public ActionResult ForgotPassword(ForgotPassword model)
{
if (ModelState.IsValid)
{
//get user by email address
var user = Db.SingleOrDefault <User>(new { model.Email, IsDeleted = false });
//if no matching user, error
if (user == null)
{
ModelState.AddModelErrorFor <ForgotPassword>(x => x.Email, "A user could not be found with that email address");
return(View(model));
}
// Create token and send email
var token = new PasswordRetrieval(user, Guid.NewGuid());
Db.Save(token);
Metrics.Increment(Metric.Users_SendPasswordResetEmail);
_mailController.ForgotPassword(new ViewModels.Mail.ForgotPassword
{
To = user.Email,
Token = token.Token
}).Deliver();
return(View("ForgotPasswordConfirmation"));
}
return(View(model));
}
public ActionResult Login(Login model)
{
if (ModelState.IsValid)
{
var user = Db.Query <User>("select top 1 * from [{0}] where (Username=@Username OR Email=@Username) and Password=@Password and IsDeleted=0".Fmt(Db.GetTableName <User>()), new
{
model.Username,
Password = model.Password.ToSHAHash()
}).SingleOrDefault();
if (user != null)
{
_authenticationService.SetLoginCookie(user, model.RememberMe);
Metrics.Increment(Metric.Users_SuccessfulLogin);
if (Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
return(RedirectToAction("Index", "Home"));
}
ModelState.AddModelErrorFor <Login>(x => x.Username, string.Format("The user name or password provided is incorrect. Did you <a href='{0}'>forget your password?</a>", Url.Account().ForgotPassword()));
}
Metrics.Increment(Metric.Users_FailedLogin);
// If we got this far, something failed, redisplay form
model.Password = null; //clear the password so they have to re-enter it
return(View(model));
}
public ActionResult Avatar(AvatarViewModel model, string ExternalImageURL)
{
switch (model.AvatarType)
{
case AvatarType.Url:
if (string.IsNullOrWhiteSpace(model.Url))
{
ModelState.AddModelError("Url", "Enter an avatar url.");
}
break;
case AvatarType.Upload:
List <string> validFormats = new List <string>
{
"image/png", "image/x-png",
"image/gif", "image/x-gif",
"image/jpeg", "image/x-jpeg",
"image/jpg", "image/x-jpg",
};
if (model.Image == null || model.Image.ContentLength == 0)
{
ModelState.AddModelErrorFor <AvatarViewModel>(m => m.Image.FileName, "Please select an image to upload.");
}
else if (!validFormats.Contains(model.Image.ContentType))
{
ModelState.AddModelErrorFor <AvatarViewModel>(m => m.Image, "Invalid file format; only gif,png,jpeg,jpg are allowed.");
}
break;
case AvatarType.None:
default:
break;
}
if (IsModelValidAndPersistErrors())
{
switch (model.AvatarType)
{
case AvatarType.Upload:
string uploadedFileName = _fileServices.UploadAvatar(model.Image);
_userServices.UpdateAvatarToUpload(_currentUser.UserID, uploadedFileName);
break;
case AvatarType.Url:
_userServices.UpdateAvatarToUrl(_currentUser.UserID, model.Url);
break;
case AvatarType.None:
default:
_userServices.UpdateAvatarToNone(_currentUser.UserID);
break;
}
SetSuccess("Profile Settings Updated");
}
return(RedirectToSelf());
}
public ActionResult Register(Register model)
{
if (ModelState.IsValid)
{
if (_authenticationService.ReservedUsernames.Any(x => model.Username.Equals(x, StringComparison.OrdinalIgnoreCase)))
{
ModelState.AddModelErrorFor <Register>(x => x.Username, "Username is unavailable");
}
else
{
var user = Db.Query <User>("select top 1 * from [{0}] where IsDeleted=0 AND (Username=@Username OR Email=@Email)".Fmt(Db.GetTableName <User>()), new
{
model.Username,
model.Email
}
).SingleOrDefault();
if (user != null)
{
if (user.Username.Equals(model.Username, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelErrorFor <Register>(x => x.Username, "Username is already in use");
}
if (user.Email.Equals(model.Email, StringComparison.OrdinalIgnoreCase))
{
ModelState.AddModelErrorFor <Register>(x => x.Email, "A user with that email exists");
}
}
}
}
if (ModelState.IsValid)
{
var newUser = Mapper.Map <User>(model);
newUser.Password = model.Password.ToSHAHash();
_userService.Save(newUser);
Metrics.Increment(Metric.Users_Register);
_mailController.Welcome(new ViewModels.Mail.Welcome
{
Username = newUser.Username,
To = newUser.Email
}).Deliver();
// Auto login the user
_authenticationService.SetLoginCookie(newUser, false);
NotifySuccess("Your account has been created and you have been logged in. Enjoy!");
return(Redirect(Url.Home().Index()));
}
// If we got this far, something failed, redisplay form
model.Password = null; //clear the password so they have to re-enter it
return(View(model));
}
public ActionResult Register(RegisterViewModel model)
{
int usernameMin = SiteConfig.UsernameMin.ToInt();
int usernameMax = SiteConfig.UsernameMax.ToInt();
int passwordMinimum = SiteConfig.PasswordMin.ToInt();
if (model.Username == null || model.Username.Length > usernameMax || model.Username.Length < usernameMin)
{
string message = string.Format("Username length must be between {0} and {1} characters long", usernameMin, usernameMax);
ModelState.AddModelErrorFor <RegisterViewModel>(m => m.Username, message);
}
else if (_userServices.GetUser(model.Username) != null)
{
ModelState.AddModelErrorFor <RegisterViewModel>(m => m.Username, "Username already taken");
}
if (_userServices.EmailInUse(model.Email))
{
ModelState.AddModelErrorFor <RegisterViewModel>(m => m.Email, "Email is already in use by another user");
}
if (model.Password == null || model.Password.Length < passwordMinimum)
{
string message = string.Format("Password must be at least {0}", passwordMinimum);
ModelState.AddModelErrorFor <RegisterViewModel>(m => m.Password, message);
}
if (IsModelValidAndPersistErrors())
{
string ActivationType = SiteConfig.AccountActivation.Value;
User user = _userServices.Register(model.Username, model.Password, model.Email);
string CreateSucess = "User <b>" + user.Username + "</b> was created.";
if (ActivationType == "Email")
{
CreateSucess += " An activation email has been sent to <b>" +
user.Email + "</b> with details on how to activate the account";
string confirm_url = Url.Action("ActivateUser", "Auth", new { uname = user.Username, code = user.ActivationCode });
_emailServices.Registration(user, confirm_url);
}
else if (ActivationType == "Admin")
{
CreateSucess += " Admin activation is required. You will not be able to login until an admin activates your account";
}
SetSuccess(CreateSucess);
return(RedirectToAction("Login"));
}
return(RedirectToSelf());
}
public ActionResult Register(RegisterViewModel model)
{
if (_userService.EmailInUse(model.Email))
{
ModelState.AddModelErrorFor <RegisterViewModel>(m => m.Email, "Email is already in use by another user.");
}
if (IsModelValidAndPersistErrors())
{
User user = _userService.Register(model.Email, model.Password, Request.UserHostAddress);
SetSuccess("Account successfully created.");
WelcomeEmail welcomeEmail = Emailer.Welcome(user.Email, model.Password, Url.Action("Login", "Security"));
welcomeEmail.SendAsync();
return(RedirectToAction("Login"));
}
return(RedirectToSelf());
}
public ActionResult Login(LoginViewModel model)
{
if (ModelState.IsValid)
{
bool valid = _securityService.ValidateLogin(model.Email, model.Password, Request.UserHostAddress);
if (valid)
{
FormsAuthentication.SetAuthCookie(model.Email, model.RememberMe);
SetSuccess("You have been logged in.");
return(RedirectToRoute(new { controller = "Home", action = "Index" }));
}
else
{
ModelState.AddModelErrorFor <LoginViewModel>(m => m.Email, "Invalid login information.");
}
}
PersistModelState();
return(RedirectToSelf());
}
public ActionResult ResetPassword(ResetPasswordViewModel model)
{
PasswordResetRequest passwordResetRequest = null;
try
{
passwordResetRequest = _securityService.IssuePasswordResetRequest(model.Email);
}
catch
{
ModelState.AddModelErrorFor <ResetPasswordViewModel>(m => m.Email, "Email was not found.");
}
if (IsModelValidAndPersistErrors())
{
string code = passwordResetRequest.Code.ToString();
string resetUrl = Url.RouteUrl(new { action = "DoResetPassword", controller = "Security", email = model.Email, code = code });
var email = Emailer.PasswordResetRequest(model.Email, resetUrl);
email.SendAsync();
SetSuccess("A password reset link was sent to the email provided. Please check your email and your spam folders for the link.");
}
return(RedirectToSelf());
}
