public ActionResult Forgot([Bind(Include = "username,email")] UserPassChange upc)
{
User user = db.Users.Find(upc.username);
if (user == null)
{
}
else if (user.email != upc.email)
{
user = null;
}
if (user != null)
{
String forKey = "/Reset?kstr=" + RandomPassword.Generate(44, PasswordGroup.Uppercase, PasswordGroup.Lowercase, PasswordGroup.Numeric);
user.forString = forKey;
db.Entry(user).State = EntityState.Modified;
db.SaveChanges();
genLog("Forgot", "Accout Reset Sent: link = " + forKey, user.username);
return(RedirectToAction("Index", "Users"));
}
else
{
ModelState.AddModelError("Error", "User or Email not found");
}
return(View(upc));
}
void IMapper.Map(User user, UserPassChange userPassChange)
{
userPassChange.Id = user.Id;
userPassChange.PasswordSalt = user.PasswordSalt;
foreach (string item in user.OldPasswords)
{
userPassChange.OldPasswords.Enqueue(item);
}
userPassChange.Password = user.Password;
}
// Create UserPassChange from user
private UserPassChange uToUpc(User user)
{
UserPassChange upc = new UserPassChange();
upc.username = user.username;
upc.avPath = user.avPath;
upc.thumbPath = user.thumbPath;
upc.email = user.email;
return(upc);
}
/// <summary>
/// Changes password for the user. Returns with a class containing error messages and a boolean representing the success of the password change.
/// </summary>
/// <param name="user">Logged in user</param>
/// <param name="newPassword">New password</param>
/// <param name="oldPassword">Old password for authentication</param>
/// <returns></returns>
public ValidationResult ChangePassword(string email, string newPassword)
{
User user = GetUser(email);
logService.Create("Jelszóváltási kísérlet", user.Name);
//Reusing ValidationResult from the validators, it passes error messages to the Presentation Layer.
ValidationResult result = new ValidationResult();
//Using userPassChange DTO with automapper
UserPassChange userPassChng = new UserPassChange();
mapper.Map(user, userPassChng);
userPassChng.NewPassword = newPassword;
//Validating new password
ValidationResult newPass = Validator <UserPassChange> .Validate(userPassChng);
if (!newPass.IsValid)
{
result.Errors.AddRange(newPass.Errors);
logService.Create($"Jelszó változtatás sikertelen: az új jelszó nem felel meg a követelményeknek.", user.Name);
}
else
{
userPassChng.HashedNewPassword = Hasher.Hash(userPassChng.NewPassword, userPassChng.PasswordSalt.ToByteArray()).ToBase64String();
//checking the last 5 passwords
if (userPassChng.OldPasswords.Contains(userPassChng.HashedNewPassword) || userPassChng.HashedNewPassword == userPassChng.Password)
{
result.Errors.Add("Az új jelszónak különböznie kell a korábbi 5 jelszótól");
logService.Create($"Jelszó váltás sikertelen: a felhasználó a régi jelszót kísérlete meg felhasználni.");
}
else //Shifting user's passwords & updating the repo
{
if (userPassChng.OldPasswords.Count > 3)
{
userPassChng.OldPasswords.Dequeue();
}
userPassChng.OldPasswords.Enqueue(userPassChng.Password);
userPassChng.Password = userPassChng.HashedNewPassword;
//giving back passwords to user & updating repo
mapper.Map(userPassChng, user);
dataRepo.UpdateUser(user);
logService.Create($"A felhasználó jelszavát frissítettük.");
}
}
return(result);
}
// GET: Reset
// validate reset string and user
// return user Reset if valid
public ActionResult Reset(string kstr)
{
if (kstr != null && kstr.Length > 0 && kstr.Length < 45)
{
kstr = Regex.Replace(kstr, "[^0-9a-zA-Z]+", "");
User user = db.Users.FirstOrDefault(User => User.forString == "/Reset?kstr=" + kstr);
UserPassChange upc = uToUpc(user);
if (user != null)
{
return(View(upc));
}
}
return(RedirectToAction("Index"));
}
// GET: Profile
public ActionResult Profile()
{
if (!Request.IsAuthenticated)
{
return(RedirectToAction("Login"));
}
User user = db.Users.Find(this.User.Identity.Name);
if (user == null)
{
return(HttpNotFound());
}
UserPassChange upc = uToUpc(user);
return(View(upc));
}
public ActionResult Reset([Bind(Include = "username,newpass,confpass")] UserPassChange upc)
{
var crypto = new SimpleCrypto.PBKDF2();
User user = db.Users.Find(upc.username);
upc.password = crypto.Compute(upc.newpass);
user.password = upc.password;
user.forString = "";
user.salt = crypto.Salt;
db.Entry(user).State = EntityState.Modified;
db.SaveChanges();
genLog("Reset", "Password Reset", user.username);
Session["smsg"] = "Your password has been reset.";
return(RedirectToAction("Success"));
}
// GET: Edit
// Authenticate
public ActionResult Edit()
{
if (!Request.IsAuthenticated)
{
return(RedirectToAction("Login"));
}
string name = this.User.Identity.Name;
User user = db.Users.Find(name);
UserPassChange upc = new UserPassChange();
upc.email = user.email;
upc.username = user.username;
user.password = "";
return(View(upc));
}
// GET: Unlock
// validate token, unlock user, log
public ActionResult Unlock(string kstr)
{
if (kstr != null && kstr.Length > 0 && kstr.Length < 45)
{
kstr = Regex.Replace(kstr, "[^0-9a-zA-Z]+", "");
User user = db.Users.FirstOrDefault(User => User.unlString == "/Unlock?kstr=" + kstr);
UserPassChange upc = uToUpc(user);
if (user != null)
{
user.locked = false;
user.attempts = 0;
user.unlString = null;
db.Entry(user).State = EntityState.Modified;
db.SaveChanges();
genLog("Unlock", "Accout Unlocking", user.username);
Session["smsg"] = "Your account has been unlocked.";
return(RedirectToAction("Success"));
}
}
return(RedirectToAction("Index"));
}
public ActionResult Edit([Bind(Include = "email,password,newpass,confpass")] UserPassChange upc)
{
var crypto = new SimpleCrypto.PBKDF2();
upc.username = this.User.Identity.Name;
User user = db.Users.Find(upc.username);
upc.password = crypto.Compute(upc.password, user.salt);
if (upc.password == user.password)
{
user.password = crypto.Compute(upc.newpass);
user.salt = crypto.Salt;
db.Entry(user).State = EntityState.Modified;
db.SaveChanges();
Session["smsg"] = "Password Updated.";
genLog("PassChange", "Password Updated", user.username);
return(RedirectToAction("Success"));
}
ModelState.AddModelError("password", "Wrong Password");
upc.password = "";
return(View(upc));
}
// Create UserPassChange from user
private UserPassChange uToUpc(User user)
{
UserPassChange upc = new UserPassChange();
upc.username = user.username;
upc.avPath = user.avPath;
upc.thumbPath = user.thumbPath;
upc.email = user.email;
return (upc);
}
// GET: Edit
// Authenticate
public ActionResult Edit()
{
if (!Request.IsAuthenticated)
{
return RedirectToAction("Login");
}
string name = this.User.Identity.Name;
User user = db.Users.Find(name);
UserPassChange upc = new UserPassChange();
upc.email = user.email;
upc.username = user.username;
user.password = "";
return View(upc);
}
public ActionResult Profile([Bind(Include = "Image,email,username")] UserPassChange user)
{
user.username = this.User.Identity.Name;
User ruser = db.Users.Find(user.username);
user.avPath = ruser.avPath;
user.thumbPath = ruser.thumbPath;
user.email = ruser.email;
var validImageTypes = new string[]
{
"image/gif",
"image/jpeg",
"image/bmp",
"image/png"
};
if (user.Image == null || user.Image.ContentLength == 0)
{
}
else if (user.Image.ContentLength > 1000000)
{
ModelState.AddModelError("ImageUpload", "Image cannot be larger than 1mb");
}
else if (!validImageTypes.Contains(user.Image.ContentType))
{
ModelState.AddModelError("ImageUpload", "Please choose either a GIF, JPG or PNG image.");
}
else
{
WebImage photo;
String newFileName = "";
var imagePath = "";
var imageThumbPath = "";
Image img = Image.FromStream(user.Image.InputStream);
Bitmap bmi = new Bitmap(img);
photo = new WebImage(user.Image.InputStream);
newFileName = Guid.NewGuid().ToString() + "_." + photo.ImageFormat;
imagePath = "/Content/images/";
using (MemoryStream memory = new MemoryStream())
{
using (FileStream fs = new FileStream(AppDomain.CurrentDomain.BaseDirectory + imagePath + @newFileName, FileMode.Create, FileAccess.ReadWrite))
{
bmi.Save(memory, ImageFormat.Jpeg);
byte[] bytes = memory.ToArray();
fs.Write(bytes, 0, bytes.Length);
}
}
imageThumbPath = "/Content/images/thumbs/";
bmi = new Bitmap(bmi.GetThumbnailImage(100, 100, null, IntPtr.Zero));
using (MemoryStream memory = new MemoryStream())
{
using (FileStream fs = new FileStream(AppDomain.CurrentDomain.BaseDirectory + imageThumbPath + @newFileName, FileMode.Create, FileAccess.ReadWrite))
{
bmi.Save(memory, ImageFormat.Jpeg);
byte[] bytes = memory.ToArray();
fs.Write(bytes, 0, bytes.Length);
}
}
ruser.avPath = imagePath + newFileName;
ruser.thumbPath = imageThumbPath + newFileName;
user.avPath = ruser.avPath;
user.thumbPath = ruser.thumbPath;
user.email = ruser.email;
db.Entry(ruser).State = EntityState.Modified;
db.SaveChanges();
genLog("Profile", "Update Profile", user.username);
}
return(View(user));
}
