internal static void Create(MedSimDbContext context)
{
#if !DEBUG
throw new NotImplementedException("CreateAdmin.Create should not be being used in a production environment - security changes required");
#endif
if (!context.Roles.Any())
{
var roleStore = new RoleStore<AspNetRole,Guid,AspNetUserRole>(context);
var roleManager = new RoleManager<AspNetRole,Guid>(roleStore);
var role = new AspNetRole
{
Id = Guid.NewGuid(),
Name = RoleConstants.AccessAllData
};
roleManager.Create(role);
role = new AspNetRole
{
Id = Guid.NewGuid(),
Name = RoleConstants.AccessInstitution
};
roleManager.Create(role);
role = new AspNetRole
{
Id = Guid.NewGuid(),
Name = RoleConstants.SiteAdmin
};
roleManager.Create(role);
var userStore = new CustomUserStore(context);
var userManager = new ApplicationUserManager(userStore);
foreach(var user in context.Users.Where(u=>u.Department.Institution.Name== "Starship").ToList())
{
var result = userManager.AddPassword(userId: user.Id, password: "******");
if (result.Succeeded)
{
userManager.AddToRole(user.Id, RoleConstants.AccessAllData);
}
else
{
throw new DbSeedException(result.Errors);
}
}
}
}
public void AddPassword(string userId, string newPassword)
{
applicationUserManager.AddPassword(userId, newPassword);
}
public ActionResult ChangeUserPassword(string UserNameChangePassword, string NewPassword)
{
var passwordLength = NewPassword;
if(passwordLength.Length < 6)
{
TempData["ValidationMessage"] = ("Error: Password Must Be At Least 6 Characters");
return View("ManageUserPassword");
}
ApplicationUser user = context.Users.Where(u => u.UserName.Equals(UserNameChangePassword, StringComparison.CurrentCultureIgnoreCase)).FirstOrDefault();
var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context));
try
{
manager.RemovePassword(user.Id);
manager.AddPassword(user.Id, NewPassword);
TempData["ValidationMessage"] = ("Success: " + " " + UserNameChangePassword + " " + "Password Has Been Changed");
}
catch
{
TempData["ValidationMessage"] = ("Error: " + " " + UserNameChangePassword + " " + "Password Has Not Been Changed");
}
return View("ManageUser");
}
public async Task <ActionResult> Login(LoginViewModel model, string returnUrl)
{
model.AvailableProviders = GetAvailableProviders();
if (!ModelState.IsValid)
{
return(View(model));
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
SignInStatus result;
try
{
result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, false);
}
catch (NotRegisteredForServiceException)
{
HandleUserNotRegisteredForService(model.Email);
return(View(CreateLoginViewModel()));
}
catch (FormatException)
{
// Legacy passwords are not valid Base-64 strings
result = SignInStatus.Failure;
// Try to authenticate the user using a legacy login service
var user = await _userStore.FindByEmailAsync(model.Email);
if (!string.IsNullOrWhiteSpace(user?.PasswordHash) && user.PasswordHash.StartsWith(LegacyPasswordPrefix) && !string.IsNullOrWhiteSpace(model.Email))
{
if (LegacyPasswordService != null && await LegacyPasswordService.CheckPasswordAsync(user, model.Password))
{
// set the password
using (var tx = new TransactionScope())
{
_userManager.RemovePassword(user.Id);
_userManager.AddPassword(user.Id, model.Password);
var updatedUser = await _userStore.FindByIdAsync(user.Id);
if (string.IsNullOrEmpty(updatedUser.PasswordHash))
{
throw new Exception("Unable to set password of user " + user.Id);
}
tx.Complete();
}
// and login
try
{
result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, false);
}
catch (NotRegisteredForServiceException)
{
HandleUserNotRegisteredForService(model.Email);
return(View(CreateLoginViewModel()));
}
catch (AppNotAllowedException)
{
return(await SelectAppOrRedirect(model.Email));
}
// or force a password reset
//return await RequestPasswordReset(new ForgotPasswordViewModel { Email = user.Email});
}
}
else
{
// Not a legacy password, so rethrow
throw;
}
}
catch (AppNotAllowedException)
{
return(await SelectAppOrRedirect(model.Email));
}
switch (result)
{
case SignInStatus.Success:
return(RedirectToLocal(returnUrl));
case SignInStatus.LockedOut:
Logger.Trace("Login failed: user {0} is locked out", model.Email);
return(View("Lockout"));
case SignInStatus.RequiresVerification:
Logger.Trace("Login failed: user {0} is unverified", model.Email);
return(RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe }));
case SignInStatus.Failure:
default:
await HandleLoginFailure(model);
return(View(model));
}
}