public bool Login(LoginModel loginModel) {
			if (Security.ValidateBackOfficeCredentials(loginModel.Username, loginModel.Password)) {
				var user = Services.UserService.GetByUsername(loginModel.Username);
				if (user != null) {
					var ticket = Security.PerformLogin(user);
					return ticket != null;
				}
			}
			return false;
		}
Esempio n. 2
0
        public ActionResult Login(LoginModel loginData)
        {
            if (Membership.ValidateUser(loginData.Username, loginData.Password))
            {
                FormsAuthentication.SetAuthCookie(loginData.Username, false);
                TempData["LoginStatus"] = "Success!";
                return RedirectToCurrentUmbracoPage();

            }
            else
            {
                TempData["LoginStatus"] = "Invalid username or password";
                return RedirectToCurrentUmbracoPage();
            }
        }
Esempio n. 3
0
        public ActionResult Login(LoginModel loginModel)
        {
            string login_fail = "введены неверные имя пользователя или пароль";
              bool status = true;

              if (Members.GetByUsername(loginModel.Username) == null)
            if (Members.GetByEmail(loginModel.Username) == null)
            {
              ViewBag.login_fail = login_fail;
              return Redirect(loginModel.RedirectUrl);
            }
            else
            {
              string username = Members.GetByEmail(loginModel.Username).Name;
              status = Members.Login(username, loginModel.Password);
            }
              else
            status = Members.Login(loginModel.Username, loginModel.Password);

              if (!status)
            ViewBag.login_fail = login_fail;

              return Redirect(loginModel.RedirectUrl);
        }
        public UserDetail PostLogin(LoginModel loginModel)
        {
            if (UmbracoContext.Security.ValidateBackOfficeCredentials(loginModel.Username, loginModel.Password))
            {
                var user = Security.GetBackOfficeUser(loginModel.Username);

                //TODO: Clean up the int cast!
                var ticket = UmbracoContext.Security.PerformLogin(user);

                var http = this.TryGetHttpContext();
                if (http.Success == false)
                {
                    throw new InvalidOperationException("This method requires that an HttpContext be active");
                }
                http.Result.AuthenticateCurrentRequest(ticket, false);

                var result = Mapper.Map<UserDetail>(user);
                //set their remaining seconds
                result.SecondsUntilTimeout = ticket.GetRemainingAuthSeconds();
                return result;
            }

            //return BadRequest (400), we don't want to return a 401 because that get's intercepted 
            // by our angular helper because it thinks that we need to re-perform the request once we are
            // authorized and we don't want to return a 403 because angular will show a warning msg indicating 
            // that the user doesn't have access to perform this function, we just want to return a normal invalid msg.
            throw new HttpResponseException(HttpStatusCode.BadRequest);
        }
        private ActionResult HandleLoginCore(LoginModel model)
        {
            try
            {
                var member = Services.MemberService.GetByUsername(model.Username);

                // If the user is unable to login
                if (!Members.Login(model.Username, model.Password))
                {
                    // Check to make sure that the user exists
                    const string invalidUsername = "******";
                    const string invalidPassword = "******";

                    if (member != null)
                    {
                        if (!Roles.IsUserInRole(model.Username, "Registered")) // User is not activated yet or in process of security upgrade
                        {
                            ModelState.AddModelError(
                                "loginModel",
                                string.Format("One more step! To ensure your privacy, we need to verify your email before you can log in - please check your email inbox for {0} and follow the directions to validate your account.", member.Email));

                            var userService = new UserService();
                            userService.SendVerificationEmail(model.Username);

                            return CurrentUmbracoPage();
                        }

                        if (member.FailedPasswordAttempts >= 2 && member.FailedPasswordAttempts <= 4)
                        {
                            ModelState.AddModelError(
                                "loginModel",
                                string.Format("Your account will be locked after 5 unsuccessful login attempts, please consider resetting your password using <a href='/for-members/forgot-password'>Forgot Password?</a>"));

                            return CurrentUmbracoPage();
                        }

                        if (member.IsLockedOut)
                        {
                            ModelState.AddModelError(
                                "loginModel",
                                string.Format("Your account has been locked, please use <a href='/for-members/forgot-password'>Forgot Password?</a> and follow the steps provided to update password and then login in order to unlock your account."));

                            return CurrentUmbracoPage();
                        }

                        // If the user does exist then it was a wrong password
                        // Don't add a field level error, just model level
                        ModelState.AddModelError("loginModel", invalidPassword);
                        return CurrentUmbracoPage();
                    }

                    // If the user doesn't exists, check the HRI API to see if this is a returning IWS user
                    var currentUmbracoPage = InitiateSecurityUpgradeForIwsUser("loginModel", model.Username);
                    if (currentUmbracoPage != null)
                    {
                        return currentUmbracoPage;
                    }

                    ModelState.AddModelError("loginModel", invalidUsername);
                    return CurrentUmbracoPage();
                }

                var hriUser = MakeInternalApiCallJson("GetRegisteredUserByUsername",
                    new Dictionary<string, string> { { "userName", model.Username } });

                var market = hriUser["Market"].ToString();
                if (string.Compare(member.GetValue<string>("market"), market, StringComparison.OrdinalIgnoreCase) != 0)
                {
                    member.SetValue("market", market);
                }

                if (string.Compare(member.GetValue<string>("market"), "group", StringComparison.OrdinalIgnoreCase) == 0)
                {
                    if (Roles.IsUserInRole(model.Username, "Billing"))
                        Roles.RemoveUserFromRole(model.Username, "Billing");
                }
                else
                {
                    if (!Roles.IsUserInRole(model.Username, "Billing") && Roles.IsUserInRole(model.Username, "Enrolled"))
                        Roles.AddUserToRole(model.Username, "Billing");
                }

                if (string.Compare(hriUser["SubscriberFlag"].ToString(), "Y", StringComparison.OrdinalIgnoreCase) == 0)
                {
                    if (!Roles.IsUserInRole("Subscriber"))
                        Roles.AddUserToRole(model.Username, "Subscriber");
                    if (Roles.IsUserInRole("Dependent"))
                        Roles.RemoveUserFromRole(model.Username, "Dependent");
                }
                else
                {
                    if (Roles.IsUserInRole(model.Username, "Subscriber"))
                        Roles.RemoveUserFromRole(model.Username, "Subscriber");
                    if (!Roles.IsUserInRole(model.Username, "Dependent"))
                        Roles.AddUserToRole(model.Username, "Dependent");
                }

                // Keep Ms First Name and Last Name always up to date
                member.Properties.First(p => p.Alias == "msFirstName").Value = hriUser["MSFirstName"].ToString();
                member.Properties.First(p => p.Alias == "msLastName").Value = hriUser["MSLastName"].ToString();
                member.Properties.First(p=>p.Alias == "healthplanid").Value = hriUser["PlanId"].ToString();
                member.Properties.First(p=>p.Alias == "healthPlanName").Value = hriUser["PlanName"].ToString();
                member.Properties.First(p => p.Alias == "effectiveYear").Value = hriUser["PlanEffectiveDate"].ToString();
                member.Properties.First(p => p.Alias == "groupId").Value = hriUser["RxGrpId"].ToString();

                // User should pass enrollment process
                if (member.GetValue<string>("enrollmentpageafterlogin") == "1")
                {
                    // Each time when user trying to login and he is in the enrollment process
                    // has no Group Id and Birthday
                    // we should check the enrollment status through the API call

                    if (String.IsNullOrEmpty(hriUser.Value<string>("RxGrpId"))
                        || String.IsNullOrEmpty(hriUser.Value<string>("DOB")))
                    {
                        return Redirect("/your-account/enrollment-plan-confirmation/");
                    }
                    // Save Birthday, add user as enrolled
                    member.Properties.First(p => p.Alias == "birthday").Value = hriUser["DOB"].ToString();
                    Roles.AddUserToRole(model.Username, "Enrolled");

                    member.SetValue("enrollmentpageafterlogin", String.Empty);
                }

                Services.MemberService.Save(member);

                //if there is a specified path to redirect to then use it
                if (!string.IsNullOrEmpty(model.RedirectUrl))
                {
                    return Redirect(model.RedirectUrl);
                }

                //redirect to current page by default
                TempData["LoginSuccess"] = true;

                if (Request.Browser.IsMobileDevice)
                    return Redirect("/member-center/index-mobile");

                return Redirect("/member-center/index");
            }
            catch(Exception ex)
            {
                // Create an error message with sufficient info to contact the user
                string additionalInfo = "Could not log in user " + model.Username + ".";
                // Add the error message to the log4net output
                log4net.GlobalContext.Properties["additionalInfo"] = additionalInfo;
                Logger.Error(ex);
                //redirect to current page by default
                TempData["LoginSuccess"] = false;
                return Redirect("/member-center/index");
            }
        }