/// <summary>
/// Performs the login sequence
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
private Nancy.Response ProcessLogin(NcbUser user)
{
user.PasswordHash = null;
DateTime nextDay = DateTime.Now.AddDays(+1);
var response = this.LoginWithoutRedirect(user.Guid, nextDay);
response.Contents = (s) =>
{
var json = JsonConvert.SerializeObject(user);
StreamWriter sw = new StreamWriter(s);
sw.Write(json);
sw.Flush();
};
if (user.UserName.StartsWith("fb_"))
{
response = response.WithCookie("_ncbfbuser", "1", nextDay);
}
var guid = user.Guid.ToString();
if (this.Context.GetUserId() != guid)
{
this.Context.Items["userid"] = user.Guid.ToString();
}
return(response);
}
public static void GenerateUserCode(NancyBlackDatabase db, NcbUser user)
{
user.Code = Guid.NewGuid().ToString().Substring(0, 5).ToUpper();
user.CodeRequestDate = DateTime.Now;
db.UpsertRecord <NcbUser>(user);
}
/// <summary>
/// Find User's Claim
/// </summary>
/// <param name="siteDb"></param>
/// <param name="user"></param>
private void AssignClaims(NancyBlackDatabase siteDb, NcbUser user)
{
var enroll = siteDb.Query <NcbEnroll>()
.Where(e => e.IsActive && e.NcbUserId == user.Id)
.ToList();
if (enroll.Count > 0)
{
var claims = new List <string>();
foreach (var item in enroll)
{
var _claims = GetRoleById(siteDb, item.NcbRoleId).Claims;
if (_claims == null)
{
continue;
}
claims.AddRange(from c in GetRoleById(siteDb, item.NcbRoleId).Claims
select c);
}
user.Claims = claims;
}
else
{
user.Claims = new string[0];
}
}
/// <summary>
/// Registers
/// </summary>
/// <param name="db"></param>
/// <param name="registerParameters"></param>
/// <returns></returns>
public NcbUser Register(NancyBlackDatabase db, string email, string passwordHash, bool genCode = false, bool returnExisting = false, dynamic initialProfile = null)
{
var existing = db.Query <NcbUser>()
.Where(u => u.Email == email)
.FirstOrDefault();
if (existing != null)
{
if (returnExisting == true)
{
// Update the profile
if (initialProfile != null)
{
existing.Profile = initialProfile;
db.UpsertRecord(existing);
}
return(existing);
}
throw new InvalidOperationException("Email already in use");
}
var user = new NcbUser();
user.Email = email;
user.PasswordHash = passwordHash;
user.Guid = Guid.NewGuid();
user.Profile = initialProfile;
if (genCode == true)
{
user.Code = Guid.NewGuid().ToString();
user.CodeRequestDate = DateTime.Now;
}
db.UpsertRecord(user);
user.PasswordHash = null;
return(user);
}
/// <summary>
/// Registers
/// </summary>
/// <param name="db"></param>
/// <param name="registerParameters"></param>
/// <returns></returns>
public NcbUser Register(NancyBlackDatabase db, string userName, string email, string passwordHash, bool genCode = false, bool returnExisting = false, dynamic initialProfile = null, Guid?existingGuid = null)
{
var existing = db.Query <NcbUser>()
.Where(u => u.UserName == userName)
.FirstOrDefault();
if (existing != null)
{
if (returnExisting == true)
{
// try to get email if user specified one in facebook
if (initialProfile != null)
{
bool save = false;
// this will allow admin to add Email to User and have the profile updated
if (existing.Email != null && initialProfile.email == null && existing.Email.StartsWith("fb_") == false)
{
existing.Profile.email = existing.Email;
save = true;
}
// if user has set the email, we extract the email into email field
if (initialProfile.email != null && existing.Email.StartsWith("fb_"))
{
existing.Email = initialProfile.email;
save = true;
}
if (save)
{
db.UpsertRecord(existing);
}
}
return(existing);
}
throw new InvalidOperationException("Email already in use");
}
var user = new NcbUser();
user.UserName = userName;
user.Email = email;
user.PasswordHash = passwordHash;
user.Profile = initialProfile;
if (existingGuid != null)
{
user.Guid = existingGuid.Value;
}
else
{
user.Guid = Guid.NewGuid();
}
if (genCode == true)
{
user.Code = Guid.NewGuid().ToString();
user.CodeRequestDate = DateTime.Now;
}
// if user is facebook user, keep the id from profile too
if (user.UserName.StartsWith("fb_") && user.Profile != null)
{
user.FacebookAppScopedId = user.Profile.id;
}
db.UpsertRecord(user);
user.PasswordHash = null;
return(user);
}
/// <summary>
/// Performs the login sequence
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
private Nancy.Response ProcessLogin(NcbUser user)
{
user.PasswordHash = null;
user.Id = 0;
var response = this.LoginWithoutRedirect(user.Guid, DateTime.Now.AddMinutes(15));
response.Cookies.Add(new Nancy.Cookies.NancyCookie("UserInfo", JsonConvert.SerializeObject(user)));
return response;
}
public MembershipModule()
{
this.GenerateFailSafeKey();
Get["/__membership/login"] = p =>
{
return(View["membership-login", new StandardModel(this)]);
};
Get["/__membership/logindialog"] = p =>
{
return(View["ncb-membership-logindialog", new StandardModel(this)]);
};
Get["/__membership/resetpassword"] = p =>
{
return(View["membership-resetpassword", new StandardModel(this)]);
};
Get["/__membership/logout"] = p =>
{
var response = this.LogoutAndRedirect("/");
response = response.WithCookie("_ncbfbuser", "0", DateTime.Now.AddDays(-10));
return(response);
};
Post["/__membership/login"] = p =>
{
var loginParams = this.Bind <LoginParams>();
var user = UserManager.Current.GetUserFromLogin(this.SiteDatabase, loginParams.Email, loginParams.Password);
if (user == null)
{
return(403);
}
return(this.ProcessLogin(user));
};
Post["/__membership/loginfacebook"] = this.HandleRequest(p =>
{
var input = p.body.Value;
if (input == null)
{
return(400);
}
// this is the guid that nancyblack generated to identify session
var existingGuid = Guid.Parse(this.Request.Cookies[BuiltInCookies.UserId]);
var userName = "******" + input.me.id;
NcbUser user = UserManager.Current.Register(this.SiteDatabase,
userName,
input.me.email == null ? userName : (string)input.me.email,
this.GetHash(userName),
false,
true,
input.me,
existingGuid);
return(this.ProcessLogin(user));
});
Post["/__membership/register"] = p =>
{
var existingGuid = Guid.Parse(this.Request.Cookies[BuiltInCookies.UserId]);
var registerParams = this.Bind <LoginParams>();
var user = UserManager.Current.Register(this.SiteDatabase, registerParams.Email, registerParams.Email, registerParams.Password, existingGuid: existingGuid);
return(this.ProcessLogin(user));
};
Post["/__membership/reset"] = p =>
{
var registerParams = this.Bind <LoginParams>();
var user = UserManager.Current.Reset(this.SiteDatabase, registerParams.Email, registerParams.Password, registerParams.Code);
return(this.ProcessLogin(user));
};
Post["/__membership/resetrequest"] = this.HandleRequest(this.HandlePasswordRequest);
Get["/__membership/myclaims"] = _ =>
{
return(View["membership-myclaims", new StandardModel(this)]);
};
Get["/__membership/enroll"] = _ =>
{
if (this.Context.CurrentUser == null ||
this.Context.CurrentUser.UserName == NcbUser.Anonymous)
{
return(this.Response.AsRedirect("/__membership/login?returnUrl=/__membership/enroll"));
}
return(View["membership-enroll", new StandardModel(this)]);
};
Post["/__membership/enroll"] = this.HandleRequest(this.HandleEnroll);
Post["/__membership/api/updateprofile"] = this.HandleRequest(this.UpdateProfile);
Get["/__membership/impersonate/{guid}"] = this.HandleRequest((arg) =>
{
if (this.Request.Query.failsafetoken != null)
{
if (this.Request.Query.failsafetoken != _FailSafeCode)
{
return(403);
}
}
else
{
if (this.CurrentUser.HasClaim("admin") == false)
{
return(403);
}
}
string guid = arg.guid;
var user = UserManager.Current.GetUserFromIdentifier(Guid.Parse(guid), this.Context);
return(this.ProcessLogin(user as NcbUser));
});
}
/// <summary>
/// Find User's Claim
/// </summary>
/// <param name="siteDb"></param>
/// <param name="user"></param>
private void AssignClaims(NancyBlackDatabase siteDb, NcbUser user )
{
var enroll = siteDb.Query<NcbEnroll>()
.Where(e => e.IsActive && e.NcbUserId == user.Id)
.ToList();
if (enroll.Count > 0)
{
var claims = new List<string>();
foreach (var item in enroll)
{
claims.AddRange(from c in this.GetRoleById(siteDb, item.NcbRoleId).Claims
select c);
}
user.Claims = claims;
}
else
{
user.Claims = new string[0];
}
}
/// <summary>
/// Registers
/// </summary>
/// <param name="db"></param>
/// <param name="registerParameters"></param>
/// <returns></returns>
public NcbUser Register( NancyBlackDatabase db, string email, string passwordHash )
{
var existing = db.Query<NcbUser>()
.Where(u => u.Email == email)
.FirstOrDefault();
if (existing != null)
{
throw new InvalidOperationException("Email already in use");
}
var user = new NcbUser();
user.Email = email;
user.PasswordHash = passwordHash;
user.Guid = Guid.NewGuid();
db.UpsertRecord(user);
user.PasswordHash = null;
return user;
}
/// <summary>
/// Hooks the login process
/// </summary>
/// <param name="p"></param>
public void Hook(IPipelines p)
{
p.BeforeRequest.AddItemToEndOfPipeline((ctx) =>
{
if (ctx.CurrentUser == null)
{
if (ctx.Request.Url.HostName == "localhost" || ctx.Request.Url.HostName.Contains("local.") || ctx.Request.Url.Port == 10096)
{
ctx.CurrentUser = NcbUser.LocalHostAdmin;
}
else
{
ctx.CurrentUser = new NcbUser()
{
Guid = Guid.Parse(ctx.Items[BuiltInCookies.UserId] as string)
};
}
}
else
{
// ensure that we use same guid as currently logged in user
ctx.Items[BuiltInCookies.UserId] = (ctx.CurrentUser as NcbUser).Guid.ToString();
}
return(null);
});
BootStrapper.SetCookies += (ctx) =>
{
if (ctx.CurrentUser == null || ctx.CurrentUser.UserName == "Anonymous")
{
ctx.Response.WithCookie("_ncbfbuser", "0", DateTime.MinValue);
}
};
p.AfterRequest.AddItemToEndOfPipeline((ctx) =>
{
// user did not log in
// we try to gather profile from whatever we have in database
if (ctx.CurrentUser != null && ctx.CurrentUser.UserName == "Anonymous")
{
var userId = (string)ctx.Items[BuiltInCookies.UserId];
var cacheKey = "TempUserCache-" + userId;
NcbUser user = MemoryCache.Default[cacheKey] as NcbUser;
if (user != null)
{
// still anonymous because did not logged in but we assign profile
var ncbUser = (NcbUser)ctx.CurrentUser;
ncbUser.Profile = user.Profile;
ncbUser.Email = user.Profile.email;
}
else
{
var guid = Guid.Parse(userId);
var db = ctx.GetSiteDatabase();
user = db.Query <NcbUser>().Where(u => u.Guid == guid).FirstOrDefault();
if (user == null)
{
var lead = db.Query <Level51FacebookLead>().Where(u => u.UserGuid == userId).FirstOrDefault();
if (lead != null)
{
ctx.CurrentUser = new NcbUser()
{
UserName = "******",
Guid = guid,
Email = lead.Email,
Profile = JObject.FromObject(new
{
email = lead.Email,
first_name = lead.FirstName,
last_name = lead.LastName
})
};
}
else
{
ctx.CurrentUser = new NcbUser()
{
UserName = "******",
Guid = guid,
Email = userId + "@level51pc.com",
Profile = JObject.FromObject(new
{
email = userId + "@level51pc.com",
first_name = userId,
last_name = ""
})
};
}
}
else
{
var ncbUser = (NcbUser)ctx.CurrentUser;
ncbUser.Profile = user.Profile;
ncbUser.Email = user.Profile.email;
}
MemoryCache.Default.Add(cacheKey, ctx.CurrentUser, DateTimeOffset.Now.AddMinutes(5));
}
}
});
}
public MembershipModule()
{
this.GenerateFailSafeKey();
Get["/__membership/login"] = p =>
{
return(View["membership-login", new StandardModel(this)]);
};
Get["/__membership/logindialog"] = p =>
{
return(View["ncb-membership-logindialog", new StandardModel(this)]);
};
Get["/__membership/resetpassword"] = p =>
{
return(View["membership-resetpassword", new StandardModel(this)]);
};
Get["/__membership/logout"] = p =>
{
var response = this.LogoutAndRedirect("/");
response = response.WithCookie("_ncbfbuser", "0", DateTime.Now.AddDays(-10));
return(response);
};
Post["/__membership/login"] = p =>
{
var loginParams = this.Bind <LoginParams>();
var user = UserManager.Current.GetUserFromLogin(this.SiteDatabase, loginParams.Email, loginParams.Password);
if (user == null)
{
return(403);
}
return(this.ProcessLogin(user));
};
Post["/__membership/logingoogle"] = this.HandleRequest(p =>
{
var input = p.body.Value;
if (input == null)
{
return(400);
}
if (this.Context.Items[BuiltInCookies.UserId] == null)
{
return(403);
}
var payload = GoogleJsonWebSignature.ValidateAsync((string)input.token).Result;
if (payload == null)
{
return(400);
}
string inputEmail = (string)input.me.email;
if (string.IsNullOrEmpty(inputEmail) == false)
{
var existingUser = this.SiteDatabase.Query <NcbUser>().Where(u => u.Email == inputEmail).FirstOrDefault();
if (existingUser != null)
{
return(this.ProcessLogin(existingUser));
}
}
// this is the guid that nancyblack generated to identify session
var existingGuid = Guid.Parse(this.Context.Items[BuiltInCookies.UserId] as string);
var userName = "******" + input.me.id;
NcbUser user = UserManager.Current.Register(this.SiteDatabase,
userName,
input.me.email == null ? userName : (string)input.me.email,
this.GetHash(userName),
false,
true,
input.me,
existingGuid);
return(this.ProcessLogin(user));
});
Post["/__membership/loginfacebook"] = this.HandleRequest(p =>
{
var input = p.body.Value;
if (input == null)
{
return(400);
}
if (this.Context.Items[BuiltInCookies.UserId] == null)
{
return(403);
}
if (this.VerifyFacebookToken((string)input.me.id, (string)input.token) == false)
{
return(403);
}
// see if this email already used, if already used - login that user
string inputEmail = input.me.email as string;
if (string.IsNullOrEmpty(inputEmail) == false)
{
var existingUser = this.SiteDatabase.Query <NcbUser>().Where(u => u.Email == inputEmail).FirstOrDefault();
if (existingUser != null)
{
return(this.ProcessLogin(existingUser));
}
}
// this is the guid that nancyblack generated to identify session
var existingGuid = Guid.Parse(this.Context.Items[BuiltInCookies.UserId] as string);
var userName = "******" + input.me.id;
NcbUser user = UserManager.Current.Register(this.SiteDatabase,
userName,
input.me.email == null ? userName : (string)input.me.email,
this.GetHash(userName),
false,
true,
input.me,
existingGuid);
var chat = this.SiteDatabase.Query <FacebookMessengerSystem.Types.FacebookChatSession>()
.Where(s => s.NcbUserId == user.Id)
.FirstOrDefault();
user.Profile.SendContactEvent = false;
if (chat != null)
{
if (DateTime.Now.Subtract(chat.LastPixelContactEventSent).TotalDays > 7)
{
chat.LastPixelContactEventSent = DateTime.Now;
this.SiteDatabase.UpsertRecord(chat);
user.Profile.SendContactEvent = true;
}
}
return(this.ProcessLogin(user));
});
Post["/__membership/register"] = p =>
{
var existingGuid = Guid.Parse(this.Context.Items[BuiltInCookies.UserId] as string);
var registerParams = this.Bind <LoginParams>();
var user = UserManager.Current.Register(this.SiteDatabase, registerParams.Email, registerParams.Email, registerParams.Password, existingGuid: existingGuid);
return(this.ProcessLogin(user));
};
Post["/__membership/reset"] = p =>
{
var registerParams = this.Bind <LoginParams>();
var user = UserManager.Current.Reset(this.SiteDatabase, registerParams.Email, registerParams.Password, registerParams.Code);
return(this.ProcessLogin(user));
};
Post["/__membership/resetrequest"] = this.HandleRequest(this.HandlePasswordRequest);
Get["/__membership/myclaims"] = _ =>
{
return(View["membership-myclaims", new StandardModel(this)]);
};
Get["/__membership/enroll"] = _ =>
{
if (this.Context.CurrentUser == null ||
this.Context.CurrentUser.UserName == NcbUser.Anonymous)
{
return(this.Response.AsRedirect("/__membership/login?returnUrl=/__membership/enroll"));
}
return(View["membership-enroll", new StandardModel(this)]);
};
Post["/__membership/enroll"] = this.HandleRequest(this.HandleEnroll);
Post["/__membership/api/updateprofile"] = this.HandleRequest(this.UpdateProfile);
Get["/__membership/impersonate/{id:int}"] = this.HandleRequest((arg) =>
{
if (this.Request.Query.failsafetoken != null)
{
if (this.Request.Query.failsafetoken != _FailSafeCode)
{
return(403);
}
}
else
{
if (this.CurrentUser.HasClaim("admin") == false)
{
return(403);
}
}
int id = arg.id;
var ncbUser = this.SiteDatabase.GetById <NcbUser>(id);
var user = UserManager.Current.GetUserFromIdentifier(ncbUser.Guid, this.Context);
return(this.ProcessLogin(user as NcbUser));
});
Get["/__membership/impersonate/{guid}"] = this.HandleRequest((arg) =>
{
if (this.Request.Query.failsafetoken != null)
{
if (this.Request.Query.failsafetoken != _FailSafeCode)
{
return(403);
}
}
else
{
if (this.CurrentUser.HasClaim("admin") == false)
{
return(403);
}
}
string guid = arg.guid;
var user = UserManager.Current.GetUserFromIdentifier(Guid.Parse(guid), this.Context);
return(this.ProcessLogin(user as NcbUser));
});
}
