private Response HandleRequest(Request request)
{
if (!request.ValidProtoHeader)
{
return(Response.Error(StatusCode.InvalidRequest));
}
switch (request.Type)
{
case RequestType.Register:
if (RegistrationAttempt != null)
{
var ea = new RegistrationAttemptEventArgs();
RegistrationAttempt?.Invoke(this, ea);
if (!ea.Allowed)
{
return(Response.Error(StatusCode.Unauthorized));
}
}
RegisteredApps.Add(request.Headers.Application.Name);
return(Response.Ok());
case RequestType.Notify:
if (!RegisteredApps.Contains(request.Headers.Application.Name))
{
return(Response.Error(StatusCode.UnknownApp));
}
return(Response.Ok());
default:
return(Response.Error(StatusCode.UnknownRequest));
}
}
public async Task <RegistrationResponse> Register(RegistrationAttempt user)
{
var response = new RegistrationResponse();
if (await UniqueEmail(user.Email))
{
var salt = GetSalt();
var newUser = new Persons
{
Name = user.FirstName + " " + user.LastName,
Email = user.Email,
PasswordHash = GeneratePass(user.Password, salt),
PasswordSalt = Encoding.UTF8.GetString(salt, 0, salt.Length),
Role = GetRoleFromCode(user.RegistrationCode)
};
await _database.Add(newUser);
response.Success = true;
return(response);
}
response.Success = false;
response.ErrorMessage = "Email is already being used.";
return(response);
}
public async Task <ActionResult> Register(RegistrationAttempt attempt)
{
if (attempt.Email == "" || attempt.FirstName == "" || attempt.LastName == "" || attempt.Password == "")
{
return(BadRequest("One or more fields are invalid."));
}
var response = await _authorisationManager.Register(attempt);
if (response.Success)
{
return(Ok());
}
return(BadRequest(response.ErrorMessage));
}
private User RegisterUser(RegistrationAttempt registration)
{
byte[] salt = Crypto.NewSalt();
var newUser = new User()
{
UserName = registration.UserName,
Email = registration.Email,
DisplayName = registration.DisplayName,
Salt = salt
};
LogService.Write("Register", String.Format("User:{0}", newUser.Id));
this.mainContext.Users.Add(newUser);
this.mainContext.SaveChanges();
return(newUser);
}
public async Task <IActionResult> OnPostAsync(string returnUrl = null)
{
ReturnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
var registrationAttemptRepository = applicationUserContext.RegistrationAttemptRepository;
var registrationAttempt = await registrationAttemptRepository.GetByEmailAndNameAsync(Input.Email, Input.Name);
if (registrationAttempt == null)
{
registrationAttempt = new RegistrationAttempt {
Id = Guid.NewGuid(), Email = Input.Email, Name = Input.Name
};
registrationAttemptRepository.Add(registrationAttempt);
}
if (registrationAttempt.LockedOutDate != null)
{
// Registrant is locked out. Always display error message for this user
logger.LogInformation($"User {Input.Name} with email {Input.Email} is locked out.");
AddLockedOutErrorMessage();
return(Page());
}
// Calculate age of registrant
var dob = Input.DateOfBirth.Value;
var today = DateTime.Today;
var yearOfBirth = dob.Year;
var age = (today.Year - yearOfBirth);
// Reduce age by 1 if not had birthday yet this year
if (today.Month > dob.Month || today.Month == dob.Month && today.Day > dob.Day)
{
age--;
}
// Validate age of registrant.
registrationAttempt.LastAttempt = DateTime.UtcNow;
if (age < 18)
{
if ((DateTime.UtcNow - registrationAttempt.LastAttempt).TotalMinutes > 60)
{
// Last failure was more than an hour ago - reset failure counter
registrationAttempt.Failures = 1;
}
else
{
// Last failure was within an hour - increase failures and check for lockout
registrationAttempt.Failures++;
if (registrationAttempt.Failures >= 3)
{
registrationAttempt.LockedOutDate = DateTime.UtcNow;
}
}
ModelState.AddModelError(string.Empty, "You must be at least 18 to register");
Input.DateOfBirth = null;
}
// Save changes to registration attempts in database
await this.applicationUserContext.SaveChangesAsync();
// Check to see if we have just locked out user due to 3rd failure attempt.
if (registrationAttempt.LockedOutDate != null)
{
// Registrant has just been locked out. Display error message for this user
logger.LogInformation($"User {Input.Name} with email {Input.Email} is locked out.");
AddLockedOutErrorMessage();
return(Page());
}
if (age >= 18)
{
// Registration details are valid - save details in temp data and redirect to page to create password
TempData.Set("RegisterInputModel", Input);
return(RedirectToPage("CreatePassword", new { ReturnUrl }));
}
}
// If we got this far, something failed, redisplay form
return(Page());
}
