public virtual void SignIn(User user, bool createPersistentCookie)
{
var now = DateTime.UtcNow.ToLocalTime();
var ticket = new FormsAuthenticationTicket(
1 /*version*/,
_userSettings.UsernamesEnabled ? user.Username : user.Email,
now,
now.Add(_expirationTimeSpan),
createPersistentCookie,
_userSettings.UsernamesEnabled ? user.Username : user.Email,
FormsAuthentication.FormsCookiePath);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
cookie.HttpOnly = true;
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
cookie.Secure = FormsAuthentication.RequireSSL;
cookie.Path = FormsAuthentication.FormsCookiePath;
if (FormsAuthentication.CookieDomain != null)
{
cookie.Domain = FormsAuthentication.CookieDomain;
}
_httpContext.Response.Cookies.Add(cookie);
_cachedUser = user;
}
private static void FilteredLog(ILogger logger, LogLevel level, string message, Exception exception = null, User user = null)
{
//don't log thread abort exception
if (exception is System.Threading.ThreadAbortException)
return;
if (logger.IsEnabled(level))
{
string fullMessage = exception == null ? string.Empty : exception.ToString();
logger.InsertLog(level, message, fullMessage, user);
}
}
/// <summary>
/// Ctor
/// </summary>
/// <param name="user">User</param>
/// <param name="email">Email</param>
/// <param name="username">Username</param>
/// <param name="password">Password</param>
/// <param name="passwordFormat">Password fprmat</param>
/// <param name="isApproved">Is approved</param>
public UserRegistrationRequest(User user, string email, string username,
string password,
PasswordFormat passwordFormat,
bool isApproved = true)
{
this.User = user;
this.Email = email;
this.Username = username;
this.Password = password;
this.PasswordFormat = passwordFormat;
this.IsApproved = isApproved;
}
public virtual User GetAuthenticatedUser()
{
if (_cachedUser != null)
return _cachedUser;
if (_httpContext == null ||
_httpContext.Request == null ||
!_httpContext.Request.IsAuthenticated ||
!(_httpContext.User.Identity is FormsIdentity))
{
return null;
}
var formsIdentity = (FormsIdentity)_httpContext.User.Identity;
var user = GetAuthenticatedUserFromTicket(formsIdentity.Ticket);
if (user != null && user.Active && !user.Deleted && user.IsRegistered())
_cachedUser = user;
return _cachedUser;
}
/// <summary>
/// Inserts a log item
/// </summary>
/// <param name="logLevel">Log level</param>
/// <param name="shortMessage">The short message</param>
/// <param name="fullMessage">The full message</param>
/// <param name="user">The user to associate log record with</param>
/// <returns>A log item</returns>
public virtual Log InsertLog(LogLevel logLevel, string shortMessage, string fullMessage = "", User user = null)
{
return null;
}
public virtual void SignOut()
{
_cachedUser = null;
FormsAuthentication.SignOut();
}
/// <summary>
/// Gets a user time zone
/// </summary>
/// <param name="user">User</param>
/// <returns>User time zone; if user is null, then default store time zone</returns>
public virtual TimeZoneInfo GetUserTimeZone(User user)
{
//registered user
TimeZoneInfo timeZoneInfo = null;
if (_dateTimeSettings.AllowUsersToSetTimeZone)
{
string timeZoneId = string.Empty;
if (user != null)
timeZoneId = user.GetAttribute<string>(SystemUserAttributeNames.TimeZoneId, _genericAttributeService);
try
{
if (!String.IsNullOrEmpty(timeZoneId))
timeZoneInfo = FindTimeZoneById(timeZoneId);
}
catch (Exception exc)
{
Debug.Write(exc.ToString());
}
}
//default timezone
if (timeZoneInfo == null)
timeZoneInfo = this.DefaultStoreTimeZone;
return timeZoneInfo;
}
/// <summary>
/// Inserts a log item
/// </summary>
/// <param name="logLevel">Log level</param>
/// <param name="shortMessage">The short message</param>
/// <param name="fullMessage">The full message</param>
/// <param name="user">The user to associate log record with</param>
/// <returns>A log item</returns>
public virtual Log InsertLog(LogLevel logLevel, string shortMessage, string fullMessage = "", User user = null)
{
//check ignore word/phrase list?
if (IgnoreLog(shortMessage) || IgnoreLog(fullMessage))
return null;
var log = new Log
{
LogLevel = logLevel,
ShortMessage = shortMessage,
FullMessage = fullMessage,
IpAddress = _webHelper.GetCurrentIpAddress(),
User = user,
PageUrl = _webHelper.GetThisPageUrl(true),
ReferrerUrl = _webHelper.GetUrlReferrer(),
CreatedOnUtc = DateTime.UtcNow
};
_logRepository.Insert(log);
return log;
}
/// <summary>
/// Sets a user username
/// </summary>
/// <param name="user">User</param>
/// <param name="newUsername">New Username</param>
public virtual void SetUsername(User user, string newUsername)
{
if (user == null)
throw new ArgumentNullException("user");
if (!_userSettings.UsernamesEnabled)
throw new CmsException("Usernames are disabled");
if (!_userSettings.AllowUsersToChangeUsernames)
throw new CmsException("Changing usernames is not allowed");
newUsername = newUsername.Trim();
if (newUsername.Length > 100)
throw new CmsException(_localizationService.GetResource("Account.EmailUsernameErrors.UsernameTooLong"));
var user2 = _userService.GetUserByUsername(newUsername);
if (user2 != null && user.Id != user2.Id)
throw new CmsException(_localizationService.GetResource("Account.EmailUsernameErrors.UsernameAlreadyExists"));
user.Username = newUsername;
_userService.UpdateUser(user);
}
/// <summary>
/// Sets a user email
/// </summary>
/// <param name="user">User</param>
/// <param name="newEmail">New email</param>
public virtual void SetEmail(User user, string newEmail)
{
if (user == null)
throw new ArgumentNullException("user");
if (newEmail == null)
throw new CmsException("Email cannot be null");
newEmail = newEmail.Trim();
string oldEmail = user.Email;
if (!CommonHelper.IsValidEmail(newEmail))
throw new CmsException(_localizationService.GetResource("Account.EmailUsernameErrors.NewEmailIsNotValid"));
if (newEmail.Length > 100)
throw new CmsException(_localizationService.GetResource("Account.EmailUsernameErrors.EmailTooLong"));
var user2 = _userService.GetUserByEmail(newEmail);
if (user2 != null && user.Id != user2.Id)
throw new CmsException(_localizationService.GetResource("Account.EmailUsernameErrors.EmailAlreadyExists"));
user.Email = newEmail;
_userService.UpdateUser(user);
//update newsletter subscription (if required)
//if (!String.IsNullOrEmpty(oldEmail) && !oldEmail.Equals(newEmail, StringComparison.InvariantCultureIgnoreCase))
//{
// foreach (var store in _storeService.GetAllStores())
// {
// var subscriptionOld = _newsLetterSubscriptionService.GetNewsLetterSubscriptionByEmailAndStoreId(oldEmail, store.Id);
// if (subscriptionOld != null)
// {
// subscriptionOld.Email = newEmail;
// _newsLetterSubscriptionService.UpdateNewsLetterSubscription(subscriptionOld);
// }
// }
//}
}
/// <summary>
/// Updates the user
/// </summary>
/// <param name="user">User</param>
public virtual void UpdateUser(User user)
{
if (user == null)
throw new ArgumentNullException("user");
_userRepository.Update(user);
//event notification
_eventPublisher.EntityUpdated(user);
}
/// <summary>
/// Insert a guest user
/// </summary>
/// <returns>User</returns>
public virtual User InsertGuestUser()
{
var user = new User
{
UserGuid = Guid.NewGuid(),
Active = true,
CreatedOnUtc = DateTime.UtcNow,
LastActivityDateUtc = DateTime.UtcNow,
};
//add to 'Guests' role
var guestRole = GetUserRoleBySystemName(SystemUserRoleNames.Guests);
if (guestRole == null)
throw new CmsException("'Guests' role could not be loaded");
user.UserRoles.Add(guestRole);
_userRepository.Insert(user);
return user;
}
/// <summary>
/// Delete a user
/// </summary>
/// <param name="user">User</param>
public virtual void DeleteUser(User user)
{
if (user == null)
throw new ArgumentNullException("user");
if (user.IsSystemAccount)
throw new CmsException(string.Format("System user account ({0}) could not be deleted", user.SystemName));
user.Deleted = true;
if (_userSettings.SuffixDeletedUsers)
{
if (!String.IsNullOrEmpty(user.Email))
user.Email += "-DELETED";
if (!String.IsNullOrEmpty(user.Username))
user.Username += "-DELETED";
}
UpdateUser(user);
}
protected virtual void InstallUsersAndUsers(string defaultUserEmail, string defaultUserPassword)
{
var crAdministrators = new UserRole
{
Name = "Administrators",
Active = true,
IsSystemRole = true,
SystemName = SystemUserRoleNames.Administrators,
};
var crRegistered = new UserRole
{
Name = "Registered",
Active = true,
IsSystemRole = true,
SystemName = SystemUserRoleNames.Registered,
};
var crGuests = new UserRole
{
Name = "Guests",
Active = true,
IsSystemRole = true,
SystemName = SystemUserRoleNames.Guests,
};
var userRoles = new List<UserRole>
{
crAdministrators,
crRegistered,
crGuests,
};
_userRoleRepository.Insert(userRoles);
//admin user
var adminUser = new User
{
UserGuid = Guid.NewGuid(),
Email = defaultUserEmail,
Username = defaultUserEmail,
Password = defaultUserPassword,
PasswordFormat = PasswordFormat.Clear,
PasswordSalt = "",
Active = true,
CreatedOnUtc = DateTime.UtcNow,
LastActivityDateUtc = DateTime.UtcNow,
};
adminUser.UserRoles.Add(crAdministrators);
adminUser.UserRoles.Add(crRegistered);
_userRepository.Insert(adminUser);
//set default user name
_genericAttributeService.SaveAttribute(adminUser, SystemUserAttributeNames.FirstName, "Phat");
_genericAttributeService.SaveAttribute(adminUser, SystemUserAttributeNames.LastName, "Nguyen");
//search engine (crawler) built-in user
var searchEngineUser = new User
{
Email = "builtin@search_engine_record.com",
UserGuid = Guid.NewGuid(),
PasswordFormat = PasswordFormat.Clear,
AdminComment = "Built-in system guest record used for requests from search engines.",
Active = true,
IsSystemAccount = true,
SystemName = SystemUserNames.SearchEngine,
CreatedOnUtc = DateTime.UtcNow,
LastActivityDateUtc = DateTime.UtcNow,
};
searchEngineUser.UserRoles.Add(crGuests);
_userRepository.Insert(searchEngineUser);
//built-in user for background tasks
var backgroundTaskUser = new User
{
Email = "*****@*****.**",
UserGuid = Guid.NewGuid(),
PasswordFormat = PasswordFormat.Clear,
AdminComment = "Built-in system record used for background tasks.",
Active = true,
IsSystemAccount = true,
SystemName = SystemUserNames.BackgroundTask,
CreatedOnUtc = DateTime.UtcNow,
LastActivityDateUtc = DateTime.UtcNow,
};
backgroundTaskUser.UserRoles.Add(crGuests);
_userRepository.Insert(backgroundTaskUser);
}
public static void Warning(this ILogger logger, string message, Exception exception = null, User user = null)
{
FilteredLog(logger, LogLevel.Warning, message, exception, user);
}
