public async Task <ActionResult> ForgotPassword(ForgotPassword model)
{
if (!string.IsNullOrEmpty(AppConfig.ReCAPTCHAKey))
{
var captchaResult = await ReCaptcha2.ValidateAsync(new AspNetCoreHttpRequest(Request), AppConfig.ReCAPTCHAKey);
if (!captchaResult.Success)
{
ModelState.AddModelError("CAPTCHA", ViewRes.User.ForgotPasswordStrings.CaptchaIsInvalid);
}
}
if (!ModelState.IsValid)
{
return(View());
}
try
{
await Data.RequestPasswordReset(model.Username, model.Email, AppConfig.HostAddress + Url.Action("ResetPassword", "User"));
}
catch (UserNotFoundException) { }
TempData.SetStatusMessage(ViewRes.User.ForgotPasswordStrings.MessageSent);
return(RedirectToAction("Login"));
}
public ActionResult ForgotPassword(ForgotPassword model)
{
if (!ReCaptcha2.Validate(Request, AppConfig.ReCAPTCHAKey).Success)
{
ModelState.AddModelError("CAPTCHA", ViewRes.User.ForgotPasswordStrings.CaptchaIsInvalid);
}
if (!ModelState.IsValid)
{
return(View());
}
try {
Data.RequestPasswordReset(model.Username, model.Email, AppConfig.HostAddress + Url.Action("ResetPassword", "User"));
} catch (UserNotFoundException) {}
TempData.SetStatusMessage(ViewRes.User.ForgotPasswordStrings.MessageSent);
return(RedirectToAction("Login"));
}
public ActionResult Create(RegisterModel model)
{
string restrictedErr = "Sorry, access from your host is restricted. It is possible this restriction is no longer valid. If you think this is the case, please contact support.";
if (!ModelState.IsValidField("Extra"))
{
log.Warn("An attempt was made to fill the bot decoy field from {0} with the value '{1}'.", Hostname, ModelState["Extra"]);
ipRuleManager.AddTempBannedIP(Hostname, "Attempt to fill the bot decoy field");
return(View(model));
}
if (config.SiteSettings.SignupsDisabled)
{
ModelState.AddModelError(string.Empty, "Signups are disabled");
}
var recaptchaResult = ReCaptcha2.Validate(Request, AppConfig.ReCAPTCHAKey);
if (!recaptchaResult.Success)
{
ErrorLogger.LogMessage(Request, string.Format("Invalid CAPTCHA (error {0})", recaptchaResult.Error), LogLevel.Warn);
otherService.AuditLog("failed CAPTCHA", Hostname, AuditLogCategory.UserCreateFailCaptcha);
ModelState.AddModelError("CAPTCHA", ViewRes.User.CreateStrings.CaptchaInvalid);
}
if (!ModelState.IsValid)
{
return(View(model));
}
if (!ipRuleManager.IsAllowed(Hostname))
{
log.Warn("Restricting blocked IP {0}.", Hostname);
ModelState.AddModelError("Restricted", restrictedErr);
return(View(model));
}
var time = TimeSpan.FromTicks(DateTime.Now.Ticks - model.EntryTime);
// Attempt to register the user
try {
var url = VocaUriBuilder.CreateAbsolute(Url.Action("VerifyEmail", "User")).ToString();
var user = Data.Create(model.UserName, model.Password, model.Email ?? string.Empty, Hostname,
WebHelper.GetInterfaceCultureName(Request),
time, ipRuleManager.TempBannedIPs, url);
FormsAuthentication.SetAuthCookie(user.Name, false);
return(RedirectToAction("Index", "Home"));
} catch (UserNameAlreadyExistsException) {
ModelState.AddModelError("UserName", ViewRes.User.CreateStrings.UsernameTaken);
return(View(model));
} catch (UserEmailAlreadyExistsException) {
ModelState.AddModelError("Email", ViewRes.User.CreateStrings.EmailTaken);
return(View(model));
} catch (InvalidEmailFormatException) {
ModelState.AddModelError("Email", ViewRes.User.MySettingsStrings.InvalidEmail);
return(View(model));
} catch (TooFastRegistrationException) {
ModelState.AddModelError("Restricted", restrictedErr);
return(View(model));
}
}
public async Task <ActionResult> Create(RegisterModel model, [FromServices] IDiscordWebhookNotifier discordWebhookNotifier)
{
string restrictedErr = "Sorry, access from your host is restricted. It is possible this restriction is no longer valid. If you think this is the case, please contact support.";
if (ModelState[nameof(model.Extra)].Errors.Any())
{
s_log.Warn("An attempt was made to fill the bot decoy field from {0} with the value '{1}'.", Hostname, ModelState["Extra"]);
_ipRuleManager.AddTempBannedIP(Hostname, "Attempt to fill the bot decoy field");
return(View(model));
}
if (_config.SiteSettings.SignupsDisabled)
{
ModelState.AddModelError(string.Empty, "Signups are disabled");
}
if (!string.IsNullOrEmpty(AppConfig.ReCAPTCHAKey))
{
var recaptchaResult = await ReCaptcha2.ValidateAsync(new AspNetCoreHttpRequest(Request), AppConfig.ReCAPTCHAKey);
if (!recaptchaResult.Success)
{
ErrorLogger.LogMessage(Request, $"Invalid CAPTCHA (error {recaptchaResult.Error})", LogLevel.Warn);
_otherService.AuditLog("failed CAPTCHA", Hostname, AuditLogCategory.UserCreateFailCaptcha);
ModelState.AddModelError("CAPTCHA", ViewRes.User.CreateStrings.CaptchaInvalid);
}
}
if (!ModelState.IsValid)
{
return(View(model));
}
if (!_ipRuleManager.IsAllowed(Hostname))
{
s_log.Warn("Restricting blocked IP {0}.", Hostname);
ModelState.AddModelError("Restricted", restrictedErr);
return(View(model));
}
var time = TimeSpan.FromTicks(DateTime.Now.Ticks - model.EntryTime);
// Attempt to register the user
try
{
var verifyEmailUrl = VocaUriBuilder.CreateAbsolute(Url.Action("VerifyEmail", "User")).ToString();
var user = await Data.Create(
model.UserName,
model.Password,
model.Email ?? string.Empty,
Hostname,
Request.Headers[HeaderNames.UserAgent],
WebHelper.GetInterfaceCultureName(Request),
time,
_ipRuleManager,
verifyEmailUrl);
await SetAuthCookieAsync(user.Name, createPersistentCookie : false);
return(RedirectToAction("Index", "Home"));
}
catch (UserNameAlreadyExistsException)
{
ModelState.AddModelError("UserName", ViewRes.User.CreateStrings.UsernameTaken);
return(View(model));
}
catch (UserEmailAlreadyExistsException)
{
ModelState.AddModelError("Email", ViewRes.User.CreateStrings.EmailTaken);
return(View(model));
}
catch (InvalidEmailFormatException)
{
ModelState.AddModelError("Email", ViewRes.User.MySettingsStrings.InvalidEmail);
return(View(model));
}
catch (TooFastRegistrationException)
{
ModelState.AddModelError("Restricted", restrictedErr);
return(View(model));
}
catch (RestrictedIPException)
{
ModelState.AddModelError("Restricted", restrictedErr);
return(View(model));
}
}