Teknikode
/
Teknik
Watch 3
Star 18
Fork 4
Code Issues 39 Pull Requests 0 Releases 3 Wiki Activity
The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
503 Commits
2 Branches
Tree: e163e0ca8c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e163e0ca8c'
${ noResults }
Teknik/Teknik/Areas/User/Controllers/UserController.cs

UserController.cs 43KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002 
  1. using System;

  2. using System.Collections.Generic;

  3. using System.Data.Entity;

  4. using System.Linq;

  5. using System.Web;

  6. using System.Web.Mvc;

  7. using System.Web.Security;

  8. using Teknik.Areas.Users.Models;

  9. using Teknik.Areas.Users.ViewModels;

  10. using Teknik.Controllers;

  11. using Teknik.Utilities;

  12. using Teknik.Models;

  13. using Teknik.Areas.Users.Utility;

  14. using Teknik.Filters;

  15. using QRCoder;

  16. using TwoStepsAuthenticator;

  17. using System.Drawing;

  18. using Teknik.Attributes;

  19. 

  20. namespace Teknik.Areas.Users.Controllers

  21. {

  22.     [TeknikAuthorize]

  23.     public class UserController : DefaultController

  24.     {

  25.         private static readonly UsedCodesManager usedCodesManager = new UsedCodesManager();

  26. 

  27.         [TrackPageView]

  28.         [AllowAnonymous]

  29.         public ActionResult GetPremium()

  30.         {

  31.             ViewBag.Title = "Get a Premium Account - " + Config.Title;

  32. 

  33.             GetPremiumViewModel model = new GetPremiumViewModel();

  34. 

  35.             return View(model);

  36.         }

  37. 

  38.         // GET: Profile/Profile

  39.         [TrackPageView]

  40.         [AllowAnonymous]

  41.         public ActionResult ViewProfile(string username)

  42.         {

  43.             if (string.IsNullOrEmpty(username))

  44.             {

  45.                 username = User.Identity.Name;

  46.             }

  47. 

  48.             ProfileViewModel model = new ProfileViewModel();

  49.             ViewBag.Title = "User Does Not Exist - " + Config.Title;

  50.             ViewBag.Description = "The User does not exist";

  51. 

  52.             try

  53.             {

  54.                 using (TeknikEntities db = new TeknikEntities())

  55.                 {

  56.                     User user = UserHelper.GetUser(db, username);

  57. 

  58.                     if (user != null)

  59.                     {

  60.                         ViewBag.Title = username + "'s Profile - " + Config.Title;

  61.                         ViewBag.Description = "Viewing " + username + "'s Profile";

  62. 

  63.                         model.UserID = user.UserId;

  64.                         model.Username = user.Username;

  65.                         if (Config.EmailConfig.Enabled)

  66.                         {

  67.                             model.Email = string.Format("{0}@{1}", user.Username, Config.EmailConfig.Domain);

  68.                         }

  69.                         model.JoinDate = user.JoinDate;

  70.                         model.LastSeen = UserHelper.GetLastAccountActivity(db, Config, user);

  71. 

  72.                         model.UserSettings = user.UserSettings;

  73.                         model.SecuritySettings = user.SecuritySettings;

  74.                         model.BlogSettings = user.BlogSettings;

  75.                         model.UploadSettings = user.UploadSettings;

  76. 

  77.                         model.Uploads = db.Uploads.Where(u => u.UserId == user.UserId).OrderByDescending(u => u.DateUploaded).ToList();

  78. 

  79.                         model.Pastes = db.Pastes.Where(u => u.UserId == user.UserId).OrderByDescending(u => u.DatePosted).ToList();

  80. 

  81.                         model.ShortenedUrls = db.ShortenedUrls.Where(s => s.UserId == user.UserId).OrderByDescending(s => s.DateAdded).ToList();

  82. 

  83.                         model.Vaults = db.Vaults.Where(v => v.UserId == user.UserId).OrderByDescending(v => v.DateCreated).ToList();

  84. 

  85.                         return View(model);

  86.                     }

  87.                     model.Error = true;

  88.                     model.ErrorMessage = "The user does not exist";

  89.                 }

  90.             }

  91.             catch (Exception ex)

  92.             {

  93.                 model.Error = true;

  94.                 model.ErrorMessage = ex.GetFullMessage(true);

  95.             }

  96.             return View(model);

  97.         }

  98. 

  99.         [TrackPageView]

  100.         public ActionResult Settings()

  101.         {

  102.             string username = User.Identity.Name;

  103. 

  104.             SettingsViewModel model = new SettingsViewModel();

  105.             ViewBag.Title = "User Does Not Exist - " + Config.Title;

  106.             ViewBag.Description = "The User does not exist";

  107. 

  108.             using (TeknikEntities db = new TeknikEntities())

  109.             {

  110.                 User user = UserHelper.GetUser(db, username);

  111. 

  112.                 if (user != null)

  113.                 {

  114.                     Session["AuthenticatedUser"] = user;

  115. 

  116.                     ViewBag.Title = "Settings - " + Config.Title;

  117.                     ViewBag.Description = "Your " + Config.Title + " Settings";

  118. 

  119.                     model.UserID = user.UserId;

  120.                     model.Username = user.Username;

  121.                     model.TrustedDeviceCount = user.TrustedDevices.Count;

  122.                     model.AuthTokens = new List<AuthTokenViewModel>();

  123.                     foreach (AuthToken token in user.AuthTokens)

  124.                     {

  125.                         AuthTokenViewModel tokenModel = new AuthTokenViewModel();

  126.                         tokenModel.AuthTokenId = token.AuthTokenId;

  127.                         tokenModel.Name = token.Name;

  128.                         tokenModel.LastDateUsed = token.LastDateUsed;

  129. 

  130.                         model.AuthTokens.Add(tokenModel);

  131.                     }

  132. 

  133.                     model.UserSettings = user.UserSettings;

  134.                     model.SecuritySettings = user.SecuritySettings;

  135.                     model.BlogSettings = user.BlogSettings;

  136.                     model.UploadSettings = user.UploadSettings;

  137. 

  138.                     return View(model);

  139.                 }

  140.             }

  141.             model.Error = true;

  142.             return View(model);

  143.         }

  144. 

  145.         [HttpGet]

  146.         [TrackPageView]

  147.         [AllowAnonymous]

  148.         public ActionResult ViewRawPGP(string username)

  149.         {

  150.             ViewBag.Title = username + "'s Public Key - " + Config.Title;

  151.             ViewBag.Description = "The PGP public key for " + username;

  152. 

  153.             using (TeknikEntities db = new TeknikEntities())

  154.             {

  155.                 User user = UserHelper.GetUser(db, username);

  156.                 if (user != null)

  157.                 {

  158.                     if (!string.IsNullOrEmpty(user.SecuritySettings.PGPSignature))

  159.                     {

  160.                         return Content(user.SecuritySettings.PGPSignature, "text/plain");

  161.                     }

  162.                 }

  163.             }

  164.             return Redirect(Url.SubRouteUrl("error", "Error.Http404"));

  165.         }

  166. 

  167.         [HttpGet]

  168.         [TrackPageView]

  169.         [AllowAnonymous]

  170.         public ActionResult Login(string ReturnUrl)

  171.         {

  172.             LoginViewModel model = new LoginViewModel();

  173.             model.ReturnUrl = ReturnUrl;

  174. 

  175.             return View("/Areas/User/Views/User/ViewLogin.cshtml", model);

  176.         }

  177. 

  178.         [HttpPost]

  179.         [AllowAnonymous]

  180.         public ActionResult Login([Bind(Prefix = "Login")]LoginViewModel model)

  181.         {

  182.             if (ModelState.IsValid)

  183.             {

  184.                 string username = model.Username;

  185.                 using (TeknikEntities db = new TeknikEntities())

  186.                 {

  187.                     User user = UserHelper.GetUser(db, username);

  188.                     if (user != null)

  189.                     {

  190.                         bool userValid = UserHelper.UserPasswordCorrect(db, Config, user, model.Password);

  191.                         if (userValid)

  192.                         {

  193.                             // Perform transfer actions on the account

  194.                             UserHelper.TransferUser(db, Config, user, model.Password);

  195.                             user.LastSeen = DateTime.Now;

  196.                             db.Entry(user).State = EntityState.Modified;

  197.                             db.SaveChanges();

  198. 

  199.                             // Let's double check their email and git accounts to make sure they exist

  200.                             string email = UserHelper.GetUserEmailAddress(Config, username);

  201.                             if (Config.EmailConfig.Enabled && !UserHelper.UserEmailExists(Config, email))

  202.                             {

  203.                                 UserHelper.AddUserEmail(Config, email, model.Password);

  204.                             }

  205. 

  206.                             if (Config.GitConfig.Enabled && !UserHelper.UserGitExists(Config, username))

  207.                             {

  208.                                 UserHelper.AddUserGit(Config, username, model.Password);

  209.                             }

  210. 

  211.                             bool twoFactor = false;

  212.                             string returnUrl = model.ReturnUrl;

  213.                             if (user.SecuritySettings.TwoFactorEnabled)

  214.                             {

  215.                                 twoFactor = true;

  216.                                 // We need to check their device, and two factor them

  217.                                 if (user.SecuritySettings.AllowTrustedDevices)

  218.                                 {

  219.                                     // Check for the trusted device cookie

  220.                                     HttpCookie cookie = Request.Cookies[Constants.TRUSTEDDEVICECOOKIE + "_" + username];

  221.                                     if (cookie != null)

  222.                                     {

  223.                                         string token = cookie.Value;

  224.                                         if (user.TrustedDevices.Where(d => d.Token == token).FirstOrDefault() != null)

  225.                                         {

  226.                                             // The device token is attached to the user, let's let it slide

  227.                                             twoFactor = false;

  228.                                         }

  229.                                     }

  230.                                 }

  231.                             }

  232. 

  233.                             if (twoFactor)

  234.                             {

  235.                                 Session["AuthenticatedUser"] = user;

  236.                                 if (string.IsNullOrEmpty(model.ReturnUrl))

  237.                                     returnUrl = Request.UrlReferrer.AbsoluteUri.ToString();

  238.                                 returnUrl = Url.SubRouteUrl("user", "User.CheckAuthenticatorCode", new { returnUrl = returnUrl, rememberMe = model.RememberMe });

  239.                                 model.ReturnUrl = string.Empty;

  240.                             }

  241.                             else

  242.                             {

  243.                                 returnUrl = Request.UrlReferrer.AbsoluteUri.ToString();

  244.                                 // They don't need two factor auth.

  245.                                 HttpCookie authcookie = UserHelper.CreateAuthCookie(user.Username, model.RememberMe, Request.Url.Host.GetDomain(), Request.IsLocal);

  246.                                 Response.Cookies.Add(authcookie);

  247.                             }

  248. 

  249.                             if (string.IsNullOrEmpty(model.ReturnUrl))

  250.                             {

  251.                                 return GenerateActionResult(new { result = returnUrl }, Redirect(returnUrl));

  252.                             }

  253.                             else

  254.                             {

  255.                                 return Redirect(model.ReturnUrl);

  256.                             }

  257.                         }

  258.                     }

  259.                 }

  260.             }

  261.             model.Error = true;

  262.             model.ErrorMessage = "Invalid Username or Password.";

  263. 

  264.             return GenerateActionResult(new { error = model.ErrorMessage }, View("/Areas/User/Views/User/ViewLogin.cshtml", model));

  265.         }

  266. 

  267.         public ActionResult Logout()

  268.         {

  269.             // Get cookie

  270.             HttpCookie authCookie = UserHelper.CreateAuthCookie(User.Identity.Name, false, Request.Url.Host.GetDomain(), Request.IsLocal);

  271. 

  272.             // Signout

  273.             FormsAuthentication.SignOut();

  274.             Session.Abandon();

  275. 

  276.             // Destroy Cookies

  277.             authCookie.Expires = DateTime.Now.AddYears(-1);

  278.             Response.Cookies.Add(authCookie);

  279. 

  280.             return Redirect(Url.SubRouteUrl("www", "Home.Index"));

  281.         }

  282. 

  283.         [HttpGet]

  284.         [TrackPageView]

  285.         [AllowAnonymous]

  286.         public ActionResult Register(string ReturnUrl)

  287.         {

  288.             RegisterViewModel model = new RegisterViewModel();

  289.             model.ReturnUrl = ReturnUrl;

  290. 

  291.             return View("/Areas/User/Views/User/ViewRegistration.cshtml", model);

  292.         }

  293. 

  294.         [HttpPost]

  295.         [AllowAnonymous]

  296.         public ActionResult Register([Bind(Prefix="Register")]RegisterViewModel model)

  297.         {

  298.             model.Error = false;

  299.             model.ErrorMessage = string.Empty;

  300.             if (ModelState.IsValid)

  301.             {

  302.                 if (Config.UserConfig.RegistrationEnabled)

  303.                 {

  304.                     using (TeknikEntities db = new TeknikEntities())

  305.                     {

  306.                         if (!model.Error && !UserHelper.ValidUsername(Config, model.Username))

  307.                         {

  308.                             model.Error = true;

  309.                             model.ErrorMessage = "That username is not valid";

  310.                         }

  311.                         if (!model.Error && !UserHelper.UsernameAvailable(db, Config, model.Username))

  312.                         {

  313.                             model.Error = true;

  314.                             model.ErrorMessage = "That username is not available";

  315.                         }

  316.                         if (!model.Error && model.Password != model.ConfirmPassword)

  317.                         {

  318.                             model.Error = true;

  319.                             model.ErrorMessage = "Passwords must match";

  320.                         }

  321. 

  322.                         // PGP Key valid?

  323.                         if (!model.Error && !string.IsNullOrEmpty(model.PublicKey) && !PGP.IsPublicKey(model.PublicKey))

  324.                         {

  325.                             model.Error = true;

  326.                             model.ErrorMessage = "Invalid PGP Public Key";

  327.                         }

  328. 

  329.                         if (!model.Error)

  330.                         {

  331.                             try

  332.                             {

  333.                                 User newUser = db.Users.Create();

  334.                                 newUser.JoinDate = DateTime.Now;

  335.                                 newUser.Username = model.Username;

  336.                                 newUser.UserSettings = new UserSettings();

  337.                                 newUser.SecuritySettings = new SecuritySettings();

  338.                                 newUser.BlogSettings = new BlogSettings();

  339.                                 newUser.UploadSettings = new UploadSettings();

  340. 

  341.                                 if (!string.IsNullOrEmpty(model.PublicKey))

  342.                                     newUser.SecuritySettings.PGPSignature = model.PublicKey;

  343.                                 if (!string.IsNullOrEmpty(model.RecoveryEmail))

  344.                                     newUser.SecuritySettings.RecoveryEmail = model.RecoveryEmail;

  345. 

  346.                                 UserHelper.AddAccount(db, Config, newUser, model.Password);

  347. 

  348.                                 // If they have a recovery email, let's send a verification

  349.                                 if (!string.IsNullOrEmpty(model.RecoveryEmail))

  350.                                 {

  351.                                     string verifyCode = UserHelper.CreateRecoveryEmailVerification(db, Config, newUser);

  352.                                     string resetUrl = Url.SubRouteUrl("user", "User.ResetPassword", new { Username = model.Username });

  353.                                     string verifyUrl = Url.SubRouteUrl("user", "User.VerifyRecoveryEmail", new { Code = verifyCode });

  354.                                     UserHelper.SendRecoveryEmailVerification(Config, model.Username, model.RecoveryEmail, resetUrl, verifyUrl);

  355.                                 }

  356.                             }

  357.                             catch (Exception ex)

  358.                             {

  359.                                 model.Error = true;

  360.                                 model.ErrorMessage = ex.GetFullMessage(true);

  361.                             }

  362.                             if (!model.Error)

  363.                             {

  364.                                 return Login(new LoginViewModel { Username = model.Username, Password = model.Password, RememberMe = false, ReturnUrl = model.ReturnUrl });

  365.                             }

  366.                         }

  367.                     }

  368.                 }

  369.                 if (!model.Error)

  370.                 {

  371.                     model.Error = true;

  372.                     model.ErrorMessage = "User Registration is Disabled";

  373.                 }

  374.             }

  375.             return GenerateActionResult(new { error = model.ErrorMessage }, View("/Areas/User/Views/User/ViewRegistration.cshtml", model));

  376.         }

  377. 

  378.         [HttpPost]

  379.         [ValidateAntiForgeryToken]

  380.         public ActionResult Edit(string curPass, string newPass, string newPassConfirm, string pgpPublicKey, string recoveryEmail, bool allowTrustedDevices, bool twoFactorEnabled, string website, string quote, string about, string blogTitle, string blogDesc, bool encrypt)

  381.         {

  382.             if (ModelState.IsValid)

  383.             {

  384.                 try

  385.                 {

  386.                     using (TeknikEntities db = new TeknikEntities())

  387.                     {

  388.                         User user = UserHelper.GetUser(db, User.Identity.Name);

  389.                         if (user != null)

  390.                         {

  391.                             bool changePass = false;

  392.                             string email = string.Format("{0}@{1}", User.Identity.Name, Config.EmailConfig.Domain);

  393.                             // Changing Password?

  394.                             if (!string.IsNullOrEmpty(curPass) && (!string.IsNullOrEmpty(newPass) || !string.IsNullOrEmpty(newPassConfirm)))

  395.                             {

  396.                                 // Old Password Valid?

  397.                                 if (!UserHelper.UserPasswordCorrect(db, Config, user, curPass))

  398.                                 {

  399.                                     return Json(new { error = "Invalid Original Password." });

  400.                                 }

  401.                                 // The New Password Match?

  402.                                 if (newPass != newPassConfirm)

  403.                                 {

  404.                                     return Json(new { error = "New Password Must Match." });

  405.                                 }

  406.                                 // Are password resets enabled?

  407.                                 if (!Config.UserConfig.PasswordResetEnabled)

  408.                                 {

  409.                                     return Json(new { error = "Password resets are disabled." });

  410.                                 }

  411.                                 changePass = true;

  412.                             }

  413. 

  414.                             // PGP Key valid?

  415.                             if (!string.IsNullOrEmpty(pgpPublicKey) && !PGP.IsPublicKey(pgpPublicKey))

  416.                             {

  417.                                 return Json(new { error = "Invalid PGP Public Key" });

  418.                             }

  419.                             user.SecuritySettings.PGPSignature = pgpPublicKey;

  420. 

  421.                             // Recovery Email

  422.                             bool newRecovery = false;

  423.                             if (recoveryEmail != user.SecuritySettings.RecoveryEmail)

  424.                             {

  425.                                 newRecovery = true;

  426.                                 user.SecuritySettings.RecoveryEmail = recoveryEmail;

  427.                                 user.SecuritySettings.RecoveryVerified = false;

  428.                             }

  429. 

  430.                             // Trusted Devices

  431.                             user.SecuritySettings.AllowTrustedDevices = allowTrustedDevices;

  432.                             if (!allowTrustedDevices)

  433.                             {

  434.                                 // They turned it off, let's clear the trusted devices

  435.                                 user.TrustedDevices.Clear();

  436.                                 List<TrustedDevice> foundDevices = db.TrustedDevices.Where(d => d.UserId == user.UserId).ToList();

  437.                                 if (foundDevices != null)

  438.                                 {

  439.                                     foreach (TrustedDevice device in foundDevices)

  440.                                     {

  441.                                         db.TrustedDevices.Remove(device);

  442.                                     }

  443.                                 }

  444.                             }

  445. 

  446.                             // Two Factor Authentication

  447.                             bool oldTwoFactor = user.SecuritySettings.TwoFactorEnabled;

  448.                             user.SecuritySettings.TwoFactorEnabled = twoFactorEnabled;

  449.                             string newKey = string.Empty;

  450.                             if (!oldTwoFactor && twoFactorEnabled)

  451.                             {

  452.                                 // They just enabled it, let's regen the key

  453.                                 newKey = Authenticator.GenerateKey();

  454.                             }

  455.                             else if (!twoFactorEnabled)

  456.                             {

  457.                                 // remove the key when it's disabled

  458.                                 newKey = string.Empty;

  459.                             }

  460.                             else

  461.                             {

  462.                                 // No change, let's use the old value

  463.                                 newKey = user.SecuritySettings.TwoFactorKey;

  464.                             }

  465.                             user.SecuritySettings.TwoFactorKey = newKey;

  466. 

  467.                             // Profile Info

  468.                             user.UserSettings.Website = website;

  469.                             user.UserSettings.Quote = quote;

  470.                             user.UserSettings.About = about;

  471. 

  472.                             // Blogs

  473.                             user.BlogSettings.Title = blogTitle;

  474.                             user.BlogSettings.Description = blogDesc;

  475. 

  476.                             // Uploads

  477.                             user.UploadSettings.Encrypt = encrypt;

  478. 

  479.                             UserHelper.EditAccount(db, Config, user, changePass, newPass);

  480. 

  481.                             // If they have a recovery email, let's send a verification

  482.                             if (!string.IsNullOrEmpty(recoveryEmail) && newRecovery)

  483.                             {

  484.                                 string verifyCode = UserHelper.CreateRecoveryEmailVerification(db, Config, user);

  485.                                 string resetUrl = Url.SubRouteUrl("user", "User.ResetPassword", new { Username = user.Username });

  486.                                 string verifyUrl = Url.SubRouteUrl("user", "User.VerifyRecoveryEmail", new { Code = verifyCode });

  487.                                 UserHelper.SendRecoveryEmailVerification(Config, user.Username, user.SecuritySettings.RecoveryEmail, resetUrl, verifyUrl);

  488.                             }

  489. 

  490.                             if (!oldTwoFactor && twoFactorEnabled)

  491.                             {

  492.                                 return Json(new { result = new { checkAuth = true, key = newKey, qrUrl = Url.SubRouteUrl("user", "User.Action", new { action = "GenerateAuthQrCode", key = newKey }) } });

  493.                             }

  494.                             return Json(new { result = true });

  495.                         }

  496.                         return Json(new { error = "User does not exist" });

  497.                     }

  498.                 }

  499.                 catch (Exception ex)

  500.                 {

  501.                     return Json(new { error = ex.GetFullMessage(true) });

  502.                 }

  503.             }

  504.             return Json(new { error = "Invalid Parameters" });

  505.         }

  506. 

  507.         [HttpPost]

  508.         [ValidateAntiForgeryToken]

  509.         public ActionResult Delete()

  510.         {

  511.             if (ModelState.IsValid)

  512.             {

  513.                 try

  514.                 {

  515.                     using (TeknikEntities db = new TeknikEntities())

  516.                     {

  517.                         User user = UserHelper.GetUser(db, User.Identity.Name);

  518.                         if (user != null)

  519.                         {

  520.                             UserHelper.DeleteAccount(db, Config, user);

  521.                             // Sign Out

  522.                             Logout();

  523.                             return Json(new { result = true });

  524.                         }

  525.                     }

  526.                 }

  527.                 catch (Exception ex)

  528.                 {

  529.                     return Json(new { error = ex.GetFullMessage(true) });

  530.                 }

  531.             }

  532.             return Json(new { error = "Unable to delete user" });

  533.         }

  534. 

  535.         [HttpGet]

  536.         public ActionResult VerifyRecoveryEmail(string code)

  537.         {

  538.             bool verified = true;

  539.             if (string.IsNullOrEmpty(code))

  540.                 verified &= false;

  541. 

  542.             // Is there a code?

  543.             if (verified)

  544.             {

  545.                 using (TeknikEntities db = new TeknikEntities())

  546.                 {

  547.                     verified &= UserHelper.VerifyRecoveryEmail(db, Config, User.Identity.Name, code);

  548.                 }

  549.             }

  550. 

  551.             RecoveryEmailVerificationViewModel model = new RecoveryEmailVerificationViewModel();

  552.             model.Success = verified;

  553. 

  554.             return View("/Areas/User/Views/User/ViewRecoveryEmailVerification.cshtml", model);

  555.         }

  556. 

  557.         [HttpPost]

  558.         [ValidateAntiForgeryToken]

  559.         public ActionResult ResendVerifyRecoveryEmail()

  560.         {

  561.             if (ModelState.IsValid)

  562.             {

  563.                 try

  564.                 {

  565.                     using (TeknikEntities db = new TeknikEntities())

  566.                     {

  567.                         User user = UserHelper.GetUser(db, User.Identity.Name);

  568.                         if (user != null)

  569.                         {

  570.                             // If they have a recovery email, let's send a verification

  571.                             if (!string.IsNullOrEmpty(user.SecuritySettings.RecoveryEmail))

  572.                             {

  573.                                 if (!user.SecuritySettings.RecoveryVerified)

  574.                                 {

  575.                                     string verifyCode = UserHelper.CreateRecoveryEmailVerification(db, Config, user);

  576.                                     string resetUrl = Url.SubRouteUrl("user", "User.ResetPassword", new { Username = user.Username });

  577.                                     string verifyUrl = Url.SubRouteUrl("user", "User.VerifyRecoveryEmail", new { Code = verifyCode });

  578.                                     UserHelper.SendRecoveryEmailVerification(Config, user.Username, user.SecuritySettings.RecoveryEmail, resetUrl, verifyUrl);

  579.                                     return Json(new { result = true });

  580.                                 }

  581.                                 return Json(new { error = "The recovery email is already verified" });

  582.                             }

  583.                         }

  584.                     }

  585.                 }

  586.                 catch (Exception ex)

  587.                 {

  588.                     return Json(new { error = ex.GetFullMessage(true) });

  589.                 }

  590.             }

  591.             return Json(new { error = "Unable to resend verification" });

  592.         }

  593. 

  594.         [HttpGet]

  595.         [AllowAnonymous]

  596.         public ActionResult ResetPassword(string username)

  597.         {

  598.             ResetPasswordViewModel model = new ResetPasswordViewModel();

  599.             model.Username = username;

  600. 

  601.             return View("/Areas/User/Views/User/ResetPassword.cshtml", model);

  602.         }

  603. 

  604.         [HttpPost]

  605.         [AllowAnonymous]

  606.         [ValidateAntiForgeryToken]

  607.         public ActionResult SendResetPasswordVerification(string username)

  608.         {

  609.             if (ModelState.IsValid)

  610.             {

  611.                 try

  612.                 {

  613.                     using (TeknikEntities db = new TeknikEntities())

  614.                     {

  615.                         User user = UserHelper.GetUser(db, username);

  616.                         if (user != null)

  617.                         {

  618.                             // If they have a recovery email, let's send a verification

  619.                             if (!string.IsNullOrEmpty(user.SecuritySettings.RecoveryEmail) && user.SecuritySettings.RecoveryVerified)

  620.                             {

  621.                                 string verifyCode = UserHelper.CreateResetPasswordVerification(db, Config, user);

  622.                                 string resetUrl = Url.SubRouteUrl("user", "User.VerifyResetPassword", new { Username = user.Username, Code = verifyCode });

  623.                                 UserHelper.SendResetPasswordVerification(Config, user.Username, user.SecuritySettings.RecoveryEmail, resetUrl);

  624.                                 return Json(new { result = true });

  625.                             }

  626.                             return Json(new { error = "The username doesn't have a recovery email specified" });

  627.                         }

  628.                         return Json(new { error = "The username is not valid" });

  629.                     }

  630.                 }

  631.                 catch (Exception ex)

  632.                 {

  633.                     return Json(new { error = ex.GetFullMessage(true) });

  634.                 }

  635.             }

  636.             return Json(new { error = "Unable to send reset link" });

  637.         }

  638. 

  639.         [HttpGet]

  640.         [AllowAnonymous]

  641.         public ActionResult VerifyResetPassword(string username, string code)

  642.         {

  643.             bool verified = true;

  644.             if (string.IsNullOrEmpty(code))

  645.                 verified &= false;

  646. 

  647.             // Is there a code?

  648.             if (verified)

  649.             {

  650.                 using (TeknikEntities db = new TeknikEntities())

  651.                 {

  652.                     verified &= UserHelper.VerifyResetPassword(db, Config, username, code);

  653. 

  654.                     if (verified)

  655.                     {

  656.                         // The password reset code is valid, let's get their user account for this session

  657.                         User user = UserHelper.GetUser(db, username);

  658.                         Session["AuthenticatedUser"] = user;

  659.                         Session["AuthCode"] = code;

  660.                     }

  661.                 }

  662.             }

  663. 

  664.             ResetPasswordVerificationViewModel model = new ResetPasswordVerificationViewModel();

  665.             model.Success = verified;

  666. 

  667.             return View("/Areas/User/Views/User/ResetPasswordVerification.cshtml", model);

  668.         }

  669. 

  670.         [HttpPost]

  671.         [AllowAnonymous]

  672.         [ValidateAntiForgeryToken]

  673.         public ActionResult SetUserPassword(string password, string confirmPassword)

  674.         {

  675.             if (ModelState.IsValid)

  676.             {

  677.                 try

  678.                 {

  679.                     string code = Session["AuthCode"].ToString();

  680.                     if (!string.IsNullOrEmpty(code))

  681.                     {

  682.                         User user = (User)Session["AuthenticatedUser"];

  683.                         if (user != null)

  684.                         {

  685.                             if (string.IsNullOrEmpty(password))

  686.                             {

  687.                                 return Json(new { error = "Password must not be empty" });

  688.                             }

  689.                             if (password != confirmPassword)

  690.                             {

  691.                                 return Json(new { error = "Passwords must match" });

  692.                             }

  693. 

  694.                             using (TeknikEntities db = new TeknikEntities())

  695.                             {

  696.                                 User newUser = UserHelper.GetUser(db, user.Username);

  697.                                 UserHelper.EditAccount(db, Config, newUser, true, password);

  698.                             }

  699. 

  700.                             return Json(new { result = true });

  701.                         }

  702.                         return Json(new { error = "User does not exist" });

  703.                     }

  704.                     return Json(new { error = "Invalid Code" });

  705.                 }

  706.                 catch (Exception ex)

  707.                 {

  708.                     return Json(new { error = ex.GetFullMessage(true) });

  709.                 }

  710.             }

  711.             return Json(new { error = "Unable to reset user password" });

  712.         }

  713. 

  714.         [HttpGet]

  715.         [AllowAnonymous]

  716.         public ActionResult ConfirmTwoFactorAuth(string returnUrl, bool rememberMe)

  717.         {

  718.             User user = (User)Session["AuthenticatedUser"];

  719.             if (user != null)

  720.             {

  721.                 ViewBag.Title = "Unknown Device - " + Config.Title;

  722.                 ViewBag.Description = "We do not recognize this device.";

  723.                 TwoFactorViewModel model = new TwoFactorViewModel();

  724.                 model.ReturnUrl = returnUrl;

  725.                 model.RememberMe = rememberMe;

  726.                 model.AllowTrustedDevice = user.SecuritySettings.AllowTrustedDevices;

  727. 

  728.                 return View("/Areas/User/Views/User/TwoFactorCheck.cshtml", model);

  729.             }

  730.             return Redirect(Url.SubRouteUrl("error", "Error.Http403"));

  731.         }

  732. 

  733.         [HttpPost]

  734.         [AllowAnonymous]

  735.         [ValidateAntiForgeryToken]

  736.         public ActionResult ConfirmAuthenticatorCode(string code, string returnUrl, bool rememberMe, bool rememberDevice, string deviceName)

  737.         {

  738.             User user = (User)Session["AuthenticatedUser"];

  739.             if (user != null)

  740.             {

  741.                 if (user.SecuritySettings.TwoFactorEnabled)

  742.                 {

  743.                     string key = user.SecuritySettings.TwoFactorKey;

  744. 

  745.                     TimeAuthenticator ta = new TimeAuthenticator(usedCodeManager: usedCodesManager);

  746.                     bool isValid = ta.CheckCode(key, code, user);

  747. 

  748.                     if (isValid)

  749.                     {

  750.                         // the code was valid, let's log them in!

  751.                         HttpCookie authcookie = UserHelper.CreateAuthCookie(user.Username, rememberMe, Request.Url.Host.GetDomain(), Request.IsLocal);

  752.                         Response.Cookies.Add(authcookie);

  753. 

  754.                         if (user.SecuritySettings.AllowTrustedDevices && rememberDevice)

  755.                         {

  756.                             // They want to remember the device, and have allow trusted devices on

  757.                             HttpCookie trustedDeviceCookie = UserHelper.CreateTrustedDeviceCookie(user.Username, Request.Url.Host.GetDomain(), Request.IsLocal);

  758.                             Response.Cookies.Add(trustedDeviceCookie);

  759. 

  760.                             using (TeknikEntities db = new TeknikEntities())

  761.                             {

  762.                                 TrustedDevice device = new TrustedDevice();

  763.                                 device.UserId = user.UserId;

  764.                                 device.Name = (string.IsNullOrEmpty(deviceName)) ? "Unknown" : deviceName;

  765.                                 device.DateSeen = DateTime.Now;

  766.                                 device.Token = trustedDeviceCookie.Value;

  767. 

  768.                                 // Add the token

  769.                                 db.TrustedDevices.Add(device);

  770.                                 db.SaveChanges();

  771.                             }

  772.                         }

  773. 

  774.                         if (string.IsNullOrEmpty(returnUrl))

  775.                             returnUrl = Request.UrlReferrer.AbsoluteUri.ToString();

  776.                         return Json(new { result = returnUrl });

  777.                     }

  778.                     return Json(new { error = "Invalid Authentication Code" });

  779.                 }

  780.                 return Json(new { error = "User does not have Two Factor Authentication enabled" });

  781.             }

  782.             return Json(new { error = "User does not exist" });

  783.         }

  784. 

  785.         [HttpPost]

  786.         [ValidateAntiForgeryToken]

  787.         public ActionResult VerifyAuthenticatorCode(string code)

  788.         {

  789.             using (TeknikEntities db = new TeknikEntities())

  790.             {

  791.                 User user = UserHelper.GetUser(db, User.Identity.Name);

  792.                 if (user != null)

  793.                 {

  794.                     if (user.SecuritySettings.TwoFactorEnabled)

  795.                     {

  796.                         string key = user.SecuritySettings.TwoFactorKey;

  797. 

  798.                         TimeAuthenticator ta = new TimeAuthenticator(usedCodeManager: usedCodesManager);

  799.                         bool isValid = ta.CheckCode(key, code, user);

  800. 

  801.                         if (isValid)

  802.                         {

  803.                             return Json(new { result = true });

  804.                         }

  805.                         return Json(new { error = "Invalid Authentication Code" });

  806.                     }

  807.                     return Json(new { error = "User does not have Two Factor Authentication enabled" });

  808.                 }

  809.                 return Json(new { error = "User does not exist" });

  810.             }

  811.         }

  812. 

  813.         [HttpGet]

  814.         public ActionResult GenerateAuthQrCode(string key)

  815.         {

  816.             var ProvisionUrl = string.Format("otpauth://totp/{0}:{1}?secret={2}", Config.Title, User.Identity.Name, key);

  817. 

  818.             QRCodeGenerator qrGenerator = new QRCodeGenerator();

  819.             QRCodeData qrCodeData = qrGenerator.CreateQrCode(ProvisionUrl, QRCodeGenerator.ECCLevel.Q);

  820.             QRCode qrCode = new QRCode(qrCodeData);

  821.             Bitmap qrCodeImage = qrCode.GetGraphic(20);

  822.             return File(ByteHelper.ImageToByte(qrCodeImage), "image/png");

  823.         }

  824. 

  825.         [HttpPost]

  826.         [ValidateAntiForgeryToken]

  827.         public ActionResult ClearTrustedDevices()

  828.         {

  829.             try

  830.             {

  831.                 using (TeknikEntities db = new TeknikEntities())

  832.                 {

  833.                     User user = UserHelper.GetUser(db, User.Identity.Name);

  834.                     if (user != null)

  835.                     {

  836.                         if (user.SecuritySettings.AllowTrustedDevices)

  837.                         {

  838.                             // let's clear the trusted devices

  839.                             user.TrustedDevices.Clear();

  840.                             List<TrustedDevice> foundDevices = db.TrustedDevices.Where(d => d.UserId == user.UserId).ToList();

  841.                             if (foundDevices != null)

  842.                             {

  843.                                 foreach (TrustedDevice device in foundDevices)

  844.                                 {

  845.                                     db.TrustedDevices.Remove(device);

  846.                                 }

  847.                             }

  848.                             db.Entry(user).State = EntityState.Modified;

  849.                             db.SaveChanges();

  850. 

  851.                             return Json(new { result = true });

  852.                         }

  853.                         return Json(new { error = "User does not allow trusted devices" });

  854.                     }

  855.                     return Json(new { error = "User does not exist" });

  856.                 }

  857.             }

  858.             catch (Exception ex)

  859.             {

  860.                 return Json(new { error = ex.GetFullMessage(true) });

  861.             }

  862.         }

  863. 

  864.         [HttpPost]

  865.         [ValidateAntiForgeryToken]

  866.         public ActionResult GenerateToken(string name)

  867.         {

  868.             try

  869.             {

  870.                 using (TeknikEntities db = new TeknikEntities())

  871.                 {

  872.                     User user = UserHelper.GetUser(db, User.Identity.Name);

  873.                     if (user != null)

  874.                     {

  875.                         string newTokenStr = UserHelper.GenerateAuthToken(db, user.Username);

  876. 

  877.                         if (!string.IsNullOrEmpty(newTokenStr))

  878.                         {

  879.                             AuthToken token = db.AuthTokens.Create();

  880.                             token.UserId = user.UserId;

  881.                             token.HashedToken = SHA256.Hash(newTokenStr);

  882.                             token.Name = name;

  883. 

  884.                             db.AuthTokens.Add(token);

  885.                             db.SaveChanges();

  886. 

  887.                             AuthTokenViewModel model = new AuthTokenViewModel();

  888.                             model.AuthTokenId = token.AuthTokenId;

  889.                             model.Name = token.Name;

  890.                             model.LastDateUsed = token.LastDateUsed;

  891. 

  892.                             return Json(new { result = new { token = newTokenStr, html = PartialView("~/Areas/User/Views/User/AuthToken.cshtml", model).RenderToString() } });

  893.                         }

  894.                         return Json(new { error = "Unable to generate Auth Token" });

  895.                     }

  896.                     return Json(new { error = "User does not exist" });

  897.                 }

  898.             }

  899.             catch (Exception ex)

  900.             {

  901.                 return Json(new { error = ex.GetFullMessage(true) });

  902.             }

  903.         }

  904. 

  905.         [HttpPost]

  906.         [ValidateAntiForgeryToken]

  907.         public ActionResult RevokeAllTokens()

  908.         {

  909.             try

  910.             {

  911.                 using (TeknikEntities db = new TeknikEntities())

  912.                 {

  913.                     User user = UserHelper.GetUser(db, User.Identity.Name);

  914.                     if (user != null)

  915.                     {

  916.                         user.AuthTokens.Clear();

  917.                         List<AuthToken> foundTokens = db.AuthTokens.Where(d => d.UserId == user.UserId).ToList();

  918.                         if (foundTokens != null)

  919.                         {

  920.                             foreach (AuthToken token in foundTokens)

  921.                             {

  922.                                 db.AuthTokens.Remove(token);

  923.                             }

  924.                         }

  925.                         db.Entry(user).State = EntityState.Modified;

  926.                         db.SaveChanges();

  927. 

  928.                         return Json(new { result = true });

  929.                     }

  930.                     return Json(new { error = "User does not exist" });

  931.                 }

  932.             }

  933.             catch (Exception ex)

  934.             {

  935.                 return Json(new { error = ex.GetFullMessage(true) });

  936.             }

  937.         }

  938. 

  939.         [HttpPost]

  940.         [ValidateAntiForgeryToken]

  941.         public ActionResult EditTokenName(int tokenId, string name)

  942.         {

  943.             try

  944.             {

  945.                 using (TeknikEntities db = new TeknikEntities())

  946.                 {

  947.                     User user = UserHelper.GetUser(db, User.Identity.Name);

  948.                     if (user != null)

  949.                     {

  950.                         AuthToken foundToken = db.AuthTokens.Where(d => d.UserId == user.UserId && d.AuthTokenId == tokenId).FirstOrDefault();

  951.                         if (foundToken != null)

  952.                         {

  953.                             foundToken.Name = name;

  954.                             db.Entry(foundToken).State = EntityState.Modified;

  955.                             db.SaveChanges();

  956. 

  957.                             return Json(new { result = new { name = name } });

  958.                         }

  959.                         return Json(new { error = "Authentication Token does not exist" });

  960.                     }

  961.                     return Json(new { error = "User does not exist" });

  962.                 }

  963.             }

  964.             catch (Exception ex)

  965.             {

  966.                 return Json(new { error = ex.GetFullMessage(true) });

  967.             }

  968.         }

  969. 

  970.         [HttpPost]

  971.         [ValidateAntiForgeryToken]

  972.         public ActionResult DeleteToken(int tokenId)

  973.         {

  974.             try

  975.             {

  976.                 using (TeknikEntities db = new TeknikEntities())

  977.                 {

  978.                     User user = UserHelper.GetUser(db, User.Identity.Name);

  979.                     if (user != null)

  980.                     {

  981.                         AuthToken foundToken = db.AuthTokens.Where(d => d.UserId == user.UserId && d.AuthTokenId == tokenId).FirstOrDefault();

  982.                         if (foundToken != null)

  983.                         {

  984.                             db.AuthTokens.Remove(foundToken);

  985.                             user.AuthTokens.Remove(foundToken);

  986.                             db.Entry(user).State = EntityState.Modified;

  987.                             db.SaveChanges();

  988. 

  989.                             return Json(new { result = true });

  990.                         }

  991.                         return Json(new { error = "Authentication Token does not exist" });

  992.                     }

  993.                     return Json(new { error = "User does not exist" });

  994.                 }

  995.             }

  996.             catch (Exception ex)

  997.             {

  998.                 return Json(new { error = ex.GetFullMessage(true) });

  999.             }

  1000.         }

  1001.     }

  1002. }