//Todo: Verify errors are acceptable to display to user
//Todo: Validate or improve error messages
public async Task<ActionResult> Login(LoginViewModel model)
{
if (!ModelState.IsValid)
{
return View(model);
}
var appUserService = new ApplicationUserDataService();
var userResult = await appUserService.GetByUserNameAsync(model.UserName);
if (!userResult.IsSuccessful)
{
ModelState.AddModelError("", "An error occurred with the login username/password");
return View(model);
}
var user = userResult.Data;
Session[SessionIdKey] = Session.SessionID;
var sessionId = Session[SessionIdKey].ToString();
var loginInfoService = new LoginInfoDataService();
var checkIfLoggedInElsewhereResult = loginInfoService.IsUserLoggedInElsewhere(user.Id, sessionId);
if (!checkIfLoggedInElsewhereResult.IsSuccessful)
{
ModelState.AddModelError("LoggedInElsewhere","An error occurred while verifying that the user is not logged in elsewhere.");
return View(ModelState);
}
var userIsLoggedInElsewhere = checkIfLoggedInElsewhereResult.Data;
if (userIsLoggedInElsewhere)
{
var logoutUserElsewhereResult = loginInfoService.LogOutUserElsewhere(user.Id);
if (!logoutUserElsewhereResult.IsSuccessful)
{
ModelState.AddModelError("", "An error occurred logged out of your previous session");
return View(model);
}
}
var result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
return RedirectToAction("Index", "AngularAccess");
case SignInStatus.Failure:
default:ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
}
public async Task<IHttpActionResult> GetLoggedInUser()
{
var processingResult = new ServiceProcessingResult<LoggedInUserViewBindingModel>{ IsSuccessful = true };
var loggedInUserId = LoggedInUserId;
var appUserService = new ApplicationUserDataService();
var loggedInUser = await appUserService.GetAsync(loggedInUserId);
if (!loggedInUser.IsSuccessful)
{
processingResult.IsSuccessful = false;
processingResult.Error = ErrorValues.GET_LOGGED_IN_USER_INFO_ERROR;
return Ok(processingResult);
}
var user = loggedInUser.Data;
processingResult.Data = user.ToLoggedInUserViewBindingModel();
return Ok(processingResult);
}
public async Task<IHttpActionResult> ResetUsersPassword(string userId)
{
var processingResult = new ServiceProcessingResult();
var appUserService = new ApplicationUserDataService();
var userManager = HttpContext.Current.GetOwinContext().GetUserManager<ApplicationUserManager>();
var baseUrl = Request.RequestUri.Authority;
var code = await userManager.GeneratePasswordResetTokenAsync(userId);
var helper = new System.Web.Mvc.UrlHelper(HttpContext.Current.Request.RequestContext);
var callbackPath = helper.Action("ResetPassword", "Authentication", new { userId = userId, code = code });
var callbackUrl = baseUrl + callbackPath;
try
{
await
userManager.SendEmailAsync(userId, "Reset Password",
"Please reset your password by clicking <a href=\"" + callbackUrl + "\">here</a>");
processingResult.IsSuccessful = true;
}
catch (Exception ex)
{
processingResult.IsSuccessful = false;
processingResult.Error = new ProcessingError("Email failed to send.", ex.Message, false);
}
return Ok(processingResult);
}
public async Task<IHttpActionResult> SetCompanyId(string userid, string newclientId)
{
var processingResult = new ServiceProcessingResult();
if (LoggedInUser.Role.IsSuperAdmin()) //make sure user is SA
{
//Set the new companyid in the database.
var dataService = new ApplicationUserDataService();
processingResult = await dataService.UpdateClientId(newclientId, userid);
if (processingResult.IsFatalFailure())
{
Logger.Fatal("A fatal error occurred while setting CompanyId");
processingResult.IsSuccessful = false;
}
else
{
var getLoggedInUserResult = await dataService.GetAsync(LoggedInUserId);
if (!getLoggedInUserResult.IsSuccessful)
{
processingResult.IsSuccessful = false;
processingResult.Error = ErrorValues.GENERIC_COULD_NOT_FIND_USER_ERROR;
return Ok(processingResult);
}
var user = getLoggedInUserResult.Data;
LoggedInUser.ClientID = newclientId;
var authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
//Sign Off and back in to refresh cookie.
try
{
await AuthAndUserManager.RefreshAuthenticationCookie(user);
processingResult.IsSuccessful = true;
}
catch (Exception e)
{
Logger.Fatal("A fatal error occurred while setting CompanyId");
processingResult.IsSuccessful = false;
}
}
}
return Ok(processingResult);
}
public async Task AddPasswordAndLogin(SetPasswordForUserIdModel model)
{
await _userManager.AddPasswordAsync(model.UserId, model.Password);
if (!_userManager.IsInRole(model.UserId, "Administrator"))
{
await AddUserToRoleAsync(model.UserId, "Administrator");
}
var userService = new ApplicationUserDataService();
var user = userService.Get(model.UserId).Data;
await _signInManager.SignInAsync(user, false, false);
}
public async Task<ActionResult> ForgotPassword(ForgotPasswordViewModel model)
{
if (ModelState.IsValid)
{
var user = await UserManager.FindByEmailAsync(model.Email);
if (user == null)
{
ModelState.AddModelError("", "The user either does not exist or is not confirmed.");
return View();
}
if (user.Role == null)
{
var appUserService = new ApplicationUserDataService();
var getUserResult = await appUserService.GetAsync(user.Id);
if (!getUserResult.IsSuccessful)
{
ModelState.AddModelError("",
"An error occurred while trying to verify you have permissions to perform this action. Please try again.");
return View();
}
user.Role = getUserResult.Data.Role;
}
if (!user.Role.IsAdmin())
{
ModelState.AddModelError("",
"Your account cannot perform this action. If you need your password reset, please contact your Manager or and Administrator.");
return View();
}
// For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=320771
// Send an email with this link
string code = await UserManager.GeneratePasswordResetTokenAsync(user.Id);
var callbackUrl = Url.Action("ResetPassword", "Authentication", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
await UserManager.SendEmailAsync(user.Id, "Reset Password", "Please reset your password by clicking <a href=\"" + callbackUrl + "\">here</a>");
return RedirectToAction("ForgotPasswordConfirmation", "Authentication");
}
// If we got this far, something failed, redisplay form
return View(model);
}
public IHttpActionResult GetUser(string userId)
{
var userService = new ApplicationUserDataService();
var userResult = userService.Get(userId);
return Ok(userResult);
}
