public async Task<IActionResult> Login(string ReturnUrl)
{
//auto-authorizing if DB disabled or AllowFullAccessWithoutAuthorization is true
if (SystemController.webServerRules.AllowFullAccessWithoutAuthorization
|| !SystemController.dataBaseConfig.Enable)
{
User user = new User
{
Name = "Admin",
Password = "******"
};
user.SetClaims(Users.User.GetAllClaims());
await Authenticate(user);
if (!String.IsNullOrEmpty(ReturnUrl))
return Redirect(ReturnUrl);
return RedirectToAction("Index", "Home");
}
ViewBag.ReturnUrl = ReturnUrl;
return View(new LoginModel());
}
public int AddUser(User user)
{
db.Users.Add(user);
db.SaveChanges();
return user.Id;
}
public int AddUser(User user)
{
using (var db = new SqlConnection(connectionString))
{
db.Open();
var sqlQuery = "INSERT INTO [Users] (Name, Email, Password,ClaimsJson) "
+
"VALUES(@Name, @Email, @Password,@ClaimsJson); "
+ "SELECT CAST(SCOPE_IDENTITY() as int)";
return db.Query<int>(sqlQuery, user).Single();
}
}
public void UpdateUser(User user)
{
using (var db = new SqlConnection(connectionString))
{
db.Open();
var sqlQuery =
"UPDATE [Users] SET " +
"Name = @Name, " +
"Email = @Email, " +
"Password = @Password, " +
"ClaimsJson = @ClaimsJson " +
"WHERE Id = @Id";
db.Execute(sqlQuery, user);
}
}
public IActionResult Edit(User model)
{
if (db == null)
return View("Error", NO_DB_ERROR);
User user = db.GetUser(model.Name);
if (user == null)
return HttpBadRequest();
user.Email = model.Email;
db.UpdateUser(user);
return RedirectToAction("List");
}
private async Task Authenticate(User user)
{
var claims = new List<Claim>();
claims.Add(new Claim("Name", user.Name));
if (user.GetClaims() != null)
foreach (var claim in user.GetClaims())
{
claims.Add(new Claim(claim, ""));
}
ClaimsIdentity id = new ClaimsIdentity(claims, "ApplicationCookie", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
await HttpContext.Authentication.SignInAsync("Cookies", new ClaimsPrincipal(id));
}
public async Task<IActionResult> Register(RegisterModel model)
{
if (!SystemController.webServerRules.AllowRegistrationOfNewUsers)
return View("Error", "Registration of new users is prohibited. Please contact administrator.");
if (db == null)
return View("Error", NO_DB_ERROR);
if (ModelState.IsValid)
{
User user = db.GetUser(model.Name);
if (user == null)
{
user = new User()
{
Name = model.Name,
Email = model.Email,
Password = model.Password,
};
db.AddUser(user);
await Authenticate(user);
return RedirectToAction("Index", "Home");
}
ModelState.AddModelError("", "User already exists");
}
return View(model);
}
public async Task<IActionResult> UserProfile(RegisterModel model)
{
//prevent start wizard if already passed
if (!bool.Parse(configuration["FirstRun"]))
return View("Error", ALREADY_PASSED_MESSAGE);
//redirect to first step if user came this url directly
if (SystemController.dataBaseConfig == null)
return RedirectToAction("Index");
IUsersRepository db = SystemController.usersDb;
if (ModelState.IsValid)
{
User user = db.GetUser(model.Name);
if (user == null)
{
user = new User()
{
Name = model.Name,
Email = model.Email,
Password = model.Password,
};
user.SetClaims(Users.User.GetAllClaims());
db.AddUser(user);
await Authenticate(user);
return RedirectToAction("Complete");
}
ModelState.AddModelError("", "User already exists");
}
return View(model);
}
public async Task<IActionResult> UserProfile()
{
//prevent start wizard if already passed
if (!bool.Parse(configuration["FirstRun"]))
return View("Error", ALREADY_PASSED_MESSAGE);
//redirect to first step if user came this url directly
if (SystemController.dataBaseConfig == null)
return RedirectToAction("Index");
if (!SystemController.dataBaseConfig.Enable)
{
User user = new User
{
Name = "Admin",
Password = "******"
};
user.SetClaims(Users.User.GetAllClaims());
await Authenticate(user);
return View("UserProfileNoDatabase");
}
if (SystemController.usersDb.GetUsersCount() > 0)
ViewBag.CanSkip = true;
return View(new RegisterModel());
}
public void UpdateUser(User user)
{
db.Users.Update(user);
db.SaveChanges();
}