public ActionResult Forgot([Bind(Include = "username,email")] UserPassChange upc) { User user = db.Users.Find(upc.username); if (user == null) { } else if (user.email != upc.email) { user = null; } if (user != null) { String forKey = "/Reset?kstr=" + RandomPassword.Generate(44, PasswordGroup.Uppercase, PasswordGroup.Lowercase, PasswordGroup.Numeric); user.forString = forKey; db.Entry(user).State = EntityState.Modified; db.SaveChanges(); genLog("Forgot", "Accout Reset Sent: link = " + forKey, user.username); return(RedirectToAction("Index", "Users")); } else { ModelState.AddModelError("Error", "User or Email not found"); } return(View(upc)); }
void IMapper.Map(User user, UserPassChange userPassChange) { userPassChange.Id = user.Id; userPassChange.PasswordSalt = user.PasswordSalt; foreach (string item in user.OldPasswords) { userPassChange.OldPasswords.Enqueue(item); } userPassChange.Password = user.Password; }
// Create UserPassChange from user private UserPassChange uToUpc(User user) { UserPassChange upc = new UserPassChange(); upc.username = user.username; upc.avPath = user.avPath; upc.thumbPath = user.thumbPath; upc.email = user.email; return(upc); }
/// <summary> /// Changes password for the user. Returns with a class containing error messages and a boolean representing the success of the password change. /// </summary> /// <param name="user">Logged in user</param> /// <param name="newPassword">New password</param> /// <param name="oldPassword">Old password for authentication</param> /// <returns></returns> public ValidationResult ChangePassword(string email, string newPassword) { User user = GetUser(email); logService.Create("Jelszóváltási kísérlet", user.Name); //Reusing ValidationResult from the validators, it passes error messages to the Presentation Layer. ValidationResult result = new ValidationResult(); //Using userPassChange DTO with automapper UserPassChange userPassChng = new UserPassChange(); mapper.Map(user, userPassChng); userPassChng.NewPassword = newPassword; //Validating new password ValidationResult newPass = Validator <UserPassChange> .Validate(userPassChng); if (!newPass.IsValid) { result.Errors.AddRange(newPass.Errors); logService.Create($"Jelszó változtatás sikertelen: az új jelszó nem felel meg a követelményeknek.", user.Name); } else { userPassChng.HashedNewPassword = Hasher.Hash(userPassChng.NewPassword, userPassChng.PasswordSalt.ToByteArray()).ToBase64String(); //checking the last 5 passwords if (userPassChng.OldPasswords.Contains(userPassChng.HashedNewPassword) || userPassChng.HashedNewPassword == userPassChng.Password) { result.Errors.Add("Az új jelszónak különböznie kell a korábbi 5 jelszótól"); logService.Create($"Jelszó váltás sikertelen: a felhasználó a régi jelszót kísérlete meg felhasználni."); } else //Shifting user's passwords & updating the repo { if (userPassChng.OldPasswords.Count > 3) { userPassChng.OldPasswords.Dequeue(); } userPassChng.OldPasswords.Enqueue(userPassChng.Password); userPassChng.Password = userPassChng.HashedNewPassword; //giving back passwords to user & updating repo mapper.Map(userPassChng, user); dataRepo.UpdateUser(user); logService.Create($"A felhasználó jelszavát frissítettük."); } } return(result); }
// GET: Reset // validate reset string and user // return user Reset if valid public ActionResult Reset(string kstr) { if (kstr != null && kstr.Length > 0 && kstr.Length < 45) { kstr = Regex.Replace(kstr, "[^0-9a-zA-Z]+", ""); User user = db.Users.FirstOrDefault(User => User.forString == "/Reset?kstr=" + kstr); UserPassChange upc = uToUpc(user); if (user != null) { return(View(upc)); } } return(RedirectToAction("Index")); }
// GET: Profile public ActionResult Profile() { if (!Request.IsAuthenticated) { return(RedirectToAction("Login")); } User user = db.Users.Find(this.User.Identity.Name); if (user == null) { return(HttpNotFound()); } UserPassChange upc = uToUpc(user); return(View(upc)); }
public ActionResult Reset([Bind(Include = "username,newpass,confpass")] UserPassChange upc) { var crypto = new SimpleCrypto.PBKDF2(); User user = db.Users.Find(upc.username); upc.password = crypto.Compute(upc.newpass); user.password = upc.password; user.forString = ""; user.salt = crypto.Salt; db.Entry(user).State = EntityState.Modified; db.SaveChanges(); genLog("Reset", "Password Reset", user.username); Session["smsg"] = "Your password has been reset."; return(RedirectToAction("Success")); }
// GET: Edit // Authenticate public ActionResult Edit() { if (!Request.IsAuthenticated) { return(RedirectToAction("Login")); } string name = this.User.Identity.Name; User user = db.Users.Find(name); UserPassChange upc = new UserPassChange(); upc.email = user.email; upc.username = user.username; user.password = ""; return(View(upc)); }
// GET: Unlock // validate token, unlock user, log public ActionResult Unlock(string kstr) { if (kstr != null && kstr.Length > 0 && kstr.Length < 45) { kstr = Regex.Replace(kstr, "[^0-9a-zA-Z]+", ""); User user = db.Users.FirstOrDefault(User => User.unlString == "/Unlock?kstr=" + kstr); UserPassChange upc = uToUpc(user); if (user != null) { user.locked = false; user.attempts = 0; user.unlString = null; db.Entry(user).State = EntityState.Modified; db.SaveChanges(); genLog("Unlock", "Accout Unlocking", user.username); Session["smsg"] = "Your account has been unlocked."; return(RedirectToAction("Success")); } } return(RedirectToAction("Index")); }
public ActionResult Edit([Bind(Include = "email,password,newpass,confpass")] UserPassChange upc) { var crypto = new SimpleCrypto.PBKDF2(); upc.username = this.User.Identity.Name; User user = db.Users.Find(upc.username); upc.password = crypto.Compute(upc.password, user.salt); if (upc.password == user.password) { user.password = crypto.Compute(upc.newpass); user.salt = crypto.Salt; db.Entry(user).State = EntityState.Modified; db.SaveChanges(); Session["smsg"] = "Password Updated."; genLog("PassChange", "Password Updated", user.username); return(RedirectToAction("Success")); } ModelState.AddModelError("password", "Wrong Password"); upc.password = ""; return(View(upc)); }
// Create UserPassChange from user private UserPassChange uToUpc(User user) { UserPassChange upc = new UserPassChange(); upc.username = user.username; upc.avPath = user.avPath; upc.thumbPath = user.thumbPath; upc.email = user.email; return (upc); }
// GET: Edit // Authenticate public ActionResult Edit() { if (!Request.IsAuthenticated) { return RedirectToAction("Login"); } string name = this.User.Identity.Name; User user = db.Users.Find(name); UserPassChange upc = new UserPassChange(); upc.email = user.email; upc.username = user.username; user.password = ""; return View(upc); }
public ActionResult Profile([Bind(Include = "Image,email,username")] UserPassChange user) { user.username = this.User.Identity.Name; User ruser = db.Users.Find(user.username); user.avPath = ruser.avPath; user.thumbPath = ruser.thumbPath; user.email = ruser.email; var validImageTypes = new string[] { "image/gif", "image/jpeg", "image/bmp", "image/png" }; if (user.Image == null || user.Image.ContentLength == 0) { } else if (user.Image.ContentLength > 1000000) { ModelState.AddModelError("ImageUpload", "Image cannot be larger than 1mb"); } else if (!validImageTypes.Contains(user.Image.ContentType)) { ModelState.AddModelError("ImageUpload", "Please choose either a GIF, JPG or PNG image."); } else { WebImage photo; String newFileName = ""; var imagePath = ""; var imageThumbPath = ""; Image img = Image.FromStream(user.Image.InputStream); Bitmap bmi = new Bitmap(img); photo = new WebImage(user.Image.InputStream); newFileName = Guid.NewGuid().ToString() + "_." + photo.ImageFormat; imagePath = "/Content/images/"; using (MemoryStream memory = new MemoryStream()) { using (FileStream fs = new FileStream(AppDomain.CurrentDomain.BaseDirectory + imagePath + @newFileName, FileMode.Create, FileAccess.ReadWrite)) { bmi.Save(memory, ImageFormat.Jpeg); byte[] bytes = memory.ToArray(); fs.Write(bytes, 0, bytes.Length); } } imageThumbPath = "/Content/images/thumbs/"; bmi = new Bitmap(bmi.GetThumbnailImage(100, 100, null, IntPtr.Zero)); using (MemoryStream memory = new MemoryStream()) { using (FileStream fs = new FileStream(AppDomain.CurrentDomain.BaseDirectory + imageThumbPath + @newFileName, FileMode.Create, FileAccess.ReadWrite)) { bmi.Save(memory, ImageFormat.Jpeg); byte[] bytes = memory.ToArray(); fs.Write(bytes, 0, bytes.Length); } } ruser.avPath = imagePath + newFileName; ruser.thumbPath = imageThumbPath + newFileName; user.avPath = ruser.avPath; user.thumbPath = ruser.thumbPath; user.email = ruser.email; db.Entry(ruser).State = EntityState.Modified; db.SaveChanges(); genLog("Profile", "Update Profile", user.username); } return(View(user)); }