public async Task <ActionResult> ExternalLoginCallback(string returnUrl)
{
if (Request.IsAuthenticated)
{
return(RedirectToManageLoginsPage(UnexpectedExtrnalLoginError));
}
var loginInfo = await OwinAuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
return(RedirectToAction("Login", new { error = "external-login-failure" }));
}
var user = await OwinUserManager.FindAsync(loginInfo.Login);
if (user != null)
{
// The user has an acoount. Sign her in.
await new LoginHelper(OwinUserManager, OwinAuthenticationManager).Sigin(user, true);
return(RedirectToLocal(returnUrl));
}
else
{
// If the user does not have an account, then prompt the user to create an account.
ViewBag.LoginProvider = loginInfo.Login.LoginProvider;
ViewBag.ReturnUrl = returnUrl;
var model = new ExternalLoginBindingModel
{
Email = loginInfo.Email,
Name = loginInfo.ExternalIdentity.Name
};
return(View("ExternalLoginConfirmation", model));
}
}
public async Task <IHttpActionResult> PostForgot(JObject value)
{
var email = (string)value["email"];
if (!String.IsNullOrEmpty(email))
{
var user = await OwinUserManager.FindByEmailAsync(email.Trim());
if (user != null)
{
if (await OwinUserManager.IsEmailConfirmedAsync(user.Id))
{
// Send the link.
var token = await OwinUserManager.GeneratePasswordResetTokenAsync(user.Id);
var queryString = AccountUtils.GetMailLinkQueryString(token, user.Id);
var host = Request.RequestUri.GetComponents(UriComponents.Host, UriFormat.Unescaped);
var link = "https://" + host + "/account/reset-password?" + queryString;
await EmailUtils.SendPasswordResetEmailAsync(email, link);
}
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public async Task <IHttpActionResult> PostLogin(JObject value)
{
var userName = (string)value["userName"];
var password = (string)value["password"];
var persistent = (bool)value["persistent"];
ApplicationUser user = await OwinUserManager.FindAsync(userName, password);
if (user == null)
{
return(BadRequest("The email address or password is incorrect."));
}
await new LoginHelper(OwinUserManager, OwinAuthenticationManager).Sigin(user, persistent);
return(StatusCode(HttpStatusCode.NoContent));
/*
* Just in case. In the opposite case of token/bearer authentication. How to pass custom values to the OWIN middleware.
* data: {
* grant_type: 'password',
* userName: userName,
* password: password,
* scope: persistent ? 'persistent_cookie' : 'session_cookie', // Pass our custom value. Scope may be a list of values separated by spaces.
* },
* public override void GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
* {
* // AF. A hack to enable the option of session or persistent cookies. We piggy-back the request and pass our custom value. Scope may be sent as a list of values separated by spaces.
* var isPersistent = context.Scope.Any(i => i == "persistent_cookie");
* }
*/
}
public async Task <IHttpActionResult> GetLogins()
{
var userId = this.GetUserId();
var userLogins = (await OwinUserManager.GetLoginsAsync(userId))
.Select(i => new
{
LoginProvider = i.LoginProvider,
ProviderKey = i.ProviderKey,
})
.ToList();
var otherLogins = OwinAuthenticationManager.GetExternalAuthenticationTypes()
.Where(i => userLogins.All(u => u.LoginProvider != i.AuthenticationType))
.Select(i => i.AuthenticationType)
.ToList();
var hasPassword = await OwinUserManager.HasPasswordAsync(userId);
//var user = OwinUserManager.FindById(this.GetUserId());
//var hasPassword = (user != null) && !String.IsNullOrEmpty(user.PasswordHash);
var result = new
{
UserLogins = userLogins,
OtherLogins = otherLogins,
HasPassword = hasPassword,
};
return(Ok(result));
}
public async Task <ActionResult> LinkLoginCallback()
{
var loginInfo = await OwinAuthenticationManager.GetExternalLoginInfoAsync(XsrfKey, this.GetUserId().ToString());
string error = loginInfo != null ? null : "External login failed";
if (error == null)
{
var result = await OwinUserManager.AddLoginAsync(this.GetUserId(), loginInfo.Login);
error = result.PlainErrorMessage("Failed to link external login");
}
return(new RedirectResult(Url.Action("Edit", "Account", null, "https") + "#/logins" + (error == null ? "" : "?error=" + Uri.EscapeUriString(error)))); // Uri.Encode replaces spaces with '+', not '%20'
}
public async Task <IHttpActionResult> PostReset([FromUri] string code, [FromUri] string time, [FromBody] JObject value)
{
//string code = IdentityHelper.GetCodeFromRequest(Request);
int userId = AccountUtils.GetUserIdFromQueryStringValue(time);
if (String.IsNullOrEmpty(code) || userId == 0)
{
return(BadRequest());
}
var password = (string)value["password"];
var result = await OwinUserManager.ResetPasswordAsync(userId, code, password);
return(result.Succeeded
? StatusCode(HttpStatusCode.NoContent)
: (IHttpActionResult)BadRequest(result.PlainErrorMessage()));
}
public async Task <IHttpActionResult> PostPhoneVerification(JObject value)
{
var phoneNumber = (string)value["phoneNumber"];
var code = (string)value["phoneCode"];
if (String.IsNullOrWhiteSpace(phoneNumber) || String.IsNullOrWhiteSpace(code))
{
return(BadRequest());
}
phoneNumber = phoneNumber.Trim();
var result = await OwinUserManager.ChangePhoneNumberAsync(this.GetUserId(), phoneNumber, code);
return(result.Succeeded
? (IHttpActionResult)StatusCode(HttpStatusCode.NoContent)
: (IHttpActionResult)BadRequest("Failed to verify phone"));
}
public async Task <IHttpActionResult> DeleteExternalLogin([FromUri] string loginProvider, [FromUri] string providerKey)
{
var result = await OwinUserManager.RemoveLoginAsync(this.GetUserId(), new UserLoginInfo(loginProvider, providerKey));
if (result.Succeeded)
{
var user = await OwinUserManager.FindByIdAsync(this.GetUserId());
if (user != null)
{
await new LoginHelper(OwinUserManager, OwinAuthenticationManager).Sigin(user, false);
}
}
else
{
throw new Exception(result.PlainErrorMessage("Failed to remove external login"));
}
return(StatusCode(HttpStatusCode.NoContent));
}
public async Task <IHttpActionResult> PutPassword(JObject value)
{
var oldPassword = (string)value["oldPassword"];
var newPassword = (string)value["newPassword"];
var userId = this.GetUserId();
var result = String.IsNullOrEmpty(oldPassword)
? await OwinUserManager.AddPasswordAsync(userId, newPassword)
: await OwinUserManager.ChangePasswordAsync(userId, oldPassword, newPassword);
if (result.Succeeded)
{
OwinAuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
return(StatusCode(HttpStatusCode.NoContent));
}
else
{
return(BadRequest(result.PlainErrorMessage()));
}
}
public async Task <IHttpActionResult> PostPhoneNumber(JObject value)
{
var phoneNumber = (string)value["phoneNumber"];
string code = null;
if (!String.IsNullOrEmpty(phoneNumber))
{
code = await OwinUserManager.GenerateChangePhoneNumberTokenAsync(this.GetUserId(), phoneNumber.Trim());
}
if (!String.IsNullOrEmpty(code))
{
return(StatusCode(HttpStatusCode.NoContent));
// Do not return the code to the client while in production! Send it via SMS.
//return Ok(code);
}
else
{
return(BadRequest("Verification code not sent."));
}
// A phone number can be removed by calling UserManager.SetPhoneNumberAsync(userId, null);
}
public async Task <ActionResult> ConfirmEmail()
{
int userId = AccountUtils.GetUserIdFromRequest(Request);
string code = AccountUtils.GetCodeFromRequest(Request);
bool success = false;
if (userId != 0 && !String.IsNullOrEmpty(code))
{
var result = await OwinUserManager.ConfirmEmailAsync(userId, code);
success = result.Succeeded;
}
if (success && Request.IsAuthenticated)
{
return(Redirect(Url.Action("Edit", "Account", null, "https") + "#/logins"));
}
else
{
// If the user comes to the Login page authenticated, she gets redirected further to the login management page.
OwinAuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
return(Redirect(Url.Action("Login", "Account", new { confirmed = success }, "https")));
}
}
public async Task <IHttpActionResult> PutEmail(JObject value)
{
var userId = this.GetUserId();
// TODO. Store the old confirmed email. To replace a confirmed email with an unconfirmed one is a bed idea. But we have no infrastructure currently to store an unconfirmed email temporarily.
if (await OwinUserManager.IsEmailConfirmedAsync(userId))
{
return(BadRequest("Unable to change a confirmed email address."));
}
var email = (string)value["email"];
if (String.IsNullOrWhiteSpace(email))
{
return(BadRequest());
}
email = email.Trim();
var result = await OwinUserManager.SetEmailAsync(userId, email);
if (result.Succeeded)
{
var confirmationToken = await OwinUserManager.GenerateEmailConfirmationTokenAsync(userId);
var queryString = AccountUtils.GetMailLinkQueryString(confirmationToken, userId);
var host = Request.RequestUri.GetComponents(UriComponents.Host, UriFormat.Unescaped);
var link = "http://" + host + "/account/confirm-email?" + queryString;
var displayName = this.GetUserDisplayName();
await EmailUtils.SendVerificationEmailAsync(email, displayName, link);
return(StatusCode(HttpStatusCode.NoContent));
}
else
{
return(BadRequest(result.PlainErrorMessage("Failed to change email address.")));
}
}
