public virtual IActionResult PasswordChange([FromForm] String password, [FromForm] String newpassword, [FromForm] String newpasswordconfirm) { // Get the blog that is for this controller instance if (Current != null) { // Get the provider reference (shorthand) IBlogDataProvider provider = Current.Parameters.Provider; if (provider != null) { BlogLogin changedUser = provider.ChangePassword(loginManager.CurrentUser.Username, password, newpassword, newpasswordconfirm); if (changedUser != null) { loginManager.CurrentUser = changedUser; } } // Generate the view model to pass LoginViewModel viewModel = new LoginViewModel() { Templates = Current.Templates.ContainsKey(BlogControllerView.Login) ? Current.Templates[BlogControllerView.Login] : new BlogViewTemplates(), Username = loginManager.CurrentUser.Username }; // Pass the view model return(View(this.ViewLocation("login"), viewModel)); } else { return(View(this.ViewLocation("login"), new LoginViewModel())); } }
/// <summary> /// Set a given user as logged in /// </summary> /// <param name="user"></param> private Boolean LoginUser(BlogLogin user) { // Remove old logins with the same token or username should there be one try { // No logins yet? Create the array if it is null for some reason if (blog.LoginAuths == null) { blog.LoginAuths = new BlogUsers(); } // Set the token and the expiry date user.Token = Guid.NewGuid(); user.ExpiryDate = DateTime.Now.AddSeconds(securityTokenExirySeconds); // Remove the old logins blog.LoginAuths.Logins.RemoveAll(login => ((login.Username ?? "").Trim() == (user.Username ?? "").Trim())); // Add the new user token blog.LoginAuths.Logins.Add(user); // Add the token to the session and return if successful return(sessionHelper.SetGuid(context.Session, securityTokenKey, user.Token.Value)); } catch { // Failed to log in, it's a generic fail anyway so allow a fail } // Bombed out so return a failure return(false); }
=> base.AuthenticateUser(username, password); // Normally not have an override but for future .. /// <summary> /// Change the user's password /// </summary> /// <param name="username">The username to change</param> /// <param name="password">The current password</param> /// <param name="newpassword">the new password</param> /// <param name="newpasswordconfirm">The new password confirmation</param> /// <returns></returns> public override BlogLogin ChangePassword(String username, String password, String newpassword, String newpasswordconfirm) { // Call the base password change functionality BlogLogin updated = base.ChangePassword(username, password, newpassword, newpasswordconfirm); // Changed ok? if (updated != null) { SaveUsers(users); // Save the users } // Return the tokenised user return(updated); }
/// <summary> /// Validate the login credentials /// </summary> /// <param name="username">The user to validate</param> /// <param name="password">The password to check against</param> /// <param name="Login">Actually log them in, or just validate?</param> /// <returns></returns> public Boolean ValidateLogin(String username, String password, Boolean Login) { // Get the current security token from the session Nullable <Guid> currentToken = UserToken; // Get the security token if the user is authenticated BlogLogin user = blog.Parameters.Provider.AuthenticateUser(username, password); // Set the token in the session state if requested to be logged in if (user != null) { return(Login ? LoginUser(user) : true); } // Failed to return a positive so exit with a fail at this point return(false); }
/// <summary> /// Render the content of the login box password change functionality /// </summary> /// <param name="viewModel"></param> /// <returns>The content of the password change functionality</returns> public static IHtmlContent AuthBoxChangePassword(LoginViewModel viewModel, BlogLoginManager loginManager) { // Logged in? BlogLogin loggedInUser = loginManager.CurrentUser; if (loggedInUser != null) { return(ContentFill(BlogViewTemplatePart.Auth_LoginBox_PasswordChange, new List <BlogViewTemplateReplacement>() { new BlogViewTemplateReplacement(BlogViewTemplateField.Common_Controller_Url, viewModel.ControllerUrl, false), new BlogViewTemplateReplacement(BlogViewTemplateField.Login_Username, viewModel.Username, false) }, viewModel)); } else { return(new HtmlContentBuilder()); } }
/// <summary> /// Change the user's password /// </summary> /// <param name="username">The username to change</param> /// <param name="password">The current password</param> /// <param name="newpassword">the new password</param> /// <param name="newpasswordconfirm">The new password confirmation</param> /// <returns></returns> public virtual BlogLogin ChangePassword(String username, String password, String newpassword, String newpasswordconfirm) { // Check that the new password meets the correct criteria if (((newpassword ?? "") == "") || ((newpassword ?? "").Trim().ToLower() != (newpasswordconfirm ?? "").Trim().ToLower())) { return(null); } // Get the current login that matches the credentials BlogLogin result = AuthenticateUser(username, password); // Did we find a match? if (result != null) { // Start the crypto helper to check the password CryptoHelper cryptoHelper = new CryptoHelper(); // Encode the new password and mark the login as not needing changing anymore result.PasswordChange = false; result.PasswordHash = cryptoHelper.CalculateHash(newpassword); // Save the result to the users lookup (so that the overriden method can save the users) users.Logins.ForEach(login => { // Update this user if the username matches if (login.Username == username) { // Set the properties login.PasswordChange = result.PasswordChange; login.PasswordHash = result.PasswordHash; } }); } // Send the tokenised user back to the caller return(result); }
/// <summary> /// Authenticate a user, will return a token (Guid) if the user is authenticated /// </summary> /// <param name="username">The username as cleartext</param> /// <param name="password">The password as cleartext but as a secure string (no clear memory footprint)</param> /// <returns>The authentication token</returns> public virtual BlogLogin AuthenticateUser(String username, String password) { // Define a false response by default BlogLogin result = null; // Start the crypto helper to check the password CryptoHelper cryptoHelper = new CryptoHelper(); // Get the hash for the username username = username ?? ""; BlogLogin login = users.Logins.Where(user => user.Username.Trim().ToLower() == username.Trim().ToLower()).FirstOrDefault(); if (login != null) { // Check the match from the password to the admin hash if (cryptoHelper.CheckMatch((login.PasswordHash ?? ""), (password ?? "").Trim())) { result = login; } } // Send the tokenised user back to the caller return(result); }
public Boolean LogOutUser(BlogLogin user) { // If this is the user that is currently logged in if (this.CurrentUser.Username == user.Username) { // No logins yet? Create the array if it is null for some reason if (blog.LoginAuths == null) { blog.LoginAuths = new BlogUsers(); } // Set the expiry date user.ExpiryDate = DateTime.Now.AddSeconds(-1); // Remove the old login blog.LoginAuths.Logins.RemoveAll(login => ((login.Username ?? "").Trim() == (user.Username ?? "").Trim())); // Add the token to the session and return if successful return(sessionHelper.Remove(context.Session, securityTokenKey)); } return(false); }