protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
string actionName = filterContext.ActionDescriptor.ActionName;
HttpCookie cookie = Request.Cookies["Session"];
if (cookie != null)
{
string cookieValue = cookie.Value;
PartnerSessionDTO session = null;
try
{
byte[] sessionId = FormatHelper.FromHexStringToArray(cookieValue);
PartnerSessionBLL sessionBLL = new PartnerSessionBLL(WebApp.Connector);
session = sessionBLL.ReadById(sessionId);
}
catch { }
DateTime?expiresOn = session?.ExpiresOn;
if (session != null && ((expiresOn != null && expiresOn > DateTime.UtcNow) || expiresOn == null) && session.IsActive && session.Partner.HasEmailAddressBeenVerified)
{
if (actionName != "Logout")
{
filterContext.Result = RedirectToAction("Home", "Management");
}
}
else if (actionName == "Logout")
{
filterContext.Result = RedirectToAction("Login");
}
}
TempData.Clear();
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
HttpCookie cookie = Request.Cookies["Session"];
if (cookie != null)
{
string cookieValue = cookie.Value;
if (!string.IsNullOrEmpty(cookieValue))
{
try
{
byte[] sessionId = FormatHelper.FromHexStringToArray(cookieValue);
PartnerSessionBLL sessionBLL = new PartnerSessionBLL(WebApp.Connector);
PartnerSessionDTO session = sessionBLL.ReadById(sessionId);
DateTime utcNow = DateTime.UtcNow;
if (session?.ExpiresOn > utcNow && session.IsActive)
{
if (session.Partner.HasEmailAddressBeenVerified)
{
sessionBLL.UpdateExpiration(sessionId, utcNow.AddMinutes(15));
CurrentSession = session;
}
else
{
ReturnToLogin(filterContext, "EmailAddressHasNotBeenVerified");
}
}
else
{
ReturnToLogin(filterContext, "YourSessionHasExpired");
}
}
catch { ReturnToLogin(filterContext, "YouShouldLogInFirst"); }
}
else
{
ReturnToLogin(filterContext, "YouShouldLogInFirst");
}
}
else
{
ReturnToLogin(filterContext, "YouShouldLogInFirst");
}
}
public LoginResult Login(PartnerCredentialDTO credential, IPAddress ipAddress, bool keepOpened, out PartnerSessionDTO session)
{
Connector.IsTransaction = true;
PartnerBLL partnerBLL = new PartnerBLL(Connector);
PartnerDTO partner = partnerBLL.ReadByUsername(credential.Username);
if (partner != null)
{
if (!partner.IsLocked)
{
byte[] credentialPassword = SHA512Hasher.Hash(credential.Password);
if (BinaryComparer.AreEqual(credentialPassword, partner.Password))
{
if (partner.HasEmailAddressBeenVerified)
{
DateTime loggedAt = DateTime.UtcNow;
session = new PartnerSessionDTO()
{
Partner = partner,
IPAddress = ipAddress,
LoggedAt = loggedAt
};
if (!keepOpened)
{
session.ExpiresOn = loggedAt.AddMinutes(16);
}
Create(session);
Connector.CommitTransaction();
return(LoginResult.OK);
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.EmailAddressHasNotBeenVerified);
}
}
else
{
PartnerLoginAttemptBLL loginAttemptBLL = new PartnerLoginAttemptBLL(Connector);
PartnerLoginAttemptDTO loginAttempt = new PartnerLoginAttemptDTO()
{
Partner = partner,
IPAddress = ipAddress
};
loginAttemptBLL.Create(loginAttempt);
Guid partnerId = partner.Id;
PartnerSessionDTO lastSession = ReadLastByPartner(partnerId);
List <PartnerLoginAttemptDTO> loginAttempts = loginAttemptBLL.ReadByPartnerAndTimeStampAsDate(partnerId, lastSession?.LoggedAt ?? DateTime.UtcNow.Date).ToList();
if (loginAttempts.Count >= 3)
{
partnerBLL.Update(partnerId, new Dictionary <string, object>()
{
{ "IsLocked", true }
});
}
Connector.CommitTransaction();
session = null;
return(LoginResult.PasswordDoesntMatch);
}
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.AccountIsLocked);
}
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.AccountDoesntExist);
}
}
public CreateResult Create(PartnerSessionDTO session)
{
Repository.Insert(session, out byte[] id);
session.Id = id;
return(CreateResult.OK);
}
public static byte[] Generate(PartnerSessionDTO session) => Generate($"Security.PartnerSession|Partner={session.Partner.Id};IPAddress={session.IPAddress}");
