Exemple #1
0
        /// <summary>
        /// Send Reset password email
        /// </summary>
        public static void SendResetPasswordMail(string toFullName, string toEmail, string link)
        {
            SettingsMailServer settings = MailSettingsHelper.GetSettings();

            try
            {
                if (!settings.Enabled)
                {
                    throw new InvalidOperationException("Mail service not enabled in the configuration.");
                }

                MailAddress fromAddress = new MailAddress(settings.Username, "Starcounter App");
                MailAddress toAddress   = new MailAddress(toEmail);

                const string subject = "Starcounter App, Reset password request";

                string body = string.Format(
                    "Hi {0}<br><br>" +
                    "We received a request to reset your password<br><br>" +
                    "Click <a href='{1}'>here</a> to set a new password<br><br>" +
                    "Thanks<br>",

                    toFullName, link);

                var smtp = new SmtpClient
                {
                    Host                  = settings.Host,
                    Port                  = settings.Port,
                    EnableSsl             = settings.EnableSsl,
                    DeliveryMethod        = SmtpDeliveryMethod.Network,
                    UseDefaultCredentials = false,
                    Credentials           = new NetworkCredential(fromAddress.Address, settings.Password)
                };

                using (var message = new MailMessage(fromAddress, toAddress)
                {
                    Subject = subject,
                    IsBodyHtml = true,
                    Body = body
                })
                {
                    smtp.Send(message);
                }
            }
            catch (Exception e)
            {
                throw e;
                // TODO:
                //LogWriter.WriteLine(string.Format("ERROR: Failed to send registration email event. {0}", e.Message));
            }
        }
        protected void SendNewPassword(string Name, string Username, string NewPassword, string Email)
        {
            SettingsMailServer settings = MailSettingsHelper.GetSettings();
            MailMessage        mail     = new MailMessage(settings.Username, Email);
            SmtpClient         client   = new SmtpClient();

            client.Port                  = settings.Port;
            client.DeliveryMethod        = SmtpDeliveryMethod.Network;
            client.UseDefaultCredentials = false;
            client.Credentials           = new NetworkCredential(settings.Username, settings.Password);
            client.Host                  = settings.Host;
            client.EnableSsl             = settings.EnableSsl;

            mail.Subject = "Restore password";
            mail.Body    =
                string.Format(
                    "<h1>Hello {0}</h1><p>You have requested a new password for your <b>{1}</b> account.</p><p>Your new password is: <b>{2}</b>.</p>",
                    Name, Username, NewPassword);
            mail.IsBodyHtml = true;
            client.Send(mail);
        }
        protected void ResetUserPassword()
        {
            string link         = null;
            string fullName     = string.Empty;
            var    mailSettings = MailSettingsHelper.GetSettings();

            if (mailSettings.Enabled == false)
            {
                this.Message = "Mail Server not enabled in the settings.";
                return;
            }

            if (string.IsNullOrEmpty(mailSettings.SiteHost))
            {
                this.Message = "Invalid settings, check site host name / port";
                return;
            }

            var emailAddress = Utils.GetUserEmailAddress(this.Data);
            var email        = emailAddress.EMail;

            if (!Utils.IsValidEmail(email))
            {
                this.Message = "Username is not an email address";
                return;
            }

            var transaction = this.Transaction;

            transaction.Scope(() =>
            {
                SystemUser systemUser = this.Data;
                // Generate Password Reset token
                ResetPassword resetPassword = new ResetPassword()
                {
                    User   = systemUser,
                    Token  = HttpUtility.UrlEncode(Guid.NewGuid().ToString()),
                    Expire = DateTime.UtcNow.AddMinutes(1440)
                };

                // Get FullName
                if (systemUser.WhoIs != null)
                {
                    fullName = systemUser.WhoIs.FullName;
                }
                else
                {
                    fullName = systemUser.Username;
                }

                // Build reset password link
                UriBuilder uri = new UriBuilder();

                uri.Host = mailSettings.SiteHost;
                uri.Port = (int)mailSettings.SitePort;

                uri.Path  = "signin/user/resetpassword";
                uri.Query = "token=" + resetPassword.Token;

                link = uri.ToString();
            });

            transaction.Commit();

            try
            {
                this.Message = string.Format("Sending mail sent to {0}...", email);
                Utils.SendResetPasswordMail(fullName, email, link);
                this.Message = "Mail sent.";
            }
            catch (Exception e)
            {
                this.Message = e.Message;
            }
        }
Exemple #4
0
        public void Register()
        {
            Application.Current.Use(new HtmlFromJsonProvider());
            Application.Current.Use(new PartialToStandaloneHtmlProvider());

            //Testing JWT

            /*Handle.GET("/signin/jwt/{?}/{?}", (string Username, string Password) => {
             *  string message;
             *  SystemUserSession session = SignInOut.SignInSystemUser(Username, Password, null, out message);
             *
             *  if (session != null) {
             *      string jwt = JWT.JsonWebToken.Encode(new { Username = Username, Issuer = "Polyjuice.SignIn" }, session.Token.User.Password, JWT.JwtHashAlgorithm.HS256);
             *      Handle.AddOutgoingHeader("x-jwt", jwt);
             *  }
             *
             *  return 200;
             * });*/

            Application.Current.Use((Request req) =>
            {
                Cookie cookie = GetSignInCookie();

                if (cookie != null)
                {
                    if (Session.Current == null)
                    {
                        Session.Current = new Session(SessionOptions.PatchVersioning);
                    }

                    SystemUserSession session = SystemUser.SignInSystemUser(cookie.Value);

                    if (session != null)
                    {
                        RefreshAuthCookie(session);
                    }
                }

                return(null);
            });

            Handle.GET("/signin/user", () =>
            {
                MasterPage master = this.GetMaster();

                if (master.SignInPage != null)
                {
                    return(master.SignInPage);
                }

                Cookie cookie   = GetSignInCookie();
                SignInPage page = new SignInPage()
                {
                    Data = null
                };

                master.SignInPage = page;

                if (cookie != null)
                {
                    SystemUser.SignInSystemUser(cookie.Value);
                    master.RefreshSignInState();
                }

                //Testing JWT

                /*if (Handle.IncomingRequest.HeadersDictionary.ContainsKey("x-jwt")) {
                 *  System.Web.Script.Serialization.JavaScriptSerializer serializer = new System.Web.Script.Serialization.JavaScriptSerializer();
                 *  string jwt = Handle.IncomingRequest.HeadersDictionary["x-jwt"];
                 *  Dictionary<string, string> payload = JWT.JsonWebToken.DecodeToObject<Dictionary<string, string>>(jwt, string.Empty, false);
                 *  string username = payload["Username"];
                 *  SystemUser user = Db.SQL<SystemUser>("SELECT su FROM Simplified.Ring3.SystemUser su WHERE su.Username = ?", username).First;
                 *
                 *  try {
                 *      JWT.JsonWebToken.DecodeToObject<Dictionary<string, string>>(jwt, user.Password, true);
                 *      page.SetAuthorizedState(SignInOut.SignInSystemUser(user));
                 *  } catch (JWT.SignatureVerificationException) {
                 *  }
                 * }*/

                return(page);
            });

            Handle.GET("/signin/partial/signout", HandleSignOut, new HandlerOptions()
            {
                SkipRequestFilters = true
            });

            Handle.GET("/signin/signinuser", HandleSignInForm);
            Handle.GET <string>("/signin/signinuser?{?}", HandleSignInForm);

            Handle.GET("/signin/profile", () =>
            {
                MasterPage master = this.GetMaster();

                master.RequireSignIn = true;
                master.Open("/signin/partial/profile-form");

                return(master);
            });

            Handle.GET("/signin/partial/signin-form", () => new SignInFormPage()
            {
                Data = null
            }, new HandlerOptions()
            {
                SelfOnly = true
            });
            Handle.GET("/signin/partial/alreadyin-form", () => new AlreadyInPage()
            {
                Data = null
            },
                       new HandlerOptions()
            {
                SelfOnly = true
            });
            Handle.GET("/signin/partial/restore-form", () => new RestorePasswordFormPage(),
                       new HandlerOptions()
            {
                SelfOnly = true
            });
            Handle.GET("/signin/partial/profile-form", () => new ProfileFormPage()
            {
                Data = null
            },
                       new HandlerOptions()
            {
                SelfOnly = true
            });
            Handle.GET("/signin/partial/accessdenied-form", () => new AccessDeniedPage(),
                       new HandlerOptions()
            {
                SelfOnly = true
            });

            Handle.GET("/signin/partial/main-form", () => new MainFormPage()
            {
                Data = null
            },
                       new HandlerOptions()
            {
                SelfOnly = true
            });

            Handle.GET("/signin/partial/user/image", () => new UserImagePage());
            Handle.GET("/signin/partial/user/image/{?}", (string objectId) => new Json(),
                       new HandlerOptions {
                SelfOnly = true
            });

            Handle.GET("/signin/generateadminuser", (Request request) =>
            {
                if (Db.SQL("SELECT o FROM Simplified.Ring3.SystemUser o").First != null)
                {
                    Handle.SetOutgoingStatusCode(403);
                    return("Unable to generate admin user: database is not empty!");
                }

                string ip = request.ClientIpAddress.ToString();

                if (ip == "127.0.0.1" || ip == "localhost")
                {
                    SignInOut.AssureAdminSystemUser();

                    return("Default admin user has been successfully generated.");
                }

                Handle.SetOutgoingStatusCode(403);
                return("Access denied.");
            }, new HandlerOptions()
            {
                SkipRequestFilters = true
            });

            Handle.POST("/signin/partial/signin", (Request request) =>
            {
                NameValueCollection values = HttpUtility.ParseQueryString(request.Body);
                string username            = values["username"];
                string password            = values["password"];
                string rememberMe          = values["rememberMe"];

                HandleSignIn(username, password, rememberMe);
                Session.Current.CalculatePatchAndPushOnWebSocket();

                return(200);
            }, new HandlerOptions()
            {
                SkipRequestFilters = true
            });

            Handle.GET("/signin/admin/settings", (Request request) =>
            {
                Json page;
                if (!AuthorizationHelper.TryNavigateTo("/signin/admin/settings", request, out page))
                {
                    return(page);
                }

                return(Db.Scope(() =>
                {
                    var settingsPage = new SettingsPage
                    {
                        Html = "/SignIn/viewmodels/SettingsPage.html",
                        Uri = request.Uri,
                        Data = MailSettingsHelper.GetSettings()
                    };
                    return settingsPage;
                }));
            });

            // Reset password
            Handle.GET("/signin/user/resetpassword?{?}", (string query, Request request) =>
            {
                NameValueCollection queryCollection = HttpUtility.ParseQueryString(query);
                string token = queryCollection.Get("token");

                MasterPage master = this.GetMaster();

                if (token == null)
                {
                    // TODO:
                    master.Partial = null; // (ushort)System.Net.HttpStatusCode.NotFound;
                    return(master);
                }

                // Retrive the resetPassword instance
                ResetPassword resetPassword = Db.SQL <ResetPassword>("SELECT o FROM Simplified.Ring6.ResetPassword o WHERE o.Token=? AND o.Expire>?", token, DateTime.UtcNow).First;

                if (resetPassword == null)
                {
                    // TODO: Show message "Reset token already used or expired"
                    master.Partial = null; // (ushort)System.Net.HttpStatusCode.NotFound;
                    return(master);
                }

                if (resetPassword.User == null)
                {
                    // TODO: Show message "User deleted"
                    master.Partial = null; // (ushort)System.Net.HttpStatusCode.NotFound;
                    return(master);
                }

                SystemUser systemUser = resetPassword.User;

                ResetPasswordPage page = new ResetPasswordPage()
                {
                    Html = "/SignIn/viewmodels/ResetPasswordPage.html",
                    Uri  = "/signin/user/resetpassword"
                           //Uri = request.Uri // TODO:
                };

                page.ResetPassword = resetPassword;

                if (systemUser.WhoIs != null)
                {
                    page.FullName = systemUser.WhoIs.FullName;
                }
                else
                {
                    page.FullName = systemUser.Username;
                }

                master.Partial = page;

                return(master);
            });

            Handle.GET("/signin/user/authentication/settings/{?}", (string userid, Request request) =>
            {
                Json page;
                if (!AuthorizationHelper.TryNavigateTo("/signin/user/authentication/settings/{?}", request, out page))
                {
                    return(new Json());
                }

                // Get system user
                SystemUser user = Db.SQL <SystemUser>("SELECT o FROM Simplified.Ring3.SystemUser o WHERE o.ObjectID = ?", userid).FirstOrDefault();

                if (user == null)
                {
                    // TODO: Return a "User not found" page
                    return(new Json());
                    //return (ushort)System.Net.HttpStatusCode.NotFound;
                }

                SystemUser systemUser      = SystemUser.GetCurrentSystemUser();
                SystemUserGroup adminGroup = Db.SQL <SystemUserGroup>("SELECT o FROM Simplified.Ring3.SystemUserGroup o WHERE o.Name = ?",
                                                                      AuthorizationHelper.AdminGroupName).FirstOrDefault();

                // Check if current user has permission to get this user instance
                if (AuthorizationHelper.IsMemberOfGroup(systemUser, adminGroup))
                {
                    if (user.WhoIs is Person)
                    {
                        page = Db.Scope(() => new SystemUserAuthenticationSettings
                        {
                            Html         = "/SignIn/viewmodels/SystemUserAuthenticationSettings.html",
                            Uri          = request.Uri,
                            Data         = user,
                            UserPassword = Self.GET("/signin/user/authentication/password/" + user.GetObjectID())
                        });

                        return(page);
                    }
                }

                return(new Json());
            }, new HandlerOptions {
                SelfOnly = true
            });

            Handle.GET("/signin/user/authentication/password/{?}", (string userid, Request request) =>
            {
                // Get system user
                SystemUser user = Db.SQL <SystemUser>("SELECT o FROM Simplified.Ring3.SystemUser o WHERE o.ObjectID = ?", userid).FirstOrDefault();

                if (user == null)
                {
                    return(new Json());
                }

                Json page = Db.Scope(() => new SetPasswordPage
                {
                    Html = "/SignIn/viewmodels/SetPasswordPage.html",
                    Data = user
                });

                return(page);
            }, new HandlerOptions {
                SelfOnly = true
            });

            Blender.MapUri("/signin/user", "user");                      //expandable icon; used in Launcher
            Blender.MapUri("/signin/signinuser", "userform");            //inline form; used in RSE Launcher
            Blender.MapUri("/signin/signinuser?{?}", "userform-return"); //inline form; used in UserAdmin
            Blender.MapUri("/signin/admin/settings", "settings");
            Blender.MapUri("/signin/user/authentication/password/{?}", "authentication-password");
            Blender.MapUri("/signin/user/authentication/settings/{?}", "authentication-settings");
            Blender.MapUri("/signin/partial/user/image", "userimage-default");  // default user image
        }