public async Task <GetConfigurationManagementResponse> GetConfigurationManagement()
{
var response = new GetConfigurationManagementResponse();
var configuration = await _cache.Configuration();
response.ConfigurationItems = configuration.Items;
return(response);
}
public async Task SendAccountActivation(SendAccountActivationRequest request)
{
var activationToken = string.Empty;
UserEntity user;
using (var uow = _uowFactory.GetUnitOfWork())
{
user = await uow.UserRepo.GetUserById(new Infrastructure.Repositories.UserRepo.Models.GetUserByIdRequest()
{
Id = request.UserId
});
activationToken = GenerateUniqueUserToken(uow);
await uow.UserRepo.CreateUserToken(new Infrastructure.Repositories.UserRepo.Models.CreateUserTokenRequest()
{
User_Id = request.UserId,
Token = new Guid(activationToken),
Type_Id = (int)TokenTypeEnum.AccountActivation,
Created_By = ApplicationConstants.SystemUserId,
});
uow.Commit();
}
var configuration = await _cache.Configuration();
var baseUrl = _httpContextAccessor.HttpContext.Request.GetBaseUrl();
var templates = await _cache.EmailTemplates();
var templateEntity = templates.FirstOrDefault(t => t.Key == EmailTemplateKeys.AccountActivation);
var template = new AccountActivationTemplate(templateEntity.Body)
{
ActivationUrl = $"{baseUrl}/activate-account?token={activationToken}",
ApplicationUrl = baseUrl
};
await _emailProvider.Send(new Infrastructure.Email.Models.SendRequest()
{
FromAddress = configuration.System_From_Email_Address,
ToAddress = user.Email_Address,
Subject = template.Subject,
Body = template.GetHTMLContent()
});
}
public async Task <GetHomeResponse> GetHome()
{
var response = new GetHomeResponse();
var config = await _cache.Configuration();
response.DisplayPromoBanner = config.Home_Promo_Banner_Is_Enabled;
return(response);
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
// validate feature is enabled
var config = await _cache.Configuration();
if (!config.Session_Logging_Is_Enabled)
{
await next();
return;
}
var session = await _sessionService.GetSession();
int sessionLogId;
using (var uow = _uowFactory.GetUnitOfWork())
{
var dbRequest = new Infrastructure.Repositories.SessionRepo.Models.CreateSessionLogRequest()
{
Session_Id = session.Id,
Method = context.HttpContext.Request.Method,
Controller = (string)context.RouteData.Values["Controller"],
Action = (string)context.RouteData.Values["Action"],
Url = context.HttpContext.Request.GetDisplayUrl(),
Created_By = ApplicationConstants.SystemUserId
};
if (context.ActionArguments.Any())
{
var jsonString = JsonConvert.SerializeObject(context.ActionArguments, Formatting.Indented).Trim();
dbRequest.Action_Data_JSON = JsonHelper.ObfuscateFieldValues(jsonString, ApplicationConstants.ObfuscatedActionArgumentFields);
}
sessionLogId = await uow.SessionRepo.CreateSessionLog(dbRequest);
uow.Commit();
// required for session event logging
await _sessionProvider.Set(SessionConstants.SessionLogId, sessionLogId);
}
// do something before the action executes
var resultContext = await next();
// do something after the action executes; resultContext.Result will be set
if (resultContext.Exception != null && !resultContext.ExceptionHandled)
{
var events = await _cache.SessionEvents();
var eventItem = events.FirstOrDefault(e => e.Key == SessionEventKeys.Error);
using (var uow = _uowFactory.GetUnitOfWork())
{
var dbRequest = new Infrastructure.Repositories.SessionRepo.Models.CreateSessionLogEventRequest()
{
Session_Log_Id = sessionLogId,
Event_Id = eventItem.Id,
Message = resultContext.Exception.Message,
Created_By = ApplicationConstants.SystemUserId
};
await uow.SessionRepo.CreateSessionLogEvent(dbRequest);
uow.Commit();
}
}
}
public async Task <LoginResponse> Login(LoginRequest request)
{
var response = new LoginResponse();
var config = await _cache.Configuration();
var session = await _sessionService.GetSession();
UserEntity user;
using (var uow = _uowFactory.GetUnitOfWork())
{
user = await uow.UserRepo.GetUserByUsername(new Infrastructure.Repositories.UserRepo.Models.GetUserByUsernameRequest()
{
Username = request.Username
});
// check if we found a user or if their password was incorrect
if (user == null || !PasswordHelper.Verify(request.Password, user.Password_Hash))
{
// if we found the user, handle invalid login attempts else generic fail message
if (user != null)
{
// check if we need to lock the user
if (user.Invalid_Login_Attempts >= config.Max_Login_Attempts && !user.Is_Locked_Out)
{
await uow.UserRepo.LockoutUser(new Infrastructure.Repositories.UserRepo.Models.LockoutUserRequest()
{
Id = user.Id,
Lockout_End = DateTime.Now.AddMinutes(config.Account_Lockout_Expiry_Minutes),
Updated_By = ApplicationConstants.SystemUserId
});
await _sessionService.WriteSessionLogEvent(new Models.ServiceModels.Session.CreateSessionLogEventRequest()
{
EventKey = SessionEventKeys.UserLocked
});
}
else
{
var dbRequest = new Infrastructure.Repositories.UserRepo.Models.AddInvalidLoginAttemptRequest()
{
User_Id = user.Id,
Updated_By = ApplicationConstants.SystemUserId
};
// if we are already locked out then extend the lockout time
if (user.Lockout_End.HasValue)
{
dbRequest.Lockout_End = DateTime.Now.AddMinutes(config.Account_Lockout_Expiry_Minutes);
}
await uow.UserRepo.AddInvalidLoginAttempt(dbRequest);
}
uow.Commit();
}
response.Notifications.AddError("Username or password is incorrect");
return(response);
}
if (user.Is_Locked_Out)
{
if (user.Lockout_End <= DateTime.Now)
{
await uow.UserRepo.UnlockUser(new Infrastructure.Repositories.UserRepo.Models.UnlockUserRequest()
{
Id = user.Id,
Updated_By = ApplicationConstants.SystemUserId
});
uow.Commit();
await _sessionService.WriteSessionLogEvent(new Models.ServiceModels.Session.CreateSessionLogEventRequest()
{
EventKey = SessionEventKeys.UserUnlocked
});
}
else
{
response.Notifications.AddError($"Your account has been locked, please try again in {config.Account_Lockout_Expiry_Minutes} minute(s)");
return(response);
}
}
else if (user.Invalid_Login_Attempts > 0) // cleanup of old invalid login attempts
{
await uow.UserRepo.UnlockUser(new Infrastructure.Repositories.UserRepo.Models.UnlockUserRequest()
{
Id = user.Id,
Updated_By = ApplicationConstants.SystemUserId
});
uow.Commit();
}
if (!user.Is_Enabled)
{
response.Notifications.AddError("Your account has been disabled, please contact the website administrator");
return(response);
}
if (!user.Registration_Confirmed)
{
response.Notifications.AddError("Please check your email to activate your account");
return(response);
}
var sessionEntity = await uow.SessionRepo.AddUserToSession(new Infrastructure.Repositories.SessionRepo.Models.AddUserToSessionRequest()
{
Id = session.Id,
User_Id = user.Id,
Updated_By = ApplicationConstants.SystemUserId
});
uow.Commit();
await _sessionProvider.Set(SessionConstants.SessionEntity, sessionEntity);
}
await _sessionService.WriteSessionLogEvent(new Models.ServiceModels.Session.CreateSessionLogEventRequest()
{
EventKey = SessionEventKeys.UserLoggedIn
});
var claims = new List <Claim>()
{
new Claim(ClaimTypes.Name, session.Id.ToString())
};
var claimsIdentity = new ClaimsIdentity(
claims, CookieAuthenticationDefaults.AuthenticationScheme);
await _httpContextAccessor.HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity)); // user principal is controlled in session
return(response);
}
