protected override bool TryCreatePrincipal(string emailAddress, string password, out IPrincipal principal) {
            principal = null;

            if (String.IsNullOrEmpty(password)) {
                Log.Error().Message("The password \"{0}\" is invalid.", password).Write();
                return false;
            }

            if (String.Equals(emailAddress, "client", StringComparison.OrdinalIgnoreCase)) {
                var projectRepository = Resolver.GetService<IProjectRepository>();
                if (projectRepository == null) {
                    Log.Error().Message("Unable to resolve IProjectRepository").Write();
                    return false;
                }

                Project project = projectRepository.GetByApiKey(password);
                if (project == null) {
                    Log.Error().Message("Unable to find a project with the Api Key: \"{0}\".", password).Write();
                    return false;
                }

                var organizationRepository = Resolver.GetService<IOrganizationRepository>();
                if (organizationRepository == null) {
                    Log.Error().Message("Unable to resolve IOrganizationRepository").Write();
                    return false;
                }

                var organization = organizationRepository.GetByIdCached(project.OrganizationId);
                if (organization == null) {
                    Log.Error().Message("Unable to find organization: \"{0}\".", project.OrganizationId).Write();
                    return false;
                }

                if (organization.IsSuspended) {
                    Log.Error().Message("Rejecting authentication because the organization \"{0}\" is suspended.", project.OrganizationId).Write();
                    AuthDeniedReason = "Account has been suspended.";
                    return false;
                }

                principal = new ExceptionlessPrincipal(project);

                return true;
            }

            var userRepository = Resolver.GetService<IUserRepository>();
            if (userRepository == null) {
                Log.Error().Message("Unable to resolve IUserRepository").Write();
                return false;
            }

            User user = userRepository.GetByEmailAddress(emailAddress);
            if (user == null) {
                Log.Error().Message("Unable to find user a with the email address: \"{0}\".", emailAddress).Write();
                return false;
            }

            var membershipSecurity = Resolver.GetService<IMembershipSecurity>();
            if (membershipSecurity == null) {
                Log.Error().Message("Unable to resolve IMembershipSecurity").Write();
                return false;
            }

            if (!String.Equals(user.Password, membershipSecurity.GetSaltedHash(password, user.Salt))) {
                Log.Error().Message("Invalid password").Write();
                return false;
            }

            principal = new ExceptionlessPrincipal(user);

            return true;
        }
Esempio n. 2
0
        protected void Application_PostAuthenticateRequest(Object sender, EventArgs e) {
            if (!RequestRequiresAuth())
                return;

            if (!User.Identity.IsAuthenticated)
                return;

            if (User is ExceptionlessPrincipal)
                return;

            CheckDbOrCacheDown();

            try {
                var userRepository = DependencyResolver.Current.GetService<IUserRepository>();
                User user = userRepository.GetByEmailAddress(User.Identity.Name);
                if (user == null) {
                    FormsAuthentication.SignOut();
                    FormsAuthentication.RedirectToLoginPage();
                    return;
                }

                var principal = new ExceptionlessPrincipal(user);
                Thread.CurrentPrincipal = principal;
                if (HttpContext.Current != null)
                    HttpContext.Current.User = principal;
            } catch (MongoConnectionException ex) {
                Log.Error().Exception(ex).Message("Error getting user: {0}", ex.Message).Report().Write();
                MarkDbDown();
                RedirectToMaintenancePage();
            } catch (SocketException ex) {
                Log.Error().Exception(ex).Message("Error getting user: {0}", ex.Message).Report().Write();
                MarkDbDown();
                RedirectToMaintenancePage();
            }
        }
Esempio n. 3
0
        protected override bool TryCreatePrincipal(string emailAddress, string password, out IPrincipal principal)
        {
            principal = null;

            if (String.IsNullOrEmpty(password))
            {
                Log.Error().Message("The password \"{0}\" is invalid.", password).Write();
                return(false);
            }

            if (String.Equals(emailAddress, "client", StringComparison.OrdinalIgnoreCase))
            {
                var projectRepository = Resolver.GetService <IProjectRepository>();
                if (projectRepository == null)
                {
                    Log.Error().Message("Unable to resolve IProjectRepository").Write();
                    return(false);
                }

                Project project = projectRepository.GetByApiKey(password);
                if (project == null)
                {
                    Log.Error().Message("Unable to find a project with the Api Key: \"{0}\".", password).Write();
                    return(false);
                }

                var organizationRepository = Resolver.GetService <IOrganizationRepository>();
                if (organizationRepository == null)
                {
                    Log.Error().Message("Unable to resolve IOrganizationRepository").Write();
                    return(false);
                }

                var organization = organizationRepository.GetByIdCached(project.OrganizationId);
                if (organization == null)
                {
                    Log.Error().Message("Unable to find organization: \"{0}\".", project.OrganizationId).Write();
                    return(false);
                }

                if (organization.IsSuspended)
                {
                    Log.Error().Message("Rejecting authentication because the organization \"{0}\" is suspended.", project.OrganizationId).Write();
                    AuthDeniedReason = "Account has been suspended.";
                    return(false);
                }

                principal = new ExceptionlessPrincipal(project);

                return(true);
            }

            var userRepository = Resolver.GetService <IUserRepository>();

            if (userRepository == null)
            {
                Log.Error().Message("Unable to resolve IUserRepository").Write();
                return(false);
            }

            User user = userRepository.GetByEmailAddress(emailAddress);

            if (user == null)
            {
                Log.Error().Message("Unable to find user a with the email address: \"{0}\".", emailAddress).Write();
                return(false);
            }

            var membershipSecurity = Resolver.GetService <IMembershipSecurity>();

            if (membershipSecurity == null)
            {
                Log.Error().Message("Unable to resolve IMembershipSecurity").Write();
                return(false);
            }

            if (!String.Equals(user.Password, membershipSecurity.GetSaltedHash(password, user.Salt)))
            {
                Log.Error().Message("Invalid password").Write();
                return(false);
            }

            principal = new ExceptionlessPrincipal(user);

            return(true);
        }
        //[ValidateJsonAntiForgeryToken]
        public ActionResult Manage(ManageModel model) {
            ModelState state = ModelState["OldPassword"];
            if (state != null)
                state.Errors.Clear();

            state = ModelState["NewPassword"];
            if (state != null)
                state.Errors.Clear();

            state = ModelState["ConfirmPassword"];
            if (state != null)
                state.Errors.Clear();

            User user = User.UserEntity;
            if (ModelState.IsValid) {
                try {
                    _userRepository.InvalidateCache(user);

                    if (!String.Equals(user.EmailAddress, model.EmailAddress, StringComparison.OrdinalIgnoreCase)) {
                        if (_userRepository.GetByEmailAddress(model.EmailAddress) != null)
                            throw new InvalidOperationException("A user with this email address already exists.");

                        user.IsEmailAddressVerified = user.OAuthAccounts.Count(oa => String.Equals(oa.EmailAddress(), model.EmailAddress, StringComparison.OrdinalIgnoreCase)) > 0;
                    }

                    user.EmailAddress = model.EmailAddress;
                    user.EmailNotificationsEnabled = model.EmailNotificationsEnabled;
                    user.FullName = model.FullName;

                    _membershipProvider.UpdateAccount(user);

                    // NOTE: If a user is updating their profile but hasn't verified the email address.. I think we should send them a notification every time..
                    if (!user.IsEmailAddressVerified) {
                        user.VerifyEmailAddressToken = _membershipProvider.GenerateVerifyEmailToken(user.EmailAddress);
                        _mailer.SendVerifyEmailAsync(user);
                    }

                    var principal = new ExceptionlessPrincipal(user);
                    Thread.CurrentPrincipal = principal;
                    if (System.Web.HttpContext.Current != null)
                        System.Web.HttpContext.Current.User = principal;
                } catch (Exception e) {
                    ModelState.AddModelError("", e.Message);
                }
            }

            if (!ModelState.IsValid) {
                Response.StatusCode = (int)HttpStatusCode.BadRequest;
                return Json(ModelState.ToDictionary());
            }

            return Json(new { IsVerified = user.IsEmailAddressVerified });
        }