/// <summary>
/// Authorizes spam prevention responses. If validation fails, updates model state accordingly.
/// </summary>
/// <param name="httpContext">The request's HTTP context.</param>
/// <param name="modelState">The request's model state.</param>
/// <param name="captchaValidator">The CAPTCHA validator to use to validate a CAPTCHA response, if present.</param>
public void Authorize(
HttpContextBase httpContext,
ModelStateDictionary modelState,
ICaptchaValidator captchaValidator)
{
if (httpContext == null)
throw new ArgumentNullException("httpContext");
if (modelState == null)
throw new ArgumentNullException("modelState");
if (captchaValidator == null)
throw new ArgumentNullException("captchaValidator");
// First check to see if the polite "noCAPTCHA" spam prevention worked.
var noCaptchaResponseIsValid = ValidateNoCaptchaResponse(httpContext);
if (noCaptchaResponseIsValid)
return;
// If there wasn't a valid "noCAPTCHA" response, we then check for a CAPTCHA response (the fallback for spam prevention).
var captchaResponseIsValid = captchaValidator.Validate(httpContext);
if (captchaResponseIsValid)
return;
// This model state error serves two purposes: it means the action can check ModelState.IsValid as normal,
// and it's also a signal to the HTML helper that the spam prevention check failed, and therefore to show a captcha.
modelState.AddModelError(
Const.ModelStateKey,
string.Empty);
}
public async Task <IActionResult> Register([FromBody] RegisterModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!model.Email.ToLower().EndsWith("pxl.be"))
{
return(BadRequest("Only PXL email adresses are allowed."));
}
var validationResult = await _captchaValidator.Validate(model.CaptchaToken, Request.HttpContext.Connection.RemoteIpAddress);
if (!validationResult.Success)
{
return(BadRequest("Could not verify captcha."));
}
var user = new User
{
UserName = model.Email,
Email = model.Email,
FirstName = model.FirstName,
LastName = model.LastName
};
var result = await _userManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
var role = user.Email.ToLower().EndsWith("student.pxl.be") ? Role.Constants.Student : Role.Constants.Lector;
await _userManager.AddToRoleAsync(user, role);
await SendConfirmUserEmailMessage(user);
return(Ok());
}
foreach (var error in result.Errors)
{
ModelState.AddModelError(error.Code, error.Description);
}
return(BadRequest(ModelState));
}
public ActionResult Authenticate()
{
/*
* The salt passed to the method below can by dynamic, so you can include
* some extra information like id, etc... something that you usually add
* into hidden input.
*/
ValidateAntiForgeryToken(AntiForgeryTokenSaltNames.Login
/*, Request.Form["id"], RouteData.Values["id"] as string */);
if (User.Identity.IsAuthenticated)
{
return(Ajax(RedirectToAction("index", "home")));
}
var viewData = new LogonViewData();
if (!TryUpdateModel(viewData)
| !TryUpdateModel(viewData.Details)
| !validationService.Validate(viewData) ||
!captchaValidator.Validate() ||
!membershipService.ValidateUser(viewData.Details))
{
ModelState.ResetModelValue("TuringNumber");
return(AlternatePartialView(viewData));
}
formsAuthentication.SignIn(
viewData.Details.UserName,
viewData.RememberMe,
Guid.NewGuid().Shrink()
/*
* You can read this value using formsAuthentication.UserData()
* at any place of the authenticated request
*/);
if (!String.IsNullOrEmpty(viewData.ReturnUrl))
{
return(Redirect(viewData.ReturnUrl));
}
return(Ajax(RedirectToAction("index", "home")));
}
/// <summary>
/// Authorizes spam prevention responses. If validation fails, updates model state accordingly.
/// </summary>
/// <param name="httpContext">The request's HTTP context.</param>
/// <param name="modelState">The request's model state.</param>
/// <param name="captchaValidator">The CAPTCHA validator to use to validate a CAPTCHA response, if present.</param>
public void Authorize(
HttpContextBase httpContext,
ModelStateDictionary modelState,
ICaptchaValidator captchaValidator)
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
if (modelState == null)
{
throw new ArgumentNullException("modelState");
}
if (captchaValidator == null)
{
throw new ArgumentNullException("captchaValidator");
}
// First check to see if the polite "noCAPTCHA" spam prevention worked.
var noCaptchaResponseIsValid = ValidateNoCaptchaResponse(httpContext);
if (noCaptchaResponseIsValid)
{
return;
}
// If there wasn't a valid "noCAPTCHA" response, we then check for a CAPTCHA response (the fallback for spam prevention).
var captchaResponseIsValid = captchaValidator.Validate(httpContext);
if (captchaResponseIsValid)
{
return;
}
// This model state error serves two purposes: it means the action can check ModelState.IsValid as normal,
// and it's also a signal to the HTML helper that the spam prevention check failed, and therefore to show a captcha.
modelState.AddModelError(
Const.ModelStateKey,
string.Empty);
}