protected override bool TryCreatePrincipal(string emailAddress, string password, out IPrincipal principal) { principal = null; if (String.IsNullOrEmpty(password)) { Log.Error().Message("The password \"{0}\" is invalid.", password).Write(); return false; } if (String.Equals(emailAddress, "client", StringComparison.OrdinalIgnoreCase)) { var projectRepository = Resolver.GetService<IProjectRepository>(); if (projectRepository == null) { Log.Error().Message("Unable to resolve IProjectRepository").Write(); return false; } Project project = projectRepository.GetByApiKey(password); if (project == null) { Log.Error().Message("Unable to find a project with the Api Key: \"{0}\".", password).Write(); return false; } var organizationRepository = Resolver.GetService<IOrganizationRepository>(); if (organizationRepository == null) { Log.Error().Message("Unable to resolve IOrganizationRepository").Write(); return false; } var organization = organizationRepository.GetByIdCached(project.OrganizationId); if (organization == null) { Log.Error().Message("Unable to find organization: \"{0}\".", project.OrganizationId).Write(); return false; } if (organization.IsSuspended) { Log.Error().Message("Rejecting authentication because the organization \"{0}\" is suspended.", project.OrganizationId).Write(); AuthDeniedReason = "Account has been suspended."; return false; } principal = new ExceptionlessPrincipal(project); return true; } var userRepository = Resolver.GetService<IUserRepository>(); if (userRepository == null) { Log.Error().Message("Unable to resolve IUserRepository").Write(); return false; } User user = userRepository.GetByEmailAddress(emailAddress); if (user == null) { Log.Error().Message("Unable to find user a with the email address: \"{0}\".", emailAddress).Write(); return false; } var membershipSecurity = Resolver.GetService<IMembershipSecurity>(); if (membershipSecurity == null) { Log.Error().Message("Unable to resolve IMembershipSecurity").Write(); return false; } if (!String.Equals(user.Password, membershipSecurity.GetSaltedHash(password, user.Salt))) { Log.Error().Message("Invalid password").Write(); return false; } principal = new ExceptionlessPrincipal(user); return true; }
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e) { if (!RequestRequiresAuth()) return; if (!User.Identity.IsAuthenticated) return; if (User is ExceptionlessPrincipal) return; CheckDbOrCacheDown(); try { var userRepository = DependencyResolver.Current.GetService<IUserRepository>(); User user = userRepository.GetByEmailAddress(User.Identity.Name); if (user == null) { FormsAuthentication.SignOut(); FormsAuthentication.RedirectToLoginPage(); return; } var principal = new ExceptionlessPrincipal(user); Thread.CurrentPrincipal = principal; if (HttpContext.Current != null) HttpContext.Current.User = principal; } catch (MongoConnectionException ex) { Log.Error().Exception(ex).Message("Error getting user: {0}", ex.Message).Report().Write(); MarkDbDown(); RedirectToMaintenancePage(); } catch (SocketException ex) { Log.Error().Exception(ex).Message("Error getting user: {0}", ex.Message).Report().Write(); MarkDbDown(); RedirectToMaintenancePage(); } }
protected override bool TryCreatePrincipal(string emailAddress, string password, out IPrincipal principal) { principal = null; if (String.IsNullOrEmpty(password)) { Log.Error().Message("The password \"{0}\" is invalid.", password).Write(); return(false); } if (String.Equals(emailAddress, "client", StringComparison.OrdinalIgnoreCase)) { var projectRepository = Resolver.GetService <IProjectRepository>(); if (projectRepository == null) { Log.Error().Message("Unable to resolve IProjectRepository").Write(); return(false); } Project project = projectRepository.GetByApiKey(password); if (project == null) { Log.Error().Message("Unable to find a project with the Api Key: \"{0}\".", password).Write(); return(false); } var organizationRepository = Resolver.GetService <IOrganizationRepository>(); if (organizationRepository == null) { Log.Error().Message("Unable to resolve IOrganizationRepository").Write(); return(false); } var organization = organizationRepository.GetByIdCached(project.OrganizationId); if (organization == null) { Log.Error().Message("Unable to find organization: \"{0}\".", project.OrganizationId).Write(); return(false); } if (organization.IsSuspended) { Log.Error().Message("Rejecting authentication because the organization \"{0}\" is suspended.", project.OrganizationId).Write(); AuthDeniedReason = "Account has been suspended."; return(false); } principal = new ExceptionlessPrincipal(project); return(true); } var userRepository = Resolver.GetService <IUserRepository>(); if (userRepository == null) { Log.Error().Message("Unable to resolve IUserRepository").Write(); return(false); } User user = userRepository.GetByEmailAddress(emailAddress); if (user == null) { Log.Error().Message("Unable to find user a with the email address: \"{0}\".", emailAddress).Write(); return(false); } var membershipSecurity = Resolver.GetService <IMembershipSecurity>(); if (membershipSecurity == null) { Log.Error().Message("Unable to resolve IMembershipSecurity").Write(); return(false); } if (!String.Equals(user.Password, membershipSecurity.GetSaltedHash(password, user.Salt))) { Log.Error().Message("Invalid password").Write(); return(false); } principal = new ExceptionlessPrincipal(user); return(true); }
//[ValidateJsonAntiForgeryToken] public ActionResult Manage(ManageModel model) { ModelState state = ModelState["OldPassword"]; if (state != null) state.Errors.Clear(); state = ModelState["NewPassword"]; if (state != null) state.Errors.Clear(); state = ModelState["ConfirmPassword"]; if (state != null) state.Errors.Clear(); User user = User.UserEntity; if (ModelState.IsValid) { try { _userRepository.InvalidateCache(user); if (!String.Equals(user.EmailAddress, model.EmailAddress, StringComparison.OrdinalIgnoreCase)) { if (_userRepository.GetByEmailAddress(model.EmailAddress) != null) throw new InvalidOperationException("A user with this email address already exists."); user.IsEmailAddressVerified = user.OAuthAccounts.Count(oa => String.Equals(oa.EmailAddress(), model.EmailAddress, StringComparison.OrdinalIgnoreCase)) > 0; } user.EmailAddress = model.EmailAddress; user.EmailNotificationsEnabled = model.EmailNotificationsEnabled; user.FullName = model.FullName; _membershipProvider.UpdateAccount(user); // NOTE: If a user is updating their profile but hasn't verified the email address.. I think we should send them a notification every time.. if (!user.IsEmailAddressVerified) { user.VerifyEmailAddressToken = _membershipProvider.GenerateVerifyEmailToken(user.EmailAddress); _mailer.SendVerifyEmailAsync(user); } var principal = new ExceptionlessPrincipal(user); Thread.CurrentPrincipal = principal; if (System.Web.HttpContext.Current != null) System.Web.HttpContext.Current.User = principal; } catch (Exception e) { ModelState.AddModelError("", e.Message); } } if (!ModelState.IsValid) { Response.StatusCode = (int)HttpStatusCode.BadRequest; return Json(ModelState.ToDictionary()); } return Json(new { IsVerified = user.IsEmailAddressVerified }); }