public async Task <ActionResult> DeleteUser_Perform(ActionWithUserSearchData data, string submitAction)
{
if (!this.HttpContext.Session.HasSystemActionRights() || !this.HttpContext.Session.HasSystemActionRight(ActionRights.UserManagement))
{
return(RedirectToAction("Index", "Home"));
}
if (submitAction != "Delete")
{
return(RedirectToAction("Index", "Home"));
}
if (data.FindUserData.SelectedUserIDs == null || data.FindUserData.SelectedUserIDs.Count <= 0)
{
return(await DeleteUser_Find(data));
}
int userIdToDelete = data.FindUserData.SelectedUserIDs.FirstOrDefault();
var user = await UserGuiHelper.GetUserAsync(userIdToDelete);
bool result = await UserManager.DeleteUserAsync(userIdToDelete);
if (result)
{
ApplicationAdapter.AddUserToListToBeLoggedOutByForce(user.NickName);
}
await FillUserDataForStateAsync(data.FindUserData, AdminFindUserState.PostAction, string.Empty, string.Empty);
var viewData = new ActionWithUserSearchData(data.FindUserData);
viewData.FinalActionResult = result ? "The user has been deleted" : "Deleting the user failed, perhaps you selected a user that couldn't be deleted?";
return(View("~/Views/Admin/DeleteUser.cshtml", viewData));
}
private async Task <(bool proceedWithInit, bool incorrectlyConfigured)> ShouldPerformInitAsync()
{
bool proceedWithInit = false;
bool incorrectlyConfigured = false;
// check if there's an anonymous user in the database
var anonymous = await UserGuiHelper.GetUserAsync(0); // use hardcoded 0 id.
if (anonymous == null)
{
proceedWithInit = true;
}
else
{
if (anonymous.NickName != "Anonymous")
{
incorrectlyConfigured = true;
}
}
if (proceedWithInit)
{
var admin = await UserGuiHelper.GetUserAsync(1); // use hardcoded 1 id.
if (admin != null)
{
proceedWithInit = false;
incorrectlyConfigured = true; // anonymous wasn't there, but admin was...
}
}
return(proceedWithInit, incorrectlyConfigured);
}
public async Task <ActionResult> EditUserInfo_FinalAction(EditUserInfoData data)
{
if (!this.HttpContext.Session.HasSystemActionRights() || !this.HttpContext.Session.HasSystemActionRight(ActionRights.UserManagement))
{
return(RedirectToAction("Index", "Home"));
}
data.UserTitles = await UserGuiHelper.GetAllUserTitlesAsync();
data.Roles = await SecurityGuiHelper.GetAllRolesAsync();
if (!ModelState.IsValid)
{
return(View("~/Views/Admin/EditUserInfo.cshtml", data));
}
data.Sanitize();
data.StripProtocolsFromUrls();
bool result = false;
var user = await UserGuiHelper.GetUserAsync(data.UserId);
if (user != null)
{
result = await UserManager.UpdateUserProfileAsync(data.UserId, data.DateOfBirth, data.EmailAddress, user.EmailAddressIsPublic ?? false, data.IconURL,
data.Location, data.Occupation, data.NewPassword, data.Signature, data.Website, data.UserTitleId,
user.AutoSubscribeToThread, user.DefaultNumberOfMessagesPerPage, data.IsBanned, data.RoleIDs);
}
data.InfoEdited = result;
return(View("~/Views/Admin/EditUserInfo.cshtml", data));
}
public async Task <ActionResult> EditProfile()
{
var user = await UserGuiHelper.GetUserAsync(this.HttpContext.Session.GetUserID());
if (user == null)
{
// not found
return(RedirectToAction("Index", "Home"));
}
var data = new EditProfileData()
{
AutoSubscribeToThread = user.AutoSubscribeToThread,
EmailAddress = user.EmailAddress,
EmailAddressIsPublic = user.EmailAddressIsPublic ?? false,
NickName = user.NickName,
DateOfBirth = user.DateOfBirth,
Occupation = user.Occupation ?? string.Empty,
Location = user.Location ?? string.Empty,
Signature = user.Signature ?? string.Empty,
Website = user.Website ?? string.Empty,
IconURL = user.IconURL ?? string.Empty,
DefaultNumberOfMessagesPerPage = user.DefaultNumberOfMessagesPerPage
};
data.Sanitize();
return(View(data));
}
public async Task <ActionResult> EditUserInfo_UserSelected(ActionWithUserSearchData data, string submitAction)
{
if (!this.HttpContext.Session.HasSystemActionRights() || !this.HttpContext.Session.HasSystemActionRight(ActionRights.UserManagement))
{
return(RedirectToAction("Index", "Home"));
}
if (submitAction == "SearchAgain")
{
return(await EditUserInfo());
}
if (submitAction != "PerformAction")
{
return(RedirectToAction("Index", "Home"));
}
if (data.FindUserData.SelectedUserIDs == null || data.FindUserData.SelectedUserIDs.Count <= 0)
{
return(await EditUserInfo_Find(data));
}
var user = await UserGuiHelper.GetUserAsync(data.FindUserData.SelectedUserIDs.FirstOrDefault());
if (user == null)
{
// not found
return(RedirectToAction("Index", "Home"));
}
var newData = new EditUserInfoData()
{
UserId = user.UserID,
EmailAddress = user.EmailAddress,
NickName = user.NickName,
DateOfBirth = user.DateOfBirth,
Occupation = user.Occupation ?? string.Empty,
Location = user.Location ?? string.Empty,
Signature = user.Signature ?? string.Empty,
Website = user.Website ?? string.Empty,
IconURL = user.IconURL ?? string.Empty,
UserTitleId = user.UserTitleID,
IPAddress = user.IPNumber,
LastVisitDate = user.LastVisitedDate.HasValue ? user.LastVisitedDate.Value.ToString("f") : "Never",
IsBanned = user.IsBanned,
RoleIDs = await SecurityGuiHelper.GetAllRoleIDsForUserAsync(user.UserID),
Roles = await SecurityGuiHelper.GetAllRolesAsync(),
UserTitles = await UserGuiHelper.GetAllUserTitlesAsync(),
};
newData.Sanitize();
return(View("~/Views/Admin/EditUserInfo.cshtml", newData));
}
private static async Task RedirectToInitIfRequired(HttpContext context)
{
// check if there's an anonymous user in the database
var anonymous = await UserGuiHelper.GetUserAsync(0); // use hardcoded 0 id. This also makes sure a misconfigured db isn't used further.
if (anonymous == null)
{
// database is empty
context.Request.Path = ApplicationAdapter.GetVirtualRoot() + "Admin/Init";
}
else
{
if (anonymous.NickName != "Anonymous")
{
// Misconfigured.
context.Request.Path = ApplicationAdapter.GetVirtualRoot() + "Error/1337";
}
}
}
public async Task <ActionResult> BanUnbanUser_Perform(ActionWithUserSearchData data, string submitAction)
{
if (!this.HttpContext.Session.HasSystemActionRights() || !this.HttpContext.Session.HasSystemActionRight(ActionRights.UserManagement))
{
return(RedirectToAction("Index", "Home"));
}
if (submitAction != "ToggleBanFlag")
{
return(RedirectToAction("Index", "Home"));
}
if (data.FindUserData.SelectedUserIDs == null || data.FindUserData.SelectedUserIDs.Count <= 0)
{
return(await BanUnbanUser_Find(data));
}
int userIdToToggleBanFlagOf = data.FindUserData.SelectedUserIDs.FirstOrDefault();
var(toggleResult, newBanFlagValue) = await UserManager.ToggleBanFlagValueAsync(userIdToToggleBanFlagOf);
if (newBanFlagValue)
{
var user = await UserGuiHelper.GetUserAsync(userIdToToggleBanFlagOf);
ApplicationAdapter.AddUserToListToBeLoggedOutByForce(user.NickName);
}
await FillUserDataForStateAsync(data.FindUserData, AdminFindUserState.PostAction, string.Empty, string.Empty);
var viewData = new ActionWithUserSearchData(data.FindUserData);
if (toggleResult)
{
viewData.FinalActionResult = newBanFlagValue ? "The user is now banned" : "The user has been unbanned";
}
else
{
viewData.FinalActionResult = "Toggling the ban flag failed.";
}
return(View("~/Views/Admin/BanUnbanUser.cshtml", viewData));
}
public async Task <ActionResult> ShowAuditInfoUser_UserSelected(ActionWithUserSearchData data, string submitAction, string filterAsString, string foundUserIds)
{
if (!this.HttpContext.Session.HasSystemActionRights() || !this.HttpContext.Session.HasSystemActionRight(ActionRights.UserManagement))
{
return(RedirectToAction("Index", "Home"));
}
if (submitAction == "SearchAgain")
{
return(await ShowAuditInfoUser());
}
if (submitAction != "PerformAction")
{
return(RedirectToAction("Index", "Home"));
}
if (data.FindUserData.SelectedUserIDs == null || data.FindUserData.SelectedUserIDs.Count <= 0 || string.IsNullOrWhiteSpace(foundUserIds))
{
return(await ShowAuditInfoUser_Find(data));
}
int selectedUserId = data.FindUserData.SelectedUserIDs.FirstOrDefault();
var auditDataForView = new ShowAuditInfoUserData(data.FindUserData)
{
AuditData = await SecurityGuiHelper.GetAllAuditsForUserAsync(selectedUserId),
AuditedUser = await UserGuiHelper.GetUserAsync(selectedUserId)
};
data.FindUserData.OverrideFilterAsString(filterAsString);
// we'll keep the search form open so we can quickly view data of multiple users without searching again. This means we'll keep the finduserdata state
// as it is, as this is the end state of this action anyway.
data.FindUserData.ActionButtonText = "View audit info";
data.FindUserData.FindUserState = AdminFindUserState.UsersFound;
var userIDsFoundAsString = foundUserIds.Split(',');
var userIDsOfUsersToLoad = userIDsFoundAsString.Select(us => Convert.ToInt32(us)).ToList();
data.FindUserData.FoundUsers = await UserGuiHelper.GetUsersAsync(userIDsOfUsersToLoad);
return(View("~/Views/Admin/ShowAuditInfoUser.cshtml", auditDataForView));
}
public async Task <IActionResult> ResetPassword(ResetPasswordData data)
{
if (!ModelState.IsValid)
{
return(View(data));
}
// check if the email address specified is the one registered with the user. If not, redirect to home
var user = await UserGuiHelper.GetUserAsync(data.NickName);
if (string.Compare(user.EmailAddress, data.EmailAddress, StringComparison.OrdinalIgnoreCase) != 0)
{
// not the same, ignore request
return(RedirectToAction("Index", "Home"));
}
await PerformResetPasswordAsync(data);
return(View(data));
}
/// <summary>
/// Initializes the session with the initial static data for the user.
/// </summary>
/// <param name="session"></param>
/// <param name="context"></param>
public static async Task InitializeAsync(this ISession session, HttpContext context)
{
if (session.GetInt32(SessionKeys.SessionInitialized) == 1)
{
// already initialized
return;
}
bool useEntityBasedLastVisitDateTracking = false;
UserEntity user = null;
if (context.User.Identity.IsAuthenticated)
{
user = await UserGuiHelper.GetUserAsync(context.User.Identity.Name);
if (user == null)
{
user = await UserGuiHelper.GetUserAsync(0); // 0 is UserID of Anonymous Coward;
}
else
{
// if the lastvisited date is null in the user entity, we'll use the cookie approach first
useEntityBasedLastVisitDateTracking = user.LastVisitedDate.HasValue;
}
}
else
{
user = await UserGuiHelper.GetUserAsync(0); // 0 is UserID of Anonymous Coward
}
if (user == null || user.IsBanned)
{
// banned user, revert to AC
user = await UserGuiHelper.GetUserAsync(0);
useEntityBasedLastVisitDateTracking = false;
}
if (user == null || user.UserID <= 0)
{
await session.LoadAnonymousSessionDataAsync();
}
else
{
await session.LoadUserSessionDataAsync(user);
}
bool isLastVisitDateValid = false;
DateTime lastVisitDate = DateTime.Now;
string lastVisitDateCookieName = ApplicationAdapter.GetSiteName() + " LastVisitDate";
// the last visited date is either stored in a cookie or on the server. Older versions of this forum system used cookie based last visited date storage,
// newer versions use server side storage in the User entity. For non-logged in users, cookie based storage is still used.
if (useEntityBasedLastVisitDateTracking)
{
lastVisitDate = user.LastVisitedDate.Value;
isLastVisitDateValid = true;
}
else
{
// read last visit date from cookie collection sent
if (context.Request.Cookies[lastVisitDateCookieName] != null)
{
string lastVisitDateAsString = context.Request.Cookies[lastVisitDateCookieName];
// convert to datetime
lastVisitDate = new DateTime(
int.Parse(lastVisitDateAsString.Substring(4, 4)), // Year
int.Parse(lastVisitDateAsString.Substring(2, 2)), // Month
int.Parse(lastVisitDateAsString.Substring(0, 2)), // Day
int.Parse(lastVisitDateAsString.Substring(8, 2)), // Hour
int.Parse(lastVisitDateAsString.Substring(10, 2)), // Minute
0); // Seconds
isLastVisitDateValid = true;
}
else
{
lastVisitDate = DateTime.Now;
}
}
if (isLastVisitDateValid)
{
// store in session object
session.AddLastVisitDate(lastVisitDate);
}
// update date
if (useEntityBasedLastVisitDateTracking || (user != null && user.UserID != 0 && !user.LastVisitedDate.HasValue))
{
await UserManager.UpdateLastVisitDateForUserAsync(user.UserID);
}
// always write new cookie
// cookie path is set to '/', to avoid path name casing mismatches. The cookie has a unique name anyway.
context.Response.Cookies.Append(lastVisitDateCookieName, DateTime.Now.ToString("ddMMyyyyHHmm"),
new CookieOptions()
{
Expires = new DateTimeOffset(DateTime.Now.AddYears(1)),
Path = "/",
SameSite = SameSiteMode.Lax,
HttpOnly = true // no js accessibility
});
if (session.CheckIfNeedsAuditing(AuditActions.AuditLogin))
{
await SecurityManager.AuditLoginAsync(session.GetUserID());
}
// mark the session as initialized.
session.SetInt32(SessionKeys.SessionInitialized, 1);
}
public async Task <ActionResult> Add(int threadId = 0, int messageIdToQuote = 0)
{
if (this.HttpContext.Session.IsAnonymousUser())
{
return(RedirectToAction("Index", "Home"));
}
var(userMayAddMessages, thread) = await PerformAddMessageSecurityChecksAsync(threadId);
if (!userMayAddMessages)
{
return(RedirectToAction("Index", "Home"));
}
MessageEntity messageToQuote = null;
UserEntity userOfMessageToQuote = null;
if (messageIdToQuote > 0)
{
messageToQuote = await MessageGuiHelper.GetMessageAsync(messageIdToQuote);
if (messageToQuote == null || messageToQuote.ThreadID != threadId)
{
// doesn't exist, or is in another thread, ignore.
return(RedirectToAction("Index", "Home"));
}
userOfMessageToQuote = await UserGuiHelper.GetUserAsync(messageToQuote.PostedByUserID);
if (userOfMessageToQuote == null)
{
return(RedirectToAction("Index", "Home"));
}
}
var forum = await _cache.GetForumAsync(thread.ForumID);
if (forum == null)
{
return(RedirectToAction("Index", "Home"));
}
string messageTextForEditor = messageToQuote == null
? string.Empty
: string.Format("@quote {0}{1}{2}{1}@end{1}", userOfMessageToQuote.NickName, Environment.NewLine,
messageToQuote.MessageText);
var messageData = new MessageData()
{
MessageText = messageTextForEditor,
CurrentUserID = this.HttpContext.Session.GetUserID(),
ForumID = forum.ForumID,
ThreadID = thread.ThreadID,
ForumName = forum.ForumName,
SectionName = await _cache.GetSectionNameAsync(forum.SectionID),
ThreadSubject = thread.Subject,
PageNo = 1,
LastMessageInThread = await ThreadGuiHelper.GetLastMessageInThreadDtoAsync(threadId),
};
return(View(messageData));
}
