using System; using System.Collections.Generic; using System.Data.Entity.Validation; using System.Diagnostics; using System.Globalization; using System.Linq; using System.Security.Claims; using System.Threading.Tasks; using System.Web; using System.Web.Hosting; using System.Web.Mvc; using System.Web.Security; using Microsoft.AspNet.Identity; using Microsoft.AspNet.Identity.EntityFramework; using Microsoft.AspNet.Identity.Owin; using Microsoft.Owin.Security; using RSystem.DAL; using RSystem.Managers; using RSystem.Models; using RSystem.ViewModels; namespace RSystem.Controllers { [Authorize] public class AccountController : LangBaseController { private ApplicationSignInManager _signInManager; private ApplicationUserManager _userManager; public AccountController() { } public AccountController(ApplicationUserManager userManager, ApplicationSignInManager signInManager ) { UserManager = userManager; SignInManager = signInManager; } public ApplicationSignInManager SignInManager { get { return _signInManager ?? HttpContext.GetOwinContext().Get(); } private set { _signInManager = value; } } public ApplicationUserManager UserManager { get { return _userManager ?? HttpContext.GetOwinContext().GetUserManager(); } private set { _userManager = value; } } // GET: /Account/Login [AllowAnonymous] public ActionResult Login(string returnUrl) { //To logoff and get new AntiForgeryToken if (User.Identity.IsAuthenticated) { AuthenticationManager.SignOut(); Session.Abandon(); return RedirectToAction("Login", returnUrl); } ViewBag.HideMainHeader = true; ViewBag.ReturnUrl = returnUrl; return View(new Tuple(new LoginViewModel(),false)); } // POST: /Account/Login [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task Login(LoginViewModel model) { ViewBag.HideMainHeader = true; if (!ModelState.IsValidField("PESEL")) return View(new Tuple(model, false)); var db=new ApplicationDbContext(); //Login if password is set if (!string.IsNullOrEmpty(model.Password)) { var result = await SignInManager.PasswordSignInAsync(model.PESEL, model.Password, false, shouldLockout: false); if (result == SignInStatus.Success) //return RedirectToAction("Index", "Home"); return RedirectToAction("Index", "Home", new { area = "" }); ViewBag.Message = App_LocalResources.Account.Login.IncorrectPassword; return View(new Tuple(model, false)); } //Check if there is an user with such a PESEL if password not set if (!db.Users.Any(u => u.UserName == model.PESEL)) { ViewBag.Message = App_LocalResources.Account.Login.PESELNotFound; return View(new Tuple(model,false)); } return View(new Tuple(model, true)); } // GET: /Account/Register [AllowAnonymous] public ActionResult Register() { if (User.Identity.IsAuthenticated) { AuthenticationManager.SignOut(); Session.Abandon(); } return View(); } // // POST: /Account/Register [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task Register(RegisterViewModel model) { if (ModelState.IsValid) { var user = new ApplicationUser { UserName = model.PESEL,Email = model.Email }; var result = await UserManager.CreateAsync(user, model.Password); if (result.Succeeded) { //Add user to Recruit role var store = new UserStore(new ApplicationDbContext()); var userMenager = new UserManager(store); userMenager.AddToRole(user.Id, "Recruit"); await SignInManager.SignInAsync(user, false, rememberBrowser:false); //Recruit model initialization await RecruitMenager.InitializeRecruitAsync(user.Id, model.Email); // string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id); // var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme); // await UserManager.SendEmailAsync(user.Id, "Confirm your account", "Please confirm your account by clicking here"); return RedirectToAction("Index", "Home"); } AddErrors(result); } return View(model); } // GET: /Account/ConfirmEmail [AllowAnonymous] public async Task ConfirmEmail(string userId, string code) { if (userId == null || code == null) { return View("Error"); } var result = await UserManager.ConfirmEmailAsync(userId, code); return View(result.Succeeded ? "ConfirmEmail" : "Error"); } // GET: /Account/ForgotPassword [AllowAnonymous] public ActionResult ForgotPassword() { return View(); } // // POST: /Account/ForgotPassword [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task ForgotPassword(ForgotPasswordViewModel model) { if (ModelState.IsValid) { var user = await UserManager.FindByNameAsync(model.Email); if (user == null || !(await UserManager.IsEmailConfirmedAsync(user.Id))) { // Don't reveal that the user does not exist or is not confirmed return View("ForgotPasswordConfirmation"); } // For more information on how to enable account confirmation and password reset please visit https://go.microsoft.com/fwlink/?LinkID=320771 // Send an email with this link // string code = await UserManager.GeneratePasswordResetTokenAsync(user.Id); // var callbackUrl = Url.Action("ResetPassword", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme); // await UserManager.SendEmailAsync(user.Id, "Reset Password", "Please reset your password by clicking here"); // return RedirectToAction("ForgotPasswordConfirmation", "Account"); } // If we got this far, something failed, redisplay form return View(model); } // // GET: /Account/ForgotPasswordConfirmation [AllowAnonymous] public ActionResult ForgotPasswordConfirmation() { return View(); } // // GET: /Account/ResetPassword //[AllowAnonymous] //public ActionResult ResetPassword(string code) //{ // return code == null ? View("Error") : View(); //} // // POST: /Account/ResetPassword [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task ResetPassword(ResetPasswordViewModel model) { if (!ModelState.IsValid) { return View(model); } var user = await UserManager.FindByNameAsync(model.Email); if (user == null) { // Don't reveal that the user does not exist return RedirectToAction("ResetPasswordConfirmation", "Account"); } var result = await UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password); if (result.Succeeded) { return RedirectToAction("ResetPasswordConfirmation", "Account"); } AddErrors(result); return View(); } // GET: /Account/ResetPasswordConfirmation [AllowAnonymous] public ActionResult ResetPasswordConfirmation() { return View(); } // POST: /Account/LogOff [HttpPost] [ValidateAntiForgeryToken] public ActionResult LogOff() { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); return RedirectToAction("Index", "Home"); } protected override void Dispose(bool disposing) { if (disposing) { if (_userManager != null) { _userManager.Dispose(); _userManager = null; } if (_signInManager != null) { _signInManager.Dispose(); _signInManager = null; } } base.Dispose(disposing); } #region Helpers // Used for XSRF protection when adding external logins private const string XsrfKey = "XsrfId"; private IAuthenticationManager AuthenticationManager { get { return HttpContext.GetOwinContext().Authentication; } } private void AddErrors(IdentityResult result) { foreach (var error in result.Errors) { ModelState.AddModelError("", error); } } private ActionResult RedirectToLocal(string returnUrl) { if (Url.IsLocalUrl(returnUrl)) { return Redirect(returnUrl); } return RedirectToAction("Index", "Home"); } internal class ChallengeResult : HttpUnauthorizedResult { public ChallengeResult(string provider, string redirectUri) : this(provider, redirectUri, null) { } public ChallengeResult(string provider, string redirectUri, string userId) { LoginProvider = provider; RedirectUri = redirectUri; UserId = userId; } public string LoginProvider { get; set; } public string RedirectUri { get; set; } public string UserId { get; set; } public override void ExecuteResult(ControllerContext context) { var properties = new AuthenticationProperties { RedirectUri = RedirectUri }; if (UserId != null) { properties.Dictionary[XsrfKey] = UserId; } context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider); } } #endregion } }