole.ValidationGroup))
{
int programRoleFK, programFK;
//Get the program role fk and program fk
programRoleFK = Convert.ToInt32(ddProgramRole.Value);
programFK = Convert.ToInt32(ddProgram.Value);
//Create the object and fill it
UserProgramRole newUpr = new UserProgramRole();
newUpr.Creator = User.Identity.Name;
newUpr.CreateDate = DateTime.Now;
newUpr.ProgramFK = programFK;
newUpr.Username = currentUser.UserName;
newUpr.ProgramRoleCodeFK = programRoleFK;
//Add the object to the database
using (PyramidContext context = new PyramidContext())
{
//Add the role
context.UserProgramRole.Add(newUpr);
context.SaveChanges();
//Show the changes
BindUserProgramRoles(context, currentUser);
}
//Clear the inputs
ddProgramRole.Value = "";
ddProgram.Value = "";
//Show a success message
msgSys.ShowMessageToUser("success", "Success", "Successfully added program role to user!", 10000);
}
}
/// <summary>
/// This method fires when the user clicks the Login button and it attempts to log
/// the user in
/// </summary>
/// <param name="sender">The btnLogin DevExpress button</param>
/// <param name="e">The Click event</param>
protected void btnLogin_Click(object sender, EventArgs e)
{
if (ASPxEdit.AreEditorsValid(this, btnLogin.ValidationGroup))
{
// Validate the user password
var manager = Context.GetOwinContext().GetUserManager <ApplicationUserManager>();
var signinManager = Context.GetOwinContext().GetUserManager <ApplicationSignInManager>();
//Try to get the user
PyramidUser user = manager.FindByName(txtUsername.Text);
//Make sure that the user is confirmed
if (user != null && manager.IsEmailConfirmed(user.Id))
{
//Try to sign the user in
var result = signinManager.PasswordSignIn(txtUsername.Text, txtPassword.Text, false, user.LockoutEnabled);
switch (result)
{
case SignInStatus.Success:
//The user successfully logged in
List <UserProgramRole> userProgramRoles;
List <spGetUserCustomizationOptions_Result> userCustomizationOptions;
using (PyramidContext context = new PyramidContext())
{
//Get the user's program roles
userProgramRoles = context.UserProgramRole.AsNoTracking()
.Include(upr => upr.CodeProgramRole)
.Include(upr => upr.Program)
.Where(upr => upr.Username == txtUsername.Text).ToList();
//Get the user's customization options
userCustomizationOptions = context.spGetUserCustomizationOptions(txtUsername.Text).ToList();
//Keep a record of successful logins
LoginHistory history = new LoginHistory();
history.Username = txtUsername.Text;
history.LoginTime = DateTime.Now;
//If the user only has one program role, record it in the login history
if (userProgramRoles.Count == 1)
{
history.ProgramFK = userProgramRoles.First().ProgramFK;
history.Role = userProgramRoles.First().CodeProgramRole.RoleName;
}
//Save the login history
context.LoginHistory.Add(history);
context.SaveChanges();
//Save the LoginHistory primary key to the session for later access
Session["LoginHistoryPK"] = history.LoginHistoryPK;
}
//Set the user customization options cookie
Utilities.SetCustomizationOptionCookie(userCustomizationOptions);
//Redirect the user based on the number of roles they have
if (userProgramRoles.Count > 1)
{
Response.Redirect(String.Format("/Account/SelectRole.aspx?ReturnUrl={0}",
(Request.QueryString["ReturnUrl"] != null ? Request.QueryString["ReturnUrl"].ToString() : "/Default.aspx")));
}
else
{
//To hold the role information
ProgramAndRoleFromSession roleInfo = new ProgramAndRoleFromSession();
//Get the UserProgramRole
UserProgramRole userRole = userProgramRoles.FirstOrDefault();
//Set the session variables for the program roles
roleInfo.RoleFK = userRole.CodeProgramRole.CodeProgramRolePK;
roleInfo.RoleName = userRole.CodeProgramRole.RoleName;
roleInfo.AllowedToEdit = userRole.CodeProgramRole.AllowedToEdit;
roleInfo.CurrentProgramFK = userRole.ProgramFK;
roleInfo.ProgramName = userRole.Program.ProgramName;
//Get the hub and state information
using (PyramidContext context = new PyramidContext())
{
Program currentProgram = context.Program.AsNoTracking()
.Include(p => p.Hub)
.Include(p => p.State)
.Include(p => p.ProgramType)
.Where(p => p.ProgramPK == userRole.ProgramFK).FirstOrDefault();
roleInfo.HubFK = currentProgram.HubFK;
roleInfo.HubName = currentProgram.Hub.Name;
roleInfo.StateFK = currentProgram.StateFK;
roleInfo.StateName = currentProgram.State.Name;
roleInfo.StateLogoFileName = currentProgram.State.LogoFilename;
roleInfo.StateCatchphrase = currentProgram.State.Catchphrase;
roleInfo.StateDisclaimer = currentProgram.State.Disclaimer;
//Set the allowed program fks
if (roleInfo.RoleFK == (int)Utilities.ProgramRoleFKs.HUB_DATA_VIEWER)
{
//Hub viewer, allow them to see the programs in that hub
var hubPrograms = context.Program.AsNoTracking()
.Where(p => p.HubFK == roleInfo.HubFK.Value)
.ToList();
roleInfo.ProgramFKs = hubPrograms
.Select(hp => hp.ProgramPK)
.ToList();
//Allow them to see all cohorts in their hub
roleInfo.CohortFKs = hubPrograms
.Select(hp => hp.CohortFK)
.Distinct()
.ToList();
//Don't restrict their view of the BOQs
roleInfo.ShowBOQ = true;
roleInfo.ShowBOQFCC = true;
}
else if (roleInfo.RoleFK == (int)Utilities.ProgramRoleFKs.APPLICATION_ADMIN)
{
//App admin, allow them to see all programs in a state
roleInfo.ProgramFKs = context.Program.AsNoTracking()
.Where(p => p.StateFK == roleInfo.StateFK.Value)
.Select(p => p.ProgramPK).ToList();
//Allow them to see all cohorts in a state
roleInfo.CohortFKs = context.Cohort.AsNoTracking()
.Where(c => c.StateFK == roleInfo.StateFK.Value)
.Select(c => c.CohortPK).ToList();
//Don't restrict their view of the BOQs
roleInfo.ShowBOQ = true;
roleInfo.ShowBOQFCC = true;
}
else if (roleInfo.RoleFK == (int)Utilities.ProgramRoleFKs.SUPER_ADMIN)
{
//Super admin, all programs in all states
roleInfo.ProgramFKs = context.Program.AsNoTracking()
.Select(p => p.ProgramPK).ToList();
//All cohorts
roleInfo.CohortFKs = context.Cohort.AsNoTracking()
.Select(c => c.CohortPK).ToList();
//Don't restrict their view of the BOQs
roleInfo.ShowBOQ = true;
roleInfo.ShowBOQFCC = true;
}
else
{
//Something else, limit to the current program fk
List <int> programFKs = new List <int>();
programFKs.Add(roleInfo.CurrentProgramFK.Value);
roleInfo.ProgramFKs = programFKs;
//Limit to current cohort fk
List <int> cohortFKs = new List <int>();
cohortFKs.Add(currentProgram.CohortFK);
roleInfo.CohortFKs = cohortFKs;
//Determine if this program is a FCC program
var fccProgramTypes = currentProgram.ProgramType
.Where(pt => pt.TypeCodeFK == (int)Utilities.ProgramTypeFKs.FAMILY_CHILD_CARE ||
pt.TypeCodeFK == (int)Utilities.ProgramTypeFKs.GROUP_FAMILY_CHILD_CARE)
.ToList();
//Limit their view to the right BOQ type
if (fccProgramTypes.Count > 0)
{
roleInfo.ShowBOQ = false;
roleInfo.ShowBOQFCC = true;
}
else
{
roleInfo.ShowBOQ = true;
roleInfo.ShowBOQFCC = false;
}
}
}
//Add the role information to the session
Utilities.SetProgramRoleInSession(Session, roleInfo);
//Redirect the user
Response.Redirect(Request.QueryString["ReturnUrl"] != null ? Request.QueryString["ReturnUrl"].ToString() : "/Default.aspx");
}
break;
case SignInStatus.LockedOut:
Response.Redirect("/Account/Lockout");
break;
case SignInStatus.RequiresVerification:
Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}",
Request.QueryString["ReturnUrl"]), true);
break;
case SignInStatus.Failure:
default:
//Show the user an error message
msgSys.ShowMessageToUser("danger", "Error", "Invalid login attempt", 120000);
//Focus the password text box
txtPassword.Focus();
break;
}
}
else
{
msgSys.ShowMessageToUser("danger", "Error", "Invalid login attempt", 120000);
}
}
}
