public ActionResult Login(LoginCredentials credentials, string returnUrl) { var account = Account; if (!ModelState.IsValid) { ErrorMessage = "Email address is not valid."; return View("Index", new MainViewModel(account).WithAccountAccessBase(credentials)); } ValidateLoginCredentials storedCredentials; using (Session) { storedCredentials = Session.Query<Account, IndexEmail>() .Where(x => x.Email == credentials.Email) .AsEnumerable() .Select(x => new ValidateLoginCredentials(x.Password.HashedPassword, x.Password.Salt, x.Id)) .SingleOrDefault(); } if (storedCredentials == null) { ErrorMessage = string.Format("Your password does not match. <a href='{0}'>{1}</a> your password.", Url.Action("PasswordReset", "AccountAccess", new { email = credentials.Email }, "http"), "Reset"); return View("Index", new MainViewModel(account) .WithAccountAccessBase(credentials)); } var task = CommandExecutor.ExecuteCommand(new ValidateUserPasswordCommand(credentials.Password, storedCredentials)); if (!task.Result) { ErrorMessage = string.Format("Your password does not match. <a href='{0}'>{1}</a> your password.", Url.Action("PasswordReset", "AccountAccess", new { email = credentials.Email }, "http"), "Reset"); return View("Index", new MainViewModel(account) .WithAccountAccessBase(credentials)); } FormsAuthentication.SignIn(storedCredentials.Id); App.ResetOutputCache(); ActionResult redirect; if (RedirectToReturnUrl(returnUrl, out redirect)) { return redirect; } return RedirectToRoute("secure", new { Controller = "Home" }); }
public ActionResult Register(LoginCredentials registrationData) { var account = Account; if (!ModelState.IsValid) { ErrorMessage = "Email address is not valid."; return View("Index", new MainViewModel(account) .WithAccountAccessBase(registrationData)); } if (Session.Query<Account, IndexEmail>() .Any(x => x.Email == registrationData.Email)) { ErrorMessage = "Email address is already in use."; return View("Index", new MainViewModel(account) .WithAccountAccessBase(registrationData)); } var task = CommandExecutor.ExecuteCommand(new HashPasswordCommand(registrationData.Password)); var confirmationKey = CommandExecutor.ExecuteCommand(new GenerateUniqueConfirmationKeyCommand(Session)); var newAccount = new Account { Email = registrationData.Email, Password = task.Result, Confirmation = new EmailConfirmation(confirmationKey), KeyQuota = new KeyQuota(App.KeySoftLimit) }; Session.Store(newAccount); FormsAuthentication.SignIn(newAccount.Id); var url = Url.Action("Confirm", "Profile", new { newAccount.Confirmation.Key }, "http"); CommandExecutor.ExecuteCommand(new SendConfirmationEmailCommand(newAccount, url)); return RedirectToRoute("secure", new { Controller = "Profile" }); }