mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2024-11-19 18:11:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
00aa2e4e17
btcpayserver/BTCPayServer/Controllers/AccountController.cs

540 lines
20 KiB
C#
Raw Normal View History

Init
2017-09-13 08:47:34 +02:00
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using BTCPayServer.Models;
using BTCPayServer.Models.AccountViewModels;
using BTCPayServer.Services;
Renaming + fix invoice display when paid and expired
2017-09-15 09:06:57 +02:00
using BTCPayServer.Services.Mails;
using BTCPayServer.Services.Stores;
Invoices has events recorded
2018-01-14 13:48:23 +01:00
using BTCPayServer.Logging;
Rewrite authorization enforcement and simplify the code
2018-04-30 15:00:43 +02:00
using BTCPayServer.Security;
Server admin can add new user
2018-08-01 17:16:16 +02:00
using System.Globalization;
Rate limit per IP the number of login attempt
2018-08-25 13:28:46 +02:00
using NicolasDorier.RateLimits;
Init
2017-09-13 08:47:34 +02:00
namespace BTCPayServer.Controllers
{
Rewrite authorization enforcement and simplify the code
2018-04-30 15:00:43 +02:00
[Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
[Route("[controller]/[action]")]
public class AccountController : Controller
{
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly IEmailSender _emailSender;
StoreRepository storeRepository;
RoleManager<IdentityRole> _RoleManager;
SettingsRepository _SettingsRepository;
Added new disable-registration command line option.
2019-01-06 16:43:55 +01:00
Configuration.BTCPayServerOptions _Options;
Invoices has events recorded
2018-01-14 13:48:23 +01:00
ILogger _logger;
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
public AccountController(
UserManager<ApplicationUser> userManager,
RoleManager<IdentityRole> roleManager,
StoreRepository storeRepository,
SignInManager<ApplicationUser> signInManager,
IEmailSender emailSender,
Don't disable user registrations if debug for unit tests.
2019-01-06 14:55:18 +01:00
SettingsRepository settingsRepository,
Added new disable-registration command line option.
2019-01-06 16:43:55 +01:00
Configuration.BTCPayServerOptions options)
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
{
this.storeRepository = storeRepository;
_userManager = userManager;
_signInManager = signInManager;
_emailSender = emailSender;
_RoleManager = roleManager;
_SettingsRepository = settingsRepository;
Added new disable-registration command line option.
2019-01-06 16:43:55 +01:00
_Options = options;
Invoices has events recorded
2018-01-14 13:48:23 +01:00
_logger = Logs.PayServer;
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
}
[TempData]
public string ErrorMessage
{
get; set;
}
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> Login(string returnUrl = null)
{
// Clear the existing external cookie to ensure a clean login process
await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
ViewData["ReturnUrl"] = returnUrl;
return View();
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
Rate limit per IP the number of login attempt
2018-08-25 13:28:46 +02:00
[RateLimitsFilter(ZoneLimits.Login, Scope = RateLimitsScope.RemoteAddress)]
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
// Require the user to have a confirmed email before they can log on.
var user = await _userManager.FindByEmailAsync(model.Email);
if (user != null)
{
if (user.RequiresEmailConfirmation && !await _userManager.IsEmailConfirmedAsync(user))
{
ModelState.AddModelError(string.Empty,
"You must have a confirmed email to log in.");
return View(model);
}
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
enable account lockout
2018-09-12 13:36:44 +02:00
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: true);
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
if (result.Succeeded)
{
_logger.LogInformation("User logged in.");
return RedirectToLocal(returnUrl);
}
if (result.RequiresTwoFactor)
{
return RedirectToAction(nameof(LoginWith2fa), new
{
returnUrl,
model.RememberMe
});
}
if (result.IsLockedOut)
{
_logger.LogWarning("User account locked out.");
return RedirectToAction(nameof(Lockout));
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return View(model);
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> LoginWith2fa(bool rememberMe, string returnUrl = null)
{
// Ensure the user has gone through the username & password screen first
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Unable to load two-factor authentication user.");
}
var model = new LoginWith2faViewModel { RememberMe = rememberMe };
ViewData["ReturnUrl"] = returnUrl;
return View(model);
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> LoginWith2fa(LoginWith2faViewModel model, bool rememberMe, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return View(model);
}
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
}
general code cleanup + add analyzers
2018-02-17 05:18:16 +01:00
var authenticatorCode = model.TwoFactorCode.Replace(" ", string.Empty, StringComparison.InvariantCulture).Replace("-", string.Empty, StringComparison.InvariantCulture);
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
var result = await _signInManager.TwoFactorAuthenticatorSignInAsync(authenticatorCode, rememberMe, model.RememberMachine);
if (result.Succeeded)
{
_logger.LogInformation("User with ID {UserId} logged in with 2fa.", user.Id);
return RedirectToLocal(returnUrl);
}
else if (result.IsLockedOut)
{
_logger.LogWarning("User with ID {UserId} account locked out.", user.Id);
return RedirectToAction(nameof(Lockout));
}
else
{
_logger.LogWarning("Invalid authenticator code entered for user with ID {UserId}.", user.Id);
ModelState.AddModelError(string.Empty, "Invalid authenticator code.");
return View();
}
}
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> LoginWithRecoveryCode(string returnUrl = null)
{
// Ensure the user has gone through the username & password screen first
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Unable to load two-factor authentication user.");
}
ViewData["ReturnUrl"] = returnUrl;
return View();
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return View(model);
}
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Unable to load two-factor authentication user.");
}
general code cleanup + add analyzers
2018-02-17 05:18:16 +01:00
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty, StringComparison.InvariantCulture);
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
if (result.Succeeded)
{
_logger.LogInformation("User with ID {UserId} logged in with a recovery code.", user.Id);
return RedirectToLocal(returnUrl);
}
if (result.IsLockedOut)
{
_logger.LogWarning("User with ID {UserId} account locked out.", user.Id);
return RedirectToAction(nameof(Lockout));
}
else
{
_logger.LogWarning("Invalid recovery code entered for user with ID {UserId}", user.Id);
ModelState.AddModelError(string.Empty, "Invalid recovery code entered.");
return View();
}
}
[HttpGet]
[AllowAnonymous]
public IActionResult Lockout()
{
return View();
}
[HttpGet]
[AllowAnonymous]
Server admin can add new user
2018-08-01 17:16:16 +02:00
public async Task<IActionResult> Register(string returnUrl = null, bool logon = true)
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
{
Can lock down registrations
2017-12-03 16:55:39 +01:00
var policies = await _SettingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
Changed disable register mechanism to apply policy setting after admin user created rather than using DB user count checks.
2018-12-20 20:39:48 +01:00
if (policies.LockSubscription && !User.IsInRole(Roles.ServerAdmin))
Can lock down registrations
2017-12-03 16:55:39 +01:00
return RedirectToAction(nameof(HomeController.Index), "Home");
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
ViewData["ReturnUrl"] = returnUrl;
Server admin can add new user
2018-08-01 17:16:16 +02:00
ViewData["Logon"] = logon.ToString(CultureInfo.InvariantCulture).ToLowerInvariant();
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
return View();
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
Server admin can add new user
2018-08-01 17:16:16 +02:00
public async Task<IActionResult> Register(RegisterViewModel model, string returnUrl = null, bool logon = true)
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
{
ViewData["ReturnUrl"] = returnUrl;
Server admin can add new user
2018-08-01 17:16:16 +02:00
ViewData["Logon"] = logon.ToString(CultureInfo.InvariantCulture).ToLowerInvariant();
Can lock down registrations
2017-12-03 16:55:39 +01:00
var policies = await _SettingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
Changed disable register mechanism to apply policy setting after admin user created rather than using DB user count checks.
2018-12-20 20:39:48 +01:00
if (policies.LockSubscription && !User.IsInRole(Roles.ServerAdmin))
Can lock down registrations
2017-12-03 16:55:39 +01:00
return RedirectToAction(nameof(HomeController.Index), "Home");
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
if (ModelState.IsValid)
{
var user = new ApplicationUser { UserName = model.Email, Email = model.Email, RequiresEmailConfirmation = policies.RequiresConfirmedEmail };
var result = await _userManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
var admin = await _userManager.GetUsersInRoleAsync(Roles.ServerAdmin);
Invoices has events recorded
2018-01-14 13:48:23 +01:00
Logs.PayServer.LogInformation($"A new user just registered {user.Email} {(admin.Count == 0 ? "(admin)" : "")}");
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
if (admin.Count == 0)
{
await _RoleManager.CreateAsync(new IdentityRole(Roles.ServerAdmin));
await _userManager.AddToRoleAsync(user, Roles.ServerAdmin);
Changed disable register mechanism to apply policy setting after admin user created rather than using DB user count checks.
2018-12-20 20:39:48 +01:00
Added new disable-registration command line option.
2019-01-06 16:43:55 +01:00
if(_Options.DisableRegistration)
Don't disable user registrations if debug for unit tests.
2019-01-06 14:55:18 +01:00
{
Added new disable-registration command line option.
2019-01-06 16:43:55 +01:00
// Once the admin user has been created lock subsequent user registrations (needs to be disabled for unit tests that require multiple users).
Don't disable user registrations if debug for unit tests.
2019-01-06 14:55:18 +01:00
policies.LockSubscription = true;
await _SettingsRepository.UpdateSetting(policies);
}
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
}
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var callbackUrl = Url.EmailConfirmationLink(user.Id, code, Request.Scheme);
RegisteredUserId = user.Id;
await _emailSender.SendEmailConfirmationAsync(model.Email, callbackUrl);
if (!policies.RequiresConfirmedEmail)
{
Server admin can add new user
2018-08-01 17:16:16 +02:00
if(logon)
await _signInManager.SignInAsync(user, isPersistent: false);
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
return RedirectToLocal(returnUrl);
}
else
{
TempData["StatusMessage"] = "Account created, please confirm your email";
return View();
}
}
AddErrors(result);
}
// If we got this far, something failed, redisplay form
return View(model);
}
Invoices has events recorded
2018-01-14 13:48:23 +01:00
/// <summary>
Adopt dotnet core editorconfig, big reformating
2017-10-27 10:53:04 +02:00
/// Test property
/// </summary>
public string RegisteredUserId
{
get; set;
}
[HttpGet]
public async Task<IActionResult> Logout()
{
await _signInManager.SignOutAsync();
_logger.LogInformation("User logged out.");
return RedirectToAction(nameof(HomeController.Index), "Home");
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public IActionResult ExternalLogin(string provider, string returnUrl = null)
{
// Request a redirect to the external login provider.
var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "Account", new
{
returnUrl
});
var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
return Challenge(properties, provider);
}
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
{
if (remoteError != null)
{
ErrorMessage = $"Error from external provider: {remoteError}";
return RedirectToAction(nameof(Login));
}
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null)
{
return RedirectToAction(nameof(Login));
}
// Sign in the user with this external login provider if the user already has a login.
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor: true);
if (result.Succeeded)
{
_logger.LogInformation("User logged in with {Name} provider.", info.LoginProvider);
return RedirectToLocal(returnUrl);
}
if (result.IsLockedOut)
{
return RedirectToAction(nameof(Lockout));
}
else
{
// If the user does not have an account, then ask the user to create an account.
ViewData["ReturnUrl"] = returnUrl;
ViewData["LoginProvider"] = info.LoginProvider;
var email = info.Principal.FindFirstValue(ClaimTypes.Email);
return View("ExternalLogin", new ExternalLoginViewModel { Email = email });
}
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> ExternalLoginConfirmation(ExternalLoginViewModel model, string returnUrl = null)
{
if (ModelState.IsValid)
{
// Get the information about the user from the external login provider
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null)
{
throw new ApplicationException("Error loading external login information during confirmation.");
}
var user = new ApplicationUser { UserName = model.Email, Email = model.Email };
var result = await _userManager.CreateAsync(user);
if (result.Succeeded)
{
result = await _userManager.AddLoginAsync(user, info);
if (result.Succeeded)
{
await _signInManager.SignInAsync(user, isPersistent: false);
_logger.LogInformation("User created an account using {Name} provider.", info.LoginProvider);
return RedirectToLocal(returnUrl);
}
}
AddErrors(result);
}
ViewData["ReturnUrl"] = returnUrl;
return View(nameof(ExternalLogin), model);
}
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> ConfirmEmail(string userId, string code)
{
if (userId == null || code == null)
{
return RedirectToAction(nameof(HomeController.Index), "Home");
}
var user = await _userManager.FindByIdAsync(userId);
if (user == null)
{
throw new ApplicationException($"Unable to load user with ID '{userId}'.");
}
var result = await _userManager.ConfirmEmailAsync(user, code);
return View(result.Succeeded ? "ConfirmEmail" : "Error");
}
[HttpGet]
[AllowAnonymous]
public IActionResult ForgotPassword()
{
return View();
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> ForgotPassword(ForgotPasswordViewModel model)
{
if (ModelState.IsValid)
{
var user = await _userManager.FindByEmailAsync(model.Email);
if (user == null || !(await _userManager.IsEmailConfirmedAsync(user)))
{
// Don't reveal that the user does not exist or is not confirmed
return RedirectToAction(nameof(ForgotPasswordConfirmation));
}
// For more information on how to enable account confirmation and password reset please
// visit https://go.microsoft.com/fwlink/?LinkID=532713
var code = await _userManager.GeneratePasswordResetTokenAsync(user);
var callbackUrl = Url.ResetPasswordCallbackLink(user.Id, code, Request.Scheme);
await _emailSender.SendEmailAsync(model.Email, "Reset Password",
$"Please reset your password by clicking here: <a href='{callbackUrl}'>link</a>");
return RedirectToAction(nameof(ForgotPasswordConfirmation));
}
// If we got this far, something failed, redisplay form
return View(model);
}
[HttpGet]
[AllowAnonymous]
public IActionResult ForgotPasswordConfirmation()
{
return View();
}
[HttpGet]
[AllowAnonymous]
public IActionResult ResetPassword(string code = null)
{
if (code == null)
{
throw new ApplicationException("A code must be supplied for password reset.");
}
var model = new ResetPasswordViewModel { Code = code };
return View(model);
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> ResetPassword(ResetPasswordViewModel model)
{
if (!ModelState.IsValid)
{
return View(model);
}
var user = await _userManager.FindByEmailAsync(model.Email);
if (user == null)
{
// Don't reveal that the user does not exist
return RedirectToAction(nameof(ResetPasswordConfirmation));
}
var result = await _userManager.ResetPasswordAsync(user, model.Code, model.Password);
if (result.Succeeded)
{
return RedirectToAction(nameof(ResetPasswordConfirmation));
}
AddErrors(result);
return View();
}
[HttpGet]
[AllowAnonymous]
public IActionResult ResetPasswordConfirmation()
{
return View();
}
[HttpGet]
public IActionResult AccessDenied()
{
return View();
}
#region Helpers
private void AddErrors(IdentityResult result)
{
foreach (var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
}
private IActionResult RedirectToLocal(string returnUrl)
{
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction(nameof(HomeController.Index), "Home");
}
}
#endregion
}
Init
2017-09-13 08:47:34 +02:00
}
Reference in New Issue Copy Permalink