コード例 #1
0
        public IHttpActionResult Logout()
        {
            var userId = User.Identity.GetUserGuid();

            var model = new ApplicationLogViewModel()
            {
                Action      = System.Reflection.MethodBase.GetCurrentMethod().Name,
                Data        = new { UserId = User.Identity.GetUserGuid() },
                Entity      = "User",
                Description = userId == Guid.Empty ? "Session out" : "User log out"
            };

            _applicationLogService.AddSystemApplicationLog(model.ToServiceRequestModel());
            Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
            return(Ok());
        }
コード例 #2
0
        public async Task <IHttpActionResult> ResetPassword(ResetPasswordModel model)
        {
            var logModel = new ApplicationLogViewModel()
            {
                Action = System.Reflection.MethodBase.GetCurrentMethod().Name,
                Entity = "User",
                Data   = model
            };

            var code = System.Web.HttpUtility.UrlDecode(model.Code).Replace(" ", "+");

            model.UserId = System.Web.HttpUtility.UrlDecode(model.UserId).Replace(" ", "+");
            if (string.IsNullOrEmpty(code) || string.IsNullOrEmpty(model.UserId))
            {
                logModel.Description = "Invalid user or code";
                _applicationLogService.AddSystemApplicationLog(logModel.ToServiceRequestModel());
                return(BadRequest("Invalid user or code"));
            }
            var userId = new Guid(GeneralService.DecryptText(model.UserId));
            var user   = await UserManager.FindByIdAsync(userId);

            if (user == null || !(await UserManager.IsEmailConfirmedAsync(user.Id)))
            {
                return(Ok());
            }
            var messsage = await UserManager.ResetPasswordAsync(user.Id, code, model.NewPassword);

            if (messsage.Succeeded)
            {
                var uservm = _mapper.Map <User, UserViewModel>(user);
                var er     = new EmailRequest <UserViewModel>(uservm);
                er.To.Add(new System.Net.Mail.MailAddress(uservm.Username));
                _emailComposer.SendPasswordChangeConfirmation(er);

                logModel.Description = "User password reset successfully";
                _applicationLogService.AddSystemApplicationLog(logModel.ToServiceRequestModel());
                return(Ok());
            }
            else
            {
                logModel.Description = messsage.Errors.SingleOrDefault();
                _applicationLogService.AddSystemApplicationLog(logModel.ToServiceRequestModel());
                return(BadRequest(messsage.Errors.SingleOrDefault()));
            }
        }
コード例 #3
0
        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {
            //var allowedOrigin = "*";
            //context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new { allowedOrigin });
            var  userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
            User user        = new User();

            user = await userManager.FindAsync(context.UserName, context.Password);

            var mapper = new DiObjectMapper();
            ApplicationLogViewModel logViewModel = new ApplicationLogViewModel()
            {
                Action = "Login",
                Data   = user,
                Entity = "User"
            };

            if (user == null)
            {
                logViewModel.Data = new { UserName = context.UserName }
            }
            ;

            var appLog = mapper.Map <ApplicationLogViewModel, ApplicationLog>(logViewModel);

            appLog.IpAddress = GeneralService.ClientIpFromHeader;
            appLog.LogType   = General.Enums.LogType.System;
            appLog.Date      = GeneralService.CurrentDate;

            var mbosContext = MBOSContext.Create();

            if (user == null)
            {
                appLog.Description = "Invalid username or password";
                mbosContext.ApplicationLogs.Add(appLog);
                mbosContext.SaveChanges();
                context.SetError("invalid_grant", "The username or password is incorrect.");
                return;
            }
            if (!user.EmailConfirmed)
            {
                appLog.Description = "Account email is not confirmed.";
                mbosContext.ApplicationLogs.Add(appLog);
                mbosContext.SaveChanges();
                context.SetError("invalid_grant", "Email is not confirmed yet.");
                return;
            }
            if (user.AccessFailedCount >= 3)
            {
                appLog.Description = "Account is locked.";
                mbosContext.ApplicationLogs.Add(appLog);
                mbosContext.SaveChanges();
                context.SetError("invalid_grant", "Your account has been locked. Please contact the administrator!");
                return;
            }
            appLog.UserId      = user.Id;
            appLog.Description = "Login successful.";
            mbosContext.ApplicationLogs.Add(appLog);
            mbosContext.SaveChanges();
            var loginInfo = new LoginInfo()
            {
                UserId            = user.Id,
                FullName          = user.FullName,
                DisplayPicture    = string.IsNullOrEmpty(user.DisplayPicture) ? "Resources/DisplayPictures/noimage.jpg" : user.DisplayPicture,
                LoginUserBranches = user.UserBranches.Select(c => new LoginUserBranch()
                {
                    Id = (Guid)c.BranchId, Name = c.Branch.Name, ShortName = c.Branch.ShortName
                }).ToList(),
                RoleId       = user.Roles.Select(c => c.RoleId).FirstOrDefault(),
                RoleType     = user.Roles.Select(c => c.Role.RoleType).FirstOrDefault(),
                DepartmentId = user.DepartmentId, Role = user.Roles.Select(c => c.Role.Name).FirstOrDefault()
            };
            var loginInfoValue = Newtonsoft.Json.JsonConvert.SerializeObject(loginInfo);
            IDictionary <string, string> authProp = new Dictionary <string, string>
            {
                { "LoginInfo", loginInfoValue }
            };
            var claims = new List <Claim>()
            {
                new Claim("LoginInfo", loginInfoValue)
            };
            ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType, claims);

            ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType, claims);


            AuthenticationProperties properties = new AuthenticationProperties(authProp);
            AuthenticationTicket     ticket     = new AuthenticationTicket(oAuthIdentity, properties);

            context.Validated(ticket);
            context.Request.Context.Authentication.SignIn(cookiesIdentity);
        }