public virtual ActionResult Edit(string id, string version, EditPackageRequest formData, string returnUrl)
{
var package = _packageService.FindPackageByIdAndVersion(id, version);
if (package == null)
{
return(HttpNotFound());
}
var user = _userService.FindByUsername(HttpContext.User.Identity.Name);
if (user == null || !package.IsOwner(HttpContext.User))
{
return(new HttpStatusCodeResult(403, "Forbidden"));
}
if (!ModelState.IsValid)
{
return(View());
}
// Add the edit request to a queue where it will be processed in the background.
if (formData.Edit != null)
{
_editPackageService.StartEditPackageRequest(package, formData.Edit, user);
_entitiesContext.SaveChanges();
}
return(Redirect(RedirectHelper.SafeRedirectUrl(Url, returnUrl ?? Url.Package(id, version))));
}
public virtual ActionResult Confirm(string username, string token)
{
// We don't want Login to have us as a return URL
// By having this value present in the dictionary BUT null, we don't put "returnUrl" on the Login link at all
ViewData[Constants.ReturnUrlViewDataKey] = null;
if (!String.Equals(username, Identity.Name, StringComparison.OrdinalIgnoreCase))
{
return(View(new ConfirmationViewModel
{
WrongUsername = true,
SuccessfulConfirmation = false,
}));
}
var user = UserService.FindByUsername(username);
if (user == null)
{
return(HttpNotFound());
}
string existingEmail = user.EmailAddress;
var model = new ConfirmationViewModel
{
ConfirmingNewAccount = String.IsNullOrEmpty(existingEmail),
SuccessfulConfirmation = true,
};
try
{
if (!UserService.ConfirmEmailAddress(user, token))
{
model.SuccessfulConfirmation = false;
}
}
catch (EntityException)
{
model.SuccessfulConfirmation = false;
model.DuplicateEmailAddress = true;
}
// SuccessfulConfirmation is required so that the confirm Action isn't a way to spam people.
// Change notice not required for new accounts.
if (model.SuccessfulConfirmation && !model.ConfirmingNewAccount)
{
MessageService.SendEmailChangeNoticeToPreviousEmailAddress(user, existingEmail);
string returnUrl = HttpContext.GetConfirmationReturnUrl();
if (!String.IsNullOrEmpty(returnUrl))
{
TempData["Message"] = "You have successfully confirmed your email address!";
return(new RedirectResult(RedirectHelper.SafeRedirectUrl(Url, returnUrl)));
}
}
return(View(model));
}
public virtual ActionResult Register(RegisterRequest request, string returnUrl)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[Constants.ReturnUrlViewDataKey] = returnUrl;
if (User != null && User.Identity != null && User.Identity.IsAuthenticated)
{
ModelState.AddModelError(String.Empty, "You are already logged in!");
return(View());
}
if (!ModelState.IsValid)
{
return(View());
}
User user;
try
{
user = UserService.Create(
request.Username,
request.Password,
request.EmailAddress);
}
catch (EntityException ex)
{
ModelState.AddModelError(String.Empty, ex.Message);
return(View());
}
SetAuthenticationCookie(user);
if (RedirectHelper.SafeRedirectUrl(Url, returnUrl) != RedirectHelper.SafeRedirectUrl(Url, null))
{
// User was on their way to a page other than the home page. Redirect them with a thank you for registering message.
TempData["Message"] = "Your account is now registered!";
return(new RedirectResult(RedirectHelper.SafeRedirectUrl(Url, returnUrl)));
}
// User was not on their way anywhere in particular. Show them the thanks/welcome page.
return(RedirectToAction(MVC.Users.Thanks()));
}
[ValidateInput(false)] // Security note: Disabling ASP.Net input validation which does things like disallow angle brackets in submissions. See http://go.microsoft.com/fwlink/?LinkID=212874
public virtual ActionResult Edit(string id, string version, EditPackageRequest formData, string returnUrl)
{
var package = _packageService.FindPackageByIdAndVersion(id, version);
if (package == null)
{
return(HttpNotFound());
}
var user = _userService.FindByUsername(HttpContext.User.Identity.Name);
if (user == null || !package.IsOwner(HttpContext.User))
{
return(new HttpStatusCodeResult(403, "Forbidden"));
}
if (!ModelState.IsValid)
{
formData.PackageId = package.PackageRegistration.Id;
formData.PackageTitle = package.Title;
formData.Version = package.Version;
var packageRegistration = _packageService.FindPackageRegistrationById(id);
formData.PackageVersions = packageRegistration.Packages
.OrderByDescending(p => new SemanticVersion(p.Version), Comparer <SemanticVersion> .Create((a, b) => a.CompareTo(b)))
.ToList();
return(View(formData));
}
// Add the edit request to a queue where it will be processed in the background.
if (formData.Edit != null)
{
_editPackageService.StartEditPackageRequest(package, formData.Edit, user);
_entitiesContext.SaveChanges();
}
return(Redirect(RedirectHelper.SafeRedirectUrl(Url, returnUrl ?? Url.Package(id, version))));
}
protected virtual ActionResult SafeRedirect(string returnUrl)
{
return(Redirect(RedirectHelper.SafeRedirectUrl(Url, returnUrl)));
}