public ActionResult Login(LoginModel loginModel)
{
//Populate invitationModel depending on what is returned from various views
if (PopulateModel(loginModel))
{
bool isValid = true;
string URL = String.Empty;
// RESET PASSWORD
if (invitationModel.ATSMethod == ATS.Methods.ResetPassword)
{
/* If the user returned to this website by clicking a reset passwork link, we first have to update their password to the new value they just entered. */
ATSResult resetResult = Shared.SetCredentials(invitationModel.InviteeIMIS_ID, invitationModel.Username, invitationModel.Password);
isValid = IsATSResultOK(resetResult);
}
if (!isValid)
{
return(View("Error"));
}
else
{
// LOGIN
XDocument xmlDoc = Shared.UnifiedLogin(invitationModel.Username, invitationModel.Password);
XNamespace xmlNamespace = xmlDoc.Root.Name.Namespace;
string resultMessage = xmlDoc.Root.Element(xmlNamespace + "ResultMessage").Value;
if (resultMessage != "Failed" && resultMessage != "LockedOut")
{
//If invitee somehow used someone else's credentials, do not allow them to proceed. UnifiedLogin will return
//the IMIS ID but we have to go back and get the email address to verify it is actually the one intended by the invitee.
string verifyEmail = InvitationRepository.GetEmailByID(xmlDoc.Root.Element(xmlNamespace + "ID").Value);
if (verifyEmail == null || !verifyEmail.Equals(invitationModel.Email, StringComparison.InvariantCultureIgnoreCase))
{
return(View("LoginFailed"));
}
ATSResult result = new ATSResult();
/* If this is not an NM, EMP or NEMP then we need to create a new "clone" account that IS an EMP */
List <string> validMemberTypes = new List <string> {
"NM", "EMP", "NEMP"
};
if (!validMemberTypes.Contains(invitationModel.MemberType))
{
if (Shared.CanAddContact(invitationModel.InvitationIMIS_ID,
invitationModel.FirstName,
invitationModel.LastName,
invitationModel.Email))
{
// Redirect to NewAccount and prepopulate with data we already have (except prompting for new web user credentials)?
invitationModel.CloneAccount = true;
return(RedirectToAction("NewAccount", invitationModel));
}
else
{
TempData["ErrorMsg"] = "This account already exists. Please try again.";
return(View("Error"));
}
}
/* If we had a successful login and the Invitee has a CompanyID that is different than the InvitationIMIS_ID, then reassociate the account. */
else if (invitationModel.InviteeCompanyID != invitationModel.InvitationIMIS_ID)
{
//DO NOT pass Username/Password here because it will auto-generate a bogus email with plain text username/password telling the user that their info has been changed (even when it hasn't, because we're using SetCredentials to do that)
result = Shared.UpdateContact(invitationModel.InviteeIMIS_ID,
invitationModel.FirstName,
invitationModel.MiddleName,
invitationModel.LastName,
invitationModel.Email,
String.Empty, //invitationModel.Username,
String.Empty, //invitationModel.Password,
invitationModel.WorkPhone,
invitationModel.HomePhone,
invitationModel.InstituteName,
invitationModel.InvitationIMIS_ID);
isValid = IsATSResultOK(result);
}
else
{
//valid member type and not changing company ID
isValid = true;
}
if (!isValid)
{
return(View("Error"));
}
else
{
//Update the invitation's Received flag here (in case there was any problem before/during the account creation process, then the user can attempt to use the invitation again until the account is created and logged in).
InvitationRepository.UpdateInvitationReceived(Invitation);
string storeAuthURL = "http://members.brewersassociation.org/store/StoreAuth.aspx?name1=" + invitationModel.Username +
"&name2=" + invitationModel.Password +
"&RedirectToAccount=1";
#if DEBUG
storeAuthURL += "&useDEV=1";
#endif
return(View("AddedToRoster"));
//return new RedirectResult(storeAuthURL);
}
}
else
{
return(View("LoginFailed"));
}
}
}
else
{
return(RedirectToAction("NotAuthorized"));
}
}
