/// <summary> /// CR119-08 /// Save the contact and address objects extarcted from the card personaliztion object so it can be used later to populate tha anonymous user data /// </summary> public void SavePersonalizedContact() { OnlineAccountsManager lOnlineAccMgr = new OnlineAccountsManager(); Contact lTargetContact = null; if (HttpContext.Current.Request.Cookies["PersonalizedContact"] != null) { //modified by Rabie @ 29 Oct 2013 // decrypting "PersonalizedContact" cookie value as part of accepted work-around to "persistent cookie issue" in SND 4.0 security issues report var lPersonalizedContactID = EncryptionDecryptionManager.DecryptData(HttpContext.Current.Request.Cookies["PersonalizedContact"].Value , URLLocalizationManager.PrivateKey); lTargetContact = lOnlineAccMgr.GetContact(int.Parse(lPersonalizedContactID), "Addresses"); ConvertPersonalizationDataToContact(NavigationState.SB_Card.SB_CardPersonalizedInfo, lTargetContact); lOnlineAccMgr.UpdateContact(lTargetContact); lOnlineAccMgr.UpdateAddress(lTargetContact.Addresses.FirstOrDefault()); } else { lTargetContact = new Contact(); ConvertPersonalizationDataToContact(NavigationState.SB_Card.SB_CardPersonalizedInfo, lTargetContact); lOnlineAccMgr.CreateContact(lTargetContact); } //modified by Rabie @ 29 Oct 2013 // encrypting/decrypting "PersonalizedContact" cookie value as accepted work-around to "persistent cookie issue" in SND 4.0 security issues report var lPersonalizedContactCookie = new HttpCookie("PersonalizedContact", EncryptionDecryptionManager.EncryptData(lTargetContact.Contact_ID.ToString(), URLLocalizationManager.PublicKey)); lPersonalizedContactCookie.Expires = DateTime.Now.AddDays(1); lPersonalizedContactCookie.HttpOnly = true; lPersonalizedContactCookie.Secure = true; HttpContext.Current.Response.Cookies.Add(lPersonalizedContactCookie); }
/// <summary> /// Method Name: CardRegistrationNavigation. /// Method Purpose: Pulic default constructor. /// Author: Shady Yahia. /// Modification Date: April 28, 2011. /// </summary> public NavCardRegistration(bool pCreateNewNavigationState = false) { _BackOfficeManager = new BackOfficeManager(); _OnlineAccMgr = new OnlineAccountsManager(); if (NavigationState == null) { if (pCreateNewNavigationState == true) { // Try initialize base class. base.InitializeME(); // set new navigation state object. this.SetNavigationState(); } else { // handle session time out. base.HandleSessionTimeOut(); } } if (_NavigationState.LoggedInUserGUID != Guid.Empty && this._NavigationState.Contact == null) { this._NavigationState.NavigationPermitted = this.IsNavigationPermitted(); // set new navigation state object. this.SetNavigationState(); } }
/// <summary> /// Method Name: SignUp. /// Method Purpose: This method used to sign up. /// Author: Mena Armanyous. /// Modification Date: April 27, 2011. /// </summary> /// <param name="pASPNetUserID"></param> /// <param name="pAccount"></param> /// <param name="pContact"></param> /// <param name="pNewsLetterSubscribe"></param> /// <returns></returns> public bool SignUp(Guid pASPNetUserID, Account pAccount, Contact pContact, bool pNewsLetterSubscribe) { try { //set the newly created user as logged in pAccount.IsLoggedIn = true; // create new contact with its related account information. pContact.Account = pAccount; OnlineAccountsManager lOnlineManager = new OnlineAccountsManager(); lOnlineManager.CreateContact(pContact); //set aspnet_users for account pContact.Account.aspnet_Users = new AccountAdministrationManager().GetAspNetUser(pASPNetUserID); this.SendSignUpConfirmationMail(pContact, HttpContext.Current.Request.IsSecureConnection); #region Athenticate user // authenticate signed up user. string strUserName = (pContact.Account.aspnet_Users.UserName); SessionManager.Set <string>(enumSessionKeys.UserName, strUserName); FormsAuthentication.SetAuthCookie(strUserName, false); #endregion // update signed up user related navigation state. UpdateNavigationState(pASPNetUserID); //updated by Randa Salah Eldin as newsletter will not be connected with the Account anymore if (pNewsLetterSubscribe) { NewsletterManager lNewsletterManager = new NewsletterManager(); if (pNewsLetterSubscribe && lNewsletterManager.IsUserSubscribed(pContact.Email) == false) { lNewsletterManager.AddNewsletterSubscriber(pContact.Email); } else if (pNewsLetterSubscribe == false && lNewsletterManager.IsUserSubscribed(pContact.Email) == true) { lNewsletterManager.UnsubscribeFromNewsLetter(pContact.Email); } } #region Session Fixation Security Threat - FIX // written by rabie @ 15 july 2012 new AccountAdministrationManager().RegenerateSessionID(false, true); #endregion return(true); } catch (Exception ex) { if (!ExceptionHandler.IsUserFriendly(ex)) { ex.Data.Add("ClassName", "NavBase"); ex.Data.Add("MethodName", "SignUp"); ExceptionHandler.handle(ex); } else { throw ex; } return(false); } }
/// <summary> /// Method Name: SignUp. /// Method Purpose: This method used to sign up. /// Author: Mena Armanyous. /// Modification Date: April 27, 2011. /// </summary> /// <param name="pASPNetUserID"></param> /// <param name="pAccount"></param> /// <param name="pContact"></param> /// <param name="pNewsLetterSubscribe"></param> /// <returns></returns> public bool SignUp(Guid pASPNetUserID, Account pAccount, Contact pContact, bool pNewsLetterSubscribe) { try { //set the newly created user as logged in pAccount.IsLoggedIn = true; // create new contact with its related account information. pContact.Account = pAccount; OnlineAccountsManager lOnlineManager = new OnlineAccountsManager(); lOnlineManager.CreateContact(pContact); //set aspnet_users for account pContact.Account.aspnet_Users = new AccountAdministrationManager().GetAspNetUser(pASPNetUserID); this.SendSignUpConfirmationMail(pContact, HttpContext.Current.Request.IsSecureConnection); #region Athenticate user // authenticate signed up user. string strUserName = (pContact.Account.aspnet_Users.UserName); SessionManager.Set<string>(enumSessionKeys.UserName,strUserName); FormsAuthentication.SetAuthCookie(strUserName, false); #endregion // update signed up user related navigation state. UpdateNavigationState(pASPNetUserID); //updated by Randa Salah Eldin as newsletter will not be connected with the Account anymore if (pNewsLetterSubscribe) { NewsletterManager lNewsletterManager = new NewsletterManager(); if (pNewsLetterSubscribe && lNewsletterManager.IsUserSubscribed(pContact.Email) == false) { lNewsletterManager.AddNewsletterSubscriber(pContact.Email); } else if (pNewsLetterSubscribe == false && lNewsletterManager.IsUserSubscribed(pContact.Email) == true) { lNewsletterManager.UnsubscribeFromNewsLetter(pContact.Email); } } #region Session Fixation Security Threat - FIX // written by rabie @ 15 july 2012 new AccountAdministrationManager().RegenerateSessionID(false,true); #endregion return true; } catch (Exception ex) { if (!ExceptionHandler.IsUserFriendly(ex)) { ex.Data.Add("ClassName", "NavBase"); ex.Data.Add("MethodName", "SignUp"); ExceptionHandler.handle(ex); } else { throw ex; } return false; } }