public ActionResult Login(OnlineRegModel m) { fromMethod = "Login"; var ret = AccountModel.AuthenticateLogon(m.username, m.password, Session, Request); if (ret is string) { ModelState.AddModelError("authentication", ret.ToString()); return(FlowList(m)); } Session["OnlineRegLogin"] = true; if (m.Orgid == Util.CreateAccountCode) { DbUtil.LogActivity("OnlineReg CreateAccount Existing", peopleid: Util.UserPeopleId, datumId: m.DatumId); return(Content("/Person2/" + Util.UserPeopleId)); // they already have an account, so take them to their page } m.UserPeopleId = Util.UserPeopleId; var route = RouteSpecialLogin(m); if (route != null) { return(route); } m.HistoryAdd("login"); return(FlowList(m)); }
public ActionResult Login(OnlineRegModel m) { fromMethod = "Login"; var ret = AccountModel.AuthenticateLogon(m.username, m.password, Session, Request, CurrentDatabase, CurrentImageDatabase); if (ret is string) { ModelState.AddModelError("authentication", ret.ToString()); return(FlowList(m)); } Session["OnlineRegLogin"] = true; if (m.Orgid == Util.CreateAccountCode) { DbUtil.LogActivity("OnlineReg CreateAccount Existing", peopleid: Util.UserPeopleId, datumId: m.DatumId); return(Content("/Person2/" + Util.UserPeopleId)); // they already have an account, so take them to their page } m.UserPeopleId = Util.UserPeopleId; var route = RouteSpecialLogin(m); if (route != null) { return(route); } m.HistoryAdd("login"); if (m.org != null && m.org.IsMissionTrip == true && m.SupportMissionTrip) { PrepareFirstRegistrant(ref m, m.UserPeopleId.Value, false, out OnlineRegPersonModel p); } return(FlowList(m)); }
public ActionResult Login(OnlineRegModel m) { var ret = AccountModel.AuthenticateLogon(m.username, m.password, Session, Request); if (ret is string) { ModelState.AddModelError("authentication", ret.ToString()); return(FlowList(m, "Login")); } Session["OnlineRegLogin"] = true; if (m.Orgid == Util.CreateAccountCode) { return(Content("/Person2/" + Util.UserPeopleId)); } var existingRegistration = m.GetExistingRegistration(Util.UserPeopleId ?? 0); if (existingRegistration != null) { TempData["er"] = m.UserPeopleId = Util.UserPeopleId; return(Content("/OnlineReg/Existing/" + existingRegistration.DatumId)); } Debug.Assert(Util.UserPeopleId != null, "Util.UserPeopleId != null"); m.CreateList(); m.UserPeopleId = Util.UserPeopleId; if (m.ManagingSubscriptions()) { TempData["ms"] = Util.UserPeopleId; return(Content("/OnlineReg/ManageSubscriptions/{0}".Fmt(m.masterorgid))); } if (m.ChoosingSlots()) { TempData["ps"] = Util.UserPeopleId; return(Content("/OnlineReg/ManageVolunteer/{0}".Fmt(m.Orgid))); } if (m.OnlinePledge()) { TempData["mp"] = Util.UserPeopleId; return(Content("/OnlineReg/ManagePledge/{0}".Fmt(m.Orgid))); } if (m.ManageGiving()) { TempData["mg"] = Util.UserPeopleId; return(Content("/OnlineReg/ManageGiving/{0}".Fmt(m.Orgid))); } if (m.OnlineGiving()) { return(Register(Util.UserPeopleId.Value, m)); } if (m.UserSelectsOrganization()) { OnlineRegPersonModelValidator.ValidateModelForFind(m.List[0], ModelState, m, 0); } m.List[0].LoggedIn = true; m.HistoryAdd("login"); return(FlowList(m, "Login")); }
public ActionResult AuthDisable() { var user = CurrentDatabase.CurrentUser; string password = null; if (user == null || !user.MFAEnabled || !MembershipService.IsTwoFactorAuthenticationEnabled(CurrentDatabase)) { return(Redirect("/")); } var passcode = Request["passcode"]?.Replace(",", ""); password = Request["password"]; if (passcode.HasValue() && password.HasValue()) { if (AccountModel.AuthenticateLogon(user.Username, password, null, CurrentDatabase).IsValid) { if (MembershipService.ValidateTwoFactorPasscode(user, CurrentDatabase, passcode)) { MembershipService.DisableTwoFactorAuth(user, CurrentDatabase, Response); return(View("AuthDisabled")); } ViewBag.Message = "Invalid passcode"; } else { ViewBag.Message = "Incorrect password for " + user.Username; } } return(View()); }
public ActionResult LogOn(AccountInfo m) { if (m.ReturnUrl.HasValue()) { var lc = m.ReturnUrl.ToLower(); if (lc.StartsWith("/default.aspx") || lc.StartsWith("/login.aspx")) { m.ReturnUrl = "/"; } } if (!m.UsernameOrEmail.HasValue()) { return(View(m)); } var ret = AccountModel.AuthenticateLogon(m.UsernameOrEmail, m.Password, Session, Request); if (ret is string) { ViewBag.error = ret.ToString(); return(View(m)); } var user = ret as User; if (user.MustChangePassword) { return(Redirect("/Account/ChangePassword")); } var access = DbUtil.Db.Setting("LimitAccess", ""); if (access.HasValue()) { if (!user.InRole("Developer")) { return(Message("Site is {0}, contact {1} for help".Fmt(access, DbUtil.AdminMail))); } } if (!m.ReturnUrl.HasValue()) { if (!CMSRoleProvider.provider.IsUserInRole(user.Username, "Access")) { return(Redirect("/Person2/" + Util.UserPeopleId)); } } if (m.ReturnUrl.HasValue()) { return(Redirect(m.ReturnUrl)); } return(Redirect("/")); }
public ActionResult OnePageGivingLogin(int id, string username, string password, bool?testing, string source) { var ret = AccountModel.AuthenticateLogon(username, password, Session, Request); if (ret is string) { ModelState.AddModelError("loginerror", ret.ToString()); var m = new OnlineRegModel(Request, id, testing, null, null, source); return(View("OnePageGiving/Login", m)); } Session["OnlineRegLogin"] = true; return(Redirect($"/OnlineReg/{id}{(testing == true ? "?testing=true" : "")}")); }
public ActionResult Login(OnlineRegModel m) { var ret = AccountModel.AuthenticateLogon(m.username, m.password, Session, Request); if (ret is string) { ModelState.AddModelError("authentication", ret.ToString()); return(FlowList(m, "Login")); } Session["OnlineRegLogin"] = true; var user = ret as User; if (m.orgid == Util.CreateAccountCode) { return(Content("/Person/Index/" + Util.UserPeopleId)); } m.CreateList(); m.UserPeopleId = user.PeopleId; if (m.ManagingSubscriptions()) { TempData["ms"] = Util.UserPeopleId; if (m.masterorgid.HasValue && m.masterorg.RegistrationTypeId == RegistrationTypeCode.ManageSubscriptions2) { return(Content("/OnlineReg/ManageSubscriptions/{0}".Fmt(m.masterorgid))); } return(Content("/OnlineReg/ManageSubscriptions/{0}".Fmt(m.divid))); } if (m.ChoosingSlots()) { TempData["ps"] = Util.UserPeopleId; return(Content("/OnlineReg/ManageVolunteer/{0}".Fmt(m.orgid))); } if (m.OnlinePledge()) { TempData["mp"] = Util.UserPeopleId; return(Content("/OnlineReg/ManagePledge/{0}".Fmt(m.orgid))); } if (m.ManageGiving()) { TempData["mg"] = Util.UserPeopleId; return(Content("/OnlineReg/ManageGiving/{0}".Fmt(m.orgid))); } if (m.UserSelectsOrganization()) { m.List[0].ValidateModelForFind(ModelState, m); } m.List[0].LoggedIn = true; return(FlowList(m, "Login")); }
public ActionResult Login(OnlineRegModel m) { fromMethod = "Login"; var ret = AccountModel.AuthenticateLogon(m.username, m.password, Session, Request, CurrentDatabase, CurrentImageDatabase); if (ret.ErrorMessage.HasValue()) { ModelState.AddModelError("authentication", ret.ErrorMessage); return(FlowList(m)); } else if (MembershipService.ShouldPromptForTwoFactorAuthentication(ret.User, CurrentDatabase, Request)) { Session[AccountController.MFAUserId] = ret.User.UserId; ViewData["hasshell"] = true; var orgId = m.Orgid ?? m.masterorgid; return(View("Auth", new AccountInfo { UsernameOrEmail = ret.User.Username, ReturnUrl = RouteExistingRegistration(m) ?? $"/OnlineReg/{orgId}" })); } else { AccountModel.FinishLogin(ret.User.Username, Session, CurrentDatabase, CurrentImageDatabase); if (ret.User.UserId.Equals(Session[AccountController.MFAUserId])) { MembershipService.SaveTwoFactorAuthenticationToken(CurrentDatabase, Response); Session.Remove(AccountController.MFAUserId); } } Session["OnlineRegLogin"] = true; if (m.Orgid == Util.CreateAccountCode) { DbUtil.LogActivity("OnlineReg CreateAccount Existing", peopleid: Util.UserPeopleId, datumId: m.DatumId); return(Content("/Person2/" + Util.UserPeopleId)); // they already have an account, so take them to their page } m.UserPeopleId = Util.UserPeopleId; var route = RouteSpecialLogin(m); if (route != null) { return(route); } m.HistoryAdd("login"); if (m.org != null && m.org.IsMissionTrip == true && m.SupportMissionTrip) { PrepareFirstRegistrant(ref m, m.UserPeopleId.Value, false, out OnlineRegPersonModel p); } return(FlowList(m)); }
public ActionResult Logon(AccountInfo m) { Session.Remove("IsNonFinanceImpersonator"); TryLoadAlternateShell(); if (m.ReturnUrl.HasValue()) { var lc = m.ReturnUrl.ToLower(); if (lc.Contains("/default.aspx", true) || lc.Contains("/login.aspx", true) || lc.Contains("/Logon", true)) { m.ReturnUrl = "/"; } } if (!m.UsernameOrEmail.HasValue()) { return(View(m)); } var ret = AccountModel.AuthenticateLogon(m.UsernameOrEmail, m.Password, Session, Request, CurrentDatabase, CurrentImageDatabase); if (ret.ErrorMessage.HasValue()) { ViewBag.error = ret.ErrorMessage; return(View(m)); } var user = ret.User; var access = CurrentDatabase.Setting("LimitAccess", ""); if (access.HasValue()) { if (!user.InRole("Developer")) { return(Message(access)); } } if (MembershipService.ShouldPromptForTwoFactorAuthentication(user, CurrentDatabase, Request)) { Session[MFAUserId] = user.UserId; m.UsernameOrEmail = user.Username; return(View("Auth", m)); } else { AccountModel.FinishLogin(user.Username, Session, CurrentDatabase, CurrentImageDatabase); } return(RedirectTo("/Auth" + m.ReturnUrlQueryString)); }
public ActionResult OnePageGivingLogin(int id, string username, string password, bool?testing, string source) { var ret = AccountModel.AuthenticateLogon(username, password, Session, Request); if (ret is string) { ModelState.AddModelError("loginerror", ret.ToString()); var m = new OnlineRegModel(Request, id, testing, null, null, source); return(View("OnePageGiving/Login", m)); } Session["OnlineRegLogin"] = true; var ev = DbUtil.Db.OrganizationExtras.SingleOrDefault(vv => vv.OrganizationId == id && vv.Field == "LoggedInOrgId"); id = ev?.IntValue ?? id; var url = $"/OnlineReg/{id}{(testing == true ? "?testing=true" : "")}"; return(Redirect(url)); }
public ActionResult Login(string user, string password) { var ret = AuthenticateDeveloper(); if (ret.StartsWith("!")) { return(Content("<Login error=\"{0}\" />".Fmt(ret.Substring(1)))); } var o = AccountModel.AuthenticateLogon(user, password, Request.Url.OriginalString); if (o is string) { return(Content("<Login error=\"{0} not valid\">{1}</Login>".Fmt(user ?? "(null)", o))); } var u = o as User; var api = new APIFunctions(DbUtil.Db); return(Content(api.Login(u.Person), "text/xml")); }
public ActionResult LogOn(string userName, string password, string returnUrl) { if (returnUrl.HasValue()) { var lc = returnUrl.ToLower(); if (lc.StartsWith("/default.aspx") || lc.StartsWith("/login.aspx")) { returnUrl = "/"; } } if (!userName.HasValue()) { return(View()); } var ret = AccountModel.AuthenticateLogon(userName, password, Session, Request); if (ret is string) { ModelState.AddModelError("login", ret.ToString()); return(View()); } var user = ret as User; if (user.MustChangePassword) { return(Redirect("/Account/ChangePassword")); } if (!returnUrl.HasValue()) { if (!CMSRoleProvider.provider.IsUserInRole(user.Username, "Access")) { return(Redirect("/Person/Index/" + Util.UserPeopleId)); } } if (returnUrl.HasValue()) { return(Redirect(returnUrl)); } return(Redirect("/")); }
public ActionResult Login(string user, string password) { var ret = AuthenticateDeveloper(); if (ret.StartsWith("!")) { return(Content($"<Login error=\"{ret.Substring(1)}\" />")); } var validationStatus = AccountModel.AuthenticateLogon(user, password, Request.Url.OriginalString); if (!validationStatus.IsValid) { return(Content($"<Login error=\"{user ?? "(null)"} not valid\">{validationStatus.ErrorMessage}</Login>")); } var api = new APIFunctions(DbUtil.Db); return(Content(api.Login(validationStatus.User.Person), "text/xml")); }
public ActionResult LogOn(AccountInfo m) { if (m.ReturnUrl.HasValue()) { var lc = m.ReturnUrl.ToLower(); if (lc.StartsWith("/default.aspx") || lc.StartsWith("/login.aspx")) { m.ReturnUrl = "/"; } } if (!m.UsernameOrEmail.HasValue()) { return(View(m)); } var ret = AccountModel.AuthenticateLogon(m.UsernameOrEmail, m.Password, Session, Request); if (ret is string) { ViewBag.error = ret.ToString(); return(View(m)); } var user = ret as User; if (user.MustChangePassword) { return(Redirect("/Account/ChangePassword")); } var access = DbUtil.Db.Setting("LimitAccess", ""); if (access.HasValue()) { if (!user.InRole("Developer")) { return(Message($"Site is {access}, contact {DbUtil.AdminMail} for help")); } } var newleadertag = DbUtil.Db.FetchTag("NewOrgLeadersOnly", user.PeopleId, DbUtil.TagTypeId_System); if (newleadertag != null) { if (!user.InRole("Access")) // if they already have Access role, then don't limit them with OrgLeadersOnly { user.AddRoles(DbUtil.Db, "Access,OrgLeadersOnly".Split(',')); } DbUtil.Db.Tags.DeleteOnSubmit(newleadertag); DbUtil.Db.SubmitChanges(); } if (!m.ReturnUrl.HasValue()) { if (!CMSRoleProvider.provider.IsUserInRole(user.Username, "Access")) { return(Redirect("/Person2/" + Util.UserPeopleId)); } } if (m.ReturnUrl.HasValue() && Url.IsLocalUrl(m.ReturnUrl)) { return(Redirect(m.ReturnUrl)); } return(Redirect("/")); }
public ActionResult ApiUserInfo() { var header = Request.Headers; //Check incoming values are valid var apiKeyValue = header.GetValues("ApiKey"); var getIp = HttpContext.Request.ServerVariables["REMOTE_ADDR"]; // ApiKey header is missing if (apiKeyValue == null) { return(Json(new { error = ErrorMessage.ApiKeyHeaderMissing, ip = getIp }, JsonRequestBehavior.AllowGet)); } // ApiKey header has no values string apiKey = apiKeyValue.First(); if (apiKey.IsNull()) { return(Json(new { error = ErrorMessage.ApiKeyHeaderValueNull, ip = getIp }, JsonRequestBehavior.AllowGet)); } // Authorization header is missing var authorizationValue = header.GetValues("Authorization"); if (authorizationValue == null) { return(Json(new { error = ErrorMessage.AuthHeaderMissing, ip = getIp }, JsonRequestBehavior.AllowGet)); } // Authorization header has no values/bad data string getAuthInfo; try { if (!authorizationValue.First().Substring(0, 6).Trim().Equals("Basic")) { return(Json(new { error = ErrorMessage.AuthHeaderValueInvalid, ip = getIp }, JsonRequestBehavior.AllowGet)); } getAuthInfo = Encoding.ASCII.GetString(Convert.FromBase64String(authorizationValue.First().Substring(6))); } catch (Exception) { return(Json(new { error = ErrorMessage.MalformedBase64, ip = getIp }, JsonRequestBehavior.AllowGet)); } var authorization = getAuthInfo.Split(':'); if (authorization.Count() != 2) { return(Json(new { error = ErrorMessage.AuthorizationHeaderValueInvalid, ip = getIp }, JsonRequestBehavior.AllowGet)); } string userName = authorization[0]; string password = authorization[1]; if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password)) { return(Json(new { error = ErrorMessage.InvalidCredentials, ip = getIp }, JsonRequestBehavior.AllowGet)); } //Check Api Key setting exists var getApiUserInfoKey = CurrentDatabase.Setting("ApiUserInfoKey", ""); if (getApiUserInfoKey == "") { return(Json(new { error = ErrorMessage.ApiKeySettingNotFound, ip = getIp }, JsonRequestBehavior.AllowGet)); } // Check Api Key is valid if (getApiUserInfoKey?.Trim() == apiKey) { //Check Ip setting is valid var getIpWhiteList = CurrentDatabase.Setting("ApiUserInfoIPList", ""); if (getIpWhiteList == "") { return(Json(new { error = ErrorMessage.IpSettingNotFound, ip = getIp }, JsonRequestBehavior.AllowGet)); } //Check Ip is valid var ipCheck = getIpWhiteList.Split(',').Contains(getIp); if (!ipCheck) { return(Json(new { error = ErrorMessage.IpNotFoundInKey, ip = getIp }, JsonRequestBehavior.AllowGet)); } //Authenticate user var retUser = AccountModel.AuthenticateLogon(userName, password, ""); if (retUser.IsValid) { return(Json(new { id = retUser.User.PeopleId, name = retUser.User.Name, emailAddress = retUser.User.EmailAddress, altEmail = retUser.User.Person.EmailAddress2, roles = retUser.User.Roles, error = ErrorMessage.NoErrors }, JsonRequestBehavior.AllowGet)); } return(Json(new { error = ErrorMessage.FailedAuthentication, ip = getIp }, JsonRequestBehavior.AllowGet)); } return(Json(new { error = ErrorMessage.ApiKeyNotValid, ip = getIp }, JsonRequestBehavior.AllowGet)); }
public ActionResult LogOn(AccountInfo m) { Session.Remove("IsNonFinanceImpersonator"); TryLoadAlternateShell(); if (m.ReturnUrl.HasValue()) { var lc = m.ReturnUrl.ToLower(); if (lc.StartsWith("/default.aspx") || lc.StartsWith("/login.aspx")) { m.ReturnUrl = "/"; } } if (!m.UsernameOrEmail.HasValue()) { return(View(m)); } var ret = AccountModel.AuthenticateLogon(m.UsernameOrEmail, m.Password, Session, Request, CurrentDatabase, CurrentImageDatabase); if (ret is string) { ViewBag.error = ret.ToString(); return(View(m)); } var user = ret as User; if (user.MustChangePassword) { return(Redirect("/Account/ChangePassword")); } var access = CurrentDatabase.Setting("LimitAccess", ""); if (access.HasValue()) { if (!user.InRole("Developer")) { return(Message(access)); } } var newleadertag = CurrentDatabase.FetchTag("NewOrgLeadersOnly", user.PeopleId, CmsData.DbUtil.TagTypeId_System); if (newleadertag != null) { if (!user.InRole("Access")) // if they already have Access role, then don't limit them with OrgLeadersOnly { user.AddRoles(CurrentDatabase, "Access,OrgLeadersOnly".Split(',')); } CurrentDatabase.Tags.DeleteOnSubmit(newleadertag); CurrentDatabase.SubmitChanges(); } if (!m.ReturnUrl.HasValue()) { if (!CMSRoleProvider.provider.IsUserInRole(user.Username, "Access")) { return(Redirect("/Person2/" + Util.UserPeopleId)); } } if (m.ReturnUrl.HasValue() && Url.IsLocalUrl(m.ReturnUrl)) { return(Redirect(m.ReturnUrl)); } return(Redirect("/")); }