public async Task <ActionResult> Item(string id)
{
var item = await _itemDbCommand.FindAsync(id);
if (item == null)
{
return(HttpNotFound());
}
var model = Mapper.Map <ItemViewModel>(item);
model.CanEdit = LogonUser.IsEntitledToEditItem(item);
model.CanDelete = LogonUser.IsEntitledToDeleteItem(item);
model.CanEditCollarborators = LogonUser.IsEntitledToEditItemCollaborators(item);
model.CanWriteComments = LogonUser.IsEntitledToWriteComments(item);
ViewBag.Title = model.DisplayTitle;
var comments = await _commentDbCommand.GetByItemAsync(item);
foreach (var comment in comments)
{
var commentModel = Mapper.Map <CommentViewModel>(comment);
if (comment.User == LogonUser)
{
commentModel.IsCommentAuthor = true;
}
model.Comments.Add(commentModel);
}
model.NewComment = (LogonUser == null) ? new CommentEditModel() : Mapper.Map <CommentEditModel>(item.NewComment(LogonUser));
return(View("Item", model));
}
public async Task <ActionResult> UpdateCollaboratorRole(string id, string userId, RoleType type)
{
var item = await _itemDbCommand.FindAsync(id);
if (item == null)
{
return(HttpNotFound());
}
if (!LogonUser.IsEntitledToEditItemCollaborators(item))
{
return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized));
}
var targetCollaborator = item.Collaborators.FirstOrDefault(x => x.Id == userId);
if (targetCollaborator == null)
{
throw new InvalidOperationException();
}
targetCollaborator.Role = type;
await _itemDbCommand.SaveCollaboratorsAsync(item);
return(new HttpStatusCodeResult(HttpStatusCode.OK));
}
// private MTSEntDAL _dal;
//ResourceFile resourcefile = new ResourceFile();
public LogonUser GetData()
{
LogonUser logonuser = new LogonUser();
DataTable dt = DataAccess.ExecuteDataTable("MTS_GetPasswordPolicy");
if (dt.Rows.Count > 0)
{
PasswordLengthAttribute._maximum = Convert.ToInt16(dt.Rows[0]["MAXIMUM_LENGH"].ToString());
PasswordLengthAttribute._minimum = Convert.ToInt16(dt.Rows[0]["MINIMUM_LENGTH"].ToString());
PasswordLengthAttribute.PasswordRegex = dt.Rows[0]["PASSWORDREGEX"].ToString();
}
return(logonuser);
}
public async Task <ActionResult> EditCollaborators(string id)
{
var item = await _itemDbCommand.FindAsync(id);
if (item == null)
{
return(HttpNotFound());
}
if (!LogonUser.IsEntitledToEditItemCollaborators(item))
{
return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized));
}
var model = Mapper.Map <ItemEditCollaboratorsModel>(item);
return(View(model));
}
public static ActionResult ValidateCredentials(Session session)
{
session.Log("Validating service credentials...");
var userName = session[ServiceCredentialsUserPropertyName];
var password = session[ServiceCredentialsPasswordPropertyName];
if (!userName.Contains('\\'))
{
userName = Environment.MachineName + "\\" + userName;
session[ServiceCredentialsUserPropertyName] = userName;
}
var valid = new LogonUser(new SessionLogger(session)).ValidateCredentials(userName, password);
session[CredentialsValidPropertyName] = valid ? "1" : "0";
return ActionResult.Success;
}
public static ActionResult ValidateCredentials(Session session)
{
session.Log("Validating service credentials...");
var userName = session[ServiceCredentialsUserPropertyName];
var password = session[ServiceCredentialsPasswordPropertyName];
if (!userName.Contains('\\'))
{
userName = Environment.MachineName + "\\" + userName;
session[ServiceCredentialsUserPropertyName] = userName;
}
var valid = new LogonUser(new SessionLogger(session)).ValidateCredentials(userName, password);
session[CredentialsValidPropertyName] = valid ? "1" : "0";
return(ActionResult.Success);
}
public UserDetails GetUserDeatils(LogonUser userLogon)
{
UserDetails userDeatils = new UserDetails();
DataSet ds = DataAccess.ExecuteDataset("MTS_GetUser", userLogon.UserName);
if (ds.Tables[0].Rows.Count > 0)
{
DataRow dataRow = ds.Tables[0].Rows[0];
userDeatils.UserId = Convert.ToInt64(dataRow["USERID"].ToString());
userDeatils.Status = Convert.ToByte(dataRow["STATUS"].ToString());
userDeatils.Locked = Convert.ToBoolean(dataRow["LOCKED"].ToString());
userDeatils.Active = Convert.ToInt16(dataRow["ACTIVE"]);
userDeatils.DBPassword = dataRow["PASSWORD"].ToString();
userDeatils.Firstname = dataRow["FIRSTNAME"].ToString();
userDeatils.Lastname = dataRow["LASTNAME"].ToString();
userDeatils.RoleId = Int64.Parse(dataRow["ROLEID"].ToString());
userDeatils.RoleName = dataRow["ROLENAME"].ToString();
userDeatils.Mailid = dataRow["EMAIL"].ToString();
if (userDeatils.Status == 1)
{
userDeatils.LastPwdChange = DateTime.Now;
}
if (userDeatils.Status != 1)
{
userDeatils.NoOfAttempts = Convert.ToInt32(dataRow["NO_OF_ATTEMPTS"].ToString());
userDeatils.SecQunId = Convert.ToInt64(dataRow["QUESTIONID"].ToString());
userDeatils.LastPwdChange = Convert.ToDateTime(dataRow["LAST_PWD_CHANGE"].ToString());
userDeatils.SecAns = dataRow["SEC_A"].ToString();
}
}
if (ds.Tables[1].Rows.Count > 0)
{
DataRow dataRow = ds.Tables[1].Rows[0];
userDeatils.PasswordCount = Convert.ToInt32(dataRow["PASSWORDCOUNT"].ToString());
userDeatils.PwdChangeDays = Convert.ToInt32(dataRow["PASSWORDCHANGEDAYS"].ToString());
userDeatils.MaxAttemps = Convert.ToInt32(dataRow["MAXIMUM_ATTEMPTS"].ToString());
}
return(userDeatils);
}
public ActionResult LogOn(LogonUser model)
{
if (SessionHelper.LogonUser != null)
{
Session.Abandon();
return(RedirectToAction("LogOff", "Account"));
}
UserLogonData userLogon = new UserLogonData();
userLogon.GetData();
if (Request.QueryString.Count > 0)
{
byte statusId = byte.Parse(Request.QueryString["statusId"].ToString());
if (statusId == Status.FIRSTLOGIN)
{
model.Message = "First time login user can't use ForgetPassword";
}
}
ModelState.Clear();
return(View(model));
}
public HttpResponseMessage Login(string userName, string password)
{
var user = _userService.GetByUserNameAndPassword(userName, password);
if (user != null)
{
//1-LogonUser
var logonUser = new LogonUser()
{
UserName = userName,
Password = password
};
//2-JsonString
var jsonString = JsonConvert.SerializeObject(logonUser);
//3-Şifreleme => Token
var token = FTH.Extension.Encrypter.Encrypt(jsonString, "159357");
return(Request.CreateResponse(HttpStatusCode.OK, token));
}
else
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Kullanıcı Adı ve Şifresi Geçersizdir."));
}
}
public async Task <ActionResult> RemoveCollaborator(string id, string userId)
{
var item = await _itemDbCommand.FindAsync(id);
if (item == null)
{
return(HttpNotFound());
}
if (!LogonUser.IsEntitledToEditItemCollaborators(item))
{
return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized));
}
var deleteCollaborator = item.Collaborators.FirstOrDefault(x => x.Id == userId);
if (deleteCollaborator == null)
{
throw new InvalidOperationException();
}
await _itemDbCommand.RemoveCollaboratorAsync(item, deleteCollaborator);
return(new HttpStatusCodeResult(HttpStatusCode.OK));
}
public async Task <ActionResult> AddCollaborator(string id, string userId)
{
var item = await _itemDbCommand.FindAsync(id);
if (item == null)
{
return(HttpNotFound());
}
if (!LogonUser.IsEntitledToEditItemCollaborators(item))
{
return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized));
}
var targetUser = await _userDbCommand.FindAsync(userId);
if (targetUser == null)
{
return(HttpNotFound());
}
if (item.Collaborators.Contains(targetUser))
{
throw new InvalidOperationException();
}
var newCollaborator = new Collaborator(targetUser)
{
Role = RoleType.Member
};
await _itemDbCommand.AddCollaboratorAsync(item, newCollaborator);
var model = Mapper.Map <CollaboratorEditModel>(newCollaborator);
return(PartialView("_CollaboratorEdit", model));
}
public ActionResult LogOn(LogonUser logonUser, string UserName)
{
//1 => pass 2=> failed 3 => locked 4 => 90 days pwd expired 5 => first time login 6 => Forget pwd
LogonUserSession logonUserSession = new LogonUserSession();
try
{
int status = 0;
if (ModelState.IsValid)
{
UserLogonData userLogon = new UserLogonData();
UserDetails userDetails = userLogon.GetUserDeatils(logonUser);
if (userDetails.Active != 0 && userDetails.UserId > 0)
{
status = ValidateLogonUser(1, userDetails, logonUser, logonUserSession);
}
else
{
status = ValidateLogonUser(0, userDetails, logonUser, logonUserSession);
}
if (status == 1)
{
logonUserSession.USERNAME = logonUser.UserName;
DataTable dt = userLogon.GetEmployeeId(userDetails.UserId);
Session["Username"] = userDetails.Firstname + " " + userDetails.Lastname;
Session["EmployeeId"] = dt.Rows[0]["Employee_Id"].ToString();
Session["DepartmentId"] = dt.Rows[0]["DepartmentId"].ToString();
Session["UserID"] = userDetails.UserId;
Session["Gender"] = dt.Rows[0]["Gender"].ToString();
Int64 roleid = userDetails.RoleId;;
Session["RoleId"] = userDetails.RoleId;
Session["MyRole"] = dt.Rows[0]["ROLE_NAME"].ToString();
SessionHelper.LogonUser = logonUserSession;
//SessionHelper.IPAddress = WebClientBase.GetIPAddress(HttpContext.Request);
//SessionHelper.BrowserName = WebClientBase.GetBrowserTypeAndVersion(HttpContext.Request);
return(Redirect(GetHomeUrl()));
}
else if (status == 3)
{
if ((byte.Parse(logonUserSession.STATUS.ToString())) == Status.NO_OF_ATM_LOCKED)
{
logonUser.Message = "User locked for no of attempts";
}
else
{
}
}
else if (status == 5)
{
logonUserSession.TEMPUSERNAME = logonUser.UserName;// if first login after enter sec qns then assign to Session[Status.USERNAME]
SessionHelper.LogonUser = logonUserSession;
return(RedirectToAction("SecurityQuestions", "Account"));
}
else if (status == Status.PWDEXPIRED || status == Status.FORGETPWD)
{
logonUserSession.TEMPUSERNAME = logonUser.UserName;// if AFTER 90DAYS login after CHANGE PWD then assign to Session[Status.USERNAME]
SessionHelper.LogonUser = logonUserSession;
return(RedirectToAction("ForgetChangePassword", "Account"));
}
else if (status == 2)
{
logonUser.Message = "The username or password you entered is incorrect.";
}
else if (status == 8)
{
logonUser.Message = "User Account is Deactivated";
}
else
{
}
}
return(View(logonUser));
}
catch (Exception ex)
{
BaseExceptionHandler.HandleException(ref ex);
}
return(View(logonUser));
}
public int ValidateLogonUser(int count, UserDetails userDetails, LogonUser logonUser, LogonUserSession logonUserSession)
{
int no_of_attempts = 0;
int days = 0;
byte status;
try
{
UserLogonData userLogon = new UserLogonData();
if (count == 1)
{
// if (ds.Tables[0].Rows.Count > 0)
//1 => pass 2=> failed 3 => locked 4 => 90 days pwd expired 5 => first time login 6 => Forget pwd
DateTime curDate = DateTime.Now;
TimeSpan ts = curDate.Date - userDetails.LastPwdChange;
status = userDetails.Status;
days = ts.Days;
no_of_attempts = (string.IsNullOrEmpty(userDetails.NoOfAttempts.ToString())) ? 0 : Int32.Parse(userDetails.NoOfAttempts.ToString());
encryptSha1 obj = new encryptSha1();
logonUser.TempPassword = obj.GetSHA1HashData(logonUser.Password + userDetails.UserId);
// logonUser.TempPassword = userDetails.DBPassword;
if (logonUser.TempPassword == userDetails.DBPassword)
{
logonUserSession.MENURANGE = userDetails.MenuRange;
logonUserSession.USERID = userDetails.UserId;
logonUserSession.CURRENTPASSWORD = userDetails.DBPassword;
logonUserSession.PASSWORDCOUNT = userDetails.PasswordCount;
logonUserSession.STATUS = userDetails.Status;
logonUserSession.FIRSTNAME = userDetails.Firstname;
logonUserSession.LASTNAME = userDetails.Lastname;
logonUserSession.USERROLE = userDetails.RoleId;
//logonUserSession.DEPARTMENT = userDetails.DepartmentId;
logonUserSession.ROLENAME = userDetails.RoleName;
logonUserSession.ROLEID = userDetails.RoleId;
SessionHelper.LogonUser = logonUserSession;
if (userDetails.Locked == true)
{
return(3);
}
else if (ts.Days > userDetails.PwdChangeDays)
{
//userLogon.UpdateStatus(userDetails.UserId, userDetails.Status, resource.GetResource("~/Views/Logon.cshtml", "PASS_EXPIRED"));
userLogon.UpdateStatus(userDetails.UserId, userDetails.Status, "Password expired");
logonUserSession.STATUS = Status.PWDEXPIRED;
logonUserSession.EXPIREDDAYS = ts.Days.ToString();
SessionHelper.LogonUser = logonUserSession;
return(4);
}
else if (status == Status.FIRSTLOGIN)
{
// userLogon.AddAudit(userDetails.UserId, resource.GetResource("~/Views/Logon.cshtml", "Login successfully"));
userLogon.AddAudit(userDetails.UserId, "Login successfully");
return(5);
}
else if (status == Status.FORGETPWD)
{
return(6);
}
else if (no_of_attempts <= userDetails.MaxAttemps)
{
userLogon.UpdateUserAttempts(userDetails.UserId, 0);
return(1);
}
else
{
return(2);
}
}
else
{
if (status != Status.FIRSTLOGIN)
{
if (no_of_attempts == userDetails.MaxAttemps)
{
//userLogon.UpdateLockUser(userDetails.UserId, Status.NO_OF_ATM_LOCKED, resource.GetResource("~/Views/Logon.cshtml", "USER_LOCK"));
userLogon.UpdateLockUser(userDetails.UserId, Status.NO_OF_ATM_LOCKED, "User locked for no of attempts");
logonUserSession.STATUS = Status.NO_OF_ATM_LOCKED;
SessionHelper.LogonUser = logonUserSession;
return(3);
}
else
{
no_of_attempts = ++no_of_attempts;
userLogon.UpdateUserAttempts(userDetails.UserId, no_of_attempts);
return(2);
}
}
else
{
userLogon.AddAudit(userDetails.UserId, "Login failed");
return(2);
}
}
}
else if (userDetails.Status == 8 && userDetails.Active == 0)
{
return(8);
}
else
{
// userLogon.UpdateAnonymsAttempts(resource.GetResource("~/Views/Logon.cshtml", "ANON_ATTEMPT"));
userLogon.UpdateAnonymsAttempts("Anonymous attempt");
return(2);
}
}
catch (Exception ex)
{
BaseExceptionHandler.HandleException(ref ex);
}
return(2);
}
public ActionResult ForgotPassword(ForgotPasswordModel forget, string Password, string button)
{
try
{
if (button == "Cancel")
{
return(RedirectToAction("Logon", "Account"));
}
if (ModelState.IsValid)
{
int status;
ForgotPasswordModel forgotPwd = new ForgotPasswordModel();
string secUserAns = forget.inhrtSecurityQuestionModel.SecAns;
Int64 secQunId = forget.inhrtSecurityQuestionModel.SelectedSecQsn;
encryptSha1 obj = new encryptSha1();
secUserAns = obj.GetSHA1HashData(secUserAns.ToUpper());
string msg = "";
UserLogonData userLogon = new UserLogonData();
LogonUser logonUser = new LogonUser();
logonUser.UserName = forget.UserName;
UserDetails userDetails = userLogon.GetUserDeatils(logonUser);
if (userDetails.Active != 0 && userDetails.UserId > 0)
{
status = compareSecAns(forget.UserName, userDetails.SecQunId, userDetails.SecAns, userDetails.Status, userDetails.UserId, secUserAns, secQunId);
//1 success 0 incorrect username 2 secQun or ans incorrect
if (status == Status.NO_OF_ATM_LOCKED)
{
forget.inhrtSecurityQuestionModel = initialDDLFillBase();
forget.Message = "User locked for no of attempts";
}
else if (status == Status.FIRSTLOGIN)
{
return(RedirectToAction("logon", "account", new { statusId = Status.FIRSTLOGIN }));
}
else if (status == Status.PASS)
{
msg = "FORGET_PASS";
if (userLogon.UpdateStatus(userDetails.UserId, Status.FORGETPWD, msg) == true)
{
//update cur date in last_pwd_change while ,if pwd expiry ,not change he attempt forget pwd
Encrypt encrypt = new Encrypt();
string TempPassword = encrypt.CreateRandomPassword(6);
string EncryptedPassword = encrypt.GetSHA1HashData(TempPassword);
userLogon.ForgotPassword(userDetails.UserId, encrypt.GetSHA1HashData(EncryptedPassword + userDetails.UserId));
string Templateid = "3";
string spname = "MTS_UserPasswordEmail";
spname = userDetails.Mailid + "," + userDetails.Firstname + "," + userDetails.Lastname + "," + TempPassword;
userLogon.MailSending(spname, Templateid);
forget.Message = "Password sent your mail id";
return(RedirectToAction("EmailSending", "account")); // for forgot password
}
else
{
//forget.Message = resource.GetResource("~/Views/Logon.cshtml", "Failed");
}
}
else if (status == 2)
{
forget.inhrtSecurityQuestionModel = initialDDLFillBase();
forget.Message = "The Sec Question or answer you entered is incorrect.";
}
else
{
}
}
else
{
forget.inhrtSecurityQuestionModel = initialDDLFillBase();
forget.Message = "Invalid user id.";
}
}
else
{
forget.inhrtSecurityQuestionModel = initialDDLFillBase();
}
return(View(forget));
}
catch (Exception ex)
{
throw ex;
}
}
public void SetLogonUser(LogonUser user)
{
HttpContext.Current.Session["LoginObject"] = user;
}
protected override void Seed(CandyContext context)
{
var logon = new LogonUser();
Core.Concrete.Common.ConnectionProvider.LogonUser = logon;
#region - User -
var userGroup = new UserGroupEntity()
{
Name = "Admin"
};
context.UserGroups.Add(userGroup);
context.SaveChanges();
var user = new UserEntity()
{
Birtdate = new DateTime(1992, 8, 30),
FirstName = "Fatih",
Email = "*****@*****.**",
LastName = "GÜRDAL",
Password = "******".Encrypt(),
UserName = "******",
UserGroupId = userGroup.Id
};
context.Users.Add(user);
context.SaveChanges();
#endregion
#region - Settings -
context.Settings.Add(new SettingEntity()
{
KeyName = "SuperUser",
Value = "CandySuperUser|1445"
});
context.Settings.Add(new SettingEntity()
{
KeyName = "MailSetting",
Value = "[email protected]|password|smtp.google.com|port|Candy Framework"
});
context.Settings.Add(new SettingEntity()
{
KeyName = "SiteName",
Value = "Candy Framework"
});
context.Settings.Add(new SettingEntity()
{
KeyName = "EMailLogToAddress",
Value = "*****@*****.**"
});
context.Settings.Add(new SettingEntity()
{
KeyName = "EMailLogCCAddress",
Value = "*****@*****.**"
});
context.Settings.Add(new SettingEntity()
{
KeyName = "LogClass",
Value = "MailLogger"
});
context.SaveChanges();
#endregion
}
public ActionResult LogOn(LogonUser model)
{
return(RedirectToAction("Logon", "Account", new { area = "MTS.Login" }));
}
public void SetLogonUser(LogonUser user)
{
var jsonString = JsonConvert.SerializeObject(user);
}
