2018-04-17 11:20:49 +02:00
using System;
using System.Collections.Generic;
using System.Data.Entity.Validation;
using System.Diagnostics;
using System.Globalization;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
using System.Web.Hosting;
using System.Web.Mvc;
using System.Web.Security;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.EntityFramework;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin.Security;
using RSystem.DAL;
using RSystem.Managers;
using RSystem.Models;
using RSystem.ViewModels;
namespace RSystem.Controllers
public class AccountController : LangBaseController
private ApplicationSignInManager _signInManager;
private ApplicationUserManager _userManager;
public AccountController()
public AccountController(ApplicationUserManager userManager, ApplicationSignInManager signInManager )
UserManager = userManager;
SignInManager = signInManager;
public ApplicationSignInManager SignInManager
return _signInManager ?? HttpContext.GetOwinContext().Get<ApplicationSignInManager>();
private set
_signInManager = value;
public ApplicationUserManager UserManager
return _userManager ?? HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
private set
_userManager = value;
// GET: /Account/Login
public ActionResult Login(string returnUrl)
//To logoff and get new AntiForgeryToken
if (User.Identity.IsAuthenticated)
return RedirectToAction("Login", returnUrl);
ViewBag.HideMainHeader = true;
ViewBag.ReturnUrl = returnUrl;
return View(new Tuple<LoginViewModel,bool>(new LoginViewModel(),false));
// POST: /Account/Login
public async Task<ActionResult> Login(LoginViewModel model)
ViewBag.HideMainHeader = true;
if (!ModelState.IsValidField("PESEL"))
return View(new Tuple<LoginViewModel, bool>(model, false));
var db=new ApplicationDbContext();
//Login if password is set
if (!string.IsNullOrEmpty(model.Password))
var result = await SignInManager.PasswordSignInAsync(model.PESEL, model.Password, false, shouldLockout: false);
if (result == SignInStatus.Success)
//return RedirectToAction("Index", "Home");
return RedirectToAction("Index", "Home", new { area = "" });
ViewBag.Message = App_LocalResources.Account.Login.IncorrectPassword;
return View(new Tuple<LoginViewModel, bool>(model, false));
//Check if there is an user with such a PESEL if password not set
if (!db.Users.Any(u => u.UserName == model.PESEL))
ViewBag.Message = App_LocalResources.Account.Login.PESELNotFound;
return View(new Tuple<LoginViewModel,bool>(model,false));
return View(new Tuple<LoginViewModel, bool>(model, true));
// GET: /Account/Register
public ActionResult Register()
if (User.Identity.IsAuthenticated)
return View();
// POST: /Account/Register
public async Task<ActionResult> Register(RegisterViewModel model)
if (ModelState.IsValid)
var user = new ApplicationUser { UserName = model.PESEL,Email = model.Email };
var result = await UserManager.CreateAsync(user, model.Password);
if (result.Succeeded)
//Add user to Recruit role
var store = new UserStore<ApplicationUser>(new ApplicationDbContext());
var userMenager = new UserManager<ApplicationUser>(store);
userMenager.AddToRole(user.Id, "Recruit");
await SignInManager.SignInAsync(user, false, rememberBrowser:false);
//Recruit model initialization
await RecruitMenager.InitializeRecruitAsync(user.Id, model.Email);
// string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
// var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
// await UserManager.SendEmailAsync(user.Id, "Confirm your account", "Please confirm your account by clicking <a href=\"" + callbackUrl + "\">here</a>");
return RedirectToAction("Index", "Home");
return View(model);
// GET: /Account/ConfirmEmail
public async Task<ActionResult> ConfirmEmail(string userId, string code)
if (userId == null || code == null)
return View("Error");
var result = await UserManager.ConfirmEmailAsync(userId, code);
return View(result.Succeeded ? "ConfirmEmail" : "Error");
// GET: /Account/ForgotPassword
public ActionResult ForgotPassword()
return View();
// POST: /Account/ForgotPassword
public async Task<ActionResult> ForgotPassword(ForgotPasswordViewModel model)
if (ModelState.IsValid)
var user = await UserManager.FindByNameAsync(model.Email);
if (user == null || !(await UserManager.IsEmailConfirmedAsync(user.Id)))
// Don't reveal that the user does not exist or is not confirmed
return View("ForgotPasswordConfirmation");
// For more information on how to enable account confirmation and password reset please visit https://go.microsoft.com/fwlink/?LinkID=320771
// Send an email with this link
// string code = await UserManager.GeneratePasswordResetTokenAsync(user.Id);
// var callbackUrl = Url.Action("ResetPassword", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
// await UserManager.SendEmailAsync(user.Id, "Reset Password", "Please reset your password by clicking <a href=\"" + callbackUrl + "\">here</a>");
// return RedirectToAction("ForgotPasswordConfirmation", "Account");
// If we got this far, something failed, redisplay form
return View(model);
// GET: /Account/ForgotPasswordConfirmation
public ActionResult ForgotPasswordConfirmation()
return View();
// GET: /Account/ResetPassword
//public ActionResult ResetPassword(string code)
// return code == null ? View("Error") : View();
// POST: /Account/ResetPassword
public async Task<ActionResult> ResetPassword(ResetPasswordViewModel model)
if (!ModelState.IsValid)
return View(model);
var user = await UserManager.FindByNameAsync(model.Email);
if (user == null)
// Don't reveal that the user does not exist
return RedirectToAction("ResetPasswordConfirmation", "Account");
var result = await UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);
if (result.Succeeded)
return RedirectToAction("ResetPasswordConfirmation", "Account");
return View();
// GET: /Account/ResetPasswordConfirmation
public ActionResult ResetPasswordConfirmation()
return View();
// POST: /Account/LogOff
public ActionResult LogOff()
return RedirectToAction("Index", "Home");
protected override void Dispose(bool disposing)
if (disposing)
if (_userManager != null)
_userManager = null;
if (_signInManager != null)
_signInManager = null;
#region Helpers
// Used for XSRF protection when adding external logins
private const string XsrfKey = "XsrfId";
private IAuthenticationManager AuthenticationManager
return HttpContext.GetOwinContext().Authentication;
private void AddErrors(IdentityResult result)
foreach (var error in result.Errors)
ModelState.AddModelError("", error);
private ActionResult RedirectToLocal(string returnUrl)
if (Url.IsLocalUrl(returnUrl))
return Redirect(returnUrl);
return RedirectToAction("Index", "Home");
internal class ChallengeResult : HttpUnauthorizedResult
public ChallengeResult(string provider, string redirectUri)
: this(provider, redirectUri, null)
public ChallengeResult(string provider, string redirectUri, string userId)
LoginProvider = provider;
RedirectUri = redirectUri;
UserId = userId;
public string LoginProvider { get; set; }
public string RedirectUri { get; set; }
public string UserId { get; set; }
public override void ExecuteResult(ControllerContext context)
var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
if (UserId != null)
properties.Dictionary[XsrfKey] = UserId;
context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider);