public ActionResult ForgotPassword(string forgottenPasswordEmailAddress, string returnurl)
{
//if there isnt a hidden on the page - in this case we always know the return url so dont need one
if (returnurl == null || returnurl.IsBlank())
{
returnurl = "Security/Login";
}
PersonList people = Models.PersonList.LoadByEmail(forgottenPasswordEmailAddress);
if (people.Count > 1)
{
Web.ErrorMessage = "Sorry there are multiple users with this email address, therefore we are unable to automatically change your password, please contact the administrator.";
return(Redirect(Web.Root + "Security/Login?mode=norem"));
}
Security s = new Security();
if (s.IsPasswordReminderPossible)
{
s.SendPasswordReminder(forgottenPasswordEmailAddress, returnurl);
}
else
{
s.SendPasswordReset(forgottenPasswordEmailAddress, "security/ChangePassword");
}
//if (s.IsSuccess) {
// Web.InfoMessage = "The password reset email has been sent to your email. Please check your email and follow the link.";
//} else {
Web.InfoMessage = s.ResultMessage;
//}
return(Redirect(Web.Root + "Security/Login"));
}
public void RemoteTwitchLogin(Security s, string username, ref string pCode)
{
if (username.ToLower().EndsWith("@beweb.co.nz"))
{
var remoteLogin = "******";
var isRemoteLoginOnline = false;
try {
var twitchKey = Util.GetSetting("TwitchKey", "dsigbsd9uFSdsg897gasiu%%$#*gas79%*gakisfaf");
remoteLogin = Http.Get("http://twitch.beweb.co.nz/Security/RemoteLogin?EncEmail=" + Crypto.Encrypt(username, twitchKey) + "&EncPassword="******"&EncRemembered=" + Crypto.Encrypt(Crypto.Decrypt(pCode), twitchKey));
isRemoteLoginOnline = true;
} catch { }
var localPerson = new ActiveRecord(Security.PersonTableName, Security.PersonTableName + "ID");
var personExists = localPerson.LoadData(new Sql("where Email = ", username.SqlizeText()));
// If twitch is online and rejects the user login, then setup to fail the login
if (isRemoteLoginOnline && remoteLogin == "Failed")
{
pCode = "invalid user " + Crypto.Random();
s.ResultMessage = "Invalid Twitch login";
if (personExists)
{
localPerson["IsActive"].ValueObject = false;
localPerson.Save();
}
}
if (remoteLogin != "Failed")
{
if (!personExists)
{
localPerson["FirstName"].ValueObject = remoteLogin.Split("|")[0];
localPerson["LastName"].ValueObject = remoteLogin.Split("|")[1] + "*";
localPerson["Email"].ValueObject = username;
localPerson["Role"].ValueObject = "administrators,superadmins,developers";
localPerson["Password"].ValueObject = Security.CreateSecuredPassword(RandomPassword.Generate(5, 7));
localPerson["IsActive"].ValueObject = true;
localPerson.Save();
s.ResultMessage = "Logged in via Twitch";
}
else
{
// log user in with existing account
localPerson["IsActive"].ValueObject = true;
localPerson.Save();
s.ResultMessage = "Logged in via Twitch, using local person";
}
pCode = Security.DecryptPassword(localPerson["Password"].ToString());
}
}
}
public ActionResult Login(string t, string u)
{
if (t.IsNotBlank() && u.IsNotBlank())
{
bool isImpersonateOk = Crypto.CheckMinuteCypher(t, 1);
if (!isImpersonateOk)
{
Web.ErrorMessage = "Impersonating failed";
return(Redirect(Web.Root));
}
int id = Crypto.DecryptID(u);
Person p = Person.LoadByPersonID(id);
if (p != null)
{
Web.Session.Add("Impersonating", true);
//string passwordToken = "|" + "|" + "|" + "|";
string password = Crypto.Decrypt(p.Password);
return(LoginSubmit(p.Email, password, true));
}
else
{
Web.ErrorMessage = "Impersonating failed";
return(Redirect(Web.Root));
}
}
var data = new LoginFormViewData();
TrackingBreadcrumb.Current.AddBreadcrumb(1, "Login");
// save the lastUrl - for login redirect later
//if (Request.UrlReferrer != null && !Request.UrlReferrer.AbsoluteUri.ContainsInsensitive("security/login")) {
// Session["LastUrl"] = Request.UrlReferrer.AbsoluteUri;
//} else {
// Session["LastUrl"] = "~/admin/";
//}
if (!Request["ReturnUrl"].ContainsInsensitive("loginsubmit")) // this will prevent login submit not found after first login fails(i.e. using the wrong username and password) JC 20140427
{
Session["LastUrl"] = Request["ReturnUrl"];
}
if (Session["LastUrl"] + "" == "")
{
if (EnableMemberLogin)
{
Session["LastUrl"] = MemberWelcomeUrl; // you can change this to the default URL people go to after logging in - eg Members Section - this applies when browsing directly to login page
}
else
{
Session["LastUrl"] = Web.AdminRoot; // by default, we go to admin menu after logging in
}
}
// if logged in AND we have a ReturnUrl in the querystring, the person must not be authorised for that page - hopefully this assumption is always correct
if (Security.IsLoggedIn && Request["ReturnUrl"].IsNotBlank())
{
ModelState.AddModelError("Login", "Sorry, your user name doesn't have permission to access that area.");
}
// get the remembered values
var s = new Beweb.Security();
s.GetRemembered();
data.Username = s.RememberedUser;
data.ForgottenPasswordEmailAddress = s.RememberedUser;
data.RememberPwd = s.IsRemembered;
data.PCode = s.RememberedPassword; // if cookied this will be an encrypted version
if (s.IsRemembered && AutologinSkipLoginScreen && ModelState.Count == 0)
{
if (Request["logout"] == "1")
{
// user has just chosen to log out, so they will want to log in with a different user or at least not auto-login again
Security.ClearSecurityCookies();
data.Username = "";
data.PCode = "";
data.RememberPwd = false;
Web.InfoMessage = "Your login details have been removed from this computer.";
}
else
{
return(LoginSubmit(data.Username, data.PCode, true));
}
}
else if (EnableSavvySingleSignOn && ModelState.Count == 0 && s.CheckSavvySingleSignOn())
{
// single sign in Savvy Classic ASP to Savvy MVC .Net
return(LoginSubmit(s.RememberedUser, s.RememberedPassword, true));
}
return(ReturnLoginView(data));
}
public ActionResult SSODotNet()
{
// to use this call:
// sso_classic.asp?ssoDotNet=Utils%2fsso_dotnet.aspx&success=PartSale.aspx&fail=login.asp
// params:
// success: page to redirect to if cookie is there and GUID matches, i.e. successful sso. Remember to UrlEncode this value ESPECIALLY if it contains query string stuff
// fail: fail page
string AdminId = String.Empty;
//if(Beweb.Util.ServerIs() == "DEV")
//{
// // don't bother checking - auto log in for dev
// //AdminId = Request.QueryString["administratorId"]; // 161 for matt
// AdminId = Beweb.BewebData.GetValue(
// "SELECT AdministratorID FROM Administrator WHERE Email=@Email",
// new Parameter("Email", TypeCode.String, "matt"),
// BewebData.GetConnectionString("ExtranetConnectionString"));
//}
//else
//{
if (String.IsNullOrEmpty(Request.QueryString["sso"]))
{
return(RedirectFail());
}
string ssoGuid = Request.QueryString["sso"];
// output.Text += String.Format("<br /><br />[{0}]", ssoGuid);
// check the database for the ssoGuid - make sure it was just set (with some leeway)
AdminId = BewebData.GetValue(
"SELECT AdministratorId FROM Administrator WHERE SsoGuid=@SsoGuid AND SsoSetTime>DATEADD(minute, -2, GETDATE())",
new Parameter("SsoGuid", TypeCode.String, ssoGuid),
BewebData.GetConnectionString("ExtranetConnectionString"));
//}
if (String.IsNullOrEmpty(AdminId))
{
return(RedirectFail());
}
string securityRoles = BewebData.GetValue(new Sql("select role from Administrator WHERE AdministratorID=", AdminId.SqlizeNumber()), BewebData.GetConnectionString("ExtranetConnectionString"));
string name = BewebData.GetValue(new Sql().AddRawSqlString("select firstname+' ' +lastname as name from Administrator").Add(" WHERE AdministratorID=", AdminId.SqlizeNumber()), BewebData.GetConnectionString("ExtranetConnectionString"));
//FormsAuthentication.Initialize();
//FormsAuthentication.HashPasswordForStoringInConfigFile(AdminId, "sha1");
//// Create a new ticket used for authentication
//FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
// 1, // Ticket version
// AdminId, // Username to be associated with this ticket
// DateTime.Now, // Date/time issued
// DateTime.Now.AddMinutes(60), // Date/time for login to expire (web.config setting is ignored)
// true, // "true" for a persistent user cookie (could be a checkbox on form)
// securityRoles, // User-data (the roles from this user record in our database)
// FormsAuthentication.FormsCookiePath); // Path cookie is valid for
//// Hash the cookie for transport over the wire
//string hash = FormsAuthentication.Encrypt(ticket);
//HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
//Response.Cookies.Add(cookie);
Security.SetSecurityCookies(name, false, AdminId);
Security.CreateAuthCookie(securityRoles, AdminId);
//UserSession.Person = Models.Person.LoadID();
//var login = new Security().Login(AdminId);
//Security.LoggedInUserID = AdminId
//UserSession.Person = Models.Person.LoadID(AdminId.ToIntOrDie());
return(RedirectSuccess());
}
