public ActionResult SetEmail(CheckoutAccountPostModel model) { var customer = HttpContext.GetCustomer(); // Don't set the email if they are logged in. if (customer.IsRegistered) { return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } var result = ValidateEmail(model.Email); if (result.State == ResultState.Error) { ModelState.AddModelError("Email", AppLogic.GetString("account.emailaddress.invalid")); } SaveEmail(model.Email, customer); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); }
public ActionResult CreateAccount(CheckoutAccountPostModel model) { var customer = HttpContext.GetCustomer(); // Don't create an account if they are logged in. if (customer.IsRegistered) { return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } var showCaptchaOnCreateAccount = AppLogic.AppConfigBool("SecurityCodeRequiredOnCreateAccount"); if (showCaptchaOnCreateAccount) { var securityCode = CaptchaStorageService.RetrieveSecurityCode(HttpContext, string.Concat(ControllerNames.Account, ActionNames.Create)); if (!AccountControllerHelper.IsCaptchaValid(securityCode, model.Captcha)) { CaptchaStorageService.ClearSecurityCode(HttpContext); ModelState.AddModelError( key: "Captcha", errorMessage: "The letters you entered did not match, please try again."); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } } // Validate the email var emailResult = ValidateEmail(model.Email); if (emailResult.State == ResultState.Error) { ModelState.AddModelError("Email", emailResult.Message); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } if (!Customer.NewEmailPassesDuplicationRules(model.Email, customer.CustomerID)) { ModelState.AddModelError( key: "Email", errorMessage: "That EMail Address is Already Used By Another Customer"); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } // Validate the password if (string.IsNullOrEmpty(model.Password)) { ModelState.AddModelError("Password", "Please enter a password"); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } switch (AccountControllerHelper.ValidateAccountPassword(customer, model.Password, model.Password)) //Intentionally passing in matching passwords { case AccountControllerHelper.PasswordValidationResult.NotStrong: ModelState.AddModelError("Password", "The new password you created is not a strong password. Please make sure that your password is at least 8 characters long and includes at least one upper case character, one lower case character, one number, and one \"symbol\" character (e.g. ?,&,#,$,%,etc)."); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); case AccountControllerHelper.PasswordValidationResult.DoesNotMeetMinimum: ModelState.AddModelError("Password", "The new password you created does not meet the minimum requirements. Please make sure that your password is at least 7 characters long and includes at least one letter and at least one number."); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); case AccountControllerHelper.PasswordValidationResult.Ok: break; default: ModelState.AddModelError("Password", "There was a problem signing in. Please try again or contact customer service."); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } // Create the account var password = new Password(model.Password); customer.UpdateCustomer( isRegistered: true, email: model.Email.ToLowerInvariant().Trim(), saltedAndHashedPassword: password.SaltedPassword, saltKey: password.Salt, storeCreditCardInDb: false ); // Login var result = AccountControllerHelper.Login( signedInCustomer: customer, profile: HttpContext.Profile, username: model.Email, password: model.Password, skinId: customer.SkinID); switch (result.State) { case AccountControllerHelper.ResultState.Error: NoticeProvider.PushNotice(result.Message, NoticeType.Failure); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); case AccountControllerHelper.ResultState.PasswordChangeRequired: NoticeProvider.PushNotice(result.Message, NoticeType.Info); return(RedirectToAction( actionName: ActionNames.ChangePassword, controllerName: ControllerNames.Account, routeValues: new { email = model.Email, returnUrl = Url.Action(ActionNames.Index, ControllerNames.Checkout), })); case AccountControllerHelper.ResultState.Success: break; default: ModelState.AddModelError("Password", "There was a problem signing in. Please try again or contact customer service."); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } var targetCustomer = new Customer(model.Email); var identity = ClaimsIdentityProvider.CreateClaimsIdentity(targetCustomer); Request .GetOwinContext() .Authentication .SignIn( properties: new Microsoft.Owin.Security.AuthenticationProperties { IsPersistent = false }, identities: identity); if (!string.IsNullOrEmpty(result.Message)) { NoticeProvider.PushNotice(result.Message, NoticeType.Info); } // nal //if(AppLogic.AppConfigBool("SendWelcomeEmail")) SendWelcomeEmailProvider.SendWelcomeEmail(targetCustomer); // Clear the captcha so additional requests use a different security code. CaptchaStorageService.ClearSecurityCode(HttpContext); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); }
public ActionResult SignIn(CheckoutAccountPostModel model) { var signedInCustomer = HttpContext.GetCustomer(); // Don't let them sign in if they are logged in. if (signedInCustomer.IsRegistered) { return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } if (string.IsNullOrWhiteSpace(model.Password)) { ModelState.AddModelError("Password", "Password is required to login"); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } var showCaptchaOnLogin = AppLogic.AppConfigBool("SecurityCodeRequiredOnCheckout"); if (showCaptchaOnLogin) { var securityCode = CaptchaStorageService.RetrieveSecurityCode(HttpContext, string.Concat(ControllerNames.Account, ActionNames.SignIn)); if (!AccountControllerHelper.IsCaptchaValid(securityCode, model.Captcha)) { CaptchaStorageService.ClearSecurityCode(HttpContext); ModelState.AddModelError( key: "Captcha", errorMessage: "The letters you entered did not match, please try again."); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } } // Validate the email var emailResult = ValidateEmail(model.Email); if (emailResult.State == ResultState.Error) { ModelState.AddModelError("Email", emailResult.Message); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } // Login var result = AccountControllerHelper.Login( signedInCustomer: signedInCustomer, profile: HttpContext.Profile, username: model.Email, password: model.Password, skinId: signedInCustomer.SkinID); if (result.State == AccountControllerHelper.ResultState.Error) { ModelState.AddModelError("Password", result.Message); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } else if (result.State == AccountControllerHelper.ResultState.PasswordChangeRequired) { NoticeProvider.PushNotice(result.Message, NoticeType.Info); return(RedirectToAction( actionName: ActionNames.ChangePassword, controllerName: ControllerNames.Account, routeValues: new { email = model.Email, returnUrl = Url.Action(ActionNames.Index, ControllerNames.Checkout), })); } var targetCustomer = new Customer(model.Email); var identity = ClaimsIdentityProvider.CreateClaimsIdentity(targetCustomer); Request .GetOwinContext() .Authentication .SignIn( properties: new Microsoft.Owin.Security.AuthenticationProperties { IsPersistent = false }, identities: identity); if (!string.IsNullOrEmpty(result.Message)) { NoticeProvider.PushNotice(result.Message, NoticeType.Info); } // Clear the captcha so additional requests use a different security code. CaptchaStorageService.ClearSecurityCode(HttpContext); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); }
public ActionResult CreateAccount(CheckoutAccountPostModel model) { var customer = HttpContext.GetCustomer(); // Don't create an account if they are logged in. if (customer.IsRegistered) { return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } if (CaptchaSettings.CaptchaIsConfigured() && CaptchaSettings.RequireCaptchaOnCheckout) { var captchaResult = CaptchaVerificationProvider.ValidateCaptchaResponse(Request.Form[CaptchaVerificationProvider.RecaptchaFormKey], customer.LastIPAddress); if (!captchaResult.Success) { NoticeProvider.PushNotice(captchaResult.Error.Message, NoticeType.Failure); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } } // Validate the email var emailResult = ValidateEmail(model.Email); if (emailResult.State == ResultState.Error) { ModelState.AddModelError("Email", emailResult.Message); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } if (!Customer.NewEmailPassesDuplicationRules(model.Email, customer.CustomerID)) { ModelState.AddModelError( key: "Email", errorMessage: AppLogic.GetString("createaccount_process.aspx.1")); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } // Validate the password if (string.IsNullOrEmpty(model.Password)) { ModelState.AddModelError("Password", AppLogic.GetString("checkout.enterpassword")); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } switch (AccountControllerHelper.ValidateAccountPassword(customer, model.Password, model.Password)) //Intentionally passing in matching passwords { case AccountControllerHelper.PasswordValidationResult.NotStrong: ModelState.AddModelError("Password", AppLogic.GetString("account.aspx.69")); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); case AccountControllerHelper.PasswordValidationResult.DoesNotMeetMinimum: ModelState.AddModelError("Password", AppLogic.GetString("signin.newpassword.normalRegexFailure")); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); case AccountControllerHelper.PasswordValidationResult.Ok: break; default: ModelState.AddModelError("Password", AppLogic.GetString("signin.newpassword.unknownError")); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } // Create the account var password = new Password(model.Password); customer.UpdateCustomer( isRegistered: true, email: model.Email.ToLowerInvariant().Trim(), saltedAndHashedPassword: password.SaltedPassword, saltKey: password.Salt, storeCreditCardInDb: false ); // Login var result = AccountControllerHelper.Login( signedInCustomer: customer, profile: HttpContext.Profile, username: model.Email, password: model.Password, skinId: customer.SkinID); switch (result.State) { case AccountControllerHelper.ResultState.Error: NoticeProvider.PushNotice(result.Message, NoticeType.Failure); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); case AccountControllerHelper.ResultState.PasswordChangeRequired: NoticeProvider.PushNotice(result.Message, NoticeType.Info); return(RedirectToAction( actionName: ActionNames.ChangePassword, controllerName: ControllerNames.Account, routeValues: new { email = model.Email, returnUrl = Url.Action(ActionNames.Index, ControllerNames.Checkout), })); case AccountControllerHelper.ResultState.Success: break; default: ModelState.AddModelError("Password", AppLogic.GetString("signin.newpassword.unknownError")); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } var targetCustomer = new Customer(model.Email); var identity = ClaimsIdentityProvider.Create(targetCustomer); Request .GetOwinContext() .Authentication .SignIn( properties: new Microsoft.Owin.Security.AuthenticationProperties { IsPersistent = false }, identities: identity); if (!string.IsNullOrEmpty(result.Message)) { NoticeProvider.PushNotice(result.Message, NoticeType.Info); } if (AppConfigProvider.GetAppConfigValue <bool>("SendWelcomeEmail")) { SendWelcomeEmailProvider.SendWelcomeEmail(targetCustomer); } return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); }
public ActionResult SignIn(CheckoutAccountPostModel model) { var signedInCustomer = HttpContext.GetCustomer(); // Don't let them sign in if they are logged in. if (signedInCustomer.IsRegistered) { return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } if (string.IsNullOrWhiteSpace(model.Password)) { ModelState.AddModelError("Password", AppLogic.GetString("checkout.passwordrequired")); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } if (CaptchaSettings.CaptchaIsConfigured() && CaptchaSettings.RequireCaptchaOnCheckout) { var captchaResult = CaptchaVerificationProvider.ValidateCaptchaResponse(Request.Form[CaptchaVerificationProvider.RecaptchaFormKey], signedInCustomer.LastIPAddress); if (!captchaResult.Success) { NoticeProvider.PushNotice(captchaResult.Error.Message, NoticeType.Failure); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } } // Validate the email var emailResult = ValidateEmail(model.Email); if (emailResult.State == ResultState.Error) { ModelState.AddModelError("Email", emailResult.Message); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } // Login var result = AccountControllerHelper.Login( signedInCustomer: signedInCustomer, profile: HttpContext.Profile, username: model.Email, password: model.Password, skinId: signedInCustomer.SkinID); if (result.State == AccountControllerHelper.ResultState.Error) { ModelState.AddModelError("Password", result.Message); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); } else if (result.State == AccountControllerHelper.ResultState.PasswordChangeRequired) { NoticeProvider.PushNotice(result.Message, NoticeType.Info); return(RedirectToAction( actionName: ActionNames.ChangePassword, controllerName: ControllerNames.Account, routeValues: new { email = model.Email, returnUrl = Url.Action(ActionNames.Index, ControllerNames.Checkout), })); } var targetCustomer = new Customer(model.Email); var identity = ClaimsIdentityProvider.Create(targetCustomer); Request .GetOwinContext() .Authentication .SignIn( properties: new Microsoft.Owin.Security.AuthenticationProperties { IsPersistent = false }, identities: identity); if (!string.IsNullOrEmpty(result.Message)) { NoticeProvider.PushNotice(result.Message, NoticeType.Info); } // Consolidate any shopping cart items CartActionProvider.ConsolidateCartItems(targetCustomer, CartTypeEnum.ShoppingCart); CartActionProvider.ConsolidateCartItems(targetCustomer, CartTypeEnum.WishCart); return(RedirectToAction(ActionNames.Index, ControllerNames.Checkout)); }