Browse Source

Converted Settings/Set Password to use viewmodels to allow html in passwords.

tags/3.0.0
Teknikode 2 years ago
parent
commit
a8b601a7a9

+ 26
- 26
Teknik/Areas/User/Controllers/UserController.cs View File

@@ -378,7 +378,7 @@ namespace Teknik.Areas.Users.Controllers

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Edit(string curPass, string newPass, string newPassConfirm, string pgpPublicKey, string recoveryEmail, bool allowTrustedDevices, bool twoFactorEnabled, string website, string quote, string about, string blogTitle, string blogDesc, bool encrypt)
public ActionResult Edit(EditSettingsViewModel settings)
{
if (ModelState.IsValid)
{
@@ -392,15 +392,15 @@ namespace Teknik.Areas.Users.Controllers
bool changePass = false;
string email = string.Format("{0}@{1}", User.Identity.Name, Config.EmailConfig.Domain);
// Changing Password?
if (!string.IsNullOrEmpty(curPass) && (!string.IsNullOrEmpty(newPass) || !string.IsNullOrEmpty(newPassConfirm)))
if (!string.IsNullOrEmpty(settings.CurrentPassword) && (!string.IsNullOrEmpty(settings.NewPassword) || !string.IsNullOrEmpty(settings.NewPasswordConfirm)))
{
// Old Password Valid?
if (!UserHelper.UserPasswordCorrect(db, Config, user, curPass))
if (!UserHelper.UserPasswordCorrect(db, Config, user, settings.CurrentPassword))
{
return Json(new { error = "Invalid Original Password." });
}
// The New Password Match?
if (newPass != newPassConfirm)
if (settings.NewPassword != settings.NewPasswordConfirm)
{
return Json(new { error = "New Password Must Match." });
}
@@ -413,24 +413,24 @@ namespace Teknik.Areas.Users.Controllers
}

// PGP Key valid?
if (!string.IsNullOrEmpty(pgpPublicKey) && !PGP.IsPublicKey(pgpPublicKey))
if (!string.IsNullOrEmpty(settings.PgpPublicKey) && !PGP.IsPublicKey(settings.PgpPublicKey))
{
return Json(new { error = "Invalid PGP Public Key" });
}
user.SecuritySettings.PGPSignature = pgpPublicKey;
user.SecuritySettings.PGPSignature = settings.PgpPublicKey;

// Recovery Email
bool newRecovery = false;
if (recoveryEmail != user.SecuritySettings.RecoveryEmail)
if (settings.RecoveryEmail != user.SecuritySettings.RecoveryEmail)
{
newRecovery = true;
user.SecuritySettings.RecoveryEmail = recoveryEmail;
user.SecuritySettings.RecoveryEmail = settings.RecoveryEmail;
user.SecuritySettings.RecoveryVerified = false;
}

// Trusted Devices
user.SecuritySettings.AllowTrustedDevices = allowTrustedDevices;
if (!allowTrustedDevices)
user.SecuritySettings.AllowTrustedDevices = settings.AllowTrustedDevices;
if (!settings.AllowTrustedDevices)
{
// They turned it off, let's clear the trusted devices
user.TrustedDevices.Clear();
@@ -446,9 +446,9 @@ namespace Teknik.Areas.Users.Controllers

// Two Factor Authentication
bool oldTwoFactor = user.SecuritySettings.TwoFactorEnabled;
user.SecuritySettings.TwoFactorEnabled = twoFactorEnabled;
user.SecuritySettings.TwoFactorEnabled = settings.TwoFactorEnabled;
string newKey = string.Empty;
if (!oldTwoFactor && twoFactorEnabled)
if (!oldTwoFactor && settings.TwoFactorEnabled)
{
// They just enabled it, let's regen the key
newKey = Authenticator.GenerateKey();
@@ -459,7 +459,7 @@ namespace Teknik.Areas.Users.Controllers
UserHelper.CreateUserGitTwoFactor(Config, user.Username, newKey, DateTimeHelper.GetUnixTimestamp());
}
}
else if (!twoFactorEnabled)
else if (!settings.TwoFactorEnabled)
{
// remove the key when it's disabled
newKey = string.Empty;
@@ -478,21 +478,21 @@ namespace Teknik.Areas.Users.Controllers
user.SecuritySettings.TwoFactorKey = newKey;

// Profile Info
user.UserSettings.Website = website;
user.UserSettings.Quote = quote;
user.UserSettings.About = about;
user.UserSettings.Website = settings.Website;
user.UserSettings.Quote = settings.Quote;
user.UserSettings.About = settings.About;

// Blogs
user.BlogSettings.Title = blogTitle;
user.BlogSettings.Description = blogDesc;
user.BlogSettings.Title = settings.BlogTitle;
user.BlogSettings.Description = settings.BlogDesc;

// Uploads
user.UploadSettings.Encrypt = encrypt;
user.UploadSettings.Encrypt = settings.Encrypt;

UserHelper.EditAccount(db, Config, user, changePass, newPass);
UserHelper.EditAccount(db, Config, user, changePass, settings.NewPassword);

// If they have a recovery email, let's send a verification
if (!string.IsNullOrEmpty(recoveryEmail) && newRecovery)
if (!string.IsNullOrEmpty(settings.RecoveryEmail) && newRecovery)
{
string verifyCode = UserHelper.CreateRecoveryEmailVerification(db, Config, user);
string resetUrl = Url.SubRouteUrl("user", "User.ResetPassword", new { Username = user.Username });
@@ -500,7 +500,7 @@ namespace Teknik.Areas.Users.Controllers
UserHelper.SendRecoveryEmailVerification(Config, user.Username, user.SecuritySettings.RecoveryEmail, resetUrl, verifyUrl);
}

if (!oldTwoFactor && twoFactorEnabled)
if (!oldTwoFactor && settings.TwoFactorEnabled)
{
return Json(new { result = new { checkAuth = true, key = newKey, qrUrl = Url.SubRouteUrl("user", "User.Action", new { action = "GenerateAuthQrCode", key = newKey }) } });
}
@@ -683,7 +683,7 @@ namespace Teknik.Areas.Users.Controllers
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult SetUserPassword(string password, string confirmPassword)
public ActionResult SetUserPassword(SetPasswordViewModel passwordViewModel)
{
if (ModelState.IsValid)
{
@@ -695,11 +695,11 @@ namespace Teknik.Areas.Users.Controllers
User user = (User)Session["AuthenticatedUser"];
if (user != null)
{
if (string.IsNullOrEmpty(password))
if (string.IsNullOrEmpty(passwordViewModel.Password))
{
return Json(new { error = "Password must not be empty" });
}
if (password != confirmPassword)
if (passwordViewModel.Password != passwordViewModel.PasswordConfirm)
{
return Json(new { error = "Passwords must match" });
}
@@ -707,7 +707,7 @@ namespace Teknik.Areas.Users.Controllers
using (TeknikEntities db = new TeknikEntities())
{
User newUser = UserHelper.GetUser(db, user.Username);
UserHelper.EditAccount(db, Config, newUser, true, password);
UserHelper.EditAccount(db, Config, newUser, true, passwordViewModel.Password);
}

return Json(new { result = true });

+ 15
- 15
Teknik/Areas/User/Scripts/User.js View File

@@ -212,19 +212,19 @@
type: "POST",
url: editUserURL,
data: AddAntiForgeryToken({
curPass: current_password,
newPass: password,
newPassConfirm: password_confirm,
pgpPublicKey: update_pgp_public_key,
allowTrustedDevices: update_security_allow_trusted,
twoFactorEnabled: update_security_two_factor,
recoveryEmail: recovery,
website: website,
quote: quote,
about: about,
blogTitle: blog_title,
blogDesc: blog_desc,
encrypt: upload_encrypt
CurrentPassword: current_password,
NewPassword: password,
NewPasswordConfirm: password_confirm,
PgpPublicKey: update_pgp_public_key,
AllowTrustedDevices: update_security_allow_trusted,
TwoFactorEnabled: update_security_two_factor,
RecoveryEmail: recovery,
Website: website,
Quote: quote,
About: about,
BlogTitle: blog_title,
BlogDesc: blog_desc,
Encrypt: upload_encrypt
}),
success: function (html) {
$.unblockUI();
@@ -287,8 +287,8 @@
type: "POST",
url: form.attr('action'),
data: AddAntiForgeryToken({
password: password,
confirmPassword: confirmPassword
Password: password,
PasswordConfirm: confirmPassword
}),
success: function (html) {
if (html.result) {

+ 40
- 0
Teknik/Areas/User/ViewModels/EditSettingsViewModel.cs View File

@@ -0,0 +1,40 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace Teknik.Areas.Users.ViewModels
{
public class EditSettingsViewModel
{
[AllowHtml]
public string CurrentPassword { get; set; }

[AllowHtml]
public string NewPassword { get; set; }

[AllowHtml]
public string NewPasswordConfirm { get; set; }
public string PgpPublicKey { get; set; }
public string RecoveryEmail { get; set; }
public bool AllowTrustedDevices { get; set; }
public bool TwoFactorEnabled { get; set; }
public string Website { get; set; }
public string Quote { get; set; }
public string About { get; set; }
public string BlogTitle { get; set; }
public string BlogDesc { get; set; }
public bool Encrypt { get; set; }
}
}

+ 17
- 0
Teknik/Areas/User/ViewModels/SetPasswordViewModel.cs View File

@@ -0,0 +1,17 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace Teknik.Areas.Users.ViewModels
{
public class SetPasswordViewModel
{
[AllowHtml]
public string Password { get; set; }

[AllowHtml]
public string PasswordConfirm { get; set; }
}
}

+ 2
- 1
Teknik/Teknik.csproj View File

@@ -104,7 +104,6 @@
<HintPath>..\packages\Microsoft.Owin.Security.3.0.1\lib\net45\Microsoft.Owin.Security.dll</HintPath>
<Private>True</Private>
</Reference>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="MySql.Data, Version=6.9.9.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL">
<HintPath>..\packages\MySql.Data.6.9.9\lib\net45\MySql.Data.dll</HintPath>
<Private>True</Private>
@@ -294,7 +293,9 @@
<Compile Include="Areas\User\Models\AuthToken.cs" />
<Compile Include="Areas\User\Models\TrustedDevice.cs" />
<Compile Include="Areas\User\ViewModels\AuthTokenViewModel.cs" />
<Compile Include="Areas\User\ViewModels\EditSettingsViewModel.cs" />
<Compile Include="Areas\User\ViewModels\GetPremiumViewModel.cs" />
<Compile Include="Areas\User\ViewModels\SetPasswordViewModel.cs" />
<Compile Include="Areas\User\ViewModels\TwoFactorViewModel.cs" />
<Compile Include="Areas\Vault\ViewModels\ModifyVaultViewModel.cs" />
<Compile Include="Areas\Vault\ViewModels\ModifyVaultItemViewModel.cs" />

Loading…
Cancel
Save