public void OnAuthentication(AuthenticationContext filterContext)
        {
            var customer = filterContext
                           .HttpContext
                           .GetCustomer();

            var principal = filterContext
                            .HttpContext
                            .GetOwinContext()
                            .Authentication
                            .User;

            var identity = ClaimsIdentityProvider.CreateClaimsIdentity(customer);

            if (customer.IsAdminUser != principal.IsInRole("Admin") ||
                customer.IsAdminSuperUser != principal.IsInRole("SuperAdmin"))
            {
                filterContext
                .HttpContext
                .GetOwinContext()
                .Authentication
                .SignIn(identity);
            }
        }
Exemplo n.º 2
0
        public ActionResult Create(AccountCreatePostModel model)
        {
            var customer = HttpContext.GetCustomer();

            if (!ModelState.IsValid)
            {
                return(RedirectToAction(ActionNames.Create));
            }

            if (!Customer.NewEmailPassesDuplicationRules(model.Account.Email, customer.CustomerID))
            {
                ModelState.AddModelError(
                    key: "Account.Email",
                    errorMessage: "That EMail Address is Already Used By Another Customer");
                return(RedirectToAction(ActionNames.Create));
            }

            switch (ControllerHelper.ValidateAccountPassword(customer, model.Account.Password, model.Account.PasswordConfirmation))
            {
            case AccountControllerHelper.PasswordValidationResult.DoesNotMatch:
                ModelState.AddModelError(
                    key: "Account.PasswordConfirmation",
                    errorMessage: "The new passwords do not match!");
                return(RedirectToAction(ActionNames.Create));

            case AccountControllerHelper.PasswordValidationResult.DoesNotMeetMinimum:
                ModelState.AddModelError(
                    key: "Account.Password",
                    errorMessage: "The new password you created does not meet the minimum requirements. Please make sure that your password is at least 7 characters long and includes at least one letter and at least one number.");
                return(RedirectToAction(ActionNames.Create));

            case AccountControllerHelper.PasswordValidationResult.NotStrong:
                ModelState.AddModelError(
                    key: "Account.Password",
                    errorMessage: "The new password you created is not a strong password. Please make sure that your password is at least 8 characters long and includes at least one upper case character, one lower case character, one number, and one \"symbol\" character (e.g. ?,&,#,$,%,etc).");

                return(RedirectToAction(ActionNames.Create));
            }

            if (AppConfigProvider.GetAppConfigValue <bool>("RequireOver13Checked") && !model.Account.IsOver13)
            {
                ModelState.AddModelError(
                    key: "Account.IsOver13",
                    errorMessage: "You Must Be Over 18 To Purchase or have Parental Consent");
                return(RedirectToAction(ActionNames.Create));
            }

            if (Settings.RequireCaptchaOnCreateAccount)
            {
                var securityCode = CaptchaStorageService.RetrieveSecurityCode(HttpContext, string.Concat(ControllerNames.Account, ActionNames.Create));
                if (!ControllerHelper.IsCaptchaValid(securityCode, model.Account.CaptchaCode))
                {
                    CaptchaStorageService.ClearSecurityCode(HttpContext);
                    ModelState.AddModelError(
                        key: "Account.CaptchaCode",
                        errorMessage: "The letters you entered did not match, please try again.");

                    return(RedirectToAction(ActionNames.Create));
                }
            }

            var registeredCustomer = ControllerHelper.CreateAccount(model.Account, customer);

            ControllerHelper.Login(
                signedInCustomer: registeredCustomer,
                profile: HttpContext.Profile,
                username: model.Account.Email,
                password: model.Account.Password,
                skinId: registeredCustomer.SkinID,
                registering: true);

            Request
            .GetOwinContext()
            .Authentication
            .SignOut();

            Request
            .GetOwinContext()
            .Authentication
            .SignIn(
                properties: new Microsoft.Owin.Security.AuthenticationProperties
            {
                IsPersistent = true
            },
                identities: ClaimsIdentityProvider
                .CreateClaimsIdentity(registeredCustomer));

            // Clear the captcha so additional requests use a different security code.
            CaptchaStorageService.ClearSecurityCode(HttpContext);

            if (AppConfigProvider.GetAppConfigValue <bool>("SendWelcomeEmail"))
            {
                SendWelcomeEmailProvider.SendWelcomeEmail(registeredCustomer);
            }

            NoticeProvider.PushNotice("You have successfully created a new account", NoticeType.Success);
            return(RedirectToAction(ActionNames.Index));
        }