phoe
/
Teknik
forked from Teknikode/Teknik
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
The next generation of the Teknik Services. Written in ASP.NET. Fork for blog tags.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
276 Commits
1 Branch
Tree: e4a0bc6f8f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e4a0bc6f8f'
${ noResults }
Teknik/Teknik/Areas/User/Controllers/UserController.cs

UserController.cs 21KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519 
  1. using System;

  2. using System.Collections.Generic;

  3. using System.Data.Entity;

  4. using System.Linq;

  5. using System.Runtime.InteropServices;

  6. using System.Web;

  7. using System.Web.Mvc;

  8. using System.Web.Security;

  9. using Teknik.Areas.Shortener.Models;

  10. using Teknik.Areas.Blog.Models;

  11. using Teknik.Areas.Error.Controllers;

  12. using Teknik.Areas.Error.ViewModels;

  13. using Teknik.Areas.Users.Models;

  14. using Teknik.Areas.Users.ViewModels;

  15. using Teknik.Controllers;

  16. using Teknik.Helpers;

  17. using Teknik.Models;

  18. using Teknik.ViewModels;

  19. using System.Windows;

  20. using System.Net;

  21. using Teknik.Areas.Users.Utility;

  22. using Teknik.Filters;

  23. 

  24. namespace Teknik.Areas.Users.Controllers

  25. {

  26.     public class UserController : DefaultController

  27.     {

  28.         private TeknikEntities db = new TeknikEntities();

  29. 

  30.         // GET: Profile/Profile

  31.         [TrackPageView]

  32.         [AllowAnonymous]

  33.         public ActionResult Index(string username)

  34.         {

  35.             if (string.IsNullOrEmpty(username))

  36.             {

  37.                 username = User.Identity.Name;

  38.             }

  39. 

  40.             ProfileViewModel model = new ProfileViewModel();

  41.             ViewBag.Title = "User Does Not Exist - " + Config.Title;

  42.             ViewBag.Description = "The User does not exist";

  43. 

  44.             try

  45.             {

  46.                 User user = UserHelper.GetUser(db, username);

  47. 

  48.                 if (user != null)

  49.                 {

  50.                     ViewBag.Title = username + "'s Profile - " + Config.Title;

  51.                     ViewBag.Description = "Viewing " + username + "'s Profile";

  52. 

  53.                     model.UserID = user.UserId;

  54.                     model.Username = user.Username;

  55.                     if (Config.EmailConfig.Enabled)

  56.                     {

  57.                         model.Email = string.Format("{0}@{1}", user.Username, Config.EmailConfig.Domain);

  58.                     }

  59.                     model.JoinDate = user.JoinDate;

  60.                     model.LastSeen = UserHelper.GetLastAccountActivity(db, Config, user);

  61. 

  62.                     model.UserSettings = user.UserSettings;

  63.                     model.BlogSettings = user.BlogSettings;

  64.                     model.UploadSettings = user.UploadSettings;

  65. 

  66.                     model.Uploads = db.Uploads.Where(u => u.UserId == user.UserId).OrderByDescending(u => u.DateUploaded).ToList();

  67. 

  68.                     model.Pastes = db.Pastes.Where(u => u.UserId == user.UserId).OrderByDescending(u => u.DatePosted).ToList();

  69. 

  70.                     model.ShortenedUrls = db.ShortenedUrls.Where(s => s.UserId == user.UserId).OrderByDescending(s => s.DateAdded).ToList();

  71. 

  72.                     return View(model);

  73.                 }

  74.                 model.Error = true;

  75.                 model.ErrorMessage = "The user does not exist";

  76.             }

  77.             catch (Exception ex)

  78.             {

  79.                 model.Error = true;

  80.                 model.ErrorMessage = ex.GetFullMessage(true);

  81.             }

  82.             return View(model);

  83.         }

  84. 

  85.         [TrackPageView]

  86.         [AllowAnonymous]

  87.         public ActionResult Settings()

  88.         {

  89.             if (User.Identity.IsAuthenticated)

  90.             {

  91.                 string username = User.Identity.Name;

  92. 

  93.                 SettingsViewModel model = new SettingsViewModel();

  94.                 ViewBag.Title = "User Does Not Exist - " + Config.Title;

  95.                 ViewBag.Description = "The User does not exist";

  96. 

  97.                 User user = UserHelper.GetUser(db, username);

  98. 

  99.                 if (user != null)

  100.                 {

  101.                     ViewBag.Title = "Settings - " + Config.Title;

  102.                     ViewBag.Description = "Your " + Config.Title + " Settings";

  103. 

  104.                     model.UserID = user.UserId;

  105.                     model.Username = user.Username;

  106.                     model.RecoveryEmail = user.RecoveryEmail;

  107.                     model.RecoveryVerified = user.RecoveryVerified;

  108. 

  109.                     model.UserSettings = user.UserSettings;

  110.                     model.BlogSettings = user.BlogSettings;

  111.                     model.UploadSettings = user.UploadSettings;

  112. 

  113.                     return View(model);

  114.                 }

  115.                 model.Error = true;

  116.                 return View(model);

  117.             }

  118.             return Redirect(Url.SubRouteUrl("error", "Error.Http403"));

  119.         }

  120. 

  121.         [HttpGet]

  122.         [TrackPageView]

  123.         [AllowAnonymous]

  124.         public ActionResult ViewRawPGP(string username)

  125.         {

  126.             ViewBag.Title = username + "'s Public Key - " + Config.Title;

  127.             ViewBag.Description = "The PGP public key for " + username;

  128. 

  129.             User user = UserHelper.GetUser(db, username);

  130.             if (user != null)

  131.             {

  132.                 if (!string.IsNullOrEmpty(user.UserSettings.PGPSignature))

  133.                 {

  134.                     return Content(user.UserSettings.PGPSignature, "text/plain");

  135.                 }

  136.             }

  137.             return Redirect(Url.SubRouteUrl("error", "Error.Http404"));

  138.         }

  139. 

  140.         [HttpGet]

  141.         [TrackPageView]

  142.         [AllowAnonymous]

  143.         public ActionResult Login(string ReturnUrl)

  144.         {

  145.             LoginViewModel model = new LoginViewModel();

  146.             model.ReturnUrl = ReturnUrl;

  147. 

  148.             return View("/Areas/User/Views/User/ViewLogin.cshtml", model);

  149.         }

  150. 

  151.         [HttpPost]

  152.         [AllowAnonymous]

  153.         public ActionResult Login([Bind(Prefix = "Login")]LoginViewModel model)

  154.         {

  155.             if (ModelState.IsValid)

  156.             {

  157.                 string username = model.Username;

  158.                 User user = UserHelper.GetUser(db, username);

  159.                 if (user != null)

  160.                 {

  161.                     bool userValid = UserHelper.UserPasswordCorrect(db, Config, user, model.Password);

  162.                     if (userValid)

  163.                     {

  164.                         UserHelper.TransferUser(db, Config, user, model.Password);

  165.                         user.LastSeen = DateTime.Now;

  166.                         db.Entry(user).State = EntityState.Modified;

  167.                         db.SaveChanges();

  168.                         HttpCookie authcookie = UserHelper.CreateAuthCookie(model.Username, model.RememberMe, Request.Url.Host.GetDomain(), Request.IsLocal);

  169.                         Response.Cookies.Add(authcookie);

  170. 

  171.                         if (string.IsNullOrEmpty(model.ReturnUrl))

  172.                         {

  173.                             return Json(new { result = "true" });

  174.                         }

  175.                         else

  176.                         {

  177.                             return Redirect(model.ReturnUrl);

  178.                         }

  179.                     }

  180.                 }

  181.             }

  182.             return Json(new { error = "Invalid Username or Password." });

  183.         }

  184. 

  185.         public ActionResult Logout()

  186.         {

  187.             // Get cookie

  188.             HttpCookie authCookie = Utility.UserHelper.CreateAuthCookie(User.Identity.Name, false, Request.Url.Host.GetDomain(), Request.IsLocal);

  189. 

  190.             // Signout

  191.             FormsAuthentication.SignOut();

  192.             Session.Abandon();

  193. 

  194.             // Destroy Cookies

  195.             authCookie.Expires = DateTime.Now.AddYears(-1);

  196.             Response.Cookies.Add(authCookie);

  197. 

  198.             return Redirect(Url.SubRouteUrl("www", "Home.Index"));

  199.         }

  200. 

  201.         [HttpGet]

  202.         [TrackPageView]

  203.         [AllowAnonymous]

  204.         public ActionResult Register(string ReturnUrl)

  205.         {

  206.             RegisterViewModel model = new RegisterViewModel();

  207.             model.ReturnUrl = ReturnUrl;

  208. 

  209.             return View("/Areas/User/Views/User/ViewRegistration.cshtml", model);

  210.         }

  211. 

  212.         [HttpPost]

  213.         [AllowAnonymous]

  214.         public ActionResult Register([Bind(Prefix="Register")]RegisterViewModel model)

  215.         {

  216.             if (ModelState.IsValid)

  217.             {

  218.                 if (Config.UserConfig.RegistrationEnabled)

  219.                 {

  220.                     if (!UserHelper.ValidUsername(Config, model.Username))

  221.                     {

  222.                         return Json(new { error = "That username is not valid" });

  223.                     }

  224.                     if (!UserHelper.UsernameAvailable(db, Config, model.Username))

  225.                     {

  226.                         return Json(new { error = "That username is not available" });

  227.                     }

  228.                     if (model.Password != model.ConfirmPassword)

  229.                     {

  230.                         return Json(new { error = "Passwords must match" });

  231.                     }

  232. 

  233.                     // PGP Key valid?

  234.                     if (!string.IsNullOrEmpty(model.PublicKey) && !PGP.IsPublicKey(model.PublicKey))

  235.                     {

  236.                         return Json(new { error = "Invalid PGP Public Key" });

  237.                     }

  238. 

  239.                     try

  240.                     {

  241.                         User newUser = db.Users.Create();

  242.                         newUser.JoinDate = DateTime.Now;

  243.                         newUser.Username = model.Username;

  244.                         if (!string.IsNullOrEmpty(model.RecoveryEmail))

  245.                             newUser.RecoveryEmail = model.RecoveryEmail;

  246.                         newUser.UserSettings = new UserSettings();

  247.                         if (!string.IsNullOrEmpty(model.PublicKey))

  248.                             newUser.UserSettings.PGPSignature = model.PublicKey;

  249.                         newUser.BlogSettings = new BlogSettings();

  250.                         newUser.UploadSettings = new UploadSettings();

  251. 

  252.                         UserHelper.AddAccount(db, Config, newUser, model.Password);

  253.                         

  254.                         // If they have a recovery email, let's send a verification

  255.                         if (!string.IsNullOrEmpty(model.RecoveryEmail))

  256.                         {

  257.                             string verifyCode = UserHelper.CreateRecoveryEmailVerification(db, Config, newUser);

  258.                             string resetUrl = Url.SubRouteUrl("user", "User.ResetPassword", new { Username = model.Username });

  259.                             string verifyUrl = Url.SubRouteUrl("user", "User.VerifyRecoveryEmail", new { Code = verifyCode });

  260.                             UserHelper.SendRecoveryEmailVerification(Config, model.Username, model.RecoveryEmail, resetUrl, verifyUrl);

  261.                         }

  262.                     }

  263.                     catch (Exception ex)

  264.                     {

  265.                         return Json(new { error = ex.GetFullMessage(true) });

  266.                     }

  267.                     return Login(new LoginViewModel { Username = model.Username, Password = model.Password, RememberMe = false, ReturnUrl = model.ReturnUrl });

  268.                 }

  269.                 return Json(new { error = "User Registration is Disabled" });

  270.             }

  271.             return Json(new { error = "You must include all fields." });

  272.         }

  273. 

  274.         [HttpPost]

  275.         public ActionResult Edit(string curPass, string newPass, string newPassConfirm, string pgpPublicKey, string recoveryEmail, string website, string quote, string about, string blogTitle, string blogDesc, bool saveKey, bool serverSideEncrypt)

  276.         {

  277.             if (ModelState.IsValid)

  278.             {

  279.                 try

  280.                 {

  281.                     User user = UserHelper.GetUser(db, User.Identity.Name);

  282.                     if (user != null)

  283.                     {

  284.                         bool changePass = false;

  285.                         string email = string.Format("{0}@{1}", User.Identity.Name, Config.EmailConfig.Domain);

  286.                         // Changing Password?

  287.                         if (!string.IsNullOrEmpty(curPass) && (!string.IsNullOrEmpty(newPass) || !string.IsNullOrEmpty(newPassConfirm)))

  288.                         {

  289.                             // Old Password Valid?

  290.                             if (!UserHelper.UserPasswordCorrect(db, Config, user, curPass))

  291.                             {

  292.                                 return Json(new { error = "Invalid Original Password." });

  293.                             }

  294.                             // The New Password Match?

  295.                             if (newPass != newPassConfirm)

  296.                             {

  297.                                 return Json(new { error = "New Password Must Match." });

  298.                             }

  299.                             changePass = true;

  300.                         }

  301. 

  302.                         // PGP Key valid?

  303.                         if (!string.IsNullOrEmpty(pgpPublicKey) && !PGP.IsPublicKey(pgpPublicKey))

  304.                         {

  305.                             return Json(new { error = "Invalid PGP Public Key" });

  306.                         }

  307.                         user.UserSettings.PGPSignature = pgpPublicKey;

  308. 

  309.                         bool newRecovery = false;

  310.                         if (recoveryEmail != user.RecoveryEmail)

  311.                         {

  312.                             newRecovery = true;

  313.                             user.RecoveryEmail = recoveryEmail;

  314.                             user.RecoveryVerified = false;

  315.                         }

  316. 

  317.                         user.UserSettings.Website = website;

  318.                         user.UserSettings.Quote = quote;

  319.                         user.UserSettings.About = about;

  320. 

  321.                         user.BlogSettings.Title = blogTitle;

  322.                         user.BlogSettings.Description = blogDesc;

  323. 

  324.                         user.UploadSettings.SaveKey = saveKey;

  325.                         user.UploadSettings.ServerSideEncrypt = serverSideEncrypt;

  326.                         UserHelper.EditAccount(db, Config, user, changePass, newPass);

  327. 

  328.                         // If they have a recovery email, let's send a verification

  329.                         if (!string.IsNullOrEmpty(recoveryEmail) && newRecovery)

  330.                         {

  331.                             string verifyCode = UserHelper.CreateRecoveryEmailVerification(db, Config, user);

  332.                             string resetUrl = Url.SubRouteUrl("user", "User.ResetPassword", new { Username = user.Username });

  333.                             string verifyUrl = Url.SubRouteUrl("user", "User.VerifyRecoveryEmail", new { Code = verifyCode });

  334.                             UserHelper.SendRecoveryEmailVerification(Config, user.Username, user.RecoveryEmail, resetUrl, verifyUrl);

  335.                         }

  336.                         return Json(new { result = true });

  337.                     }

  338.                     return Json(new { error = "User does not exist" });

  339.                 }

  340.                 catch (Exception ex)

  341.                 {

  342.                     return Json(new { error = ex.GetFullMessage(true) });

  343.                 }

  344.             }

  345.             return Json(new { error = "Invalid Parameters" });

  346.         }

  347. 

  348.         [HttpPost]

  349.         public ActionResult Delete()

  350.         {

  351.             if (ModelState.IsValid)

  352.             {

  353.                 try

  354.                 {

  355.                     User user = UserHelper.GetUser(db, User.Identity.Name);

  356.                     if (user != null)

  357.                     {

  358.                         UserHelper.DeleteAccount(db, Config, user);

  359.                         // Sign Out

  360.                         Logout();

  361.                         return Json(new { result = true });

  362.                     }

  363.                 }

  364.                 catch (Exception ex)

  365.                 {

  366.                     return Json(new { error = ex.GetFullMessage(true) });

  367.                 }

  368.             }

  369.             return Json(new { error = "Unable to delete user" });

  370.         }

  371. 

  372.         [HttpGet]

  373.         public ActionResult VerifyRecoveryEmail(string code)

  374.         {

  375.             bool verified = true;

  376.             if (string.IsNullOrEmpty(code))

  377.                 verified &= false;

  378.             verified &= UserHelper.VerifyRecoveryEmail(db, Config, User.Identity.Name, code);

  379. 

  380.             RecoveryEmailVerificationViewModel model = new RecoveryEmailVerificationViewModel();

  381.             model.Success = verified;

  382. 

  383.             return View("/Areas/User/Views/User/ViewRecoveryEmailVerification.cshtml", model);

  384.         }

  385. 

  386.         [HttpPost]

  387.         public ActionResult ResendVerifyRecoveryEmail()

  388.         {

  389.             if (ModelState.IsValid)

  390.             {

  391.                 try

  392.                 {

  393.                     User user = UserHelper.GetUser(db, User.Identity.Name);

  394.                     if (user != null)

  395.                     {

  396.                         // If they have a recovery email, let's send a verification

  397.                         if (!string.IsNullOrEmpty(user.RecoveryEmail))

  398.                         {

  399.                             if (!user.RecoveryVerified)

  400.                             {

  401.                                 string verifyCode = UserHelper.CreateRecoveryEmailVerification(db, Config, user);

  402.                                 string resetUrl = Url.SubRouteUrl("user", "User.ResetPassword", new { Username = user.Username });

  403.                                 string verifyUrl = Url.SubRouteUrl("user", "User.VerifyRecoveryEmail", new { Code = verifyCode });

  404.                                 UserHelper.SendRecoveryEmailVerification(Config, user.Username, user.RecoveryEmail, resetUrl, verifyUrl);

  405.                                 return Json(new { result = true });

  406.                             }

  407.                             return Json(new { error = "The recovery email is already verified" });

  408.                         }

  409.                     }

  410.                 }

  411.                 catch (Exception ex)

  412.                 {

  413.                     return Json(new { error = ex.GetFullMessage(true) });

  414.                 }

  415.             }

  416.             return Json(new { error = "Unable to resend verification" });

  417.         }

  418. 

  419.         [HttpGet]

  420.         [AllowAnonymous]

  421.         public ActionResult ResetPassword(string username)

  422.         {

  423.             ResetPasswordViewModel model = new ResetPasswordViewModel();

  424.             model.Username = username;

  425. 

  426.             return View("/Areas/User/Views/User/ResetPassword.cshtml", model);

  427.         }

  428. 

  429.         [HttpPost]

  430.         [AllowAnonymous]

  431.         public ActionResult SendResetPasswordVerification(string username)

  432.         {

  433.             if (ModelState.IsValid)

  434.             {

  435.                 try

  436.                 {

  437.                     User user = UserHelper.GetUser(db, username);

  438.                     if (user != null)

  439.                     {

  440.                         // If they have a recovery email, let's send a verification

  441.                         if (!string.IsNullOrEmpty(user.RecoveryEmail) && user.RecoveryVerified)

  442.                         {

  443.                             string verifyCode = UserHelper.CreateResetPasswordVerification(db, Config, user);

  444.                             string resetUrl = Url.SubRouteUrl("user", "User.VerifyResetPassword", new { Username = user.Username, Code = verifyCode });

  445.                             UserHelper.SendResetPasswordVerification(Config, user.Username, user.RecoveryEmail, resetUrl);

  446.                             return Json(new { result = true });

  447.                         }

  448.                         return Json(new { error = "The username doesn't have a recovery email specified" });

  449.                     }

  450.                     return Json(new { error = "The username is not valid" });

  451.                 }

  452.                 catch (Exception ex)

  453.                 {

  454.                     return Json(new { error = ex.GetFullMessage(true) });

  455.                 }

  456.             }

  457.             return Json(new { error = "Unable to send reset link" });

  458.         }

  459. 

  460.         [HttpGet]

  461.         [AllowAnonymous]

  462.         public ActionResult VerifyResetPassword(string username, string code)

  463.         {

  464.             bool verified = true;

  465.             if (string.IsNullOrEmpty(code))

  466.                 verified &= false;

  467.             verified &= UserHelper.VerifyResetPassword(db, Config, username, code);

  468. 

  469.             if (verified)

  470.             {

  471.                 // The password reset code is valid, let's log them in

  472.                 User user = UserHelper.GetUser(db, username);

  473.                 user.LastSeen = DateTime.Now;

  474.                 db.Entry(user).State = EntityState.Modified;

  475.                 db.SaveChanges();

  476.                 HttpCookie authcookie = UserHelper.CreateAuthCookie(user.Username, false, Request.Url.Host.GetDomain(), Request.IsLocal);

  477.                 Response.Cookies.Add(authcookie);

  478.             }

  479. 

  480.             ResetPasswordVerificationViewModel model = new ResetPasswordVerificationViewModel();

  481.             model.Success = verified;

  482. 

  483.             return View("/Areas/User/Views/User/ResetPasswordVerification.cshtml", model);

  484.         }

  485. 

  486.         [HttpPost]

  487.         public ActionResult SetUserPassword(string password, string confirmPassword)

  488.         {

  489.             if (ModelState.IsValid)

  490.             {

  491.                 try

  492.                 {

  493.                     User user = UserHelper.GetUser(db, User.Identity.Name);

  494.                     if (user != null)

  495.                     {

  496.                         if (string.IsNullOrEmpty(password))

  497.                         {

  498.                             return Json(new { error = "Password must not be empty" });

  499.                         }

  500.                         if (password != confirmPassword)

  501.                         {

  502.                             return Json(new { error = "Passwords must match" });

  503.                         }

  504. 

  505.                         UserHelper.EditAccount(db, Config, user, true, password);

  506. 

  507.                         return Json(new { result = true });

  508.                     }

  509.                     return Json(new { error = "User does not exist" });

  510.                 }

  511.                 catch (Exception ex)

  512.                 {

  513.                     return Json(new { error = ex.GetFullMessage(true) });

  514.                 }

  515.             }

  516.             return Json(new { error = "Unable to reset user password" });

  517.         }

  518.     }

  519. }