public static void SendEmailForConfirmation(Users u, DataContext db)
{
string code = GenerateString();
Confirmations c = new Confirmations()
{
Email = u.Email,
UserId = u.UserID,
Type = ConfirmType.EmailConfirm,
Code = HttpUtility.UrlDecode(code),
Expiry = DateTime.Now.AddMinutes(30d)
};
db.Confirmations.Add(c);
string addr = HttpUtility.UrlEncode(u.Email);
string link = string.Format("https://haxnet.azurewebsites.net/Auth/ConfirmEmail?Email={0}&Code={1}", addr, code);
using (MailClient mc = new MailClient(u.Email))
{
mc.Subject = "HackNet - Verify your Email Address";
mc.AddLine("");
mc.AddLine("Kindly verify your email address by clicking on the link below");
mc.AddLine("This link will expire in 30 minutes");
mc.AddLine("If that does not work, please use this code: " + code);
mc.Send(u.FullName, "Verify Email", link);
}
db.SaveChanges();
}
public static void SendEmailForPasswordReset(string email)
{
using (DataContext db = new DataContext())
using (Authenticate a = new Authenticate(email))
{
string code = GenerateString();
Confirmations c = new Confirmations()
{
Email = a.Email,
UserId = a.UserId,
Type = ConfirmType.PasswordReset,
Code = HttpUtility.UrlDecode(code), // no need to encode for db
Expiry = DateTime.Now.AddMinutes(30d)
};
db.Confirmations.Add(c);
string addr = HttpUtility.UrlEncode(a.Email);
string link = string.Format("https://haxnet.azurewebsites.net/Auth/ResetPassword?Email={0}&Code={1}", addr, code);
link = HttpUtility.HtmlAttributeEncode(link); // Encoding for QueryString
using (MailClient mc = new MailClient(a.Email))
{
mc.Subject = "Password Reset Request";
mc.AddLine("");
mc.AddLine("You have initiated a password reset request!");
mc.AddLine("If it was you, please click the link below to continue");
mc.AddLine("Otherwise, you can safely ignore this message as it will expire in 30 minutes");
mc.Send("user", "Reset Password", link);
}
db.SaveChanges();
}
}
public static void SendNewPassword(string email, string password)
{
using (DataContext db = new DataContext())
using (Authenticate a = new Authenticate(email))
{
using (MailClient mc = new MailClient(a.Email))
{
mc.Subject = "Password Reset Result";
mc.AddLine("");
mc.AddLine("Your new password is " + password);
mc.AddLine("Please change it as soon as possible and remember it");
mc.Send("user");
}
db.SaveChanges();
}
}
/// <summary>
/// Validate the user's password
/// </summary>
/// <param name="password">The user's password</param>
/// <param name="checkEmailValidity">Whether to check if the email address is verified</param>
/// <returns></returns>
internal AuthResult ValidateLogin(string password, bool checkEmailValidity = true)
{
using (DataContext db = new DataContext())
{
Users user = Users.FindByEmail(this.Email, db);
if (user == null)
{
AuthLogger.Instance.UserNotFound(Email);
return(AuthResult.UserNotFound);
}
// Check IP
string userip = GetIP();
if (UserIPList.CheckUserIPList(userip, user, db))
{
Debug.WriteLine("CHK TRUE");
MailClient m = new MailClient(Email);
m.Subject = "Unrecognised login from IP Address " + userip;
m.AddLine("An unrecognised login has been found");
m.AddLine("If this wasn't you, please contact us.");
m.Send(user.FullName, "Contact Us", "https://haxnet.azurewebsites.net/Contact");
}
else
{
Debug.WriteLine("CHK FALSE");
}
if (checkEmailValidity && !EmailConfirm.IsEmailValidated(user))
{
EmailConfirm.SendEmailForConfirmation(user, db);
return(AuthResult.EmailNotVerified);
}
byte[] bPassword = Encoding.UTF8.GetBytes(password);
byte[] bSalt = user.Salt;
byte[] bHash = Crypt.Instance.Hash(bPassword, bSalt);
if (user.Hash.SequenceEqual(bHash))
{
AuthLogger.Instance.PasswordSuccess(user.Email, user.UserID);
}
else
{
AuthLogger.Instance.PasswordFail(user.Email, user.UserID);
return(AuthResult.PasswordIncorrect);
}
try
{
db.Entry(user).Reference(usr => usr.UserKeyStore).Load();
if (user.UserKeyStore == null)
{
user.UserKeyStore = KeyStore.DefaultDbKeyStore(password, bSalt, user.UserID);
db.SaveChanges();
}
TempKeyStore = new KeyStore(user.UserKeyStore, password, bSalt);
return(AuthResult.Success);
} catch (KeyStoreException) {
return(AuthResult.KeyStoreInvalid);
}
}
throw new AuthException("Login has no result, database failure might have occured.");
}
