82 lines
2.6 KiB
C#
82 lines
2.6 KiB
C#
using System.Web;
|
|
using Authinator.Backend.Database;
|
|
using Authinator.Backend.Database.Tables;
|
|
using Authinator.Backend.Utils;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.RazorPages;
|
|
using Microsoft.EntityFrameworkCore;
|
|
|
|
namespace Authinator.Pages;
|
|
|
|
public class UserRegisterModel : PageModel {
|
|
public IActionResult OnGet() {
|
|
var db = new DatabaseContext();
|
|
var token = (string)(RouteData.Values["token"] ?? string.Empty);
|
|
|
|
if (string.IsNullOrWhiteSpace(token) || !token.StartsWith("register:") || token.Split(":").Length != 3)
|
|
return StatusCode(StatusCodes.Status403Forbidden);
|
|
|
|
var index = token.LastIndexOf(":", StringComparison.Ordinal) + 1;
|
|
var hmac = token[index..].FixUrlEncodedBase64();
|
|
var message = token[..index];
|
|
|
|
if (message.Hmac(ConfigCache.HmacSecret) != hmac)
|
|
return StatusCode(StatusCodes.Status403Forbidden);
|
|
|
|
var id = int.Parse(message.Split(":")[1]);
|
|
|
|
var user = db.Users.FirstOrDefault(p => p.Id == id);
|
|
if (user == null || user.IsSignupComplete) {
|
|
return BadRequest();
|
|
}
|
|
|
|
return Page();
|
|
}
|
|
|
|
public async Task<IActionResult> OnPost() {
|
|
if (Request.Form["action"] == "finish_registration") {
|
|
var db = new DatabaseContext();
|
|
|
|
var token = (string)(RouteData.Values["token"] ?? string.Empty);
|
|
|
|
if (string.IsNullOrWhiteSpace(token) || !token.StartsWith("register:") || token.Split(":").Length != 3)
|
|
return StatusCode(StatusCodes.Status403Forbidden);
|
|
|
|
var index = token.LastIndexOf(":", StringComparison.Ordinal) + 1;
|
|
var hmac = token[index..].FixUrlEncodedBase64();
|
|
var message = token[..index];
|
|
|
|
if (message.Hmac(ConfigCache.HmacSecret) != hmac)
|
|
return StatusCode(StatusCodes.Status403Forbidden);
|
|
|
|
var id = int.Parse(message.Split(":")[1]);
|
|
|
|
var user = db.Users.Include(p => p.Groups).FirstOrDefault(p => p.Id == id);
|
|
if (user == null || user.IsSignupComplete) {
|
|
return BadRequest();
|
|
}
|
|
|
|
if (db.Users.Any(p => p.Username == Request.Form["username"].ToString())) {
|
|
return BadRequest(); //TODO "user already exists" error message
|
|
}
|
|
|
|
if (string.IsNullOrWhiteSpace(Request.Form["password"]) || ((string)Request.Form["password"])!.Length < 8) {
|
|
return BadRequest(); //TODO "password too short" error message
|
|
}
|
|
|
|
user.Email = Request.Form["email"];
|
|
user.Username = Request.Form["username"];
|
|
user.SetPassword(Request.Form["password"]!);
|
|
|
|
await db.SaveChangesAsync();
|
|
|
|
if (Globals.NoActiveAdminUser && user.Groups.Any(p => p.Name == ConfigCache.AdminGroup))
|
|
Globals.NoActiveAdminUser = false;
|
|
|
|
return Redirect("/User");
|
|
}
|
|
|
|
return Redirect("/");
|
|
}
|
|
}
|