public ActionResult Login(LoginViewModel model)
{
try
{
if (!ModelState.IsValid)
{
return(View(model));
}
var result = LogInManager.Login(model.Email, Utility.Utility.Encrypt(model.Password, Utility.Utility.EncryptionKey));
switch (result)
{
case LoginStatus.Success:
RecordActivityLog.RecordActivity(Pages.LOGIN, "Loggedin successfully.");
if (LogInManager.HasRights("STUDENT"))
{
//Create Dummy Reservation.
TempReservation.CreateDummyReservation();
}
if (model.RememberMe)
{
// Create a new cookie,
Utility.Utility.WriteCookie("HotelierHubUserEmail", model.Email, 24); //24 Hours expiration time.
}
return(Json(new
{
IsSuccess = true,
data = new
{
UserId = LogInManager.LoggedInUserId
}
}, JsonRequestBehavior.AllowGet));
case LoginStatus.AlreadyLoggedIn:
return(Json(new
{
IsSuccess = false,
errorMessage = "User already logged in!"
}, JsonRequestBehavior.AllowGet));
case LoginStatus.InvalidLoginTime:
var msg = "Please note your course is restricted; therefore, you can only access it during the times & day set by your Tutor.";
return(Json(new
{
IsSuccess = false,
errorMessage = msg
}, JsonRequestBehavior.AllowGet));
case LoginStatus.Failure:
default:
RecordActivityLog.RecordActivity(Pages.LOGIN, "Login fail.");
return(Json(new
{
IsSuccess = false,
errorMessage = "Invalid Email and Password."
}, JsonRequestBehavior.AllowGet));
}
}
catch (Exception e)
{
Utility.Utility.LogError(e, "Login POST");
return(Json(new
{
IsSuccess = false,
errorMessage = e.Message
}));
}
}
public async Task <IActionResult> Login(LoginInputModel model, string button)
{
// check if we are in the context of an authorization request
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
// the user clicked the "cancel" button
if (button != "login")
{
if (context != null)
{
// if the user cancels, send a result back into IdentityServer as if they
// denied the consent (even if this client does not require consent).
// this will send back an access denied OIDC error response to the client.
await _interaction.GrantConsentAsync(context, ConsentResponse.Denied);
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return(View("Redirect", new RedirectViewModel {
RedirectUrl = model.ReturnUrl
}));
}
return(Redirect(model.ReturnUrl));
}
else
{
// since we don't have a valid context, then we just go back to the home page
return(Redirect("~/"));
}
}
if (ModelState.IsValid)
{
// validate username/password against in-memory store
var result = _logInManager.Login(model.Username, model.Password);
if (result.Result == AbpLoginResultType.Success)
{
var user = await _userManager.FindByNameAsync(result.User.UserName);
await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id.ToString(), user.UserName));
// only set explicit expiration here if user chooses "remember me".
// otherwise we rely upon expiration configured in cookie middleware.
AuthenticationProperties props = null;
if (AccountOptions.AllowRememberLogin && model.RememberLogin)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration)
};
}
;
// issue authentication cookie with subject ID and username
await HttpContext.SignInAsync(user.Id.ToString(), user.UserName, props);
if (context != null)
{
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return(View("Redirect", new RedirectViewModel {
RedirectUrl = model.ReturnUrl
}));
}
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
return(Redirect(model.ReturnUrl));
}
// request for a local page
if (Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
else if (string.IsNullOrEmpty(model.ReturnUrl))
{
return(Redirect("~/"));
}
else
{
// user might have clicked on a malicious link - should be logged
throw new Exception("invalid return URL");
}
}
await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials"));
ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage);
}
// something went wrong, show form with error
var vm = await BuildLoginViewModelAsync(model);
return(View(vm));
}
