public void HandleForgotPassword(dynamic JsonData) { try { if (!File.Exists(Utilities.App_Data + "Tech_Accounts\\" + JsonData.UserID + ".json")) { JsonData.Status = "invalid"; Send(Json.Encode(JsonData)); return; } Tech_Account account = Json.Decode <Tech_Account>(File.ReadAllText(Utilities.App_Data + "Tech_Accounts\\" + JsonData.UserID + ".json")); if (account.Email == null) { JsonData.Status = "noemail"; Send(Json.Encode(JsonData)); return; } account.TempPassword = Path.GetRandomFileName().Replace(".", ""); account.Save(); JsonData.Status = "ok"; JsonData.Access = TechAccount.AccessLevel.ToString(); JsonData.TempPassword = account.TempPassword; try { WebMail.SmtpServer = Config.Current.Email_SMTP_Server; WebMail.UserName = Config.Current.Email_SMTP_Username; WebMail.Password = Config.Current.Email_SMTP_Password; WebMail.From = Config.Current.Email_SMTP_Username; WebMail.Send(account.Email, Config.Current.Company_Name + " Support Portal Password Reset", "As requested, your password has been reset. Your temporary password is below.<br><br>If you did not request this password reset, or requested it in error, you can safely ignore this email. Logging in with your old password will invalidate the temporary password and reverse the password reset.<br><br>Temporary Password: "******"error"; Send(Json.Encode(JsonData)); } } catch (Exception ex) { Utilities.WriteToLog(ex); } }
public void HandleTechMainLogin(dynamic JsonData) { try { if (BadLoginAttempts >= 3) { JsonData.Status = "temp ban"; Send(Json.Encode(JsonData)); return; } if (Config.Current.Demo_Mode && JsonData.UserID.ToLower() == "demo" && JsonData.Password == "tech") { var authToken = Guid.NewGuid().ToString().Replace("-", ""); AuthenticationTokens.Add(authToken); TechAccount = new Tech_Account() { UserID = "demo", FirstName = "Demo", LastName = "Tech", HashedPassword = Crypto.HashPassword(JsonData.Password), AccessLevel = Tech_Account.Access_Levels.Admin }; if (JsonData.RememberMe == true) { TechAccount.AuthenticationTokens.AddRange(AuthenticationTokens); } TechAccount.Save(); JsonData.Status = "ok"; JsonData.AuthenticationToken = authToken; Send(Json.Encode(JsonData)); return; } //else if (Config.Current.Active_Directory_Enabled) //{ // // TODO: AD authentication. //} else { if (!Directory.Exists(Utilities.App_Data + "Tech_Accounts")) { Directory.CreateDirectory(Utilities.App_Data + "Tech_Accounts"); } if (!File.Exists(Utilities.App_Data + "Tech_Accounts\\" + JsonData.UserID + ".json")) { BadLoginAttempts++; JsonData.Status = "invalid"; Send(Json.Encode(JsonData)); return; } Tech_Account account = Json.Decode <Tech_Account>(File.ReadAllText(Utilities.App_Data + "Tech_Accounts\\" + JsonData.UserID + ".json")); while (account.AuthenticationTokens.Count > 10) { account.AuthenticationTokens.RemoveAt(0); } if (account.BadLoginAttempts >= 3) { if (DateTime.Now - account.LastBadLogin > TimeSpan.FromMinutes(10)) { BadLoginAttempts = 0; } else { JsonData.Status = "locked"; Send(Json.Encode(JsonData)); return; } } if (String.IsNullOrEmpty(JsonData.Password)) { BadLoginAttempts++; account.BadLoginAttempts++; account.LastBadLogin = DateTime.Now; account.Save(); JsonData.Status = "invalid"; Send(Json.Encode(JsonData)); return; } if (JsonData.Password == account.TempPassword) { if (String.IsNullOrEmpty(JsonData.NewPassword)) { JsonData.Status = "new required"; Send(Json.Encode(JsonData)); return; } else if (JsonData.NewPassword != JsonData.ConfirmNewPassword) { JsonData.Status = "password mismatch"; Send(Json.Encode(JsonData)); return; } else if (JsonData.NewPassword.Length < 8 || JsonData.NewPassword.Length > 20) { JsonData.Status = "password length"; Send(Json.Encode(JsonData)); return; } else { var authToken = Guid.NewGuid().ToString().Replace("-", ""); AuthenticationTokens.Add(authToken); account.TempPassword = ""; account.HashedPassword = Crypto.HashPassword(JsonData.ConfirmNewPassword); account.BadLoginAttempts = 0; if (JsonData.RememberMe == true) { account.AuthenticationTokens.Add(authToken); } account.Save(); if (SocketCollection.Exists(sock => sock?.TechAccount?.UserID == account.UserID)) { foreach (var login in SocketCollection.FindAll(sock => sock?.TechAccount?.UserID == account.UserID)) { var request = new { Type = "NewLogin" }; login.Send(Json.Encode(request)); login.Close(); } } TechAccount = account; JsonData.Status = "ok"; JsonData.Access = TechAccount.AccessLevel.ToString(); JsonData.AuthenticationToken = authToken; Send(Json.Encode(JsonData)); return; } } if (Crypto.VerifyHashedPassword(account.HashedPassword, JsonData.Password)) { var authToken = Guid.NewGuid().ToString().Replace("-", ""); AuthenticationTokens.Add(authToken); account.BadLoginAttempts = 0; account.TempPassword = ""; if (JsonData.RememberMe == true) { account.AuthenticationTokens.Add(authToken); } account.Save(); if (SocketCollection.Exists(sock => sock?.TechAccount?.UserID == account.UserID)) { foreach (var login in SocketCollection.FindAll(sock => sock?.TechAccount?.UserID == account.UserID)) { var request = new { Type = "NewLogin" }; login.Send(Json.Encode(request)); login.Close(); } } TechAccount = account; JsonData.Status = "ok"; JsonData.Access = TechAccount.AccessLevel.ToString(); JsonData.AuthenticationToken = authToken; Send(Json.Encode(JsonData)); return; } if (!String.IsNullOrEmpty(JsonData.AuthenticationToken)) { if (AuthenticationTokens.Contains(JsonData.AuthenticationToken) || account.AuthenticationTokens.Contains(JsonData.AuthenticationToken)) { var authToken = Guid.NewGuid().ToString().Replace("-", ""); account.AuthenticationTokens.Remove(JsonData.AuthenticationToken); AuthenticationTokens.Add(authToken); if (JsonData.RememberMe == true) { account.AuthenticationTokens.Add(authToken); } account.Save(); account.BadLoginAttempts = 0; account.TempPassword = ""; account.Save(); if (SocketCollection.Exists(sock => sock?.TechAccount?.UserID == account.UserID)) { foreach (var login in SocketCollection.FindAll(sock => sock?.TechAccount?.UserID == account.UserID)) { var request = new { Type = "NewLogin" }; login.Send(Json.Encode(request)); login.Close(); } } TechAccount = account; JsonData.Status = "ok"; JsonData.Access = TechAccount.AccessLevel.ToString(); JsonData.AuthenticationToken = authToken; Send(Json.Encode(JsonData)); } else { BadLoginAttempts++; JsonData.Status = "expired"; Send(Json.Encode(JsonData)); } return; } // Bad login attempt. BadLoginAttempts++; account.BadLoginAttempts++; account.LastBadLogin = DateTime.Now; account.Save(); JsonData.Status = "invalid"; Send(Json.Encode(JsonData)); return; } } catch (Exception ex) { Utilities.WriteToLog(ex); } }