Esempio n. 1
0
        private User GetUser(string userName, string password)
        {
            if (userName.IsNullOrEmptyOrWhiteSpace() || password.IsNullOrEmptyOrWhiteSpace())
            {
                return(null);
            }

            // Check user in geonetwork
            object geonetworkUser = null;

            try
            {
                using (var client = restApiService.GetClient(new UserPrincipal {
                    UserName = userName, Password = password
                }))
                {
                    geonetworkUser = restApiService.GetRequest <object>(client, "me");
                }
            }
            catch (Exception e)
            {
                logger.Error(e);
            }

            User user = null;

            if (userName.IsNotNullOrEmpty())
            {
                using (contextManager.NewConnection())
                {
                    user = accountService.GetByUserName(userName);
                }
            }

            if (geonetworkUser != null)
            {
                return(user);
            }

            if (user?.Password == null ||
                password?.IsNotNullOrEmpty() != true ||
                !PasswordTools.ValidatePassword(password, user.Password))
            {
                return(null);
            }

            return(user);
        }
Esempio n. 2
0
        public ActionResult ChangePassword(ChangePasswordViewModel model)
        {
            ModelState.Clear();

            // Validate captcha control
            if (!captchaService.Validate(Request["g-recaptcha-response"]))
            {
                ModelState.AddModelError(string.Empty, Resource.WrongCaptchaMessage);
            }

            User user = null;

            if (model.Token.IsNotNullOrEmpty())
            {
                user = GetUserByToken(model.Token);
            }
            else if (User?.Id != null)
            {
                using (ContextManager.NewConnection())
                {
                    user = accountService.GetByUserName(User.UserName);
                }

                // Validate old password - if is same as login user password
                if (model.OldPassword.IsNullOrEmpty() ||
                    !PasswordTools.ValidatePassword(model.OldPassword, user.Password))
                {
                    ModelState.AddModelError("OldPassword", Resource.PasswordsDoesNotMatch);
                }
            }

            if (user == null)
            {
                throw new WarningException(Resource.InvalidToken);
            }

            model.IsAdmin = user.IsAdmin;
            model.UserId  = user.Id.Value;

            if (!TryValidateModel(model) || !ModelState.IsValid)
            {
                return(View("ChangePassword", model));
            }

            using (var client = restApiService.GetClient(new UserPrincipal {
                UserName = ConfigurationReader.GeoNetworkAdminUser, Password = ConfigurationReader.GeoNetworkAdminPass
            }))
            {
                restApiService.PostRequest(
                    client,
                    $"users/{user.GeoNetworkId}/actions/forget-password?password={model.Password}&password2={model.ConfirmPassword}");
            }

            model.Password = PasswordTools.CreateHash(model.Password);

            var userPrincipal = Mapper.Map <IUser, UserPrincipal>(user);

            using (var transaction = ContextManager.NewTransaction(new RequestData(userPrincipal)))
            {
                userService.ChangePassword(Mapper.Map <ChangePasswordModel>(model));

                // If user is not active - activate it
                if (model.Token.IsNotNullOrEmpty() && user.Status.Id == EnumHelper.GetStatusIdByEnum(UserStatus.InActive))
                {
                    userService.ChangeStatus(
                        EnumHelper.GetStatusIdByEnum(UserStatus.Active),
                        user.Id.Value,
                        ConfigurationReader.AutomationUserId);
                }

                transaction.Commit();
            }

            return(RedirectToAction("Login"));
        }