public SimpleMembershipInitializer()
{
Logger = NLog.LogManager.GetLogger(Definitions.Logger.Name);
try
{
var authenticationSecurity = new AuthenticationSecurity();
authenticationSecurity.InitializeDatabaseConnection();
authenticationSecurity.CreateRole(Definitions.Account.Roles.Elevated);
authenticationSecurity.CreateRole(Definitions.Account.Roles.Standard);
authenticationSecurity.CreateRole(Definitions.Account.Roles.Administrator);
authenticationSecurity.CreateRole(Definitions.Account.Roles.Consumer);
authenticationSecurity.CreateRole(Definitions.Account.Roles.Provider);
authenticationSecurity.CreateAdministratorAccount();
Logger.Info("Simple Membership Initialized");
}
catch (Exception ex)
{
Logger.Error("Simple Membership Initializer exception detected: ", ex);
throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588", ex);
}
}
/// <summary>
/// Gateway constructor.
/// </summary>
/// <param name="login">string</param>
/// <param name="trankey">string</param>
/// <param name="url">Uri</param>
/// <param name="auth">AuthenticationSecurity</param>
/// <param name="additional">Dictionary</param>
/// <param name="requestType">string</param>
public Gateway(
string login,
string trankey,
Uri url,
AuthenticationSecurity auth,
Dictionary <string, string> additional,
string requestType = TP_REST
)
{
if (login == null || trankey == null)
{
throw new PlacetoPayException("No login or tranKey provided on gateway");
}
if (url == null)
{
throw new PlacetoPayException("No service URL provided to use");
}
if (IsValidType(requestType))
{
this.requestType = requestType;
}
config = new JObject
{
{ LOGIN, login },
{ TRANKEY, trankey },
{ URL, url },
{ TYPE, requestType },
};
}
protected bool IsAuthorizedUser(AccountType accountType)
{
if (AuthenticationSecurity.UserAccountType(this.User) == accountType)
{
return(true);
}
return(false);
}
/// <summary>
/// Initializes a new instance of the PlacetoPayRedirection class.
/// </summary>
/// <param name="login">string</param>
/// <param name="trankey">string</param>
/// <param name="url">Uri</param>
/// <param name="auth">AuthenticationSecurity</param>
/// <param name="additional">Dictionary</param>
/// <param name="requestType">string</param>
public PlacetoPayRedirection(
string login,
string trankey,
Uri url,
AuthenticationSecurity auth,
Dictionary <string, string> additional,
string requestType
) : base(login, trankey, url, auth, additional, requestType)
{
}
public HttpResponseMessage RegisterConsumer(ConsumerRegistrationForm registrationForm)
{
var formValidation = registrationForm.Validate(this.AccountSession, ValidationMode.Create);
if (formValidation.IsValid)
{
var authenticationSecurity = new AuthenticationSecurity()
{
Uow = this.Uow
};
try
{
// create the account
var member = authenticationSecurity.CreateMember(registrationForm);
// set the account session (user ID needed for create group)
this.Uow.AccountSession = new Model.AccountSession()
{
MemberId = member.Id
};
// use the switchboard to handle any communications related to this new member
this.Switchboard.ConsumerMemberCreated(member);
// login to the account
AuthenticationSecurity.Login(registrationForm.Member.Email, registrationForm.Password);
// add appropriate roles to the account
var roles = new string[2] {
Definitions.Account.Roles.Elevated, Definitions.Account.Roles.Consumer
};
authenticationSecurity.AddRolesToUser(registrationForm.Member.Email, roles);
// set redirect location based on user type
var redirect = AuthenticationSecurity.RegistrationAccountTypeRedirect(AccountType.Consumer);
return(CreateSuccessResponse(new { success = true, redirect = redirect }, HttpStatusCode.Created));
}
catch (Exception ex)
{
// log exception
Logger.Error(string.Format("Exception detected attempting to create consumer account and login for email {0}", registrationForm.Member.Email), ex);
// log the user out
AuthenticationSecurity.Logout();
return(CreateErrorResponse(ex));
}
}
// invalid parameters, generate response
return(CreateInvalidResponse(formValidation));
}
protected bool IsAuthorizedUser()
{
var accountType = AuthenticationSecurity.UserAccountType(this.User);
if (accountType != AccountType.None)
{
return(true);
}
return(false);
}
public HttpResponseMessage RecoverPassword(PasswordRecoveryForm form)
{
var formValidation = form.Validate();
if (formValidation.IsValid)
{
try
{
// TODO: finish this section
if (form.IsAnsweringSecurityQuestion)
{
}
else if (form.IsResettingPassword)
{
var host = HttpContext.Current.Request.ServerVariables["HTTP_HOST"];
var token = AuthenticationSecurity.GeneratePasswordResetToken(form.Email);
if (!string.IsNullOrWhiteSpace(host))
{
// create the reset message
StringBuilder sb = new StringBuilder();
var body1 = string.Format("You have requested your password to be reset. Follow the provided link:\n");
//var body2 = string.Format("http://{0}/api/account/incomingtoken?param={1}", host, token);
var body2 = string.Format("http://{0}/#/reset?param={1}", host, token);
sb.Append(body1);
sb.AppendLine();
sb.AppendLine();
sb.Append(body2);
// send the password reset message
//Obsequy.Communication.Email.PasswordReset(form.Email, "BuildShark Password Reset", sb.ToString());
Obsequy.Communication.Mailer mailer = new Communication.Mailer();
mailer.DeliverMessage(form.Email, "Password Reset", sb.ToString());
}
}
else if (form.IsSendingSmSCode)
{
}
// request successful
return(CreateSuccessResponse(new { success = true }));
}
catch (Exception ex)
{
return(CreateErrorResponse(ex));
}
}
// invalid parameters, generate response
return(CreateInvalidResponse(formValidation));
}
public ActionResult Index()
{
if (!IsSupportedBrowser())
{
return(RedirectBrowserUpgrade());
}
if (IsAuthorizedUser())
{
return(RedirectAuthorizedUser());
}
// make sure they are logged out
AuthenticationSecurity.Logout();
return(View());
}
public ActionResult RedirectAuthorizedUser()
{
var accountType = AuthenticationSecurity.UserAccountType(this.User);
if (accountType == AccountType.Administrator)
{
return(RedirectToAction(Definitions.Controllers.Administrator.Views.Index, Definitions.Controllers.Administrator.Route.Server));
}
if (accountType == AccountType.Consumer)
{
return(RedirectToAction(Definitions.Controllers.Consumer.Views.Index, Definitions.Controllers.Consumer.Route.Server));
}
if (accountType == AccountType.Provider)
{
return(RedirectToAction(Definitions.Controllers.Provider.Views.Index, Definitions.Controllers.Provider.Route.Server));
}
return(null);
}
public HttpResponseMessage Member()
{
try
{
if (this.AccountSession != null)
{
if (this.AccountSession.AccountType == AccountType.Consumer)
{
var results = this.Uow.ConsumerMembers.GetScheme(this.AccountSession.MemberId);
// return the response for this member
return(CreateSuccessResponse(new { success = true, results = results }));
}
else if (this.AccountSession.AccountType == AccountType.Provider)
{
var member = this.Uow.ProviderMembers.GetScheme(this.AccountSession.MemberId);
// return the response for this member
return(CreateSuccessResponse(new { success = true, results = member }));
}
else
{
// not sure what to do here. this could be the administrator, but they shouldn't need this. If they do, add in support
return(CreateInvalidResponse(new { invalid = true, results = string.Format("Can not find member for {0}", this.AccountSession.MemberId) }));
}
}
else
{
// not sure what to do here. this could be the administrator, but they shouldn't need this. If they do, add in support
return(CreateInvalidResponse(new { invalid = true }));
}
}
catch (Exception ex)
{
// log the user out
AuthenticationSecurity.Logout();
return(CreateErrorResponse(ex));
}
}
public HttpResponseMessage IncomingToken(object dto) //string param, string password
{
JObject jObject = JObject.Parse(dto.ToString());
string token = (string)jObject["token"];
string password = (string)jObject["password"];
//if (!IsSupportedBrowser())
// return BrowserUpgrade();
if (string.IsNullOrWhiteSpace(token))
{
return(CreateInvalidResponse("The specified token is invalid"));
}
if (AuthenticationSecurity.ResetPassword(token, password))
{
return(CreateSuccessResponse(new { success = true }));
}
else
{
return(CreateSuccessResponse(new { success = false }));
}
}
//[ValidateAntiForgeryToken]
public HttpResponseMessage Login(LoginForm loginForm)
{
var formValidation = loginForm.Validate();
if (formValidation.IsValid)
{
try
{
// attempt to login the user
if (AuthenticationSecurity.Login(loginForm.Email, loginForm.Password, loginForm.RememberMe))
{
// set some arbitrary redirect path to a valid MVC route
// note: this is ok since the client should do a redirect and the server will determine their correct path when the account session is updated
// note: ideally we'd look up the account type and set some default path, but this works well enough as long as the redirect is done.
var redirect = "/c/#/path-to-somewhere/";
return(CreateSuccessResponse(new { success = true, results = redirect }));
}
else
{
// force invalid password error
return(CreateInvalidResponse(loginForm.AsInvalidPassword()));
}
}
catch (Exception ex)
{
// log the user out
AuthenticationSecurity.Logout();
return(CreateErrorResponse(ex));
}
}
// invalid parameters, generate response
return(CreateInvalidResponse(formValidation));
}
