public virtual async Task <ActionResult> Register(LogOnViewModel model, string returnUrl, bool linkingAccount)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[Constants.ReturnUrlViewDataKey] = returnUrl;
if (Request.IsAuthenticated)
{
TempData["Message"] = Strings.AlreadyLoggedIn;
return(SafeRedirect(returnUrl));
}
if (linkingAccount)
{
ModelState.Remove("Register.Password");
}
if (!ModelState.IsValid)
{
return(RegisterOrExternalLinkView(model, linkingAccount));
}
AuthenticatedUser user;
try
{
if (linkingAccount)
{
var result = await _authService.ReadExternalLoginCredential(OwinContext);
if (result.ExternalIdentity == null)
{
return(ExternalLinkExpired());
}
user = await _authService.Register(
model.Register.Username,
model.Register.EmailAddress,
result.Credential);
}
else
{
user = await _authService.Register(
model.Register.Username,
model.Register.EmailAddress,
_credentialBuilder.CreatePasswordCredential(model.Register.Password));
}
}
catch (EntityException ex)
{
ModelState.AddModelError("Register", ex.Message);
return(RegisterOrExternalLinkView(model, linkingAccount));
}
// Send a new account email
if (NuGetContext.Config.Current.ConfirmEmailAddresses && !string.IsNullOrEmpty(user.User.UnconfirmedEmailAddress))
{
_messageService.SendNewAccountEmail(
new MailAddress(user.User.UnconfirmedEmailAddress, user.User.Username),
Url.ConfirmEmail(
user.User.Username,
user.User.EmailConfirmationToken,
relativeUrl: false));
}
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, user, returnUrl, out challenge))
{
return(challenge);
}
// Create session
await _authService.CreateSessionAsync(OwinContext, user);
return(RedirectFromRegister(returnUrl));
}
public virtual async Task <ActionResult> Register(LogOnViewModel model, string returnUrl, bool linkingAccount)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[GalleryConstants.ReturnUrlViewDataKey] = returnUrl;
if (Request.IsAuthenticated)
{
TempData["Message"] = Strings.AlreadyLoggedIn;
return(SafeRedirect(returnUrl));
}
if (linkingAccount)
{
ModelState.Remove("Register.Password");
}
if (!ModelState.IsValid)
{
return(RegisterOrExternalLinkView(model, linkingAccount));
}
AuthenticatedUser user;
var usedMultiFactorAuthentication = false;
try
{
if (linkingAccount)
{
var result = await _authService.ReadExternalLoginCredential(OwinContext);
if (result.ExternalIdentity == null)
{
return(AuthenticationFailureOrExternalLinkExpired());
}
usedMultiFactorAuthentication = result.LoginDetails?.WasMultiFactorAuthenticated ?? false;
user = await _authService.Register(
model.Register.Username,
model.Register.EmailAddress,
result.Credential,
(result.Credential.IsExternal() && string.Equals(result.UserInfo?.Email, model.Register.EmailAddress))
);
}
else
{
user = await _authService.Register(
model.Register.Username,
model.Register.EmailAddress,
_credentialBuilder.CreatePasswordCredential(model.Register.Password));
}
}
catch (EntityException ex)
{
ModelState.AddModelError("Register", ex.Message);
return(RegisterOrExternalLinkView(model, linkingAccount));
}
// Send a new account email
if (NuGetContext.Config.Current.ConfirmEmailAddresses && !string.IsNullOrEmpty(user.User.UnconfirmedEmailAddress))
{
var message = new NewAccountMessage(
_messageServiceConfiguration,
user.User,
Url.ConfirmEmail(
user.User.Username,
user.User.EmailConfirmationToken,
relativeUrl: false));
await _messageService.SendMessageAsync(message);
}
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, user, returnUrl, out challenge))
{
return(challenge);
}
// If we are an administrator and Gallery.EnforcedTenantIdForAdmin is set
// to require a specific tenant Id, check if the user logged in with the specified tenant.
if (!SiteAdminHasValidTenant(user))
{
ModelState.AddModelError("Register", string.Format(Strings.SiteAdminNotLoggedInWithRequiredTenant, NuGetContext.Config.Current.EnforcedTenantIdForAdmin));
return(RegisterOrExternalLinkView(model, linkingAccount));
}
// Create session
await _authService.CreateSessionAsync(OwinContext, user, usedMultiFactorAuthentication);
return(RedirectFromRegister(returnUrl));
}