mirror of
https://github.com/chyzy/RSystem-MVC
synced 2024-12-24 10:05:28 +01:00
351 lines
12 KiB
C#
351 lines
12 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Data.Entity.Validation;
|
|
using System.Diagnostics;
|
|
using System.Globalization;
|
|
using System.Linq;
|
|
using System.Security.Claims;
|
|
using System.Threading.Tasks;
|
|
using System.Web;
|
|
using System.Web.Hosting;
|
|
using System.Web.Mvc;
|
|
using System.Web.Security;
|
|
using Microsoft.AspNet.Identity;
|
|
using Microsoft.AspNet.Identity.EntityFramework;
|
|
using Microsoft.AspNet.Identity.Owin;
|
|
using Microsoft.Owin.Security;
|
|
using RSystem.DAL;
|
|
using RSystem.Managers;
|
|
using RSystem.Models;
|
|
using RSystem.ViewModels;
|
|
|
|
namespace RSystem.Controllers
|
|
{
|
|
[Authorize]
|
|
public class AccountController : LangBaseController
|
|
{
|
|
private ApplicationSignInManager _signInManager;
|
|
private ApplicationUserManager _userManager;
|
|
|
|
public AccountController()
|
|
{
|
|
}
|
|
|
|
public AccountController(ApplicationUserManager userManager, ApplicationSignInManager signInManager )
|
|
{
|
|
UserManager = userManager;
|
|
SignInManager = signInManager;
|
|
}
|
|
|
|
public ApplicationSignInManager SignInManager
|
|
{
|
|
get
|
|
{
|
|
return _signInManager ?? HttpContext.GetOwinContext().Get<ApplicationSignInManager>();
|
|
}
|
|
private set
|
|
{
|
|
_signInManager = value;
|
|
}
|
|
}
|
|
|
|
public ApplicationUserManager UserManager
|
|
{
|
|
get
|
|
{
|
|
return _userManager ?? HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
|
|
}
|
|
private set
|
|
{
|
|
_userManager = value;
|
|
}
|
|
}
|
|
|
|
|
|
// GET: /Account/Login
|
|
[AllowAnonymous]
|
|
public ActionResult Login(string returnUrl)
|
|
{
|
|
//To logoff and get new AntiForgeryToken
|
|
if (User.Identity.IsAuthenticated)
|
|
{
|
|
AuthenticationManager.SignOut();
|
|
Session.Abandon();
|
|
return RedirectToAction("Login", returnUrl);
|
|
}
|
|
|
|
ViewBag.HideMainHeader = true;
|
|
ViewBag.ReturnUrl = returnUrl;
|
|
return View(new Tuple<LoginViewModel,bool>(new LoginViewModel(),false));
|
|
}
|
|
|
|
// POST: /Account/Login
|
|
[HttpPost]
|
|
[AllowAnonymous]
|
|
[ValidateAntiForgeryToken]
|
|
public async Task<ActionResult> Login(LoginViewModel model)
|
|
{
|
|
ViewBag.HideMainHeader = true;
|
|
|
|
if (!ModelState.IsValidField("PESEL"))
|
|
return View(new Tuple<LoginViewModel, bool>(model, false));
|
|
|
|
var db=new ApplicationDbContext();
|
|
|
|
//Login if password is set
|
|
if (!string.IsNullOrEmpty(model.Password))
|
|
{
|
|
var result = await SignInManager.PasswordSignInAsync(model.PESEL, model.Password, false, shouldLockout: false);
|
|
if (result == SignInStatus.Success)
|
|
//return RedirectToAction("Index", "Home");
|
|
return RedirectToAction("Index", "Home", new { area = "" });
|
|
|
|
ViewBag.Message = App_LocalResources.Account.Login.IncorrectPassword;
|
|
return View(new Tuple<LoginViewModel, bool>(model, false));
|
|
}
|
|
|
|
//Check if there is an user with such a PESEL if password not set
|
|
if (!db.Users.Any(u => u.UserName == model.PESEL))
|
|
{
|
|
ViewBag.Message = App_LocalResources.Account.Login.PESELNotFound;
|
|
return View(new Tuple<LoginViewModel,bool>(model,false));
|
|
}
|
|
|
|
return View(new Tuple<LoginViewModel, bool>(model, true));
|
|
}
|
|
|
|
// GET: /Account/Register
|
|
[AllowAnonymous]
|
|
public ActionResult Register()
|
|
{
|
|
if (User.Identity.IsAuthenticated)
|
|
{
|
|
AuthenticationManager.SignOut();
|
|
Session.Abandon();
|
|
}
|
|
return View();
|
|
}
|
|
|
|
//
|
|
// POST: /Account/Register
|
|
[HttpPost]
|
|
[AllowAnonymous]
|
|
[ValidateAntiForgeryToken]
|
|
public async Task<ActionResult> Register(RegisterViewModel model)
|
|
{
|
|
if (ModelState.IsValid)
|
|
{
|
|
var user = new ApplicationUser { UserName = model.PESEL,Email = model.Email };
|
|
|
|
var result = await UserManager.CreateAsync(user, model.Password);
|
|
if (result.Succeeded)
|
|
{
|
|
//Add user to Recruit role
|
|
var store = new UserStore<ApplicationUser>(new ApplicationDbContext());
|
|
var userMenager = new UserManager<ApplicationUser>(store);
|
|
userMenager.AddToRole(user.Id, "Recruit");
|
|
|
|
await SignInManager.SignInAsync(user, false, rememberBrowser:false);
|
|
|
|
//Recruit model initialization
|
|
await RecruitMenager.InitializeRecruitAsync(user.Id, model.Email);
|
|
|
|
// string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
|
|
// var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
|
|
// await UserManager.SendEmailAsync(user.Id, "Confirm your account", "Please confirm your account by clicking <a href=\"" + callbackUrl + "\">here</a>");
|
|
|
|
return RedirectToAction("Index", "Home");
|
|
}
|
|
AddErrors(result);
|
|
}
|
|
|
|
return View(model);
|
|
}
|
|
|
|
|
|
// GET: /Account/ConfirmEmail
|
|
[AllowAnonymous]
|
|
public async Task<ActionResult> ConfirmEmail(string userId, string code)
|
|
{
|
|
if (userId == null || code == null)
|
|
{
|
|
return View("Error");
|
|
}
|
|
var result = await UserManager.ConfirmEmailAsync(userId, code);
|
|
return View(result.Succeeded ? "ConfirmEmail" : "Error");
|
|
}
|
|
|
|
// GET: /Account/ForgotPassword
|
|
[AllowAnonymous]
|
|
public ActionResult ForgotPassword()
|
|
{
|
|
return View();
|
|
}
|
|
|
|
//
|
|
// POST: /Account/ForgotPassword
|
|
[HttpPost]
|
|
[AllowAnonymous]
|
|
[ValidateAntiForgeryToken]
|
|
public async Task<ActionResult> ForgotPassword(ForgotPasswordViewModel model)
|
|
{
|
|
if (ModelState.IsValid)
|
|
{
|
|
var user = await UserManager.FindByNameAsync(model.Email);
|
|
if (user == null || !(await UserManager.IsEmailConfirmedAsync(user.Id)))
|
|
{
|
|
// Don't reveal that the user does not exist or is not confirmed
|
|
return View("ForgotPasswordConfirmation");
|
|
}
|
|
|
|
// For more information on how to enable account confirmation and password reset please visit https://go.microsoft.com/fwlink/?LinkID=320771
|
|
// Send an email with this link
|
|
// string code = await UserManager.GeneratePasswordResetTokenAsync(user.Id);
|
|
// var callbackUrl = Url.Action("ResetPassword", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
|
|
// await UserManager.SendEmailAsync(user.Id, "Reset Password", "Please reset your password by clicking <a href=\"" + callbackUrl + "\">here</a>");
|
|
// return RedirectToAction("ForgotPasswordConfirmation", "Account");
|
|
}
|
|
|
|
// If we got this far, something failed, redisplay form
|
|
return View(model);
|
|
}
|
|
|
|
//
|
|
// GET: /Account/ForgotPasswordConfirmation
|
|
[AllowAnonymous]
|
|
public ActionResult ForgotPasswordConfirmation()
|
|
{
|
|
return View();
|
|
}
|
|
|
|
//
|
|
// GET: /Account/ResetPassword
|
|
//[AllowAnonymous]
|
|
//public ActionResult ResetPassword(string code)
|
|
//{
|
|
// return code == null ? View("Error") : View();
|
|
//}
|
|
|
|
//
|
|
// POST: /Account/ResetPassword
|
|
[HttpPost]
|
|
[AllowAnonymous]
|
|
[ValidateAntiForgeryToken]
|
|
public async Task<ActionResult> ResetPassword(ResetPasswordViewModel model)
|
|
{
|
|
if (!ModelState.IsValid)
|
|
{
|
|
return View(model);
|
|
}
|
|
var user = await UserManager.FindByNameAsync(model.Email);
|
|
if (user == null)
|
|
{
|
|
// Don't reveal that the user does not exist
|
|
return RedirectToAction("ResetPasswordConfirmation", "Account");
|
|
}
|
|
var result = await UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);
|
|
if (result.Succeeded)
|
|
{
|
|
return RedirectToAction("ResetPasswordConfirmation", "Account");
|
|
}
|
|
AddErrors(result);
|
|
return View();
|
|
}
|
|
|
|
|
|
// GET: /Account/ResetPasswordConfirmation
|
|
[AllowAnonymous]
|
|
public ActionResult ResetPasswordConfirmation()
|
|
{
|
|
return View();
|
|
}
|
|
|
|
// POST: /Account/LogOff
|
|
[HttpPost]
|
|
[ValidateAntiForgeryToken]
|
|
public ActionResult LogOff()
|
|
{
|
|
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
|
|
return RedirectToAction("Index", "Home");
|
|
}
|
|
|
|
protected override void Dispose(bool disposing)
|
|
{
|
|
if (disposing)
|
|
{
|
|
if (_userManager != null)
|
|
{
|
|
_userManager.Dispose();
|
|
_userManager = null;
|
|
}
|
|
|
|
if (_signInManager != null)
|
|
{
|
|
_signInManager.Dispose();
|
|
_signInManager = null;
|
|
}
|
|
}
|
|
|
|
base.Dispose(disposing);
|
|
}
|
|
|
|
#region Helpers
|
|
// Used for XSRF protection when adding external logins
|
|
private const string XsrfKey = "XsrfId";
|
|
|
|
private IAuthenticationManager AuthenticationManager
|
|
{
|
|
get
|
|
{
|
|
return HttpContext.GetOwinContext().Authentication;
|
|
}
|
|
}
|
|
|
|
private void AddErrors(IdentityResult result)
|
|
{
|
|
foreach (var error in result.Errors)
|
|
{
|
|
ModelState.AddModelError("", error);
|
|
}
|
|
}
|
|
|
|
private ActionResult RedirectToLocal(string returnUrl)
|
|
{
|
|
if (Url.IsLocalUrl(returnUrl))
|
|
{
|
|
return Redirect(returnUrl);
|
|
}
|
|
return RedirectToAction("Index", "Home");
|
|
}
|
|
|
|
internal class ChallengeResult : HttpUnauthorizedResult
|
|
{
|
|
public ChallengeResult(string provider, string redirectUri)
|
|
: this(provider, redirectUri, null)
|
|
{
|
|
}
|
|
|
|
public ChallengeResult(string provider, string redirectUri, string userId)
|
|
{
|
|
LoginProvider = provider;
|
|
RedirectUri = redirectUri;
|
|
UserId = userId;
|
|
}
|
|
|
|
public string LoginProvider { get; set; }
|
|
public string RedirectUri { get; set; }
|
|
public string UserId { get; set; }
|
|
|
|
public override void ExecuteResult(ControllerContext context)
|
|
{
|
|
var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
|
|
if (UserId != null)
|
|
{
|
|
properties.Dictionary[XsrfKey] = UserId;
|
|
}
|
|
context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider);
|
|
}
|
|
}
|
|
#endregion
|
|
}
|
|
} |