2017-09-13 08:47:34 +02:00
|
|
|
|
using System;
|
|
|
|
|
|
using System.Collections.Generic;
|
|
|
|
|
|
using System.Linq;
|
|
|
|
|
|
using System.Security.Claims;
|
|
|
|
|
|
using System.Threading.Tasks;
|
|
|
|
|
|
using Microsoft.AspNetCore.Authentication;
|
|
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
|
|
using Microsoft.AspNetCore.Identity;
|
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
|
|
using Microsoft.AspNetCore.Mvc.Rendering;
|
|
|
|
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
|
|
using Microsoft.Extensions.Options;
|
|
|
|
|
|
using BTCPayServer.Models;
|
|
|
|
|
|
using BTCPayServer.Models.AccountViewModels;
|
|
|
|
|
|
using BTCPayServer.Services;
|
2017-09-15 09:06:57 +02:00
|
|
|
|
using BTCPayServer.Services.Mails;
|
|
|
|
|
|
using BTCPayServer.Services.Stores;
|
2018-01-14 13:48:23 +01:00
|
|
|
|
using BTCPayServer.Logging;
|
2018-04-30 15:00:43 +02:00
|
|
|
|
using BTCPayServer.Security;
|
2018-08-01 17:16:16 +02:00
|
|
|
|
using System.Globalization;
|
2019-10-02 19:32:41 +02:00
|
|
|
|
using BTCPayServer.U2F;
|
|
|
|
|
|
using BTCPayServer.U2F.Models;
|
2019-05-02 14:01:08 +02:00
|
|
|
|
using Newtonsoft.Json;
|
2018-08-25 13:28:46 +02:00
|
|
|
|
using NicolasDorier.RateLimits;
|
2019-08-29 17:24:42 +02:00
|
|
|
|
using BTCPayServer.Data;
|
2020-01-14 09:48:06 +01:00
|
|
|
|
using U2F.Core.Exceptions;
|
2017-09-13 08:47:34 +02:00
|
|
|
|
|
|
|
|
|
|
namespace BTCPayServer.Controllers
|
|
|
|
|
|
{
|
2019-10-12 13:35:30 +02:00
|
|
|
|
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)]
|
2017-10-27 10:53:04 +02:00
|
|
|
|
[Route("[controller]/[action]")]
|
|
|
|
|
|
public class AccountController : Controller
|
|
|
|
|
|
{
|
|
|
|
|
|
private readonly UserManager<ApplicationUser> _userManager;
|
|
|
|
|
|
private readonly SignInManager<ApplicationUser> _signInManager;
|
2019-01-06 15:53:37 +01:00
|
|
|
|
private readonly EmailSenderFactory _EmailSenderFactory;
|
2017-10-27 10:53:04 +02:00
|
|
|
|
StoreRepository storeRepository;
|
|
|
|
|
|
RoleManager<IdentityRole> _RoleManager;
|
|
|
|
|
|
SettingsRepository _SettingsRepository;
|
2019-01-06 16:43:55 +01:00
|
|
|
|
Configuration.BTCPayServerOptions _Options;
|
2019-05-02 14:01:08 +02:00
|
|
|
|
private readonly BTCPayServerEnvironment _btcPayServerEnvironment;
|
2020-02-29 06:15:14 +01:00
|
|
|
|
public U2FService _u2FService;
|
2018-01-14 13:48:23 +01:00
|
|
|
|
ILogger _logger;
|
2017-10-27 10:53:04 +02:00
|
|
|
|
|
|
|
|
|
|
public AccountController(
|
|
|
|
|
|
UserManager<ApplicationUser> userManager,
|
|
|
|
|
|
RoleManager<IdentityRole> roleManager,
|
|
|
|
|
|
StoreRepository storeRepository,
|
|
|
|
|
|
SignInManager<ApplicationUser> signInManager,
|
2019-01-06 15:53:37 +01:00
|
|
|
|
EmailSenderFactory emailSenderFactory,
|
2019-01-06 14:55:18 +01:00
|
|
|
|
SettingsRepository settingsRepository,
|
2019-05-02 14:01:08 +02:00
|
|
|
|
Configuration.BTCPayServerOptions options,
|
|
|
|
|
|
BTCPayServerEnvironment btcPayServerEnvironment,
|
|
|
|
|
|
U2FService u2FService)
|
2017-10-27 10:53:04 +02:00
|
|
|
|
{
|
|
|
|
|
|
this.storeRepository = storeRepository;
|
|
|
|
|
|
_userManager = userManager;
|
|
|
|
|
|
_signInManager = signInManager;
|
2019-01-06 15:53:37 +01:00
|
|
|
|
_EmailSenderFactory = emailSenderFactory;
|
2017-10-27 10:53:04 +02:00
|
|
|
|
_RoleManager = roleManager;
|
|
|
|
|
|
_SettingsRepository = settingsRepository;
|
2019-01-06 16:43:55 +01:00
|
|
|
|
_Options = options;
|
2019-05-02 14:01:08 +02:00
|
|
|
|
_btcPayServerEnvironment = btcPayServerEnvironment;
|
|
|
|
|
|
_u2FService = u2FService;
|
2018-01-14 13:48:23 +01:00
|
|
|
|
_logger = Logs.PayServer;
|
2017-10-27 10:53:04 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[TempData]
|
|
|
|
|
|
public string ErrorMessage
|
|
|
|
|
|
{
|
|
|
|
|
|
get; set;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public async Task<IActionResult> Login(string returnUrl = null)
|
|
|
|
|
|
{
|
2020-02-29 06:15:14 +01:00
|
|
|
|
|
2019-07-15 10:18:30 +02:00
|
|
|
|
if (User.Identity.IsAuthenticated && string.IsNullOrEmpty(returnUrl))
|
|
|
|
|
|
return RedirectToLocal();
|
2017-10-27 10:53:04 +02:00
|
|
|
|
// Clear the existing external cookie to ensure a clean login process
|
|
|
|
|
|
await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
|
|
|
|
|
|
|
2019-11-16 08:57:16 +01:00
|
|
|
|
if (!CanLoginOrRegister())
|
|
|
|
|
|
{
|
|
|
|
|
|
SetInsecureFlags();
|
|
|
|
|
|
}
|
2020-02-29 06:15:14 +01:00
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
ViewData["ReturnUrl"] = returnUrl;
|
|
|
|
|
|
return View();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-11-14 19:01:26 +01:00
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
[HttpPost]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
[ValidateAntiForgeryToken]
|
2018-08-25 13:28:46 +02:00
|
|
|
|
[RateLimitsFilter(ZoneLimits.Login, Scope = RateLimitsScope.RemoteAddress)]
|
2017-10-27 10:53:04 +02:00
|
|
|
|
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
|
|
|
|
|
|
{
|
2019-11-14 19:01:26 +01:00
|
|
|
|
if (!CanLoginOrRegister())
|
|
|
|
|
|
{
|
2019-11-16 08:57:16 +01:00
|
|
|
|
return RedirectToAction("Login");
|
2019-11-14 19:01:26 +01:00
|
|
|
|
}
|
2017-10-27 10:53:04 +02:00
|
|
|
|
ViewData["ReturnUrl"] = returnUrl;
|
|
|
|
|
|
if (ModelState.IsValid)
|
|
|
|
|
|
{
|
|
|
|
|
|
// Require the user to have a confirmed email before they can log on.
|
|
|
|
|
|
var user = await _userManager.FindByEmailAsync(model.Email);
|
|
|
|
|
|
if (user != null)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (user.RequiresEmailConfirmation && !await _userManager.IsEmailConfirmedAsync(user))
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty,
|
|
|
|
|
|
"You must have a confirmed email to log in.");
|
|
|
|
|
|
return View(model);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2019-05-08 05:34:13 +02:00
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
|
|
|
|
|
|
return View(model);
|
|
|
|
|
|
}
|
2019-05-02 14:01:08 +02:00
|
|
|
|
|
|
|
|
|
|
if (!await _userManager.IsLockedOutAsync(user) && await _u2FService.HasDevices(user.Id))
|
|
|
|
|
|
{
|
|
|
|
|
|
if (await _userManager.CheckPasswordAsync(user, model.Password))
|
|
|
|
|
|
{
|
|
|
|
|
|
LoginWith2faViewModel twoFModel = null;
|
2020-02-29 06:15:14 +01:00
|
|
|
|
|
2019-05-02 14:01:08 +02:00
|
|
|
|
if (user.TwoFactorEnabled)
|
|
|
|
|
|
{
|
|
|
|
|
|
// we need to do an actual sign in attempt so that 2fa can function in next step
|
|
|
|
|
|
await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: true);
|
|
|
|
|
|
twoFModel = new LoginWith2faViewModel
|
|
|
|
|
|
{
|
|
|
|
|
|
RememberMe = model.RememberMe
|
|
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return View("SecondaryLogin", new SecondaryLoginViewModel()
|
|
|
|
|
|
{
|
|
|
|
|
|
LoginWith2FaViewModel = twoFModel,
|
|
|
|
|
|
LoginWithU2FViewModel = await BuildU2FViewModel(model.RememberMe, user)
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
2020-02-29 06:15:14 +01:00
|
|
|
|
var incrementAccessFailedResult = await _userManager.AccessFailedAsync(user);
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
|
|
|
|
|
|
return View(model);
|
|
|
|
|
|
|
2019-05-02 14:01:08 +02:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-02-29 06:15:14 +01:00
|
|
|
|
|
|
|
|
|
|
|
2018-09-12 13:36:44 +02:00
|
|
|
|
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: true);
|
2017-10-27 10:53:04 +02:00
|
|
|
|
if (result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.LogInformation("User logged in.");
|
|
|
|
|
|
return RedirectToLocal(returnUrl);
|
|
|
|
|
|
}
|
|
|
|
|
|
if (result.RequiresTwoFactor)
|
|
|
|
|
|
{
|
2019-05-02 14:01:08 +02:00
|
|
|
|
return View("SecondaryLogin", new SecondaryLoginViewModel()
|
2017-10-27 10:53:04 +02:00
|
|
|
|
{
|
2019-05-02 14:01:08 +02:00
|
|
|
|
LoginWith2FaViewModel = new LoginWith2faViewModel()
|
|
|
|
|
|
{
|
|
|
|
|
|
RememberMe = model.RememberMe
|
|
|
|
|
|
}
|
2017-10-27 10:53:04 +02:00
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
if (result.IsLockedOut)
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.LogWarning("User account locked out.");
|
|
|
|
|
|
return RedirectToAction(nameof(Lockout));
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
|
|
|
|
|
|
return View(model);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// If we got this far, something failed, redisplay form
|
|
|
|
|
|
return View(model);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-05-02 14:01:08 +02:00
|
|
|
|
private async Task<LoginWithU2FViewModel> BuildU2FViewModel(bool rememberMe, ApplicationUser user)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (_btcPayServerEnvironment.IsSecure)
|
|
|
|
|
|
{
|
|
|
|
|
|
var u2fChallenge = await _u2FService.GenerateDeviceChallenges(user.Id,
|
|
|
|
|
|
Request.GetAbsoluteUriNoPathBase().ToString().TrimEnd('/'));
|
|
|
|
|
|
|
|
|
|
|
|
return new LoginWithU2FViewModel()
|
|
|
|
|
|
{
|
|
|
|
|
|
Version = u2fChallenge[0].version,
|
|
|
|
|
|
Challenge = u2fChallenge[0].challenge,
|
2019-08-10 07:05:11 +02:00
|
|
|
|
Challenges = u2fChallenge,
|
2019-05-02 14:01:08 +02:00
|
|
|
|
AppId = u2fChallenge[0].appId,
|
|
|
|
|
|
UserId = user.Id,
|
|
|
|
|
|
RememberMe = rememberMe
|
|
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
[ValidateAntiForgeryToken]
|
|
|
|
|
|
public async Task<IActionResult> LoginWithU2F(LoginWithU2FViewModel viewModel, string returnUrl = null)
|
|
|
|
|
|
{
|
2019-11-14 19:01:26 +01:00
|
|
|
|
if (!CanLoginOrRegister())
|
|
|
|
|
|
{
|
|
|
|
|
|
return RedirectToAction("Login");
|
|
|
|
|
|
}
|
2020-02-29 06:15:14 +01:00
|
|
|
|
|
2019-05-02 14:01:08 +02:00
|
|
|
|
ViewData["ReturnUrl"] = returnUrl;
|
|
|
|
|
|
var user = await _userManager.FindByIdAsync(viewModel.UserId);
|
|
|
|
|
|
|
|
|
|
|
|
if (user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
return NotFound();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var errorMessage = string.Empty;
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
if (await _u2FService.AuthenticateUser(viewModel.UserId, viewModel.DeviceResponse))
|
|
|
|
|
|
{
|
|
|
|
|
|
await _signInManager.SignInAsync(user, viewModel.RememberMe, "U2F");
|
|
|
|
|
|
_logger.LogInformation("User logged in.");
|
|
|
|
|
|
return RedirectToLocal(returnUrl);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
errorMessage = "Invalid login attempt.";
|
|
|
|
|
|
}
|
2020-01-14 09:48:06 +01:00
|
|
|
|
catch (U2fException e)
|
2019-05-02 14:01:08 +02:00
|
|
|
|
{
|
|
|
|
|
|
errorMessage = e.Message;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, errorMessage);
|
|
|
|
|
|
return View("SecondaryLogin", new SecondaryLoginViewModel()
|
|
|
|
|
|
{
|
|
|
|
|
|
LoginWithU2FViewModel = viewModel,
|
|
|
|
|
|
LoginWith2FaViewModel = !user.TwoFactorEnabled
|
|
|
|
|
|
? null
|
|
|
|
|
|
: new LoginWith2faViewModel()
|
|
|
|
|
|
{
|
|
|
|
|
|
RememberMe = viewModel.RememberMe
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
[HttpGet]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public async Task<IActionResult> LoginWith2fa(bool rememberMe, string returnUrl = null)
|
|
|
|
|
|
{
|
2019-11-14 19:01:26 +01:00
|
|
|
|
if (!CanLoginOrRegister())
|
|
|
|
|
|
{
|
|
|
|
|
|
return RedirectToAction("Login");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
// Ensure the user has gone through the username & password screen first
|
|
|
|
|
|
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
|
|
|
|
|
|
|
|
|
|
|
|
if (user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new ApplicationException($"Unable to load two-factor authentication user.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ViewData["ReturnUrl"] = returnUrl;
|
|
|
|
|
|
|
2019-05-02 14:01:08 +02:00
|
|
|
|
return View("SecondaryLogin", new SecondaryLoginViewModel()
|
|
|
|
|
|
{
|
|
|
|
|
|
LoginWith2FaViewModel = new LoginWith2faViewModel { RememberMe = rememberMe },
|
2020-02-29 06:15:14 +01:00
|
|
|
|
LoginWithU2FViewModel = (await _u2FService.HasDevices(user.Id)) ? await BuildU2FViewModel(rememberMe, user) : null
|
2019-05-02 14:01:08 +02:00
|
|
|
|
});
|
2017-10-27 10:53:04 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
[ValidateAntiForgeryToken]
|
|
|
|
|
|
public async Task<IActionResult> LoginWith2fa(LoginWith2faViewModel model, bool rememberMe, string returnUrl = null)
|
|
|
|
|
|
{
|
2019-11-14 19:01:26 +01:00
|
|
|
|
if (!CanLoginOrRegister())
|
|
|
|
|
|
{
|
|
|
|
|
|
return RedirectToAction("Login");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
if (!ModelState.IsValid)
|
|
|
|
|
|
{
|
|
|
|
|
|
return View(model);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
|
|
|
|
|
|
if (user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-02-17 05:18:16 +01:00
|
|
|
|
var authenticatorCode = model.TwoFactorCode.Replace(" ", string.Empty, StringComparison.InvariantCulture).Replace("-", string.Empty, StringComparison.InvariantCulture);
|
2017-10-27 10:53:04 +02:00
|
|
|
|
|
|
|
|
|
|
var result = await _signInManager.TwoFactorAuthenticatorSignInAsync(authenticatorCode, rememberMe, model.RememberMachine);
|
|
|
|
|
|
|
|
|
|
|
|
if (result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.LogInformation("User with ID {UserId} logged in with 2fa.", user.Id);
|
|
|
|
|
|
return RedirectToLocal(returnUrl);
|
|
|
|
|
|
}
|
|
|
|
|
|
else if (result.IsLockedOut)
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.LogWarning("User with ID {UserId} account locked out.", user.Id);
|
|
|
|
|
|
return RedirectToAction(nameof(Lockout));
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.LogWarning("Invalid authenticator code entered for user with ID {UserId}.", user.Id);
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, "Invalid authenticator code.");
|
2019-05-02 14:01:08 +02:00
|
|
|
|
return View("SecondaryLogin", new SecondaryLoginViewModel()
|
|
|
|
|
|
{
|
|
|
|
|
|
LoginWith2FaViewModel = model,
|
2020-02-29 06:15:14 +01:00
|
|
|
|
LoginWithU2FViewModel = (await _u2FService.HasDevices(user.Id)) ? await BuildU2FViewModel(rememberMe, user) : null
|
2019-05-02 14:01:08 +02:00
|
|
|
|
});
|
2017-10-27 10:53:04 +02:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public async Task<IActionResult> LoginWithRecoveryCode(string returnUrl = null)
|
|
|
|
|
|
{
|
2019-11-14 19:01:26 +01:00
|
|
|
|
if (!CanLoginOrRegister())
|
|
|
|
|
|
{
|
|
|
|
|
|
return RedirectToAction("Login");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
// Ensure the user has gone through the username & password screen first
|
|
|
|
|
|
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
|
|
|
|
|
|
if (user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new ApplicationException($"Unable to load two-factor authentication user.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ViewData["ReturnUrl"] = returnUrl;
|
|
|
|
|
|
|
|
|
|
|
|
return View();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
[ValidateAntiForgeryToken]
|
|
|
|
|
|
public async Task<IActionResult> LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model, string returnUrl = null)
|
|
|
|
|
|
{
|
2019-11-14 19:01:26 +01:00
|
|
|
|
if (!CanLoginOrRegister())
|
|
|
|
|
|
{
|
|
|
|
|
|
return RedirectToAction("Login");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
if (!ModelState.IsValid)
|
|
|
|
|
|
{
|
|
|
|
|
|
return View(model);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
|
|
|
|
|
|
if (user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new ApplicationException($"Unable to load two-factor authentication user.");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-02-17 05:18:16 +01:00
|
|
|
|
var recoveryCode = model.RecoveryCode.Replace(" ", string.Empty, StringComparison.InvariantCulture);
|
2017-10-27 10:53:04 +02:00
|
|
|
|
|
|
|
|
|
|
var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
|
|
|
|
|
|
|
|
|
|
|
|
if (result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.LogInformation("User with ID {UserId} logged in with a recovery code.", user.Id);
|
|
|
|
|
|
return RedirectToLocal(returnUrl);
|
|
|
|
|
|
}
|
|
|
|
|
|
if (result.IsLockedOut)
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.LogWarning("User with ID {UserId} account locked out.", user.Id);
|
|
|
|
|
|
return RedirectToAction(nameof(Lockout));
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
_logger.LogWarning("Invalid recovery code entered for user with ID {UserId}", user.Id);
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, "Invalid recovery code entered.");
|
|
|
|
|
|
return View();
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public IActionResult Lockout()
|
|
|
|
|
|
{
|
|
|
|
|
|
return View();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
|
|
|
|
|
[AllowAnonymous]
|
2019-11-09 07:38:37 +01:00
|
|
|
|
public async Task<IActionResult> Register(string returnUrl = null, bool logon = true, bool useBasicLayout = false)
|
2017-10-27 10:53:04 +02:00
|
|
|
|
{
|
2019-11-16 08:57:16 +01:00
|
|
|
|
if (!CanLoginOrRegister())
|
|
|
|
|
|
{
|
|
|
|
|
|
SetInsecureFlags();
|
|
|
|
|
|
}
|
|
|
|
|
|
var policies = await _SettingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
|
2018-12-20 20:39:48 +01:00
|
|
|
|
if (policies.LockSubscription && !User.IsInRole(Roles.ServerAdmin))
|
2017-12-03 16:55:39 +01:00
|
|
|
|
return RedirectToAction(nameof(HomeController.Index), "Home");
|
2017-10-27 10:53:04 +02:00
|
|
|
|
ViewData["ReturnUrl"] = returnUrl;
|
2018-08-01 17:16:16 +02:00
|
|
|
|
ViewData["Logon"] = logon.ToString(CultureInfo.InvariantCulture).ToLowerInvariant();
|
2019-05-13 10:00:58 +02:00
|
|
|
|
ViewData["AllowIsAdmin"] = _Options.AllowAdminRegistration;
|
2019-11-09 07:38:37 +01:00
|
|
|
|
ViewData["UseBasicLayout"] = useBasicLayout;
|
2017-10-27 10:53:04 +02:00
|
|
|
|
return View();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
[ValidateAntiForgeryToken]
|
2018-08-01 17:16:16 +02:00
|
|
|
|
public async Task<IActionResult> Register(RegisterViewModel model, string returnUrl = null, bool logon = true)
|
2017-10-27 10:53:04 +02:00
|
|
|
|
{
|
2019-11-14 19:01:26 +01:00
|
|
|
|
if (!CanLoginOrRegister())
|
|
|
|
|
|
{
|
|
|
|
|
|
return RedirectToAction("Register");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
ViewData["ReturnUrl"] = returnUrl;
|
2018-08-01 17:16:16 +02:00
|
|
|
|
ViewData["Logon"] = logon.ToString(CultureInfo.InvariantCulture).ToLowerInvariant();
|
2019-05-13 10:00:58 +02:00
|
|
|
|
ViewData["AllowIsAdmin"] = _Options.AllowAdminRegistration;
|
2017-12-03 16:55:39 +01:00
|
|
|
|
var policies = await _SettingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
|
2018-12-20 20:39:48 +01:00
|
|
|
|
if (policies.LockSubscription && !User.IsInRole(Roles.ServerAdmin))
|
2017-12-03 16:55:39 +01:00
|
|
|
|
return RedirectToAction(nameof(HomeController.Index), "Home");
|
2017-10-27 10:53:04 +02:00
|
|
|
|
if (ModelState.IsValid)
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = new ApplicationUser { UserName = model.Email, Email = model.Email, RequiresEmailConfirmation = policies.RequiresConfirmedEmail };
|
|
|
|
|
|
var result = await _userManager.CreateAsync(user, model.Password);
|
|
|
|
|
|
if (result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
var admin = await _userManager.GetUsersInRoleAsync(Roles.ServerAdmin);
|
2018-01-14 13:48:23 +01:00
|
|
|
|
Logs.PayServer.LogInformation($"A new user just registered {user.Email} {(admin.Count == 0 ? "(admin)" : "")}");
|
2019-05-13 10:00:58 +02:00
|
|
|
|
if (admin.Count == 0 || (model.IsAdmin && _Options.AllowAdminRegistration))
|
2017-10-27 10:53:04 +02:00
|
|
|
|
{
|
|
|
|
|
|
await _RoleManager.CreateAsync(new IdentityRole(Roles.ServerAdmin));
|
|
|
|
|
|
await _userManager.AddToRoleAsync(user, Roles.ServerAdmin);
|
2019-11-06 06:31:45 +01:00
|
|
|
|
var settings = await _SettingsRepository.GetSettingAsync<ThemeSettings>();
|
|
|
|
|
|
settings.FirstRun = false;
|
|
|
|
|
|
await _SettingsRepository.UpdateSetting<ThemeSettings>(settings);
|
2020-02-29 06:15:06 +01:00
|
|
|
|
if (_Options.DisableRegistration)
|
2019-01-06 14:55:18 +01:00
|
|
|
|
{
|
2019-01-06 16:43:55 +01:00
|
|
|
|
// Once the admin user has been created lock subsequent user registrations (needs to be disabled for unit tests that require multiple users).
|
2019-01-06 14:55:18 +01:00
|
|
|
|
policies.LockSubscription = true;
|
|
|
|
|
|
await _SettingsRepository.UpdateSetting(policies);
|
|
|
|
|
|
}
|
2020-02-29 06:15:06 +01:00
|
|
|
|
RegisteredAdmin = true;
|
2017-10-27 10:53:04 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
|
|
|
|
|
|
var callbackUrl = Url.EmailConfirmationLink(user.Id, code, Request.Scheme);
|
|
|
|
|
|
RegisteredUserId = user.Id;
|
2019-01-06 15:53:37 +01:00
|
|
|
|
|
|
|
|
|
|
_EmailSenderFactory.GetEmailSender().SendEmailConfirmation(model.Email, callbackUrl);
|
2017-10-27 10:53:04 +02:00
|
|
|
|
if (!policies.RequiresConfirmedEmail)
|
|
|
|
|
|
{
|
2020-02-29 06:15:14 +01:00
|
|
|
|
if (logon)
|
2018-08-01 17:16:16 +02:00
|
|
|
|
await _signInManager.SignInAsync(user, isPersistent: false);
|
2017-10-27 10:53:04 +02:00
|
|
|
|
return RedirectToLocal(returnUrl);
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
2019-10-31 07:19:38 +01:00
|
|
|
|
TempData[WellKnownTempData.SuccessMessage] = "Account created, please confirm your email";
|
2017-10-27 10:53:04 +02:00
|
|
|
|
return View();
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
AddErrors(result);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// If we got this far, something failed, redisplay form
|
|
|
|
|
|
return View(model);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-02-29 06:15:06 +01:00
|
|
|
|
// Properties used by tests
|
|
|
|
|
|
public string RegisteredUserId { get; set; }
|
|
|
|
|
|
public bool RegisteredAdmin { get; set; }
|
2017-10-27 10:53:04 +02:00
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
|
|
|
|
|
public async Task<IActionResult> Logout()
|
|
|
|
|
|
{
|
|
|
|
|
|
await _signInManager.SignOutAsync();
|
|
|
|
|
|
_logger.LogInformation("User logged out.");
|
|
|
|
|
|
return RedirectToAction(nameof(HomeController.Index), "Home");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public async Task<IActionResult> ConfirmEmail(string userId, string code)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (userId == null || code == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
return RedirectToAction(nameof(HomeController.Index), "Home");
|
|
|
|
|
|
}
|
|
|
|
|
|
var user = await _userManager.FindByIdAsync(userId);
|
|
|
|
|
|
if (user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new ApplicationException($"Unable to load user with ID '{userId}'.");
|
|
|
|
|
|
}
|
|
|
|
|
|
var result = await _userManager.ConfirmEmailAsync(user, code);
|
|
|
|
|
|
return View(result.Succeeded ? "ConfirmEmail" : "Error");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public IActionResult ForgotPassword()
|
|
|
|
|
|
{
|
|
|
|
|
|
return View();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
[ValidateAntiForgeryToken]
|
|
|
|
|
|
public async Task<IActionResult> ForgotPassword(ForgotPasswordViewModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (ModelState.IsValid)
|
|
|
|
|
|
{
|
|
|
|
|
|
var user = await _userManager.FindByEmailAsync(model.Email);
|
|
|
|
|
|
if (user == null || !(await _userManager.IsEmailConfirmedAsync(user)))
|
|
|
|
|
|
{
|
|
|
|
|
|
// Don't reveal that the user does not exist or is not confirmed
|
|
|
|
|
|
return RedirectToAction(nameof(ForgotPasswordConfirmation));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// For more information on how to enable account confirmation and password reset please
|
|
|
|
|
|
// visit https://go.microsoft.com/fwlink/?LinkID=532713
|
|
|
|
|
|
var code = await _userManager.GeneratePasswordResetTokenAsync(user);
|
|
|
|
|
|
var callbackUrl = Url.ResetPasswordCallbackLink(user.Id, code, Request.Scheme);
|
2019-01-06 15:53:37 +01:00
|
|
|
|
_EmailSenderFactory.GetEmailSender().SendEmail(model.Email, "Reset Password",
|
|
|
|
|
|
$"Please reset your password by clicking here: <a href='{callbackUrl}'>link</a>");
|
2020-02-29 06:15:14 +01:00
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
return RedirectToAction(nameof(ForgotPasswordConfirmation));
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// If we got this far, something failed, redisplay form
|
|
|
|
|
|
return View(model);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public IActionResult ForgotPasswordConfirmation()
|
|
|
|
|
|
{
|
|
|
|
|
|
return View();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public IActionResult ResetPassword(string code = null)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (code == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new ApplicationException("A code must be supplied for password reset.");
|
|
|
|
|
|
}
|
|
|
|
|
|
var model = new ResetPasswordViewModel { Code = code };
|
|
|
|
|
|
return View(model);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpPost]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
[ValidateAntiForgeryToken]
|
|
|
|
|
|
public async Task<IActionResult> ResetPassword(ResetPasswordViewModel model)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!ModelState.IsValid)
|
|
|
|
|
|
{
|
|
|
|
|
|
return View(model);
|
|
|
|
|
|
}
|
|
|
|
|
|
var user = await _userManager.FindByEmailAsync(model.Email);
|
|
|
|
|
|
if (user == null)
|
|
|
|
|
|
{
|
|
|
|
|
|
// Don't reveal that the user does not exist
|
|
|
|
|
|
return RedirectToAction(nameof(ResetPasswordConfirmation));
|
|
|
|
|
|
}
|
|
|
|
|
|
var result = await _userManager.ResetPasswordAsync(user, model.Code, model.Password);
|
|
|
|
|
|
if (result.Succeeded)
|
|
|
|
|
|
{
|
|
|
|
|
|
return RedirectToAction(nameof(ResetPasswordConfirmation));
|
|
|
|
|
|
}
|
|
|
|
|
|
AddErrors(result);
|
|
|
|
|
|
return View();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
|
public IActionResult ResetPasswordConfirmation()
|
|
|
|
|
|
{
|
|
|
|
|
|
return View();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
|
|
|
|
|
public IActionResult AccessDenied()
|
|
|
|
|
|
{
|
|
|
|
|
|
return View();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#region Helpers
|
|
|
|
|
|
|
|
|
|
|
|
private void AddErrors(IdentityResult result)
|
|
|
|
|
|
{
|
|
|
|
|
|
foreach (var error in result.Errors)
|
|
|
|
|
|
{
|
|
|
|
|
|
ModelState.AddModelError(string.Empty, error.Description);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-07-15 10:18:30 +02:00
|
|
|
|
private IActionResult RedirectToLocal(string returnUrl = null)
|
2017-10-27 10:53:04 +02:00
|
|
|
|
{
|
2019-07-14 15:16:23 +02:00
|
|
|
|
if (!string.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl))
|
2017-10-27 10:53:04 +02:00
|
|
|
|
{
|
|
|
|
|
|
return Redirect(returnUrl);
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
return RedirectToAction(nameof(HomeController.Index), "Home");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-02-29 06:15:14 +01:00
|
|
|
|
|
|
|
|
|
|
|
2019-11-14 19:01:26 +01:00
|
|
|
|
private bool CanLoginOrRegister()
|
|
|
|
|
|
{
|
2019-11-16 08:57:16 +01:00
|
|
|
|
return _btcPayServerEnvironment.IsDevelopping || _btcPayServerEnvironment.IsSecure;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private void SetInsecureFlags()
|
|
|
|
|
|
{
|
2019-11-14 19:01:26 +01:00
|
|
|
|
TempData.SetStatusMessageModel(new StatusMessageModel()
|
|
|
|
|
|
{
|
|
|
|
|
|
Severity = StatusMessageModel.StatusSeverity.Error,
|
|
|
|
|
|
Message = "You cannot login over an insecure connection. Please use HTTPS or Tor."
|
|
|
|
|
|
});
|
2020-02-29 06:15:14 +01:00
|
|
|
|
|
2019-11-14 19:01:26 +01:00
|
|
|
|
ViewData["disabled"] = true;
|
|
|
|
|
|
}
|
2017-10-27 10:53:04 +02:00
|
|
|
|
|
|
|
|
|
|
#endregion
|
|
|
|
|
|
}
|
2017-09-13 08:47:34 +02:00
|
|
|
|
}
|
