Esempio n. 1
0
        public ActionResult Login(OnlineRegModel m)
        {
            fromMethod = "Login";
            var ret = AccountModel.AuthenticateLogon(m.username, m.password, Session, Request);

            if (ret is string)
            {
                ModelState.AddModelError("authentication", ret.ToString());
                return(FlowList(m));
            }
            Session["OnlineRegLogin"] = true;

            if (m.Orgid == Util.CreateAccountCode)
            {
                DbUtil.LogActivity("OnlineReg CreateAccount Existing", peopleid: Util.UserPeopleId, datumId: m.DatumId);
                return(Content("/Person2/" + Util.UserPeopleId)); // they already have an account, so take them to their page
            }
            m.UserPeopleId = Util.UserPeopleId;
            var route = RouteSpecialLogin(m);

            if (route != null)
            {
                return(route);
            }

            m.HistoryAdd("login");
            return(FlowList(m));
        }
Esempio n. 2
0
        public ActionResult Login(OnlineRegModel m)
        {
            fromMethod = "Login";
            var ret = AccountModel.AuthenticateLogon(m.username, m.password, Session, Request, CurrentDatabase, CurrentImageDatabase);

            if (ret is string)
            {
                ModelState.AddModelError("authentication", ret.ToString());
                return(FlowList(m));
            }
            Session["OnlineRegLogin"] = true;

            if (m.Orgid == Util.CreateAccountCode)
            {
                DbUtil.LogActivity("OnlineReg CreateAccount Existing", peopleid: Util.UserPeopleId, datumId: m.DatumId);
                return(Content("/Person2/" + Util.UserPeopleId)); // they already have an account, so take them to their page
            }
            m.UserPeopleId = Util.UserPeopleId;
            var route = RouteSpecialLogin(m);

            if (route != null)
            {
                return(route);
            }

            m.HistoryAdd("login");
            if (m.org != null && m.org.IsMissionTrip == true && m.SupportMissionTrip)
            {
                PrepareFirstRegistrant(ref m, m.UserPeopleId.Value, false, out OnlineRegPersonModel p);
            }
            return(FlowList(m));
        }
Esempio n. 3
0
        public ActionResult Login(OnlineRegModel m)
        {
            var ret = AccountModel.AuthenticateLogon(m.username, m.password, Session, Request);

            if (ret is string)
            {
                ModelState.AddModelError("authentication", ret.ToString());
                return(FlowList(m, "Login"));
            }
            Session["OnlineRegLogin"] = true;
            if (m.Orgid == Util.CreateAccountCode)
            {
                return(Content("/Person2/" + Util.UserPeopleId));
            }
            var existingRegistration = m.GetExistingRegistration(Util.UserPeopleId ?? 0);

            if (existingRegistration != null)
            {
                TempData["er"] = m.UserPeopleId = Util.UserPeopleId;
                return(Content("/OnlineReg/Existing/" + existingRegistration.DatumId));
            }
            Debug.Assert(Util.UserPeopleId != null, "Util.UserPeopleId != null");

            m.CreateList();
            m.UserPeopleId = Util.UserPeopleId;

            if (m.ManagingSubscriptions())
            {
                TempData["ms"] = Util.UserPeopleId;
                return(Content("/OnlineReg/ManageSubscriptions/{0}".Fmt(m.masterorgid)));
            }
            if (m.ChoosingSlots())
            {
                TempData["ps"] = Util.UserPeopleId;
                return(Content("/OnlineReg/ManageVolunteer/{0}".Fmt(m.Orgid)));
            }
            if (m.OnlinePledge())
            {
                TempData["mp"] = Util.UserPeopleId;
                return(Content("/OnlineReg/ManagePledge/{0}".Fmt(m.Orgid)));
            }
            if (m.ManageGiving())
            {
                TempData["mg"] = Util.UserPeopleId;
                return(Content("/OnlineReg/ManageGiving/{0}".Fmt(m.Orgid)));
            }
            if (m.OnlineGiving())
            {
                return(Register(Util.UserPeopleId.Value, m));
            }

            if (m.UserSelectsOrganization())
            {
                OnlineRegPersonModelValidator.ValidateModelForFind(m.List[0], ModelState, m, 0);
            }

            m.List[0].LoggedIn = true;
            m.HistoryAdd("login");
            return(FlowList(m, "Login"));
        }
Esempio n. 4
0
        public ActionResult AuthDisable()
        {
            var    user     = CurrentDatabase.CurrentUser;
            string password = null;

            if (user == null || !user.MFAEnabled || !MembershipService.IsTwoFactorAuthenticationEnabled(CurrentDatabase))
            {
                return(Redirect("/"));
            }
            var passcode = Request["passcode"]?.Replace(",", "");

            password = Request["password"];
            if (passcode.HasValue() && password.HasValue())
            {
                if (AccountModel.AuthenticateLogon(user.Username, password, null, CurrentDatabase).IsValid)
                {
                    if (MembershipService.ValidateTwoFactorPasscode(user, CurrentDatabase, passcode))
                    {
                        MembershipService.DisableTwoFactorAuth(user, CurrentDatabase, Response);
                        return(View("AuthDisabled"));
                    }
                    ViewBag.Message = "Invalid passcode";
                }
                else
                {
                    ViewBag.Message = "Incorrect password for " + user.Username;
                }
            }

            return(View());
        }
        public ActionResult LogOn(AccountInfo m)
        {
            if (m.ReturnUrl.HasValue())
            {
                var lc = m.ReturnUrl.ToLower();
                if (lc.StartsWith("/default.aspx") || lc.StartsWith("/login.aspx"))
                {
                    m.ReturnUrl = "/";
                }
            }

            if (!m.UsernameOrEmail.HasValue())
            {
                return(View(m));
            }

            var ret = AccountModel.AuthenticateLogon(m.UsernameOrEmail, m.Password, Session, Request);

            if (ret is string)
            {
                ViewBag.error = ret.ToString();
                return(View(m));
            }
            var user = ret as User;

            if (user.MustChangePassword)
            {
                return(Redirect("/Account/ChangePassword"));
            }

            var access = DbUtil.Db.Setting("LimitAccess", "");

            if (access.HasValue())
            {
                if (!user.InRole("Developer"))
                {
                    return(Message("Site is {0}, contact {1} for help".Fmt(access, DbUtil.AdminMail)));
                }
            }

            if (!m.ReturnUrl.HasValue())
            {
                if (!CMSRoleProvider.provider.IsUserInRole(user.Username, "Access"))
                {
                    return(Redirect("/Person2/" + Util.UserPeopleId));
                }
            }
            if (m.ReturnUrl.HasValue())
            {
                return(Redirect(m.ReturnUrl));
            }
            return(Redirect("/"));
        }
Esempio n. 6
0
        public ActionResult OnePageGivingLogin(int id, string username, string password, bool?testing, string source)
        {
            var ret = AccountModel.AuthenticateLogon(username, password, Session, Request);

            if (ret is string)
            {
                ModelState.AddModelError("loginerror", ret.ToString());
                var m = new OnlineRegModel(Request, id, testing, null, null, source);
                return(View("OnePageGiving/Login", m));
            }
            Session["OnlineRegLogin"] = true;
            return(Redirect($"/OnlineReg/{id}{(testing == true ? "?testing=true" : "")}"));
        }
Esempio n. 7
0
        public ActionResult Login(OnlineRegModel m)
        {
            var ret = AccountModel.AuthenticateLogon(m.username, m.password, Session, Request);

            if (ret is string)
            {
                ModelState.AddModelError("authentication", ret.ToString());
                return(FlowList(m, "Login"));
            }
            Session["OnlineRegLogin"] = true;
            var user = ret as User;

            if (m.orgid == Util.CreateAccountCode)
            {
                return(Content("/Person/Index/" + Util.UserPeopleId));
            }

            m.CreateList();
            m.UserPeopleId = user.PeopleId;

            if (m.ManagingSubscriptions())
            {
                TempData["ms"] = Util.UserPeopleId;
                if (m.masterorgid.HasValue && m.masterorg.RegistrationTypeId == RegistrationTypeCode.ManageSubscriptions2)
                {
                    return(Content("/OnlineReg/ManageSubscriptions/{0}".Fmt(m.masterorgid)));
                }
                return(Content("/OnlineReg/ManageSubscriptions/{0}".Fmt(m.divid)));
            }
            if (m.ChoosingSlots())
            {
                TempData["ps"] = Util.UserPeopleId;
                return(Content("/OnlineReg/ManageVolunteer/{0}".Fmt(m.orgid)));
            }
            if (m.OnlinePledge())
            {
                TempData["mp"] = Util.UserPeopleId;
                return(Content("/OnlineReg/ManagePledge/{0}".Fmt(m.orgid)));
            }
            if (m.ManageGiving())
            {
                TempData["mg"] = Util.UserPeopleId;
                return(Content("/OnlineReg/ManageGiving/{0}".Fmt(m.orgid)));
            }
            if (m.UserSelectsOrganization())
            {
                m.List[0].ValidateModelForFind(ModelState, m);
            }
            m.List[0].LoggedIn = true;
            return(FlowList(m, "Login"));
        }
Esempio n. 8
0
        public ActionResult Login(OnlineRegModel m)
        {
            fromMethod = "Login";
            var ret = AccountModel.AuthenticateLogon(m.username, m.password, Session, Request, CurrentDatabase, CurrentImageDatabase);

            if (ret.ErrorMessage.HasValue())
            {
                ModelState.AddModelError("authentication", ret.ErrorMessage);
                return(FlowList(m));
            }
            else if (MembershipService.ShouldPromptForTwoFactorAuthentication(ret.User, CurrentDatabase, Request))
            {
                Session[AccountController.MFAUserId] = ret.User.UserId;
                ViewData["hasshell"] = true;
                var orgId = m.Orgid ?? m.masterorgid;
                return(View("Auth", new AccountInfo {
                    UsernameOrEmail = ret.User.Username,
                    ReturnUrl = RouteExistingRegistration(m) ?? $"/OnlineReg/{orgId}"
                }));
            }
            else
            {
                AccountModel.FinishLogin(ret.User.Username, Session, CurrentDatabase, CurrentImageDatabase);
                if (ret.User.UserId.Equals(Session[AccountController.MFAUserId]))
                {
                    MembershipService.SaveTwoFactorAuthenticationToken(CurrentDatabase, Response);
                    Session.Remove(AccountController.MFAUserId);
                }
            }
            Session["OnlineRegLogin"] = true;

            if (m.Orgid == Util.CreateAccountCode)
            {
                DbUtil.LogActivity("OnlineReg CreateAccount Existing", peopleid: Util.UserPeopleId, datumId: m.DatumId);
                return(Content("/Person2/" + Util.UserPeopleId)); // they already have an account, so take them to their page
            }
            m.UserPeopleId = Util.UserPeopleId;
            var route = RouteSpecialLogin(m);

            if (route != null)
            {
                return(route);
            }

            m.HistoryAdd("login");
            if (m.org != null && m.org.IsMissionTrip == true && m.SupportMissionTrip)
            {
                PrepareFirstRegistrant(ref m, m.UserPeopleId.Value, false, out OnlineRegPersonModel p);
            }
            return(FlowList(m));
        }
Esempio n. 9
0
        public ActionResult Logon(AccountInfo m)
        {
            Session.Remove("IsNonFinanceImpersonator");
            TryLoadAlternateShell();
            if (m.ReturnUrl.HasValue())
            {
                var lc = m.ReturnUrl.ToLower();
                if (lc.Contains("/default.aspx", true) || lc.Contains("/login.aspx", true) || lc.Contains("/Logon", true))
                {
                    m.ReturnUrl = "/";
                }
            }

            if (!m.UsernameOrEmail.HasValue())
            {
                return(View(m));
            }

            var ret = AccountModel.AuthenticateLogon(m.UsernameOrEmail, m.Password, Session, Request, CurrentDatabase, CurrentImageDatabase);

            if (ret.ErrorMessage.HasValue())
            {
                ViewBag.error = ret.ErrorMessage;
                return(View(m));
            }

            var user   = ret.User;
            var access = CurrentDatabase.Setting("LimitAccess", "");

            if (access.HasValue())
            {
                if (!user.InRole("Developer"))
                {
                    return(Message(access));
                }
            }

            if (MembershipService.ShouldPromptForTwoFactorAuthentication(user, CurrentDatabase, Request))
            {
                Session[MFAUserId] = user.UserId;
                m.UsernameOrEmail  = user.Username;
                return(View("Auth", m));
            }
            else
            {
                AccountModel.FinishLogin(user.Username, Session, CurrentDatabase, CurrentImageDatabase);
            }

            return(RedirectTo("/Auth" + m.ReturnUrlQueryString));
        }
Esempio n. 10
0
        public ActionResult OnePageGivingLogin(int id, string username, string password, bool?testing, string source)
        {
            var ret = AccountModel.AuthenticateLogon(username, password, Session, Request);

            if (ret is string)
            {
                ModelState.AddModelError("loginerror", ret.ToString());
                var m = new OnlineRegModel(Request, id, testing, null, null, source);
                return(View("OnePageGiving/Login", m));
            }
            Session["OnlineRegLogin"] = true;
            var ev = DbUtil.Db.OrganizationExtras.SingleOrDefault(vv => vv.OrganizationId == id && vv.Field == "LoggedInOrgId");

            id = ev?.IntValue ?? id;
            var url = $"/OnlineReg/{id}{(testing == true ? "?testing=true" : "")}";

            return(Redirect(url));
        }
Esempio n. 11
0
        public ActionResult Login(string user, string password)
        {
            var ret = AuthenticateDeveloper();

            if (ret.StartsWith("!"))
            {
                return(Content("<Login error=\"{0}\" />".Fmt(ret.Substring(1))));
            }
            var o = AccountModel.AuthenticateLogon(user, password, Request.Url.OriginalString);

            if (o is string)
            {
                return(Content("<Login error=\"{0} not valid\">{1}</Login>".Fmt(user ?? "(null)", o)));
            }
            var u   = o as User;
            var api = new APIFunctions(DbUtil.Db);

            return(Content(api.Login(u.Person), "text/xml"));
        }
Esempio n. 12
0
        public ActionResult LogOn(string userName, string password, string returnUrl)
        {
            if (returnUrl.HasValue())
            {
                var lc = returnUrl.ToLower();
                if (lc.StartsWith("/default.aspx") || lc.StartsWith("/login.aspx"))
                {
                    returnUrl = "/";
                }
            }

            if (!userName.HasValue())
            {
                return(View());
            }

            var ret = AccountModel.AuthenticateLogon(userName, password, Session, Request);

            if (ret is string)
            {
                ModelState.AddModelError("login", ret.ToString());
                return(View());
            }
            var user = ret as User;

            if (user.MustChangePassword)
            {
                return(Redirect("/Account/ChangePassword"));
            }
            if (!returnUrl.HasValue())
            {
                if (!CMSRoleProvider.provider.IsUserInRole(user.Username, "Access"))
                {
                    return(Redirect("/Person/Index/" + Util.UserPeopleId));
                }
            }
            if (returnUrl.HasValue())
            {
                return(Redirect(returnUrl));
            }
            return(Redirect("/"));
        }
Esempio n. 13
0
        public ActionResult Login(string user, string password)
        {
            var ret = AuthenticateDeveloper();

            if (ret.StartsWith("!"))
            {
                return(Content($"<Login error=\"{ret.Substring(1)}\" />"));
            }

            var validationStatus = AccountModel.AuthenticateLogon(user, password, Request.Url.OriginalString);

            if (!validationStatus.IsValid)
            {
                return(Content($"<Login error=\"{user ?? "(null)"} not valid\">{validationStatus.ErrorMessage}</Login>"));
            }

            var api = new APIFunctions(DbUtil.Db);

            return(Content(api.Login(validationStatus.User.Person), "text/xml"));
        }
Esempio n. 14
0
        public ActionResult LogOn(AccountInfo m)
        {
            if (m.ReturnUrl.HasValue())
            {
                var lc = m.ReturnUrl.ToLower();
                if (lc.StartsWith("/default.aspx") || lc.StartsWith("/login.aspx"))
                {
                    m.ReturnUrl = "/";
                }
            }

            if (!m.UsernameOrEmail.HasValue())
            {
                return(View(m));
            }

            var ret = AccountModel.AuthenticateLogon(m.UsernameOrEmail, m.Password, Session, Request);

            if (ret is string)
            {
                ViewBag.error = ret.ToString();
                return(View(m));
            }
            var user = ret as User;

            if (user.MustChangePassword)
            {
                return(Redirect("/Account/ChangePassword"));
            }

            var access = DbUtil.Db.Setting("LimitAccess", "");

            if (access.HasValue())
            {
                if (!user.InRole("Developer"))
                {
                    return(Message($"Site is {access}, contact {DbUtil.AdminMail} for help"));
                }
            }

            var newleadertag = DbUtil.Db.FetchTag("NewOrgLeadersOnly", user.PeopleId, DbUtil.TagTypeId_System);

            if (newleadertag != null)
            {
                if (!user.InRole("Access")) // if they already have Access role, then don't limit them with OrgLeadersOnly
                {
                    user.AddRoles(DbUtil.Db, "Access,OrgLeadersOnly".Split(','));
                }
                DbUtil.Db.Tags.DeleteOnSubmit(newleadertag);
                DbUtil.Db.SubmitChanges();
            }

            if (!m.ReturnUrl.HasValue())
            {
                if (!CMSRoleProvider.provider.IsUserInRole(user.Username, "Access"))
                {
                    return(Redirect("/Person2/" + Util.UserPeopleId));
                }
            }
            if (m.ReturnUrl.HasValue() && Url.IsLocalUrl(m.ReturnUrl))
            {
                return(Redirect(m.ReturnUrl));
            }
            return(Redirect("/"));
        }
Esempio n. 15
0
        public ActionResult ApiUserInfo()
        {
            var header = Request.Headers;

            //Check incoming values are valid
            var apiKeyValue = header.GetValues("ApiKey");
            var getIp       = HttpContext.Request.ServerVariables["REMOTE_ADDR"];

            // ApiKey header is missing
            if (apiKeyValue == null)
            {
                return(Json(new
                {
                    error = ErrorMessage.ApiKeyHeaderMissing,
                    ip = getIp
                }, JsonRequestBehavior.AllowGet));
            }

            // ApiKey header has no values
            string apiKey = apiKeyValue.First();

            if (apiKey.IsNull())
            {
                return(Json(new
                {
                    error = ErrorMessage.ApiKeyHeaderValueNull,
                    ip = getIp
                }, JsonRequestBehavior.AllowGet));
            }

            // Authorization header is missing
            var authorizationValue = header.GetValues("Authorization");

            if (authorizationValue == null)
            {
                return(Json(new
                {
                    error = ErrorMessage.AuthHeaderMissing,
                    ip = getIp
                }, JsonRequestBehavior.AllowGet));
            }

            // Authorization header has no values/bad data
            string getAuthInfo;

            try
            {
                if (!authorizationValue.First().Substring(0, 6).Trim().Equals("Basic"))
                {
                    return(Json(new
                    {
                        error = ErrorMessage.AuthHeaderValueInvalid,
                        ip = getIp
                    }, JsonRequestBehavior.AllowGet));
                }
                getAuthInfo = Encoding.ASCII.GetString(Convert.FromBase64String(authorizationValue.First().Substring(6)));
            }
            catch (Exception)
            {
                return(Json(new
                {
                    error = ErrorMessage.MalformedBase64,
                    ip = getIp
                }, JsonRequestBehavior.AllowGet));
            }

            var authorization = getAuthInfo.Split(':');

            if (authorization.Count() != 2)
            {
                return(Json(new
                {
                    error = ErrorMessage.AuthorizationHeaderValueInvalid,
                    ip = getIp
                }, JsonRequestBehavior.AllowGet));
            }

            string userName = authorization[0];
            string password = authorization[1];

            if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password))
            {
                return(Json(new
                {
                    error = ErrorMessage.InvalidCredentials,
                    ip = getIp
                }, JsonRequestBehavior.AllowGet));
            }

            //Check Api Key setting exists
            var getApiUserInfoKey = CurrentDatabase.Setting("ApiUserInfoKey", "");

            if (getApiUserInfoKey == "")
            {
                return(Json(new
                {
                    error = ErrorMessage.ApiKeySettingNotFound,
                    ip = getIp
                }, JsonRequestBehavior.AllowGet));
            }

            // Check Api Key is valid
            if (getApiUserInfoKey?.Trim() == apiKey)
            {
                //Check Ip setting is valid
                var getIpWhiteList = CurrentDatabase.Setting("ApiUserInfoIPList", "");
                if (getIpWhiteList == "")
                {
                    return(Json(new
                    {
                        error = ErrorMessage.IpSettingNotFound,
                        ip = getIp
                    }, JsonRequestBehavior.AllowGet));
                }

                //Check Ip is valid
                var ipCheck = getIpWhiteList.Split(',').Contains(getIp);
                if (!ipCheck)
                {
                    return(Json(new
                    {
                        error = ErrorMessage.IpNotFoundInKey,
                        ip = getIp
                    }, JsonRequestBehavior.AllowGet));
                }

                //Authenticate user
                var retUser = AccountModel.AuthenticateLogon(userName, password, "");
                if (retUser.IsValid)
                {
                    return(Json(new
                    {
                        id = retUser.User.PeopleId,
                        name = retUser.User.Name,
                        emailAddress = retUser.User.EmailAddress,
                        altEmail = retUser.User.Person.EmailAddress2,
                        roles = retUser.User.Roles,
                        error = ErrorMessage.NoErrors
                    }, JsonRequestBehavior.AllowGet));
                }
                return(Json(new
                {
                    error = ErrorMessage.FailedAuthentication,
                    ip = getIp
                }, JsonRequestBehavior.AllowGet));
            }
            return(Json(new
            {
                error = ErrorMessage.ApiKeyNotValid,
                ip = getIp
            }, JsonRequestBehavior.AllowGet));
        }
Esempio n. 16
0
        public ActionResult LogOn(AccountInfo m)
        {
            Session.Remove("IsNonFinanceImpersonator");
            TryLoadAlternateShell();
            if (m.ReturnUrl.HasValue())
            {
                var lc = m.ReturnUrl.ToLower();
                if (lc.StartsWith("/default.aspx") || lc.StartsWith("/login.aspx"))
                {
                    m.ReturnUrl = "/";
                }
            }

            if (!m.UsernameOrEmail.HasValue())
            {
                return(View(m));
            }

            var ret = AccountModel.AuthenticateLogon(m.UsernameOrEmail, m.Password, Session, Request, CurrentDatabase, CurrentImageDatabase);

            if (ret is string)
            {
                ViewBag.error = ret.ToString();
                return(View(m));
            }
            var user = ret as User;

            if (user.MustChangePassword)
            {
                return(Redirect("/Account/ChangePassword"));
            }

            var access = CurrentDatabase.Setting("LimitAccess", "");

            if (access.HasValue())
            {
                if (!user.InRole("Developer"))
                {
                    return(Message(access));
                }
            }

            var newleadertag = CurrentDatabase.FetchTag("NewOrgLeadersOnly", user.PeopleId, CmsData.DbUtil.TagTypeId_System);

            if (newleadertag != null)
            {
                if (!user.InRole("Access")) // if they already have Access role, then don't limit them with OrgLeadersOnly
                {
                    user.AddRoles(CurrentDatabase, "Access,OrgLeadersOnly".Split(','));
                }

                CurrentDatabase.Tags.DeleteOnSubmit(newleadertag);
                CurrentDatabase.SubmitChanges();
            }

            if (!m.ReturnUrl.HasValue())
            {
                if (!CMSRoleProvider.provider.IsUserInRole(user.Username, "Access"))
                {
                    return(Redirect("/Person2/" + Util.UserPeopleId));
                }
            }

            if (m.ReturnUrl.HasValue() && Url.IsLocalUrl(m.ReturnUrl))
            {
                return(Redirect(m.ReturnUrl));
            }

            return(Redirect("/"));
        }