paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

New features & bug fixes

Browse Source 
# New

* A name for email dests
* Some json response at signin

# Fixes

* A bad redirect to null at login
This commit is contained in:
Paul Schneider
2018-01-09 14:11:27 +01:00
parent 1686504aea
commit 863cac25eb
7 changed files with 71 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
Yavsc/Controllers/AccountController.cs
View File

@ -11,6 +11,7 @@ using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel; using Microsoft.Extensions.OptionsModel;
using Microsoft.AspNet.Http; using Microsoft.AspNet.Http;
using Yavsc.Helpers;
using Yavsc.Models; using Yavsc.Models;
using Yavsc.Services; using Yavsc.Services;
using Yavsc.ViewModels.Account; using Yavsc.ViewModels.Account;
@ -78,10 +79,11 @@ namespace Yavsc.Controllers
// party identity provider. // party identity provider.
return View(new SignInViewModel return View(new SignInViewModel
{ {
ReturnUrl = returnUrl, ReturnUrl = returnUrl ?? "/",
ExternalProviders = HttpContext.GetExternalProviders() ExternalProviders = HttpContext.GetExternalProviders()
}); });
/* Note: When using an external login provider, redirect the query : /*
Note: When using an external login provider, redirect the query :
var properties = _signInManager.ConfigureExternalAuthenticationProperties(OpenIdConnectDefaults.AuthenticationScheme, returnUrl); var properties = _signInManager.ConfigureExternalAuthenticationProperties(OpenIdConnectDefaults.AuthenticationScheme, returnUrl);
return new ChallengeResult(OpenIdConnectDefaults.AuthenticationScheme, properties); return new ChallengeResult(OpenIdConnectDefaults.AuthenticationScheme, properties);
*/ */
@ -104,11 +106,10 @@ namespace Yavsc.Controllers
{ {
if (Request.Method == "POST") if (Request.Method == "POST")
{ {
if (model.Provider == "LOCAL") if (model.Provider ==null || model.Provider == "LOCAL")
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
{ {
/*
var user = await _userManager.FindByNameAsync(model.UserName); var user = await _userManager.FindByNameAsync(model.UserName);
if (user != null) if (user != null)
{ {
@ -119,7 +120,6 @@ namespace Yavsc.Controllers
return View(model); return View(model);
} }
} }
*/
// This doesn't count login failures towards account lockout // This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true // To enable password failures to trigger account lockout, set lockoutOnFailure: true
@ -127,7 +127,7 @@ namespace Yavsc.Controllers
if (result.Succeeded) if (result.Succeeded)
{ {
return Redirect(model.ReturnUrl); return Redirect(model.ReturnUrl ?? "/");
} }
if (result.RequiresTwoFactor) if (result.RequiresTwoFactor)
{ {
@ -136,13 +136,13 @@ namespace Yavsc.Controllers
if (result.IsLockedOut) if (result.IsLockedOut)
{ {
_logger.LogWarning(2, "User account locked out."); _logger.LogWarning(2, "User account locked out.");
return View("Lockout"); return this.ViewOk("Lockout");
} }
else else
{ {
ModelState.AddModelError(string.Empty, "Invalid login attempt."); ModelState.AddModelError(string.Empty, "Invalid login attempt.");
model.ExternalProviders = HttpContext.GetExternalProviders(); model.ExternalProviders = HttpContext.GetExternalProviders();
return View(model); return this.ViewOk(model);
} }
} }
@ -213,7 +213,7 @@ namespace Yavsc.Controllers
if (result.Succeeded) if (result.Succeeded)
{ {
_logger.LogInformation(3, "User created a new account with password."); _logger.LogInformation(3, "User created a new account with password.");
await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings, Startup.SiteSetup.Owner.EMail, await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings, Startup.SiteSetup.Owner.Name, Startup.SiteSetup.Owner.EMail,
$"[{_siteSettings.Title}] Inscription avec mot de passe: {user.UserName} ", $"{user.Id}/{user.UserName}/{user.Email}"); $"[{_siteSettings.Title}] Inscription avec mot de passe: {user.UserName} ", $"{user.Id}/{user.UserName}/{user.Email}");
// TODO user.DiskQuota = Startup.SiteSetup.UserFiles.Quota; // TODO user.DiskQuota = Startup.SiteSetup.UserFiles.Quota;
@ -221,7 +221,7 @@ namespace Yavsc.Controllers
// Send an email with this link // Send an email with this link
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user); var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme); var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme);
var emailSent = await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings, model.Email, _localizer["ConfirmYourAccountTitle"], var emailSent = await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings, model.UserName, model.Email, _localizer["ConfirmYourAccountTitle"],
string.Format(_localizer["ConfirmYourAccountBody"], _siteSettings.Title, callbackUrl, _siteSettings.Slogan, _siteSettings.Audience)); string.Format(_localizer["ConfirmYourAccountBody"], _siteSettings.Title, callbackUrl, _siteSettings.Slogan, _siteSettings.Audience));
await _signInManager.SignInAsync(user, isPersistent: false); await _signInManager.SignInAsync(user, isPersistent: false);
if (!emailSent) if (!emailSent)
@ -259,7 +259,7 @@ namespace Yavsc.Controllers
{ {
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user); var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme); var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme);
var res = await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings, user.Email, "Confirm your account", var res = await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings, user.UserName, user.Email, "Confirm your account",
"Please confirm your account by clicking this link: <a href=\"" + callbackUrl + "\">link</a>"); "Please confirm your account by clicking this link: <a href=\"" + callbackUrl + "\">link</a>");
return res; return res;
} }
@ -372,7 +372,7 @@ namespace Yavsc.Controllers
await _signInManager.SignInAsync(user, isPersistent: false); await _signInManager.SignInAsync(user, isPersistent: false);
await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings, Startup.SiteSetup.Owner.EMail, await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings, Startup.SiteSetup.Owner.Name, Startup.SiteSetup.Owner.EMail,
$"[{_siteSettings.Title}] Inscription via {info.LoginProvider}: {user.UserName} ", $"{user.Id}/{user.UserName}/{user.Email}"); $"[{_siteSettings.Title}] Inscription via {info.LoginProvider}: {user.UserName} ", $"{user.Id}/{user.UserName}/{user.Email}");
_logger.LogInformation(6, "User created an account using {Name} provider.", info.LoginProvider); _logger.LogInformation(6, "User created an account using {Name} provider.", info.LoginProvider);
@ -424,11 +424,12 @@ namespace Yavsc.Controllers
if (ModelState.IsValid) if (ModelState.IsValid)
{ {
ApplicationUser user; ApplicationUser user;
// Username should not contain any '@'
if (model.LoginOrEmail.Contains('@')) { if (model.LoginOrEmail.Contains('@')) {
user = await _userManager.FindByEmailAsync(model.LoginOrEmail); user = await _userManager.FindByEmailAsync(model.LoginOrEmail);
} }
else { else {
user = await _userManager.FindByNameAsync(model.LoginOrEmail); user = await _dbContext.Users.FirstOrDefaultAsync( u => u.UserName == model.LoginOrEmail);
} }
// Don't reveal that the user does not exist or is not confirmed // Don't reveal that the user does not exist or is not confirmed
@ -450,7 +451,7 @@ namespace Yavsc.Controllers
// Send an email with this link // Send an email with this link
var code = await _userManager.GeneratePasswordResetTokenAsync(user); var code = await _userManager.GeneratePasswordResetTokenAsync(user);
var callbackUrl = Url.Action("ResetPassword", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme); var callbackUrl = Url.Action("ResetPassword", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme);
await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings, model.LoginOrEmail, _localizer["Reset Password"], await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings, user.UserName, user.Email, _localizer["Reset Password"],
_localizer["Please reset your password by following this link:"] + " <" + callbackUrl + ">"); _localizer["Please reset your password by following this link:"] + " <" + callbackUrl + ">");
return View("ForgotPasswordConfirmation"); return View("ForgotPasswordConfirmation");
} }
@ -565,7 +566,7 @@ namespace Yavsc.Controllers
} }
else // if (model.SelectedProvider == Constants.EMailFactor || model.SelectedProvider == "Default" ) else // if (model.SelectedProvider == Constants.EMailFactor || model.SelectedProvider == "Default" )
{ {
await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings, await _userManager.GetEmailAsync(user), "Security Code", message); await _emailSender.SendEmailAsync(_siteSettings, _smtpSettings,user.UserName, await _userManager.GetEmailAsync(user), "Security Code", message);
} }
return RedirectToAction(nameof(VerifyCode), new { Provider = model.SelectedProvider, ReturnUrl = model.ReturnUrl, RememberMe = model.RememberMe }); return RedirectToAction(nameof(VerifyCode), new { Provider = model.SelectedProvider, ReturnUrl = model.ReturnUrl, RememberMe = model.RememberMe });
} }

1
Yavsc/Controllers/CommandController.cs
View File

@ -181,6 +181,7 @@ namespace Yavsc.Controllers
await _emailSender.SendEmailAsync( await _emailSender.SendEmailAsync(
_siteSettings, _smtpSettings, _siteSettings, _smtpSettings,
command.PerformerProfile.Performer.UserName,
command.PerformerProfile.Performer.Email, command.PerformerProfile.Performer.Email,
$"{command.Client.UserName} (un client) vous demande un rendez-vous", $"{command.Client.UserName} (un client) vous demande un rendez-vous",
$"{yaev.Message}\r\n-- \r\n{yaev.Previsional}\r\n{yaev.EventDate}\r\n" $"{yaev.Message}\r\n-- \r\n{yaev.Previsional}\r\n{yaev.EventDate}\r\n"

3
Yavsc/Controllers/Haircut/HairCutCommandController.cs
View File

@ -142,6 +142,7 @@ Le client final: {clientFinal}
ViewBag.EmailSent = await _emailSender.SendEmailAsync( ViewBag.EmailSent = await _emailSender.SendEmailAsync(
_siteSettings, _smtpSettings, _siteSettings, _smtpSettings,
command.PerformerProfile.Performer.UserName,
command.PerformerProfile.Performer.Email, command.PerformerProfile.Performer.Email,
yaev.Reason, yaev.Reason,
$"{yaev.Message}\r\n-- \r\n{yaev.Previsional}\r\n{yaev.EventDate}\r\n" $"{yaev.Message}\r\n-- \r\n{yaev.Previsional}\r\n{yaev.EventDate}\r\n"
@ -330,6 +331,7 @@ Le client final: {clientFinal}
await _emailSender.SendEmailAsync( await _emailSender.SendEmailAsync(
_siteSettings, _smtpSettings, _siteSettings, _smtpSettings,
pro.Performer.UserName,
pro.Performer.Email, pro.Performer.Email,
yaev.Reason, yaev.Reason,
$"{yaev.Message}\r\n-- \r\n{yaev.Previsional}\r\n{yaev.EventDate}\r\n" $"{yaev.Message}\r\n-- \r\n{yaev.Previsional}\r\n{yaev.EventDate}\r\n"
@ -486,6 +488,7 @@ Le client final: {clientFinal}
await _emailSender.SendEmailAsync( await _emailSender.SendEmailAsync(
_siteSettings, _smtpSettings, _siteSettings, _smtpSettings,
command.PerformerProfile.Performer.UserName,
command.PerformerProfile.Performer.Email, command.PerformerProfile.Performer.Email,
yaev.Topic + " " + yaev.Sender, yaev.Topic + " " + yaev.Sender,
$"{yaev.Message}\r\n-- \r\n{yaev.Previsional}\r\n{yaev.EventDate}\r\n" $"{yaev.Message}\r\n-- \r\n{yaev.Previsional}\r\n{yaev.EventDate}\r\n"

22
Yavsc/Controllers/OAuthController.cs
View File

@ -12,20 +12,13 @@ using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel; using Microsoft.Extensions.OptionsModel;
using Microsoft.Extensions.Primitives; using Microsoft.Extensions.Primitives;
using OAuth.AspNet.AuthServer; using OAuth.AspNet.AuthServer;
using Yavsc.Helpers;
using Yavsc.Models; using Yavsc.Models;
using Yavsc.Models.Auth; using Yavsc.Models.Auth;
using Yavsc.ViewModels.Account;
namespace Yavsc.Controllers namespace Yavsc.Controllers
{ {
public class TokenResponse
{
public string access_token { get; set; }
public int expires_in { get; set; }
public string grant_type { get; set; }
public int entity_id { get; set; }
}
[AllowAnonymous] [AllowAnonymous]
public class OAuthController : Controller public class OAuthController : Controller
{ {
@ -93,7 +86,7 @@ namespace Yavsc.Controllers
} }
return new { authenticated = false }; return new { authenticated = false };
} */ } */
[HttpGet("~/api/getclaims"), Produces("application/json")] [HttpGet("~/api/getclaims"), Produces("application/json")]
@ -152,7 +145,7 @@ namespace Yavsc.Controllers
var model = new AuthorisationView { var model = new AuthorisationView {
Scopes = Constants.SiteScopes.Where(s=> scopes.Contains(s.Id)).ToArray(), Scopes = Constants.SiteScopes.Where(s=> scopes.Contains(s.Id)).ToArray(),
Message = "Welcome." Message = "Bienvenue."
} ; } ;
if (Request.Method == "POST") if (Request.Method == "POST")
@ -184,6 +177,13 @@ namespace Yavsc.Controllers
} }
} }
if (Request.Headers.Keys.Contains("Accept")) {
var accepted = Request.Headers["Accept"];
if (accepted == "application/json")
{
return Ok(model);
}
}
return View(model); return View(model);
} }

37
Yavsc/Helpers/ControllerHelpers.cs
View File

@ -31,5 +31,42 @@ namespace Yavsc.Helpers
return notifs; return notifs;
} }
/// <summary>
/// If Json is accepted, serve json,
/// if not, serve a web page.
/// </summary>
/// <param name="controller"></param>
/// <param name="model"></param>
/// <returns></returns>
public static IActionResult ViewOk(this Controller controller, object model)
{
IActionResult result;
if (JsonResponse(controller, model, out result)) return result;
else return controller.View(model);
}
static bool JsonResponse(this Controller controller, object model, out IActionResult result){
if (controller.Request.Headers.Keys.Contains("Accept")) {
var accepted = controller.Request.Headers["Accept"];
if (accepted == "application/json")
{
if (controller.ModelState.ErrorCount>0)
result = controller.HttpBadRequest(controller.ModelState);
else
result = controller.Ok(model);
return true;
}
}
result = null;
return false;
}
public static IActionResult ViewOk(this Controller controller, string viewname, object model = null)
{
IActionResult result;
if (JsonResponse(controller, model, out result)) return result;
else return controller.View(viewname, model);
}
} }
} }

2
Yavsc/Services/IEmailSender.cs
View File

@ -5,6 +5,6 @@ namespace Yavsc.Services
{ {
public interface IEmailSender public interface IEmailSender
{ {
Task<bool> SendEmailAsync(SiteSettings siteSettings, SmtpSettings smtpSettings, string email, string subject, string message); Task<bool> SendEmailAsync(SiteSettings siteSettings, SmtpSettings smtpSettings, string username, string email, string subject, string message);
} }
} }

4
Yavsc/Services/MessageServices.cs
View File

@ -44,7 +44,7 @@ namespace Yavsc.Services
return await googleSettings.NotifyEvent<HairCutQueryEvent>(registrationIds, ev); return await googleSettings.NotifyEvent<HairCutQueryEvent>(registrationIds, ev);
} }
public Task<bool> SendEmailAsync(SiteSettings siteSettings, SmtpSettings smtpSettings, string email, string subject, string message) public Task<bool> SendEmailAsync(SiteSettings siteSettings, SmtpSettings smtpSettings, string username, string email, string subject, string message)
{ {
try try
{ {
@ -52,7 +52,7 @@ namespace Yavsc.Services
msg.From.Add(new MailboxAddress( msg.From.Add(new MailboxAddress(
siteSettings.Owner.Name, siteSettings.Owner.Name,
siteSettings.Owner.EMail)); siteSettings.Owner.EMail));
msg.To.Add(new MailboxAddress("", email)); msg.To.Add(new MailboxAddress(username, email));
msg.Body = new TextPart("plain") msg.Body = new TextPart("plain")
{ {
Text = message Text = message