/// <summary> /// Performs the login sequence /// </summary> /// <param name="user"></param> /// <returns></returns> private Nancy.Response ProcessLogin(NcbUser user) { user.PasswordHash = null; DateTime nextDay = DateTime.Now.AddDays(+1); var response = this.LoginWithoutRedirect(user.Guid, nextDay); response.Contents = (s) => { var json = JsonConvert.SerializeObject(user); StreamWriter sw = new StreamWriter(s); sw.Write(json); sw.Flush(); }; if (user.UserName.StartsWith("fb_")) { response = response.WithCookie("_ncbfbuser", "1", nextDay); } var guid = user.Guid.ToString(); if (this.Context.GetUserId() != guid) { this.Context.Items["userid"] = user.Guid.ToString(); } return(response); }
public static void GenerateUserCode(NancyBlackDatabase db, NcbUser user) { user.Code = Guid.NewGuid().ToString().Substring(0, 5).ToUpper(); user.CodeRequestDate = DateTime.Now; db.UpsertRecord <NcbUser>(user); }
/// <summary> /// Find User's Claim /// </summary> /// <param name="siteDb"></param> /// <param name="user"></param> private void AssignClaims(NancyBlackDatabase siteDb, NcbUser user) { var enroll = siteDb.Query <NcbEnroll>() .Where(e => e.IsActive && e.NcbUserId == user.Id) .ToList(); if (enroll.Count > 0) { var claims = new List <string>(); foreach (var item in enroll) { var _claims = GetRoleById(siteDb, item.NcbRoleId).Claims; if (_claims == null) { continue; } claims.AddRange(from c in GetRoleById(siteDb, item.NcbRoleId).Claims select c); } user.Claims = claims; } else { user.Claims = new string[0]; } }
/// <summary> /// Registers /// </summary> /// <param name="db"></param> /// <param name="registerParameters"></param> /// <returns></returns> public NcbUser Register(NancyBlackDatabase db, string email, string passwordHash, bool genCode = false, bool returnExisting = false, dynamic initialProfile = null) { var existing = db.Query <NcbUser>() .Where(u => u.Email == email) .FirstOrDefault(); if (existing != null) { if (returnExisting == true) { // Update the profile if (initialProfile != null) { existing.Profile = initialProfile; db.UpsertRecord(existing); } return(existing); } throw new InvalidOperationException("Email already in use"); } var user = new NcbUser(); user.Email = email; user.PasswordHash = passwordHash; user.Guid = Guid.NewGuid(); user.Profile = initialProfile; if (genCode == true) { user.Code = Guid.NewGuid().ToString(); user.CodeRequestDate = DateTime.Now; } db.UpsertRecord(user); user.PasswordHash = null; return(user); }
/// <summary> /// Registers /// </summary> /// <param name="db"></param> /// <param name="registerParameters"></param> /// <returns></returns> public NcbUser Register(NancyBlackDatabase db, string userName, string email, string passwordHash, bool genCode = false, bool returnExisting = false, dynamic initialProfile = null, Guid?existingGuid = null) { var existing = db.Query <NcbUser>() .Where(u => u.UserName == userName) .FirstOrDefault(); if (existing != null) { if (returnExisting == true) { // try to get email if user specified one in facebook if (initialProfile != null) { bool save = false; // this will allow admin to add Email to User and have the profile updated if (existing.Email != null && initialProfile.email == null && existing.Email.StartsWith("fb_") == false) { existing.Profile.email = existing.Email; save = true; } // if user has set the email, we extract the email into email field if (initialProfile.email != null && existing.Email.StartsWith("fb_")) { existing.Email = initialProfile.email; save = true; } if (save) { db.UpsertRecord(existing); } } return(existing); } throw new InvalidOperationException("Email already in use"); } var user = new NcbUser(); user.UserName = userName; user.Email = email; user.PasswordHash = passwordHash; user.Profile = initialProfile; if (existingGuid != null) { user.Guid = existingGuid.Value; } else { user.Guid = Guid.NewGuid(); } if (genCode == true) { user.Code = Guid.NewGuid().ToString(); user.CodeRequestDate = DateTime.Now; } // if user is facebook user, keep the id from profile too if (user.UserName.StartsWith("fb_") && user.Profile != null) { user.FacebookAppScopedId = user.Profile.id; } db.UpsertRecord(user); user.PasswordHash = null; return(user); }
/// <summary> /// Performs the login sequence /// </summary> /// <param name="user"></param> /// <returns></returns> private Nancy.Response ProcessLogin(NcbUser user) { user.PasswordHash = null; user.Id = 0; var response = this.LoginWithoutRedirect(user.Guid, DateTime.Now.AddMinutes(15)); response.Cookies.Add(new Nancy.Cookies.NancyCookie("UserInfo", JsonConvert.SerializeObject(user))); return response; }
public MembershipModule() { this.GenerateFailSafeKey(); Get["/__membership/login"] = p => { return(View["membership-login", new StandardModel(this)]); }; Get["/__membership/logindialog"] = p => { return(View["ncb-membership-logindialog", new StandardModel(this)]); }; Get["/__membership/resetpassword"] = p => { return(View["membership-resetpassword", new StandardModel(this)]); }; Get["/__membership/logout"] = p => { var response = this.LogoutAndRedirect("/"); response = response.WithCookie("_ncbfbuser", "0", DateTime.Now.AddDays(-10)); return(response); }; Post["/__membership/login"] = p => { var loginParams = this.Bind <LoginParams>(); var user = UserManager.Current.GetUserFromLogin(this.SiteDatabase, loginParams.Email, loginParams.Password); if (user == null) { return(403); } return(this.ProcessLogin(user)); }; Post["/__membership/loginfacebook"] = this.HandleRequest(p => { var input = p.body.Value; if (input == null) { return(400); } // this is the guid that nancyblack generated to identify session var existingGuid = Guid.Parse(this.Request.Cookies[BuiltInCookies.UserId]); var userName = "******" + input.me.id; NcbUser user = UserManager.Current.Register(this.SiteDatabase, userName, input.me.email == null ? userName : (string)input.me.email, this.GetHash(userName), false, true, input.me, existingGuid); return(this.ProcessLogin(user)); }); Post["/__membership/register"] = p => { var existingGuid = Guid.Parse(this.Request.Cookies[BuiltInCookies.UserId]); var registerParams = this.Bind <LoginParams>(); var user = UserManager.Current.Register(this.SiteDatabase, registerParams.Email, registerParams.Email, registerParams.Password, existingGuid: existingGuid); return(this.ProcessLogin(user)); }; Post["/__membership/reset"] = p => { var registerParams = this.Bind <LoginParams>(); var user = UserManager.Current.Reset(this.SiteDatabase, registerParams.Email, registerParams.Password, registerParams.Code); return(this.ProcessLogin(user)); }; Post["/__membership/resetrequest"] = this.HandleRequest(this.HandlePasswordRequest); Get["/__membership/myclaims"] = _ => { return(View["membership-myclaims", new StandardModel(this)]); }; Get["/__membership/enroll"] = _ => { if (this.Context.CurrentUser == null || this.Context.CurrentUser.UserName == NcbUser.Anonymous) { return(this.Response.AsRedirect("/__membership/login?returnUrl=/__membership/enroll")); } return(View["membership-enroll", new StandardModel(this)]); }; Post["/__membership/enroll"] = this.HandleRequest(this.HandleEnroll); Post["/__membership/api/updateprofile"] = this.HandleRequest(this.UpdateProfile); Get["/__membership/impersonate/{guid}"] = this.HandleRequest((arg) => { if (this.Request.Query.failsafetoken != null) { if (this.Request.Query.failsafetoken != _FailSafeCode) { return(403); } } else { if (this.CurrentUser.HasClaim("admin") == false) { return(403); } } string guid = arg.guid; var user = UserManager.Current.GetUserFromIdentifier(Guid.Parse(guid), this.Context); return(this.ProcessLogin(user as NcbUser)); }); }
/// <summary> /// Find User's Claim /// </summary> /// <param name="siteDb"></param> /// <param name="user"></param> private void AssignClaims(NancyBlackDatabase siteDb, NcbUser user ) { var enroll = siteDb.Query<NcbEnroll>() .Where(e => e.IsActive && e.NcbUserId == user.Id) .ToList(); if (enroll.Count > 0) { var claims = new List<string>(); foreach (var item in enroll) { claims.AddRange(from c in this.GetRoleById(siteDb, item.NcbRoleId).Claims select c); } user.Claims = claims; } else { user.Claims = new string[0]; } }
/// <summary> /// Registers /// </summary> /// <param name="db"></param> /// <param name="registerParameters"></param> /// <returns></returns> public NcbUser Register( NancyBlackDatabase db, string email, string passwordHash ) { var existing = db.Query<NcbUser>() .Where(u => u.Email == email) .FirstOrDefault(); if (existing != null) { throw new InvalidOperationException("Email already in use"); } var user = new NcbUser(); user.Email = email; user.PasswordHash = passwordHash; user.Guid = Guid.NewGuid(); db.UpsertRecord(user); user.PasswordHash = null; return user; }
/// <summary> /// Hooks the login process /// </summary> /// <param name="p"></param> public void Hook(IPipelines p) { p.BeforeRequest.AddItemToEndOfPipeline((ctx) => { if (ctx.CurrentUser == null) { if (ctx.Request.Url.HostName == "localhost" || ctx.Request.Url.HostName.Contains("local.") || ctx.Request.Url.Port == 10096) { ctx.CurrentUser = NcbUser.LocalHostAdmin; } else { ctx.CurrentUser = new NcbUser() { Guid = Guid.Parse(ctx.Items[BuiltInCookies.UserId] as string) }; } } else { // ensure that we use same guid as currently logged in user ctx.Items[BuiltInCookies.UserId] = (ctx.CurrentUser as NcbUser).Guid.ToString(); } return(null); }); BootStrapper.SetCookies += (ctx) => { if (ctx.CurrentUser == null || ctx.CurrentUser.UserName == "Anonymous") { ctx.Response.WithCookie("_ncbfbuser", "0", DateTime.MinValue); } }; p.AfterRequest.AddItemToEndOfPipeline((ctx) => { // user did not log in // we try to gather profile from whatever we have in database if (ctx.CurrentUser != null && ctx.CurrentUser.UserName == "Anonymous") { var userId = (string)ctx.Items[BuiltInCookies.UserId]; var cacheKey = "TempUserCache-" + userId; NcbUser user = MemoryCache.Default[cacheKey] as NcbUser; if (user != null) { // still anonymous because did not logged in but we assign profile var ncbUser = (NcbUser)ctx.CurrentUser; ncbUser.Profile = user.Profile; ncbUser.Email = user.Profile.email; } else { var guid = Guid.Parse(userId); var db = ctx.GetSiteDatabase(); user = db.Query <NcbUser>().Where(u => u.Guid == guid).FirstOrDefault(); if (user == null) { var lead = db.Query <Level51FacebookLead>().Where(u => u.UserGuid == userId).FirstOrDefault(); if (lead != null) { ctx.CurrentUser = new NcbUser() { UserName = "******", Guid = guid, Email = lead.Email, Profile = JObject.FromObject(new { email = lead.Email, first_name = lead.FirstName, last_name = lead.LastName }) }; } else { ctx.CurrentUser = new NcbUser() { UserName = "******", Guid = guid, Email = userId + "@level51pc.com", Profile = JObject.FromObject(new { email = userId + "@level51pc.com", first_name = userId, last_name = "" }) }; } } else { var ncbUser = (NcbUser)ctx.CurrentUser; ncbUser.Profile = user.Profile; ncbUser.Email = user.Profile.email; } MemoryCache.Default.Add(cacheKey, ctx.CurrentUser, DateTimeOffset.Now.AddMinutes(5)); } } }); }
public MembershipModule() { this.GenerateFailSafeKey(); Get["/__membership/login"] = p => { return(View["membership-login", new StandardModel(this)]); }; Get["/__membership/logindialog"] = p => { return(View["ncb-membership-logindialog", new StandardModel(this)]); }; Get["/__membership/resetpassword"] = p => { return(View["membership-resetpassword", new StandardModel(this)]); }; Get["/__membership/logout"] = p => { var response = this.LogoutAndRedirect("/"); response = response.WithCookie("_ncbfbuser", "0", DateTime.Now.AddDays(-10)); return(response); }; Post["/__membership/login"] = p => { var loginParams = this.Bind <LoginParams>(); var user = UserManager.Current.GetUserFromLogin(this.SiteDatabase, loginParams.Email, loginParams.Password); if (user == null) { return(403); } return(this.ProcessLogin(user)); }; Post["/__membership/logingoogle"] = this.HandleRequest(p => { var input = p.body.Value; if (input == null) { return(400); } if (this.Context.Items[BuiltInCookies.UserId] == null) { return(403); } var payload = GoogleJsonWebSignature.ValidateAsync((string)input.token).Result; if (payload == null) { return(400); } string inputEmail = (string)input.me.email; if (string.IsNullOrEmpty(inputEmail) == false) { var existingUser = this.SiteDatabase.Query <NcbUser>().Where(u => u.Email == inputEmail).FirstOrDefault(); if (existingUser != null) { return(this.ProcessLogin(existingUser)); } } // this is the guid that nancyblack generated to identify session var existingGuid = Guid.Parse(this.Context.Items[BuiltInCookies.UserId] as string); var userName = "******" + input.me.id; NcbUser user = UserManager.Current.Register(this.SiteDatabase, userName, input.me.email == null ? userName : (string)input.me.email, this.GetHash(userName), false, true, input.me, existingGuid); return(this.ProcessLogin(user)); }); Post["/__membership/loginfacebook"] = this.HandleRequest(p => { var input = p.body.Value; if (input == null) { return(400); } if (this.Context.Items[BuiltInCookies.UserId] == null) { return(403); } if (this.VerifyFacebookToken((string)input.me.id, (string)input.token) == false) { return(403); } // see if this email already used, if already used - login that user string inputEmail = input.me.email as string; if (string.IsNullOrEmpty(inputEmail) == false) { var existingUser = this.SiteDatabase.Query <NcbUser>().Where(u => u.Email == inputEmail).FirstOrDefault(); if (existingUser != null) { return(this.ProcessLogin(existingUser)); } } // this is the guid that nancyblack generated to identify session var existingGuid = Guid.Parse(this.Context.Items[BuiltInCookies.UserId] as string); var userName = "******" + input.me.id; NcbUser user = UserManager.Current.Register(this.SiteDatabase, userName, input.me.email == null ? userName : (string)input.me.email, this.GetHash(userName), false, true, input.me, existingGuid); var chat = this.SiteDatabase.Query <FacebookMessengerSystem.Types.FacebookChatSession>() .Where(s => s.NcbUserId == user.Id) .FirstOrDefault(); user.Profile.SendContactEvent = false; if (chat != null) { if (DateTime.Now.Subtract(chat.LastPixelContactEventSent).TotalDays > 7) { chat.LastPixelContactEventSent = DateTime.Now; this.SiteDatabase.UpsertRecord(chat); user.Profile.SendContactEvent = true; } } return(this.ProcessLogin(user)); }); Post["/__membership/register"] = p => { var existingGuid = Guid.Parse(this.Context.Items[BuiltInCookies.UserId] as string); var registerParams = this.Bind <LoginParams>(); var user = UserManager.Current.Register(this.SiteDatabase, registerParams.Email, registerParams.Email, registerParams.Password, existingGuid: existingGuid); return(this.ProcessLogin(user)); }; Post["/__membership/reset"] = p => { var registerParams = this.Bind <LoginParams>(); var user = UserManager.Current.Reset(this.SiteDatabase, registerParams.Email, registerParams.Password, registerParams.Code); return(this.ProcessLogin(user)); }; Post["/__membership/resetrequest"] = this.HandleRequest(this.HandlePasswordRequest); Get["/__membership/myclaims"] = _ => { return(View["membership-myclaims", new StandardModel(this)]); }; Get["/__membership/enroll"] = _ => { if (this.Context.CurrentUser == null || this.Context.CurrentUser.UserName == NcbUser.Anonymous) { return(this.Response.AsRedirect("/__membership/login?returnUrl=/__membership/enroll")); } return(View["membership-enroll", new StandardModel(this)]); }; Post["/__membership/enroll"] = this.HandleRequest(this.HandleEnroll); Post["/__membership/api/updateprofile"] = this.HandleRequest(this.UpdateProfile); Get["/__membership/impersonate/{id:int}"] = this.HandleRequest((arg) => { if (this.Request.Query.failsafetoken != null) { if (this.Request.Query.failsafetoken != _FailSafeCode) { return(403); } } else { if (this.CurrentUser.HasClaim("admin") == false) { return(403); } } int id = arg.id; var ncbUser = this.SiteDatabase.GetById <NcbUser>(id); var user = UserManager.Current.GetUserFromIdentifier(ncbUser.Guid, this.Context); return(this.ProcessLogin(user as NcbUser)); }); Get["/__membership/impersonate/{guid}"] = this.HandleRequest((arg) => { if (this.Request.Query.failsafetoken != null) { if (this.Request.Query.failsafetoken != _FailSafeCode) { return(403); } } else { if (this.CurrentUser.HasClaim("admin") == false) { return(403); } } string guid = arg.guid; var user = UserManager.Current.GetUserFromIdentifier(Guid.Parse(guid), this.Context); return(this.ProcessLogin(user as NcbUser)); }); }