// GET: /member/ChangePassword public virtual ActionResult ChangePassword(string issuedKey) { ActionResult returnValue = null; ProviderCurrentMember currentMember = ProviderCurrentMember.Instance; if (!string.IsNullOrWhiteSpace(issuedKey)) { ProviderIssuedKey aKey = new ProviderIssuedKey(); if (!aKey.Load(issuedKey)) { MessageVM returnMessageVM = new MessageVM { Image = ImageLibrary.Alert, CssClassContainer = "failure", Message = "Invalid key provided. Please <a href=\"" + Url.Action(MVC.Info.ContactUs()) + "\">contact us</a> to resolve the issue.", Title = "Login failure", LinkText = "Continue", LinkHref = Url.Action(MVC.Home.Index()) }; returnValue = View(MVC.Shared.Views.Message, returnMessageVM); } else { // validate the e-mail if it wasn't already. ProviderEmail anEmail = new ProviderEmail(); if (anEmail.Load(aKey.Data) && !anEmail.IsValidated) { anEmail.IsValidated = true; anEmail.EditDate = DateTime.UtcNow; anEmail.Save(); } List<string> errorList = new List<string>(); if (currentMember.Login(issuedKey, null, false, ref errorList) == ProviderCurrentMember.LoginEnum.success) { MessageVM returnMessageVM = new MessageVM { Image = ImageLibrary.Alert, CssClassContainer = "failure", Message = "Failed to login. Please <a href=\"" + Url.Action(MVC.Info.ContactUs()) + "\">contact us</a> to resolve the issue.", Title = "Login failure", LinkText = "Continue", LinkHref = Url.Action(MVC.Home.Index()), Details = errorList }; returnValue = View(MVC.Shared.Views.Message, returnMessageVM); } } } if(currentMember.IsLoggedOn) { ChangePasswordVM viewModel = new ChangePasswordVM { CurrentMemberId = currentMember.Id.Value }; returnValue = View(viewModel); } return returnValue; }
// POST: /member/delete public virtual ActionResult Delete(string key) { MessageVM returnMessageVM; ProviderIssuedKey issuedKey = new ProviderIssuedKey(); if (issuedKey.Load(key) && !issuedKey.HasExpired && issuedKey.IsValidated) { ProviderMember aMember = new ProviderMember(issuedKey.MemberId); ProviderCurrentMember currentMember = ProviderCurrentMember.Instance; // if the person is currently logged on with the account that is being deleted then log them off if (currentMember.Id == aMember.Id) { currentMember.LogOff(); } aMember.Delete(); returnMessageVM = new MessageVM { Image = ImageLibrary.Success, CssClassContainer = "success", Message = "Success! Member Acount deleted.", Title = "Acount Deleted", LinkText = "Continue", LinkHref = Url.Action(MVC.Home.Index()) }; } else { returnMessageVM = new MessageVM { Image = ImageLibrary.Alert, CssClassContainer = "failure", Message = "Failed to delete member account. Please <a href=\"" + Url.Action(MVC.Info.ContactUs()) + "\">contact us</a> to resolve the issue.", Title = "Account Deletion Failure", LinkText = "Continue", LinkHref = Url.Action( MVC.Home.Index() ) }; } return View("Message", returnMessageVM); }
// GET: /member/validate public virtual ActionResult ValidateEmail(string key) { ProviderCurrentMember currentMember = ProviderCurrentMember.Instance; List<string> errorList = new List<string>(); ProviderIssuedKey nonceKey = new ProviderIssuedKey(); MessageVM returnMessageVM = new MessageVM { Image = ImageLibrary.Alert, CssClassContainer = "failure", Message = "Failed to validate e-mail. Please <a href=\"" + Url.Action(MVC.Info.ContactUs()) + "\">contact us</a> to resolve the issue.", Title = "E-mail Validation Failure", LinkText = "Continue", LinkHref = Url.Action(MVC.Home.Index()), Details = errorList }; if (nonceKey.Load(key)) { ProviderEmail anEmail = new ProviderEmail(); if (anEmail.Load(nonceKey.Data)) { anEmail.IsValidated = true; anEmail.EditDate = DateTime.UtcNow; anEmail.Save(); if (currentMember.IsLoggedOn && currentMember.IsActive) { returnMessageVM = new MessageVM { Image = ImageLibrary.Success, CssClassContainer = "info", Message = "Your e-mail has been validated", Title = "E-mail validated" }; } else if (currentMember.Login(key, null, false, ref errorList) == ProviderCurrentMember.LoginEnum.success) { returnMessageVM = new MessageVM { Image = ImageLibrary.Success, CssClassContainer = "info", Message = "Welcome! Your account has been activated. Explore our site:", Title = "Account Activated", Details = new List<string> { "<a href='" + Url.Action( MVC.Home.Index(null, null) ) + "' class='button'>Home Page</a> Go back to the main page.", "<a href='" + Url.Action( MVC.Article.ArticleEdit(null, null) ) + "' class='button'>Publish</a> Become an author! Publish an article.", "<a href='" + Url.Action( MVC.Member.Profile(currentMember.Id.Value, null) ) + "' class='button'>Profile</a> Check out your new member profile " + "where you can review your published articles and add details to show others who you are." } }; } } } return View("Message", returnMessageVM); }
/// <summary> /// Temporary keys usually sent to members in e-mails to allow them to accomplish certain tasks such as: /// - Activating their account /// - Resetting their password /// - Anonymously editing their articles /// </summary> public ProviderIssuedKey NextNonceIssuedKey() { ProviderIssuedKey nonceKey = new ProviderIssuedKey(); nonceKey.CreateDate = DateTime.UtcNow; nonceKey.EditDate = DateTime.UtcNow; nonceKey.IsNonce = true; nonceKey.MemberId = Id.Value; nonceKey.Save(); return nonceKey; }
/// <summary> /// Function to send an Edit/Delete e-mail to a member. /// </summary> /// <param name="anArticle">Article that member would like to edit/delete</param> /// <param name="aMember">Member that will receive the e-mail</param> /// <returns>true if the e-mail was sent successfully and false otherwise.</returns> public bool SendEditArticleEmail(MailAddress email, ProviderArticle anArticle, ProviderMember aMember) { ProviderIssuedKey nonceIssuedKey = new ProviderIssuedKey(); nonceIssuedKey.LoadOrCreate(aMember.Id.Value, email.Address, true, null, true); // create a month issued key for editing the article ProviderIssuedKey monthExpiry = new ProviderIssuedKey(); monthExpiry.LoadOrCreate(aMember.Id.Value, email.Address, false, 1, true); string editUrl = HttpHost + "article/edit/" + anArticle.Id.Value + "/" + monthExpiry.IssuedKey; string activateUrl = HttpHost + "member/change_password/" + nonceIssuedKey.IssuedKey; string deleteUrl = HttpHost + "member/delete/" + nonceIssuedKey.IssuedKey; string submitState = ""; if (anArticle.IsPublished) { submitState = "Your article was submited to our system."; } else { submitState = "Your article was submited to our system as a draft."; } string category; if(anArticle.CategoryIds.Count > 0) { category = (new ProviderCategory(anArticle.CategoryIds[0])).Title; } else { category = "none"; } string emailBody = "DO NOT SHARE THIS E-MAIL OR REPLY TO THIS E-MAIL<br />" + "<br />" + "<br />" + submitState + "<br />" + "Id: "+anArticle.Id.Value.ToString()+"<br />" + "Title: "+anArticle.Title +"<br />" + "Category: " + category + "<br />" + "<br />" + "Click the link below to edit/delete your article at InsideWord:<br />" + "<a href='" + editUrl + "'>EDIT ARTICLE</a><br />" + "<br />"; if (!aMember.IsActive) { emailBody += "Click the link below to finish activating your account:<br />" + "<a href='" + activateUrl + "'>FINISH ACTIVATING ACCOUNT</a><br />" + "<br />" + "Don't know what this e-mail is about? Chances are someone used your e-mail by accident. Select the link below to delete the account:<br />" + "<a href='" + deleteUrl + "'>DELETE ACCOUNT</a><br />" + "<br />"; } emailBody += "<br />" + "<br />" + "<br />"; //+ DidYouKnow(); MailMessage aMailMessage = new MailMessage("*****@*****.**", email.Address, "InsideWord - edit article " + anArticle.Title, emailBody); aMailMessage.IsBodyHtml = true; DefaultSmtp.Send(aMailMessage); return true; }
public void SendActivationEmail(MailAddress email, ProviderMember aMember) { ProviderIssuedKey nonceIssuedKey = new ProviderIssuedKey(); nonceIssuedKey.LoadOrCreate(aMember.Id.Value, email.Address, true, null, true); string activateUrl = HttpHost + "member/validate_email/" + nonceIssuedKey.IssuedKey; string deleteUrl = HttpHost + "member/delete/" + nonceIssuedKey.IssuedKey; string emailBody = "DO NOT SHARE THIS E-MAIL OR REPLY TO THIS E-MAIL<br />" + "<br />" + "<br />" + "Click the link below to validate your e-mail with InsideWord:<br />" + "<a href='" + activateUrl + "'>VALIDATE E-MAIL</a><br />" + "<br />" + "Don't know what this e-mail is about? Chances are someone used your e-mail by accident. Select the link below to delete the account:<br />" + "<a href='" + deleteUrl + "'>DELETE ACCOUNT</a><br />" + "<br />" + "<br />" + "<br />"; //+ DidYouKnow(); MailMessage aMailMessage = new MailMessage("*****@*****.**", email.Address, "InsideWord - e-mail validation", emailBody); aMailMessage.IsBodyHtml = true; DefaultSmtp.Send(aMailMessage); }
public virtual JsonResult DomainIdentificationRequest(string domainAddress) { string from = "APILOGINFO - " + HttpContext.Request.UserHostAddress; InsideWordWebLog.Instance.Buffer(from, "DomainIdentificationRequest(" + domainAddress + ")"); ApiMsgVM returnMessage = new ApiMsgVM(1); Uri domainUri = null; if (!IWStringUtility.TryUrlDecode(domainAddress, out domainAddress) || !Uri.TryCreate(domainAddress, UriKind.Absolute, out domainUri)) { returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure; returnMessage.StatusMessage = domainAddress + " is an invalid uri"; } else { ProviderDomain aDomain = new ProviderDomain(); ProviderIssuedKey issuedKey = new ProviderIssuedKey(); ProviderMember aMember = new ProviderMember(); if (aDomain.Load(domainUri.AbsoluteUri)) { aMember.Load(aDomain.MemberId); } else { // Domain doesn't exist already so create it and a member aMember.CreateDate = DateTime.UtcNow; aMember.EditDate = DateTime.UtcNow; aMember.Save(); aDomain.CreateDate = DateTime.UtcNow; aDomain.EditDate = DateTime.UtcNow; aDomain.Domain = domainUri; aDomain.IsValidated = false; aDomain.MemberId = aMember.Id.Value; aDomain.Save(); } issuedKey.LoadOrCreate(aMember.Id.Value, domainUri.AbsoluteUri, true, 1, false); returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.success; returnMessage.StatusMessage = "Success"; returnMessage.Content = issuedKey.IssuedKey; } InsideWordWebLog.Instance.Buffer(from, "Done DomainIdentificationRequest - " + returnMessage); return Json(returnMessage); }
public virtual JsonResult DomainIdentification(string domainAddress, string subFolder) { string from = "APILOGINFO - " + HttpContext.Request.UserHostAddress; InsideWordWebLog.Instance.Buffer(from, "DomainIdentification(" + domainAddress + ", " + subFolder + ")"); ApiMsgVM returnMessage = new ApiMsgVM((int)ApiMsgVM.StatusEnum.failure); string subFolderDecoded = null; IWStringUtility.TryUrlDecode(subFolder, out subFolderDecoded, ""); Uri domainUri = null; Uri pathUri = null; if (!IWStringUtility.TryUrlDecode(domainAddress, out domainAddress) || !Uri.TryCreate(domainAddress, UriKind.Absolute, out domainUri)) { returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure; returnMessage.StatusMessage = domainAddress + " is an invalid uri"; } else if (!IWStringUtility.TryUriConcat(domainUri, subFolderDecoded, out pathUri)) { returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure; returnMessage.StatusMessage = domainUri.AbsoluteUri + " and " + subFolder + " form an invalid uri"; } else { ProviderDomain aDomain = new ProviderDomain(); ProviderIssuedKey issuedKey = new ProviderIssuedKey(); ProviderMember aMember = new ProviderMember(); if (!aDomain.Load(domainUri.AbsoluteUri)) { returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure; returnMessage.StatusMessage = domainUri.AbsoluteUri +" does not exist in our system. Use " +Url.Action(MVC.API.DomainIdentificationRequest()) +" to request a key and identify yourself first."; } else if(!aMember.Load(aDomain.MemberId)) { returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure; returnMessage.StatusMessage = "The member associated with this domain, " +domainUri.AbsoluteUri +", does not exist. Contact support to resolve this issue."; } else if (!issuedKey.LoadBy(aMember.Id.Value, domainUri.AbsoluteUri, true, 1)) { returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure; returnMessage.StatusMessage = "Your issued key has been used up already or was never issued. Use " + Url.Action(MVC.API.DomainIdentificationRequest()) + " to request a new key for identification."; } else { // all the data is good and we're ready to check if the key has been placed in the correct uri. bool isFetchSuccess = false; string htmlPage = null; HtmlDocument htmlDoc = new HtmlDocument(); try { using (WebClient client = new WebClient()) { // TODO: DOS attack is possible here by sending us to a page with a gig of data. // put some sort of precautionary check here to avoid loading too much data. htmlPage = client.DownloadString(pathUri.AbsoluteUri); } htmlDoc.LoadHtml(htmlPage); isFetchSuccess = true; } catch (Exception caughtException) { returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure; returnMessage.StatusMessage = "Failed to read the webpage at " + pathUri.AbsoluteUri; isFetchSuccess = false; } if (isFetchSuccess) { HtmlNode embeddedIssuedKey = htmlDoc.GetElementbyId(issuedKey.IssuedKey); if (embeddedIssuedKey == null || embeddedIssuedKey.Name.CompareTo("input") != 0) { returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.failure; returnMessage.StatusMessage = "Could not find hidden input tag with id containing the issued key at page " + pathUri.AbsoluteUri; } else { //we found it so let's validate the domain and return the issued keys aDomain.IsValidated = true; aDomain.EditDate = DateTime.UtcNow; aDomain.Save(); returnMessage.StatusCode = (int)ApiMsgVM.StatusEnum.success; returnMessage.StatusMessage = "You have been successfully validated. Here are the issued keys for this month and next months. Do not share these with anyone."; returnMessage.Content = aMember.CurrentMonthIssuedKey.IssuedKey + "," + aMember.NextMonthIssuedKey.IssuedKey; // decommission the issued key issuedKey.TryDecommission(); } } } } InsideWordWebLog.Instance.Buffer(from, "Done DomainIdentification - " + returnMessage); return Json(returnMessage); }