protected override void OnLoad(EventArgs e) { base.OnLoad(e); var status = AuthenticationStatus.Failed; if (!String.IsNullOrEmpty(Username) && !String.IsNullOrEmpty(Password)) { var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials { LoginId = Username, Password = Password }); _currentUser = result.User; status = result.Status; if (result.User != null) { switch (result.Status) { case AuthenticationStatus.Authenticated: case AuthenticationStatus.AuthenticatedMustChangePassword: case AuthenticationStatus.AuthenticatedWithOverridePassword: case AuthenticationStatus.Deactivated: _authenticationManager.LogIn(new HttpContextWrapper(HttpContext.Current), _currentUser, AuthenticationStatus.Authenticated); break; default: _currentUser = null; break; } } } if (_currentUser != null) { _userSessionsCommand.CreateUserLogin(new UserLogin { UserId = _currentUser.Id, IpAddress = Request.UserHostAddress, AuthenticationStatus = status }); // This specific page is like a vertical landing page, so set the context. var vertical = _verticalsQuery.GetVertical(VerticalName); if (vertical != null) { ActivityContext.Current.Set(vertical); } // Redirect to the appropriate page. ReadOnlyUrl referrer = null; var refParameter = Request.QueryString["ref"]; if (refParameter != null) { referrer = new ReadOnlyApplicationUrl(refParameter); } NavigationManager.Redirect(referrer ?? SearchRoutes.Search.GenerateUrl()); } }
public ActionResult Account(Login loginModel, [Bind(Include = "RememberMe")] CheckBoxValue rememberMe) { try { // Process the post to check validations etc. loginModel.RememberMe = rememberMe != null && rememberMe.IsChecked; loginModel.Prepare(); loginModel.Validate(); Save(loginModel, new EmployerJoin(), false); // Authenticate. var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials { LoginId = loginModel.LoginId, PasswordHash = LoginCredentials.HashToString(loginModel.Password) }); switch (result.Status) { // Don't stop the user from purchasing if they need to change their password, they can do that next time they log in. case AuthenticationStatus.Authenticated: case AuthenticationStatus.AuthenticatedMustChangePassword: case AuthenticationStatus.AuthenticatedWithOverridePassword: // Log in. _authenticationManager.LogIn(HttpContext, result.User, result.Status); break; default: throw new AuthenticationFailedException(); } // Go to the next page. return(Next()); } catch (UserException ex) { ModelState.AddModelError(ex, new NewOrderErrorHandler()); } // Show the user the errors. var coupon = GetCoupon(Pageflow.CouponId); var order = PrepareOrder(Pageflow.ContactProductId, coupon, Pageflow.UseDiscount, Pageflow.CreditCard); return(AccountView(order, loginModel, null, false)); }
private ActionResult ChangePassword(bool mustChange, ChangePasswordModel changePassword) { changePassword.MustChange = mustChange; changePassword.IsAdministrator = CurrentRegisteredUser.UserType == UserType.Administrator; try { // Make sure everything is in order. changePassword.Validate(); // Check the current credentials. var userId = CurrentRegisteredUser.Id; var loginId = _loginCredentialsQuery.GetLoginId(userId); var credentials = new LoginCredentials { LoginId = loginId, Password = changePassword.Password }; var result = _loginAuthenticationCommand.AuthenticateUser(credentials); switch (result.Status) { case AuthenticationStatus.Failed: throw new AuthenticationFailedException(); } // Check that the password has been changed. if (changePassword.Password == changePassword.NewPassword) { throw new ValidationErrorsException(new NotChangedValidationError("Password", "")); } // Change it. _loginCredentialsCommand.ChangePassword(userId, credentials, changePassword.NewPassword); // Redirect. return(RedirectToUrlWithConfirmation(HttpContext.GetReturnUrl(), "Your password has been changed.")); } catch (UserException ex) { ModelState.AddModelError(ex, new StandardErrorHandler()); } return(View("ChangePassword", changePassword)); }
public void TestCreateUser() { // Create a member account. const string userId = "*****@*****.**"; _memberAccountsCommand.CreateTestMember(userId, false); // Authenticate the user, who is deactivated when first created. var credentials = new LoginCredentials { LoginId = userId, PasswordHash = LoginCredentials.HashToString("password") }; Assert.AreEqual(AuthenticationStatus.Deactivated, _loginAuthenticationCommand.AuthenticateUser(credentials).Status); var profile = _membersQuery.GetMember(userId); Assert.IsNotNull(profile); }
public ActionResult ChangePassword(ChangePasswordModel changePassword) { try { // Make sure everything is in order. changePassword.Validate(); // Check the passed-in credentials. var credentials = new LoginCredentials { LoginId = changePassword.LoginId, Password = changePassword.Password }; var result = _loginAuthenticationCommand.AuthenticateUser(credentials); if (result.Status == AuthenticationStatus.Failed) { throw new AuthenticationFailedException(); } // Check that the password has been changed. if (changePassword.Password == changePassword.NewPassword) { throw new ValidationErrorsException(new NotChangedValidationError("Password", "")); } // Change it. _loginCredentialsCommand.ChangePassword(result.User.Id, credentials, changePassword.NewPassword); } catch (UserException ex) { ModelState.AddModelError(ex, new StandardErrorHandler()); } return(Json(new JsonResponseModel())); }
public void ProcessLogin(bool usedRememberMe) { const string method = "ProcessLogin"; Page.Validate(LoginFormValidationGroup); if (!Page.IsValid) { return; } string userId = UserId; string password = Password; if (userId.Length == 0 || password.Length == 0) { lblLoginMsg.Text = ValidationErrorMessages.LOGIN_ENTER_DATA; phLoginMsg.Visible = true; return; } var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials { LoginId = userId, Password = password }); _currentUser = result.User; if (result.User != null) { switch (result.Status) { case AuthenticationStatus.AuthenticatedWithOverridePassword: // Authenticated with the override password, so give them access to developer // features as well (like viewing exception details). _devAuthenticationManager.LogIn(HttpContext.Current); goto case AuthenticationStatus.Authenticated; case AuthenticationStatus.AuthenticatedMustChangePassword: CompleteAuthenticatedLogin(result.Status, true); break; case AuthenticationStatus.Authenticated: CompleteAuthenticatedLogin(result.Status, false); break; case AuthenticationStatus.Disabled: CompleteDisabledLogin(); break; case AuthenticationStatus.Deactivated: // Employers and administrators should not be affected by this flag so try to let them through. if (_currentUser is Employer || _currentUser is Administrator) { CompleteAuthenticatedLogin(result.Status, false); } else { CompleteDeactivatedLogin(result.Status); } break; } } if (result.Status == AuthenticationStatus.Failed) { EventSource.Raise(Event.Trace, method, string.Format("User login has failed. LoginId = '{0}'", userId)); lblLoginMsg.Text = ValidationErrorMessages.LOGIN_FAILED_ONE_LINE; phLoginMsg.Visible = true; // POST requests from external forms will not populate txtUserId. // This ensures it's populated when we bounce users after a failure. if (Request.RequestType == "POST" && !IsPostBack) { txtUserId.Text = UserId; } SetFocusOnControl(txtPassword); } }
public ActionResult Account(Guid jobAdId, JobAdFeaturePack?featurePack, Login loginModel, [Bind(Include = "RememberMe")] CheckBoxValue rememberMe) { try { // Get the job ad. var anonymousUser = CurrentAnonymousUser; var jobAd = GetJobAd(anonymousUser.Id, jobAdId); if (jobAd == null) { return(NotFound("job ad", "id", jobAdId)); } // Process the post to check validations etc. loginModel.RememberMe = rememberMe != null && rememberMe.IsChecked; loginModel.Prepare(); loginModel.Validate(); // Authenticate. var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials { LoginId = loginModel.LoginId, PasswordHash = LoginCredentials.HashToString(loginModel.Password) }); switch (result.Status) { // Don't stop the user from purchasing if they need to change their password, they can do that next time they log in. case AuthenticationStatus.Authenticated: case AuthenticationStatus.AuthenticatedMustChangePassword: case AuthenticationStatus.AuthenticatedWithOverridePassword: // Log in. _authenticationManager.LogIn(HttpContext, result.User, result.Status); break; default: throw new AuthenticationFailedException(); } // Now that the user has logged in, transfer the job ad and publish it. var employer = (IEmployer)result.User; _employerJobAdsCommand.TransferJobAd(employer, jobAd); return(CheckPublish(employer, jobAd, featurePack)); } catch (UserException ex) { ModelState.AddModelError(ex, new StandardErrorHandler()); } // Show the user the errors. return(View(new AccountModel { Login = loginModel, Join = new EmployerJoin(), AcceptTerms = false, Industries = _industriesQuery.GetIndustries() })); }
AuthenticationResult IAccountsManager.TryAutoLogIn(HttpContextBase context) { var credentials = _cookieManager.ParsePersistantUserCookie(context); if (string.IsNullOrEmpty(credentials.LoginId) || string.IsNullOrEmpty(credentials.Password)) { return new AuthenticationResult { Status = AuthenticationStatus.Failed } } ; // Authenticate. var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials { LoginId = credentials.LoginId, Password = credentials.Password }); switch (result.Status) { case AuthenticationStatus.Authenticated: // Automatically log in. result.Status = AuthenticationStatus.AuthenticatedAutomatically; _authenticationManager.LogIn(context, result.User, result.Status); break; default: // If it didn't work then ensure the cookies are removed. _cookieManager.DeletePersistantUserCookie(context); break; } return(result); } AuthenticationResult IAccountsManager.LogIn(HttpContextBase context, Login login) { // Process the post to check validations etc. login.Prepare(); login.Validate(); // Authenticate. var result = _loginAuthenticationCommand.AuthenticateUser(new LoginCredentials { LoginId = login.LoginId, PasswordHash = LoginCredentials.HashToString(login.Password) }); switch (result.Status) { case AuthenticationStatus.Authenticated: case AuthenticationStatus.AuthenticatedMustChangePassword: case AuthenticationStatus.AuthenticatedWithOverridePassword: case AuthenticationStatus.Deactivated: // Log in. _authenticationManager.LogIn(context, result.User, result.Status); // Remember me. if (login.RememberMe) { _cookieManager.CreatePersistantUserCookie(context, result.User.UserType, new LoginCredentials { LoginId = login.LoginId, Password = login.Password }, result.Status); } else { _cookieManager.DeletePersistantUserCookie(context); } // Vertical. SetVertical(result.User); break; } // Also log them in as a dev if they used the override password. if (result.Status == AuthenticationStatus.AuthenticatedWithOverridePassword) { _devAuthenticationManager.LogIn(context); } return(result); } void IAccountsManager.LogOut(HttpContextBase context) { // Maintain the vertical. Vertical vertical = null; var verticalId = ActivityContext.Current.Vertical.Id; if (verticalId != null) { vertical = _verticalsQuery.GetVertical(verticalId.Value); } // Clean out remember me and any external authentication cookie. _cookieManager.DeletePersistantUserCookie(context); _cookieManager.DeleteExternalCookie(context, vertical == null ? null : vertical.ExternalCookieDomain); // Log out. _authenticationManager.LogOut(context); // Clean up the session but don't abandon it. context.Session.Clear(); // Reset the vertical. if (vertical != null) { ActivityContext.Current.Set(vertical); } } Member IAccountsManager.Join(HttpContextBase context, MemberAccount account, AccountLoginCredentials accountCredentials, bool requiresActivation) { account.Prepare(); account.Validate(); accountCredentials.Prepare(); accountCredentials.Validate(); // Check for an existing login. if (_loginCredentialsQuery.DoCredentialsExist(new LoginCredentials { LoginId = accountCredentials.LoginId })) { throw new DuplicateUserException(); } // Create the member. var member = CreateMember(account, requiresActivation); var credentials = new LoginCredentials { LoginId = accountCredentials.LoginId, PasswordHash = LoginCredentials.HashToString(accountCredentials.Password), }; _memberAccountsCommand.CreateMember(member, credentials, GetMemberAffiliateId()); // Log the user in. _authenticationManager.LogIn(context, member, AuthenticationStatus.Authenticated); // Initialise. _referralsManager.CreateReferral(context.Request, member.Id); InitialiseMemberProfile(member.Id); return(member); } Employer IAccountsManager.Join(HttpContextBase context, EmployerAccount account, AccountLoginCredentials accountCredentials) { accountCredentials.Prepare(); accountCredentials.Validate(); // Check for an existing login. if (_loginCredentialsQuery.DoCredentialsExist(new LoginCredentials { LoginId = accountCredentials.LoginId })) { throw new DuplicateUserException(); } return(Join( context, account, e => _employerAccountsCommand.CreateEmployer(e, new LoginCredentials { LoginId = accountCredentials.LoginId, PasswordHash = LoginCredentials.HashToString(accountCredentials.Password) }))); } Employer IAccountsManager.Join(HttpContextBase context, EmployerAccount account, LinkedInProfile profile) { return(Join( context, account, e => _employerAccountsCommand.CreateEmployer(e, profile))); }