public IHttpActionResult Logout() { var userId = User.Identity.GetUserGuid(); var model = new ApplicationLogViewModel() { Action = System.Reflection.MethodBase.GetCurrentMethod().Name, Data = new { UserId = User.Identity.GetUserGuid() }, Entity = "User", Description = userId == Guid.Empty ? "Session out" : "User log out" }; _applicationLogService.AddSystemApplicationLog(model.ToServiceRequestModel()); Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType); return(Ok()); }
public async Task <IHttpActionResult> ResetPassword(ResetPasswordModel model) { var logModel = new ApplicationLogViewModel() { Action = System.Reflection.MethodBase.GetCurrentMethod().Name, Entity = "User", Data = model }; var code = System.Web.HttpUtility.UrlDecode(model.Code).Replace(" ", "+"); model.UserId = System.Web.HttpUtility.UrlDecode(model.UserId).Replace(" ", "+"); if (string.IsNullOrEmpty(code) || string.IsNullOrEmpty(model.UserId)) { logModel.Description = "Invalid user or code"; _applicationLogService.AddSystemApplicationLog(logModel.ToServiceRequestModel()); return(BadRequest("Invalid user or code")); } var userId = new Guid(GeneralService.DecryptText(model.UserId)); var user = await UserManager.FindByIdAsync(userId); if (user == null || !(await UserManager.IsEmailConfirmedAsync(user.Id))) { return(Ok()); } var messsage = await UserManager.ResetPasswordAsync(user.Id, code, model.NewPassword); if (messsage.Succeeded) { var uservm = _mapper.Map <User, UserViewModel>(user); var er = new EmailRequest <UserViewModel>(uservm); er.To.Add(new System.Net.Mail.MailAddress(uservm.Username)); _emailComposer.SendPasswordChangeConfirmation(er); logModel.Description = "User password reset successfully"; _applicationLogService.AddSystemApplicationLog(logModel.ToServiceRequestModel()); return(Ok()); } else { logModel.Description = messsage.Errors.SingleOrDefault(); _applicationLogService.AddSystemApplicationLog(logModel.ToServiceRequestModel()); return(BadRequest(messsage.Errors.SingleOrDefault())); } }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { //var allowedOrigin = "*"; //context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new { allowedOrigin }); var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); User user = new User(); user = await userManager.FindAsync(context.UserName, context.Password); var mapper = new DiObjectMapper(); ApplicationLogViewModel logViewModel = new ApplicationLogViewModel() { Action = "Login", Data = user, Entity = "User" }; if (user == null) { logViewModel.Data = new { UserName = context.UserName } } ; var appLog = mapper.Map <ApplicationLogViewModel, ApplicationLog>(logViewModel); appLog.IpAddress = GeneralService.ClientIpFromHeader; appLog.LogType = General.Enums.LogType.System; appLog.Date = GeneralService.CurrentDate; var mbosContext = MBOSContext.Create(); if (user == null) { appLog.Description = "Invalid username or password"; mbosContext.ApplicationLogs.Add(appLog); mbosContext.SaveChanges(); context.SetError("invalid_grant", "The username or password is incorrect."); return; } if (!user.EmailConfirmed) { appLog.Description = "Account email is not confirmed."; mbosContext.ApplicationLogs.Add(appLog); mbosContext.SaveChanges(); context.SetError("invalid_grant", "Email is not confirmed yet."); return; } if (user.AccessFailedCount >= 3) { appLog.Description = "Account is locked."; mbosContext.ApplicationLogs.Add(appLog); mbosContext.SaveChanges(); context.SetError("invalid_grant", "Your account has been locked. Please contact the administrator!"); return; } appLog.UserId = user.Id; appLog.Description = "Login successful."; mbosContext.ApplicationLogs.Add(appLog); mbosContext.SaveChanges(); var loginInfo = new LoginInfo() { UserId = user.Id, FullName = user.FullName, DisplayPicture = string.IsNullOrEmpty(user.DisplayPicture) ? "Resources/DisplayPictures/noimage.jpg" : user.DisplayPicture, LoginUserBranches = user.UserBranches.Select(c => new LoginUserBranch() { Id = (Guid)c.BranchId, Name = c.Branch.Name, ShortName = c.Branch.ShortName }).ToList(), RoleId = user.Roles.Select(c => c.RoleId).FirstOrDefault(), RoleType = user.Roles.Select(c => c.Role.RoleType).FirstOrDefault(), DepartmentId = user.DepartmentId, Role = user.Roles.Select(c => c.Role.Name).FirstOrDefault() }; var loginInfoValue = Newtonsoft.Json.JsonConvert.SerializeObject(loginInfo); IDictionary <string, string> authProp = new Dictionary <string, string> { { "LoginInfo", loginInfoValue } }; var claims = new List <Claim>() { new Claim("LoginInfo", loginInfoValue) }; ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType, claims); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType, claims); AuthenticationProperties properties = new AuthenticationProperties(authProp); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); }