partial void DeleteUserHistory(UserHistory instance);
partial void InsertUserHistory(UserHistory instance);
partial void UpdateUserHistory(UserHistory instance);
/// <summary> /// Change this users password, recording in their history that they have done so. /// </summary> public void ChangePassword(DateTime now, string newPassword, string comment = null) { var changeEvent = new UserHistory { Comment = comment ?? "Changed Password", CreationDate = now, UserHistoryTypeId = UserHistoryTypeId.PasswordChanged, IP = Current.RemoteIP, UserId = Id }; Current.WriteDB.UserHistory.InsertOnSubmit(changeEvent); var thisUser = Current.WriteDB.Users.Single(u => u.Id == this.Id); string salt; var pwdHash = Current.SecureHash(newPassword, out salt); thisUser.PasswordSalt = salt; thisUser.PasswordHash = pwdHash; thisUser.LastActivityDate = now; thisUser.PasswordVersion = null; // We have a strong password now, regardless of what was there before Current.WriteDB.SubmitChanges(); }
public ActionResult EditUserSubmit(string id) { if (!id.HasValue()) return NotFound(); Guid providerId; if (!Guid.TryParse(id, out providerId)) return NotFound(); var toUpdate = Current.WriteDB.Users.SingleOrDefault(u => u.ProviderId == providerId); if (toUpdate == null) return NotFound(); if (toUpdate.Id != Current.LoggedInUser.Id && !Current.LoggedInUser.IsAdministrator) return IrrecoverableError("Cannot modify that user", "You can only modify profiles you are logged into."); var db = Current.WriteDB; var now = Current.Now; foreach (var p in Request.Form.AllKeys) { var value = Request.Form[p]; if (p == "realname") { var old = toUpdate.RealName; if (old == value || (old.IsNullOrEmpty() && value.IsNullOrEmpty())) continue; var hadPreviously = old.HasValue(); string errorMessage; if (!toUpdate.UpdateAttribute(value.IsNullOrEmpty() ? null : value, UserAttributeTypeId.RealName, out errorMessage)) { if (Current.LoggedInUser.Id == toUpdate.Id) { return RecoverableError(errorMessage, new { }); } else { // Hack: URL structure means administrators cannot *really* recover from this error. return IrrecoverableError("Admin edit failed", errorMessage); } } string comment = "Changed"; if (hadPreviously && value.IsNullOrEmpty()) comment = "Removed"; if (!hadPreviously && value.HasValue()) comment = "Added"; var editedRealName = new UserHistory { Comment = comment, CreationDate = now, IP = Current.RemoteIP, UserHistoryTypeId = UserHistoryTypeId.RealNameChanged, UserId = toUpdate.Id }; db.UserHistory.InsertOnSubmit(editedRealName); } if (p == "vanity") { var old = toUpdate.VanityProviderId; if (old == value || (old.IsNullOrEmpty() && value.IsNullOrEmpty())) continue; var hadPreviously = old.HasValue(); string errorMsg; if (value.HasValue() && !Models.User.IsValidVanityId(value, out errorMsg)) { return RecoverableError(errorMsg, new { realname = Request.Form["realname"], vanity = value }); } if (value.HasValue() && db.Users.Any(u => u.VanityProviderId == value)) return RecoverableError("That Vanity OpenId is already in use", new { realname = Request.Form["realname"], vanity = value }); toUpdate.VanityProviderId = value.IsNullOrEmpty() ? null : value; string comment = "Changed"; if (hadPreviously && value.IsNullOrEmpty()) comment = "Removed"; if (!hadPreviously && value.HasValue()) comment = "Added"; var editedVanity = new UserHistory { Comment = comment, CreationDate = now, IP = Current.RemoteIP, UserHistoryTypeId = UserHistoryTypeId.VanityIdChanged, UserId = toUpdate.Id }; db.UserHistory.InsertOnSubmit(editedVanity); } } db.SubmitChanges(); // post submit sanity check to make sure we've got no duplicate vanity id's out there // this is a bit of hack, to work around the inability to set a meaningful unique constraint // on a nullable column if (toUpdate.VanityProviderId.HasValue()) { if (db.Users.Count(u => u.VanityProviderId == toUpdate.VanityProviderId) != 1) { toUpdate.VanityProviderId = null; var editedVanity = new UserHistory { Comment = "Removed", CreationDate = now, IP = "127.0.0.1", UserHistoryTypeId = UserHistoryTypeId.VanityIdChanged, UserId = toUpdate.Id }; db.UserHistory.InsertOnSubmit(editedVanity); db.SubmitChanges(); } } return SafeRedirect( (Func<ActionResult>)this.ViewUser ); }
/// <summary> /// Record a login event for a user, run any needed cleanup, and give the user a session. /// </summary> public void Login(DateTime now) { // Kill the anonymous cookie Current.KillCookie(Current.AnonymousCookieName); // Write a login event var loginEvent = new UserHistory { Comment = "Logged In", CreationDate = now, UserHistoryTypeId = UserHistoryTypeId.Login, UserId = Id, IP = Current.RemoteIP }; Current.WriteDB.UserHistory.InsertOnSubmit(loginEvent); // Generate and write a session var session = Convert.ToBase64String(Current.Random(32)); var sessionHash = Current.WeakHash(session); SessionHash = sessionHash; SessionCreationDate = now; LastActivityDate = now; // Add the user session cookie Current.AddCookie(Current.UserCookieName, session, TimeSpan.FromDays(7)); Current.WriteDB.SubmitChanges(); }
/// <summary> /// Record a logout event for the user, destoy their cookie, and invalidate their session. /// </summary> public void Logout(DateTime now, string careOfHost = null) { // Delete this users session cookie Current.KillCookie(Current.UserCookieName); var comment = "Logged Out"; if (careOfHost.HasValue()) { var cleanHost = careOfHost.ToLowerInvariant(); if (cleanHost.Length + 3 + comment.Length > 400) { cleanHost = cleanHost.Substring(0, 400 - 3 - comment.Length); } comment += " (" + cleanHost + ")"; } var logoutEvent = new UserHistory { Comment = comment, CreationDate = now, UserHistoryTypeId = UserHistoryTypeId.Logout, UserId = Id, IP = Current.RemoteIP }; Current.WriteDB.UserHistory.InsertOnSubmit(logoutEvent); SessionHash = null; SessionCreationDate = null; LastActivityDate = now; Current.WriteDB.SubmitChanges(); }
public void AuthenticatedTo(DateTime now, string host) { var authenticatedEvent = new UserHistory { Comment = "Authenticated to "+host, CreationDate = now, UserHistoryTypeId = UserHistoryTypeId.AuthenticatedTo, UserId = Id, IP = Current.RemoteIP }; Current.WriteDB.UserHistory.InsertOnSubmit(authenticatedEvent); LastActivityDate = now; Current.WriteDB.SubmitChanges(); }
public void UserHistoryInsertWithUserId() { var r = new Restrictions(); var history = new UserHistory { UserId = 1 }; var updates = new Dictionary<object, Restrictions.ShadowModifiedMember[]>(); string ignored; Assert.IsTrue(r.IsValidChangeSet(updates, new List<object>(), new List<object>() { history }, new List<object>(), new List<int>() { 1 }, out ignored)); }
public void NoUserHistoryUpdates() { var r = new Restrictions(); var history = new UserHistory { Id = 1 }; var updates = new Dictionary<object, Restrictions.ShadowModifiedMember[]>(); updates[history] = new Restrictions.ShadowModifiedMember[] { new Restrictions.ShadowModifiedMember { Member = typeof(UserHistory).GetProperty("Id"), CurrentValue = history.Id, OriginalValue = 2 } }; string ignored; Assert.IsFalse(r.IsValidChangeSet(updates, new List<object>(), new List<object>(), new List<object>() { history }, new List<int>() { 1 }, out ignored)); }