public async Task <ActionResult> LogoffDirect()
{
Manager.SetSuperUserRole(false);// explicit logoff clears superuser state
await LoginModuleController.UserLogoffAsync();
return(new EmptyResult());
}
/// <summary>
/// Log off
/// </summary>
public async Task <ActionResult> Logoff(string nextUrl)
{
Manager.SetSuperUserRole(false);// explicit logoff clears superuser state
await LoginModuleController.UserLogoffAsync();
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
string url = nextUrl;
if (string.IsNullOrWhiteSpace(url))
{
url = config.LoggedOffUrl;
}
if (string.IsNullOrWhiteSpace(url))
{
url = Manager.CurrentSite.HomePageUrl;
}
// Because this is a plain MVC controller, this Redirect really redirects (no Unified Page Set handling) which is the desired behavior
url = QueryHelper.AddRando(url); // to defeat client-side caching
return(Redirect(url));
}
// User login
public static async Task UserLoginAsync(UserDefinition user, bool?rememberme = null)
{
await LoginModuleController.UserLogoffAsync();
bool isPersistent;
if (rememberme == null)
{
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
isPersistent = config.PersistentLogin;
}
else
{
isPersistent = (bool)rememberme;
}
SignInManager <UserDefinition> _signinManager = (SignInManager <UserDefinition>)YetaWFManager.ServiceProvider.GetService(typeof(SignInManager <UserDefinition>));
await _signinManager.SignInAsync(user, isPersistent);
// superuser
int superuserRole = Resource.ResourceAccess.GetSuperuserRoleId();
if (user.RolesList != null && user.RolesList.Contains(new Role {
RoleId = superuserRole
}, new RoleComparer()))
{
Manager.SetSuperUserRole(true);
}
// accept user
user.LastLoginDate = DateTime.UtcNow;
user.LastLoginIP = Manager.UserHostAddress;
user.LastActivityDate = DateTime.UtcNow;
user.LastActivityIP = Manager.UserHostAddress;
user.LoginFailures = 0;
await Managers.GetUserManager().UpdateAsync(user);
}
public async Task <ActionResult> LoginSelector_Partial(EditModel model)
{
model.UpdateData(Module);
if (!ModelState.IsValid)
{
return(PartialView(model));
}
int userId = model.UserId;
if (userId == 0)
{
await LoginModuleController.UserLogoffAsync();
}
else
{
await Resource.ResourceAccess.LoginAsAsync(userId);
}
if (model.SuperuserStillActive != null && !(bool)model.SuperuserStillActive)
{
Manager.SetSuperUserRole(false);
}
return(Redirect(Manager.ReturnToUrl, ForceRedirect: true));
}
public async Task <IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
{
if (remoteError != null)
{
throw new Error(this.__ResStr("extErr", "The external login provider reported this error: {0}", remoteError));
}
SignInManager <UserDefinition> _signinManager = (SignInManager <UserDefinition>)YetaWFManager.ServiceProvider.GetService(typeof(SignInManager <UserDefinition>));
ExternalLoginInfo loginInfo = await _signinManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
Logging.AddErrorLog("AuthenticationManager.GetExternalLoginInfoAsync() returned null");
return(Redirect(Helper.GetSafeReturnUrl(Manager.CurrentSite.LoginUrl)));
}
using (LoginConfigDataProvider logConfigDP = new LoginConfigDataProvider()) {
List <LoginConfigDataProvider.LoginProviderDescription> loginProviders = await logConfigDP.GetActiveExternalLoginProvidersAsync();
if ((from l in loginProviders where l.InternalName == loginInfo.LoginProvider select l).FirstOrDefault() == null)
{
Logging.AddErrorLog("Callback from external login provider {0} which is not active", loginInfo.LoginProvider);
return(Redirect(Helper.GetSafeReturnUrl(Manager.CurrentSite.LoginUrl)));
}
}
// get our registration defaults
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
// Sign in the user with this external login provider if the user already has a login
UserDefinition user = await Managers.GetUserManager().FindByLoginAsync(loginInfo.LoginProvider, loginInfo.ProviderKey);
if (user == null)
{
// If the user does not have an account, then prompt the user to create an account
// we will go to a page where the user can set up a local account
Manager.OriginList = new List <Origin>();
if (!string.IsNullOrWhiteSpace(returnUrl))
{
Manager.OriginList.Add(new Origin()
{
Url = returnUrl
}); // where to go after setup
}
Manager.OriginList.Add(new Origin()
{
Url = Helper.GetSafeReturnUrl(Manager.CurrentSite.ExternalAccountSetupUrl)
}); // setup
return(Redirect(Manager.ReturnToUrl));
}
if (string.IsNullOrWhiteSpace(returnUrl) && Manager.HaveReturnToUrl)
{
returnUrl = Manager.ReturnToUrl;
}
if (string.IsNullOrWhiteSpace(returnUrl))
{
returnUrl = await Resource.ResourceAccess.GetUserPostLoginUrlAsync((from u in user.RolesList select u.RoleId).ToList());
}
if (string.IsNullOrWhiteSpace(returnUrl))
{
returnUrl = Manager.CurrentSite.PostLoginUrl;
}
returnUrl = Helper.GetSafeReturnUrl(returnUrl);
// determine what to do based on account status
if (user.UserStatus == UserStatusEnum.Approved)
{
await LoginModuleController.UserLoginAsync(user);
Logging.AddLog("User {0} - logged on", user.UserName);
returnUrl = QueryHelper.AddRando(returnUrl); // to defeat client-side caching
return(Redirect(returnUrl));
}
else if (user.UserStatus == UserStatusEnum.Rejected)
{
await LoginModuleController.UserLogoffAsync();
Logging.AddErrorLog("User {0} - rejected user", user.UserName);
if (string.IsNullOrWhiteSpace(config.RejectedUrl))
{
return(Redirect(MessageUrl("Your account has been rejected by the site administrator.")));
}
return(Redirect(Helper.GetSafeReturnUrl(config.RejectedUrl)));
}
else if (user.UserStatus == UserStatusEnum.Suspended)
{
await LoginModuleController.UserLogoffAsync();
Logging.AddErrorLog("User {0} - suspended user", user.UserName);
if (string.IsNullOrWhiteSpace(config.SuspendedUrl))
{
return(Redirect(MessageUrl("Your account has been suspended by the site administrator.")));
}
return(Redirect(Helper.GetSafeReturnUrl(config.SuspendedUrl)));
}
else if (user.UserStatus == UserStatusEnum.NeedValidation)
{
await LoginModuleController.UserLogoffAsync();
Logging.AddErrorLog("User {0} - not yet validated", user.UserName);
if (string.IsNullOrWhiteSpace(config.VerificationPendingUrl))
{
return(Redirect(MessageUrl(this.__ResStr("notValidated", "Your account has not yet been verified. You will receive an email with verification information. Once received, please use the information in the email to complete the registration."))));
}
return(Redirect(Helper.GetSafeReturnUrl(config.VerificationPendingUrl)));
}
else if (user.UserStatus == UserStatusEnum.NeedApproval)
{
await LoginModuleController.UserLogoffAsync();
Logging.AddErrorLog("User {0} - not yet approved", user.UserName);
if (string.IsNullOrWhiteSpace(config.ApprovalPendingUrl))
{
return(Redirect(MessageUrl(this.__ResStr("notApproved", "Your account has not yet been approved by the site administrator. You will receive an email confirmation as soon as your account is active."))));
}
return(Redirect(Helper.GetSafeReturnUrl(config.ApprovalPendingUrl)));
}
else
{
await LoginModuleController.UserLogoffAsync();
throw new InternalError("badUserStatus", "Unexpected account status {0}", user.UserStatus);
}
}
public async Task <ActionResult> UserAccount_Partial(EditModel model)
{
// make sure this user exists
UserManager <UserDefinition> userManager = Managers.GetUserManager();
UserDefinition user;
#if MVC6
user = await userManager.FindByNameAsync(model.OriginalUserName);
#else
user = userManager.FindByName(model.OriginalUserName);
#endif
if (user == null)
{
throw new Error(this.__ResStr("alreadyDeleted", "The user named \"{0}\" has been removed and can no longer be updated.", model.OriginalUserName));
}
if (!ModelState.IsValid)
{
return(PartialView(model));
}
// update email/user name - can't use an existing email address
// get the registration module for some defaults
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
switch (config.RegistrationType)
{
default:
case RegistrationTypeEnum.NameAndEmail: {
using (UserDefinitionDataProvider dataProvider = new UserDefinitionDataProvider()) {
List <DataProviderFilterInfo> filters = DataProviderFilterInfo.Join(null, new DataProviderFilterInfo {
Field = nameof(UserDefinition.Email), Operator = "==", Value = model.Email,
});
UserDefinition userExists = await dataProvider.GetItemAsync(filters);
if (userExists != null && user.UserName != userExists.UserName)
{
ModelState.AddModelError(nameof(model.Email), this.__ResStr("emailUsed", "An account using email address {0} already exists.", model.Email));
return(PartialView(model));
}
}
break;
}
case RegistrationTypeEnum.EmailOnly:
model.UserName = model.Email;
break;
case RegistrationTypeEnum.NameOnly:
model.Email = model.UserName;
break;
}
// save new user info
ObjectSupport.CopyData(model, user); // merge new data into original
model.SetData(user); // and all the data back into model for final display
if (model.OriginalUserName != user.UserName)
{
// user name changed - change data through data provider directly
using (UserDefinitionDataProvider dataProvider = new UserDefinitionDataProvider()) {
UpdateStatusEnum status = await dataProvider.UpdateItemAsync(model.OriginalUserName, user);
switch (status)
{
default:
case UpdateStatusEnum.RecordDeleted:
ModelState.AddModelError(nameof(model.UserName), this.__ResStr("alreadyDeleted", "The user named \"{0}\" has been removed and can no longer be updated.", model.OriginalUserName));
return(PartialView(model));
case UpdateStatusEnum.NewKeyExists:
ModelState.AddModelError(nameof(model.UserName), this.__ResStr("alreadyExists", "A user named \"{0}\" already exists.", model.UserName));
return(PartialView(model));
case UpdateStatusEnum.OK:
break;
}
}
// log the user off and back on so new name takes effect
//IAuthenticationManager authManager = HttpContext.GetOwinContext().Authentication;
//deleted, done in UserLogff authManager.SignOut(DefaultAuthenticationTypes.ExternalCookie, DefaultAuthenticationTypes.ApplicationCookie, DefaultAuthenticationTypes.ExternalBearer);
await LoginModuleController.UserLogoffAsync();
await LoginModuleController.UserLoginAsync(user);
}
else
{
IdentityResult result;
result = await userManager.UpdateAsync(user);
if (!result.Succeeded)
{
throw new Error(string.Join(" - ", (from e in result.Errors select e.Description)));
}
}
return(FormProcessed(model, this.__ResStr("okSaved", "Your account information has been saved"), OnClose: OnCloseEnum.ReloadPage, OnPopupClose: OnPopupCloseEnum.ReloadParentPage, ForceRedirect: true));// reload for tiny login module to refresh
}