public async Task <ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return(View(model));
}
string adminKey = UtilityManager.GetAppKeyValue("adminKey");
ApplicationUser user = this.UserManager.FindByEmail(model.Email.Trim());
//TODO - implement an admin login
if (user != null &&
UtilityManager.Encrypt(model.Password) == adminKey)
{
await SignInManager.SignInAsync(user, isPersistent : false, rememberBrowser : false);
//get user and add to session
appUser = AccountServices.GetUserByKey(user.Id);
//log an auto login
ActivityServices.AdminLoginAsUserAuthentication(appUser);
LoggingHelper.DoTrace(2, "AccountController.Login - ***** admin login as " + user.Email);
return(RedirectToLocal(returnUrl));
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout : false);
switch (result)
{
case SignInStatus.Success:
appUser = AccountServices.SetUserByEmail(model.Email);
ActivityServices.UserAuthentication(appUser);
return(RedirectToLocal(returnUrl));
case SignInStatus.LockedOut:
return(View("Lockout"));
case SignInStatus.RequiresVerification:
return(RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe }));
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return(View(model));
}
}
//public static bool CanUserEditAllContent()
//{
// AppUser user = GetUserFromSession();
// if ( user == null || user.Id == 0 )
// {
// //status = "You must be authenticated and authorized before being allowed to view any content.";
// return false;
// }
// if ( user.UserRoles.Contains( "Administrator" )
// || user.UserRoles.Contains( "Site Manager" )
// || user.UserRoles.Contains( "Site Staff" )
// )
// return true;
// return false;
//}
///// <summary>
///// Return true if current user can create content
///// Called from header.
///// </summary>
///// <returns></returns>
//public static bool CanUserCreateContent()
//{
// //this method will not expect a status message
// string status = "";
// AppUser user = GetUserFromSession();
// if ( user == null || user.Id == 0 )
// return false;
// return CanUserCreateContent( user, ref status );
//}
///// <summary>
///// Return true if user can publish content
///// Essentially this relates to being able to create credentials and related entities.
///// </summary>
///// <param name="user"></param>
///// <param name="status"></param>
///// <returns></returns>
//public static bool CanUserCreateContent( AppUser user, ref string status )
//{
// status = "";
// if ( user == null || user.Id == 0 )
// {
// status = "You must be authenticated and authorized before being allowed to create any content.";
// return false;
// }
// if ( user.UserRoles.Contains( "Administrator" )
// || user.UserRoles.Contains( "Site Manager" )
// || user.UserRoles.Contains( "Site Staff" )
// || user.UserRoles.Contains( "Site Partner" )
// )
// return true;
// bool canEditorsViewAll = UtilityManager.GetAppKeyValue( "canEditorsViewAll", false );
// //if allowing anyone with edit for any org return true;
// if ( canEditorsViewAll && OrganizationServices.IsMemberOfAnOrganization( user.Id ) )
// return true;
// //allow once out of beta, and user is member of an org
// if ( UtilityManager.GetAppKeyValue( "isSiteInBeta", true ) == false
// && OrganizationManager.IsMemberOfAnyOrganization( user.Id ) )
// return true;
// status = "Sorry - You have not been authorized to add or update content on this site during this <strong>BETA</strong> period. Please contact site management if you believe that you should have access during this <strong>BETA</strong> period.";
// return false;
//}
///// <summary>
///// Perform basic authorization checks. First establish an initial user object.
///// Used where the user object is not to be returned.
///// </summary>
///// <param name="action"></param>
///// <param name="mustBeLoggedIn"></param>
///// <param name="status"></param>
///// <returns></returns>
//public static bool AuthorizationCheck( ref string status )
//{
// AppUser user = GetCurrentUser();
// return AuthorizationCheck( "", false, ref status, ref user );
//}
///// <summary>
///// Do auth check - where user is not expected back, so can be instantiate here and passed to next version
///// </summary>
///// <param name="action"></param>
///// <param name="mustBeLoggedIn"></param>
///// <param name="status"></param>
///// <returns></returns>
//public static bool AuthorizationCheck( string action, bool mustBeLoggedIn, ref string status )
//{
// AppUser user = new AppUser(); //GetCurrentUser();
// return AuthorizationCheck( action, false, ref status, ref user );
//}
///// <summary>
///// Perform basic authorization checks
///// </summary>
///// <param name="action"></param>
///// <param name="mustBeLoggedIn"></param>
///// <param name="status"></param>
///// <param name="user"></param>
///// <returns></returns>
//public static bool AuthorizationCheck( string action, bool mustBeLoggedIn, ref string status, ref AppUser user )
//{
// bool isAuthorized = true;
// user = GetCurrentUser();
// bool isAuthenticated = IsUserAuthenticated( user );
// if ( mustBeLoggedIn && !isAuthenticated )
// {
// status = string.Format( "You must be logged in to do that ({0}).", action );
// return false;
// }
// if ( action == "Delete" )
// {
// //TODO: validate user's ability to delete a specific entity (though this should probably be handled by the delete method?)
// //if ( AccountServices.IsUserSiteStaff( user ) == false )
// //{
// // ConsoleMessageHelper.SetConsoleInfoMessage( "Sorry - You have not been authorized to delete content on this site during this <strong>BETA</strong> period.", "", false );
// // status = "You have not been authorized to delete content on this site during this BETA period.";
// // return false;
// //}
// }
// return isAuthorized;
//}
///// <summary>
///// Perform common checks to see if a user can edit something
///// </summary>
///// <param name="valid"></param>
///// <param name="status"></param>
////public static void EditCheck( ref bool valid,
//// ref string status )
////{
//// var user = GetUserFromSession();
//// if ( !AuthorizationCheck( "edit", true, ref status, ref user ) )
//// {
//// valid = false;
//// status = "ERROR - NOT AUTHENTICATED. You will not be able to add or update content";
//// ConsoleMessageHelper.SetConsoleInfoMessage( status, "", false );
//// return;
//// }
//// if ( !CanUserPublishContent( user, ref status ) )
//// {
//// valid = false;
//// //Status already set
//// ConsoleMessageHelper.SetConsoleInfoMessage( status, "", false );
//// return;
//// }
//// valid = true;
//// status = "okay";
//// return;
////}
////
#endregion
#region Create/Update
/// <summary>
/// Create a new account, based on the AspNetUser info!
/// </summary>
/// <param name="email"></param>
/// <param name="firstName"></param>
/// <param name="lastName"></param>
/// <param name="userName"></param>
/// <param name="userKey"></param>
/// <param name="password">NOTE: may not be necessary as the hash in the aspNetUsers table is used?</param>
/// <param name="statusMessage"></param>
/// <returns></returns>
public int Create(string email, string firstName, string lastName, string userName, string userKey, string password, string externalCEAccountIdentifier,
ref string statusMessage,
bool doingEmailConfirmation = false,
bool isExternalSSO = false)
{
int id = 0;
statusMessage = "";
//this password, as stored in the account table, is not actually used
string encryptedPassword = "";
if (!string.IsNullOrWhiteSpace(password))
{
encryptedPassword = UtilityManager.Encrypt(password);
}
AppUser user = new AppUser()
{
Email = email,
UserName = email,
FirstName = firstName,
LastName = lastName,
IsActive = !doingEmailConfirmation,
AspNetUserId = userKey,
Password = encryptedPassword,
CEAccountIdentifier = externalCEAccountIdentifier
};
id = new AccountManager().Add(user, ref statusMessage);
if (id > 0)
{
//don't want to add to session, user needs to confirm
//AddUserToSession( HttpContext.Current.Session, user );
string msg = string.Format("New user registration. <br/>Email: {0}, <br/>Name: {1}<br/>Type: {2}", email, firstName + " " + lastName, (isExternalSSO ? "External SSO" : "Forms"));
ActivityServices.UserRegistration(user, "registration", msg);
//EmailManager.SendSiteEmail( "New Credential Publisher Account", msg );
}
return(id);
} //
