public ActionResult SetRandenPassword(string Token = null) { if (string.IsNullOrWhiteSpace(Token)) { return(RedirectToAction("Index")); } var env = new Env(); var jws = new SimpleJws(); if (jws.Validate(Token, env.SecretKey)) { var payload = jws.Decode(Token); var MemberID = (string)payload["MemberID"]; var data = db.Members.Where(m => m.MemberID == MemberID).FirstOrDefault(); var password = ChoyPassword.Hash((string)payload["Password"], TimeConverter.ToTimestamp(data.CreateAt)); if (data.Psw != password) { try { data.Psw = password; db.Entry(data).State = EntityState.Modified; db.SaveChanges(); } catch { ViewBag.Error = "Sorry, the server is busy. Please try again later."; return(View()); } } } else { ViewBag.Error = "The apply has expired"; return(View()); } var url = Url.Action("Index") + "#/login"; return(Redirect(url)); }
public HttpResponseMessage Register(ApiAuthRegister data) { Env env = new Env(); SimpleJws jws = new SimpleJws(); HttpResponseMessage response = new HttpResponseMessage(); string token = data.Token; bool isSuccess = true; string messages = ""; if (token == null) // 缺乏 token { isSuccess = false; messages = "You don't have permission to access this server."; response.StatusCode = HttpStatusCode.Unauthorized; // 401 } else if (!jws.Validate(token, env.SecretKey)) // 缺乏 token { isSuccess = false; messages = "註冊連結已失效!!!"; response.StatusCode = HttpStatusCode.Unauthorized; // 401 } else if (data.Password.Length < 6 || data.Password.Length > 18) { isSuccess = false; messages = "Your password must be between 6 and 18 characters"; response.StatusCode = HttpStatusCode.BadRequest; // 400 } else { MemberSystem memberSystem = new MemberSystem(); Dictionary <string, object> jwt = jws.Decode(token); if (!jwt.ContainsKey("Email") || !jwt.ContainsKey("Gender") || !jwt.ContainsKey("Birthday")) { isSuccess = false; messages = "Invalid operation."; response.StatusCode = HttpStatusCode.BadRequest; // 400 } else { string name = jwt.ContainsKey("UserName") ? (string)jwt["UserName"] : null; DateTime now = DateTime.Now; Member member = new Member { Email = (string)jwt["Email"], Psw = ChoyPassword.Hash(data.Password, TimeConverter.ToTimestamp(now)), NickName = name, Gender = (bool)jwt["Gender"], Bday = TimeConverter.ToDateTime((long)jwt["Birthday"]), ContactEmail = (string)jwt["Email"], CreateAt = now, ProfilePic = memberSystem.GetFileBytes("\\Images\\carot.png"), ImageMimeType = "image/png", PerCode = 0, IsSuspended = false, LastLogInTime = now }; if (!memberSystem.Register(member)) { isSuccess = false; messages = "Registration failed"; response.StatusCode = HttpStatusCode.InternalServerError; // 500 } else { isSuccess = true; messages = "Registration success"; response.StatusCode = HttpStatusCode.OK; // 200 } } } var result = new { Success = isSuccess, Messages = messages }; response.Content = new StringContent(JsonConvert.SerializeObject(result)); response.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); return(response); }
/** * memberSystem.SendValidationEmailByAPI() 回復所代表意義 * return 0 : 表示 Email 寄送成功 * return 1 : 表示 Email 不能為空 || Email 格式錯誤 * return 2 : 表示 Email 已被註冊 * return 3 : 表示 UserName 不能超過 15 個字 * return 4 : 表示 Birthday 不能為空 || Birthday 不能晚於今日 */ public int SendValidationEmailByAPI(string Email, string UserName, bool Gender, DateTime Birthday, string link) { DateTime now = DateTime.Now; // Email 不能為空 || Email 格式錯誤 if (Email == null || !Validator.IsValidEmail(Email)) { return(1); } // Email 已被註冊 Member user = db.Members.Where(member => member.Email == Email).FirstOrDefault(); if (user != null) { return(2); } // UserName 不能超過 15 個字 if (UserName != null && UserName.Length > 15) { return(3); } // Birthday 不能為空 || Birthday 不能晚於今日 if (Birthday == null || DateTime.Compare(now, Birthday) < 0) { return(4); } Env env = new Env(); SimpleJws jws = new SimpleJws(); Dictionary <string, object> payload = new Dictionary <string, object>(); payload.Add("Email", Email); if (UserName != null) { payload.Add("UserName", UserName); } payload.Add("Gender", Gender); payload.Add("Birthday", TimeConverter.ToTimestamp(Birthday)); payload.Add("exp", TimeConverter.ToTimestamp(now.AddMinutes(30))); string token = jws.Encode(payload, env.SecretKey); var client = new RestClient(env.SendEmailAPI); client.Timeout = -1; var request = new RestRequest(Method.POST); request.AddHeader("Content-Type", "application/json"); var content = new { Recipient = Email, Link = link.Split('#').Length > 1 ? link.Replace("/#", $"?token={token}#") : $"{link}?token={token}", Name = UserName ?? null }; request.AddParameter("application/json", JsonConvert.SerializeObject(content), ParameterType.RequestBody); IRestResponse response = client.Execute(request); Dictionary <string, object> dict_response = JsonConvert.DeserializeObject <Dictionary <string, object> >(response.Content); return(0); }
public HttpResponseMessage ForgetPassword(ApiAuthForgetPassword request) { var response = new JsonResponse(); if (string.IsNullOrWhiteSpace(request.Email) || !Validator.IsValidEmail(request.Email)) { response.Set(new { Success = false, Message = "信箱格式錯誤,請重新輸入 !!" }, HttpStatusCode.BadRequest); // Http Status Code: 400 return(response.Get()); } var db = new ChoyContext(); var data = db.Members.Where(m => m.Email == request.Email).FirstOrDefault(); if (data != null) { // 產生暫時密碼 string allowedChars = "abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ0123456789"; int passwordLength = 18;//密碼長度 char[] chars = new char[passwordLength]; Random rd = new Random(); for (int i = 0; i < passwordLength; i++) { chars[i] = allowedChars[rd.Next(0, allowedChars.Length)]; // 隨機從 allowedChars 取得一個字 } string password = new string(chars); var env = new Env(); var jws = new SimpleJws(); var payload = new Dictionary <string, object>(); var exp = DateTime.Now.AddMinutes(45); payload.Add("MemberID", data.MemberID); payload.Add("Password", password); payload.Add("exp", TimeConverter.ToTimestamp(exp)); // 時效 45 string token = jws.Encode(payload, env.SecretKey); string link = HttpContext.Current.Request.Url.AbsoluteUri.Replace(HttpContext.Current.Request.Url.PathAndQuery, "/Home/SetRandenPassword"); var client = new RestClient(env.SendForgetPassworadEmailAPI); client.Timeout = -1; var req = new RestRequest(Method.POST); req.AddHeader("Content-Type", "application/json"); var content = new { Recipient = data.ContactEmail, NickName = data.NickName, Link = link + $"?Token={token}", Exp = exp.ToString("MM/dd/yyyy HH:mm:ss"), Password = password, }; req.AddParameter("application/json", JsonConvert.SerializeObject(content), ParameterType.RequestBody); IRestResponse res = client.Execute(req); // var dict_response = JsonConvert.DeserializeObject<Dictionary<string, object>>(res.Content); // HttpStatusCode statusCode = res.StatusCode; // int numericStatusCode = (int)statusCode; // if (!(bool)dict_response["Success"]) // { // response.Set(new // { // Success = false, // Message = dict_response["Messages"] // }, HttpStatusCode.InternalServerError); // Http Status Code: 500 // return response.Get(); // } } // else // { // response.Set(new // { // Success = false, // Message = "此信箱尚未被註冊" // }, HttpStatusCode.NotFound); // Http Status Code: 404 // return response.Get(); // } response.Set(new { Success = true, Message = "如果此註冊信箱存在,暫時密碼已透過 Email 寄送,請至您於本站設定的聯絡 Email 收信 !!" }, HttpStatusCode.BadRequest); // Http Status Code: 400 return(response.Get()); }