mirror of https://github.com/Ombi-app/Ombi
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
189 lines
7.3 KiB
189 lines
7.3 KiB
8 years ago
|
#region Copyright
|
||
8 years ago
|
|
||
8 years ago
|
// /************************************************************************
|
||
|
// Copyright (c) 2016 Jamie Rees
|
||
|
// File: LoginModule.cs
|
||
|
// Created By: Jamie Rees
|
||
|
//
|
||
|
// Permission is hereby granted, free of charge, to any person obtaining
|
||
|
// a copy of this software and associated documentation files (the
|
||
|
// "Software"), to deal in the Software without restriction, including
|
||
|
// without limitation the rights to use, copy, modify, merge, publish,
|
||
|
// distribute, sublicense, and/or sell copies of the Software, and to
|
||
|
// permit persons to whom the Software is furnished to do so, subject to
|
||
|
// the following conditions:
|
||
|
//
|
||
|
// The above copyright notice and this permission notice shall be
|
||
|
// included in all copies or substantial portions of the Software.
|
||
|
//
|
||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||
|
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||
|
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||
|
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||
|
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||
|
// ************************************************************************/
|
||
8 years ago
|
|
||
8 years ago
|
#endregion
|
||
8 years ago
|
|
||
8 years ago
|
using System;
|
||
|
using System.Dynamic;
|
||
8 years ago
|
using System.Security;
|
||
8 years ago
|
using Nancy;
|
||
|
using Nancy.Extensions;
|
||
|
using Nancy.Linker;
|
||
|
using Nancy.Responses.Negotiation;
|
||
|
using Nancy.Security;
|
||
8 years ago
|
using Ombi.Core;
|
||
|
using Ombi.Core.SettingModels;
|
||
|
using Ombi.Helpers;
|
||
|
using Ombi.Helpers.Permissions;
|
||
|
using Ombi.Store;
|
||
|
using Ombi.Store.Repository;
|
||
|
using Ombi.UI.Authentication;
|
||
|
using Ombi.UI.Models;
|
||
|
using ISecurityExtensions = Ombi.Core.ISecurityExtensions;
|
||
8 years ago
|
|
||
8 years ago
|
namespace Ombi.UI.Modules
|
||
8 years ago
|
{
|
||
|
public class LoginModule : BaseModule
|
||
|
{
|
||
8 years ago
|
public LoginModule(ISettingsService<PlexRequestSettings> pr, ICustomUserMapper m, IResourceLinker linker, IRepository<UserLogins> userLoginRepo, ISecurityExtensions security)
|
||
|
: base(pr, security)
|
||
8 years ago
|
{
|
||
|
UserMapper = m;
|
||
8 years ago
|
Get["LocalLogin","/login"] = _ =>
|
||
8 years ago
|
{
|
||
|
if (LoggedIn)
|
||
|
{
|
||
|
var url = linker.BuildRelativeUri(Context, "SearchIndex");
|
||
|
return Response.AsRedirect(url.ToString());
|
||
|
}
|
||
|
dynamic model = new ExpandoObject();
|
||
|
model.Redirect = Request.Query.redirect.Value ?? string.Empty;
|
||
|
model.Errored = Request.Query.error.HasValue;
|
||
|
var adminCreated = UserMapper.DoUsersExist();
|
||
|
model.AdminExists = adminCreated;
|
||
|
return View["Index", model];
|
||
|
};
|
||
|
|
||
8 years ago
|
Get["/logout"] = x =>
|
||
|
{
|
||
|
if (Session[SessionKeys.UsernameKey] != null)
|
||
|
{
|
||
|
Session.Delete(SessionKeys.UsernameKey);
|
||
|
}
|
||
8 years ago
|
return CustomModuleExtensions.LogoutAndRedirect(this, !string.IsNullOrEmpty(BaseUrl) ? $"~/{BaseUrl}/" : "~/");
|
||
8 years ago
|
};
|
||
8 years ago
|
|
||
|
Post["/login"] = x =>
|
||
|
{
|
||
|
var username = (string)Request.Form.Username;
|
||
|
var password = (string)Request.Form.Password;
|
||
|
var dtOffset = (int)Request.Form.DateTimeOffset;
|
||
|
var redirect = (string)Request.Form.Redirect;
|
||
|
|
||
|
var userId = UserMapper.ValidateUser(username, password);
|
||
|
|
||
|
if (userId == null)
|
||
|
{
|
||
8 years ago
|
return
|
||
|
Context.GetRedirect(!string.IsNullOrEmpty(BaseUrl)
|
||
|
? $"~/{BaseUrl}/login?error=true&username=" + username
|
||
|
: "~/login?error=true&username=" + username);
|
||
8 years ago
|
}
|
||
|
DateTime? expiry = null;
|
||
|
if (Request.Form.RememberMe.HasValue)
|
||
|
{
|
||
|
expiry = DateTime.Now.AddDays(7);
|
||
|
}
|
||
|
Session[SessionKeys.UsernameKey] = username;
|
||
|
Session[SessionKeys.ClientDateTimeOffsetKey] = dtOffset;
|
||
|
if (redirect.Contains("userlogin"))
|
||
|
{
|
||
|
redirect = !string.IsNullOrEmpty(BaseUrl) ? $"/{BaseUrl}/search" : "/search";
|
||
|
}
|
||
8 years ago
|
|
||
|
userLoginRepo.Insert(new UserLogins
|
||
|
{
|
||
|
LastLoggedIn = DateTime.UtcNow,
|
||
|
Type = UserType.LocalUser,
|
||
|
UserId = userId.ToString()
|
||
|
});
|
||
|
|
||
8 years ago
|
return CustomModuleExtensions.LoginAndRedirect(this,userId.Value, expiry, redirect);
|
||
8 years ago
|
};
|
||
|
|
||
|
Get["/register"] = x =>
|
||
|
{
|
||
|
{
|
||
|
dynamic model = new ExpandoObject();
|
||
|
model.Errored = Request.Query.error.HasValue;
|
||
|
|
||
|
return View["Register", model];
|
||
|
}
|
||
|
};
|
||
|
|
||
|
Post["/register"] = x =>
|
||
|
{
|
||
|
var username = (string)Request.Form.Username;
|
||
|
var exists = UserMapper.DoUsersExist();
|
||
|
if (exists)
|
||
|
{
|
||
8 years ago
|
return
|
||
|
Context.GetRedirect(!string.IsNullOrEmpty(BaseUrl)
|
||
|
? $"~/{BaseUrl}/register?error=true"
|
||
|
: "~/register?error=true");
|
||
8 years ago
|
}
|
||
8 years ago
|
var userId = UserMapper.CreateUser(username, Request.Form.Password, EnumHelper<Permissions>.All(), 0);
|
||
8 years ago
|
Session[SessionKeys.UsernameKey] = username;
|
||
8 years ago
|
return CustomModuleExtensions.LoginAndRedirect(this, (Guid)userId);
|
||
8 years ago
|
};
|
||
|
|
||
|
Get["/changepassword"] = _ => ChangePassword();
|
||
|
Post["/changepassword"] = _ => ChangePasswordPost();
|
||
|
}
|
||
8 years ago
|
|
||
8 years ago
|
private ICustomUserMapper UserMapper { get; }
|
||
|
|
||
|
private Negotiator ChangePassword()
|
||
|
{
|
||
|
this.RequiresAuthentication();
|
||
|
return View["ChangePassword"];
|
||
|
}
|
||
|
|
||
|
private Response ChangePasswordPost()
|
||
|
{
|
||
|
var username = Context.CurrentUser.UserName;
|
||
|
var oldPass = Request.Form.OldPassword;
|
||
|
var newPassword = Request.Form.NewPassword;
|
||
|
var newPasswordAgain = Request.Form.NewPasswordAgain;
|
||
|
|
||
|
if (string.IsNullOrEmpty(oldPass) || string.IsNullOrEmpty(newPassword) ||
|
||
|
string.IsNullOrEmpty(newPasswordAgain))
|
||
|
{
|
||
|
return Response.AsJson(new JsonResponseModel { Message = "Please fill in all fields", Result = false });
|
||
|
}
|
||
|
|
||
|
if (!newPassword.Equals(newPasswordAgain))
|
||
|
{
|
||
|
return Response.AsJson(new JsonResponseModel { Message = "The passwords do not match", Result = false });
|
||
|
}
|
||
8 years ago
|
try
|
||
|
{
|
||
|
var result = UserMapper.UpdatePassword(username, oldPass, newPassword);
|
||
|
if (result)
|
||
|
{
|
||
|
return Response.AsJson(new JsonResponseModel { Message = "Password has been changed!", Result = true });
|
||
|
}
|
||
8 years ago
|
|
||
8 years ago
|
return Response.AsJson(new JsonResponseModel { Message = "Could not update the password in the database", Result = false });
|
||
|
}
|
||
|
catch (SecurityException e)
|
||
8 years ago
|
{
|
||
8 years ago
|
return Response.AsJson(new JsonResponseModel { Message = e.ToString(), Result = false });
|
||
8 years ago
|
}
|
||
|
}
|
||
|
}
|
||
9 years ago
|
}
|