public async Task<IHttpActionResult> LoginLocal(string signin, LoginCredentials model)
{
Logger.Info("Login page submitted");
if (this.options.AuthenticationOptions.EnableLocalLogin == false)
{
Logger.Warn("EnableLocalLogin disabled -- returning 405 MethodNotAllowed");
return StatusCode(HttpStatusCode.MethodNotAllowed);
}
if (signin.IsMissing())
{
Logger.Error("No signin id passed");
return RenderErrorPage(localizationService.GetMessage(MessageIds.NoSignInCookie));
}
var signInMessage = signInMessageCookie.Read(signin);
if (signInMessage == null)
{
Logger.Error("No cookie matching signin id found");
return RenderErrorPage(localizationService.GetMessage(MessageIds.NoSignInCookie));
}
if (model == null)
{
Logger.Error("no data submitted");
return await RenderLoginPage(signInMessage, signin, localizationService.GetMessage(MessageIds.InvalidUsernameOrPassword));
}
if (String.IsNullOrWhiteSpace(model.Username))
{
ModelState.AddModelError("Username", localizationService.GetMessage(MessageIds.UsernameRequired));
}
if (String.IsNullOrWhiteSpace(model.Password))
{
ModelState.AddModelError("Password", localizationService.GetMessage(MessageIds.PasswordRequired));
}
model.RememberMe = options.AuthenticationOptions.CookieOptions.CalculateRememberMeFromUserInput(model.RememberMe);
if (!ModelState.IsValid)
{
Logger.Warn("validation error: username or password missing");
return await RenderLoginPage(signInMessage, signin, ModelState.GetError(), model.Username, model.RememberMe == true);
}
var authResult = await userService.AuthenticateLocalAsync(model.Username, model.Password, signInMessage);
if (authResult == null)
{
Logger.WarnFormat("user service indicated incorrect username or password for username: {0}", model.Username);
var errorMessage = localizationService.GetMessage(MessageIds.InvalidUsernameOrPassword);
eventService.RaiseLocalLoginFailureEvent(model.Username, signin, signInMessage, errorMessage);
return await RenderLoginPage(signInMessage, signin, errorMessage, model.Username, model.RememberMe == true);
}
if (authResult.IsError)
{
Logger.WarnFormat("user service returned an error message: {0}", authResult.ErrorMessage);
eventService.RaiseLocalLoginFailureEvent(model.Username, signin, signInMessage, authResult.ErrorMessage);
return await RenderLoginPage(signInMessage, signin, authResult.ErrorMessage, model.Username, model.RememberMe == true);
}
eventService.RaiseLocalLoginSuccessEvent(model.Username, signin, signInMessage, authResult);
lastUsernameCookie.SetValue(model.Username);
return SignInAndRedirect(signInMessage, signin, authResult, model.RememberMe);
}
public async Task<IHttpActionResult> LoginLocal(string signin, LoginCredentials model)
{
Logger.Info("Login page submitted");
if (this._options.AuthenticationOptions.EnableLocalLogin == false)
{
Logger.Warn("EnableLocalLogin disabled -- returning 405 MethodNotAllowed");
return StatusCode(HttpStatusCode.MethodNotAllowed);
}
if (signin.IsMissing())
{
Logger.Error("No signin id passed");
return RenderErrorPage();
}
var cookie = new MessageCookie<SignInMessage>(Request.GetOwinContext(), this._options);
var signInMessage = cookie.Read(signin);
if (signInMessage == null)
{
Logger.Error("No cookie matching signin id found");
return RenderErrorPage();
}
if (model == null)
{
Logger.Error("no data submitted");
return await RenderLoginPage(signInMessage, signin, Messages.InvalidUsernameOrPassword);
}
// the browser will only send 'true' if ther user has checked the checkbox
// it will pass nothing if the user does not check the checkbox
// this check here is to establish if the user deliberatly did not check the checkbox
// or if the checkbox was not presented as an option (and thus AllowRememberMe is not allowed)
// true means they did check it, false means they did not, null means they were not presented with the choice
if (_options.AuthenticationOptions.CookieOptions.AllowRememberMe)
{
if (model.RememberMe != true)
{
model.RememberMe = false;
}
}
else
{
model.RememberMe = null;
}
if (!ModelState.IsValid)
{
Logger.Warn("validation error: username or password missing");
return await RenderLoginPage(signInMessage, signin, ModelState.GetError(), model.Username, model.RememberMe == true);
}
var authResult = await _userService.AuthenticateLocalAsync(model.Username, model.Password, signInMessage);
if (authResult == null)
{
Logger.WarnFormat("user service indicated incorrect username or password for username: {0}", model.Username);
return await RenderLoginPage(signInMessage, signin, Messages.InvalidUsernameOrPassword, model.Username, model.RememberMe == true);
}
if (authResult.IsError)
{
Logger.WarnFormat("user service returned an error message: {0}", authResult.ErrorMessage);
return await RenderLoginPage(signInMessage, signin, authResult.ErrorMessage, model.Username, model.RememberMe == true);
}
RaiseLocalLoginSuccessEvent(model.Username, signInMessage, authResult);
IssueLastUsernameCookie(model.Username);
return SignInAndRedirect(signInMessage, signin, authResult, model.RememberMe);
}