From b435e8153377aabc58612c6ce5976a0e9746a375 Mon Sep 17 00:00:00 2001 From: Erik Porter Date: Tue, 9 Mar 2010 00:41:17 -0800 Subject: [PATCH] Converted LogOn, LogOff, AccessDenied to use the new FollowReturnUrl attribute --HG-- branch : dev --- .../Controllers/AccountController.cs | 33 ++++++++------- .../ViewModels/LogOnViewModel.cs | 5 +-- .../Orchard.Users/Views/Account/LogOn.ascx | 42 +++++++++---------- 3 files changed, 38 insertions(+), 42 deletions(-) diff --git a/src/Orchard.Web/Modules/Orchard.Users/Controllers/AccountController.cs b/src/Orchard.Web/Modules/Orchard.Users/Controllers/AccountController.cs index fe943792e..ee32a9988 100644 --- a/src/Orchard.Web/Modules/Orchard.Users/Controllers/AccountController.cs +++ b/src/Orchard.Web/Modules/Orchard.Users/Controllers/AccountController.cs @@ -5,6 +5,7 @@ using System.Security.Principal; using System.Web.Mvc; using System.Web.Security; using Orchard.Logging; +using Orchard.Mvc.FollowReturnUrl; using Orchard.Mvc.ViewModels; using Orchard.Security; using Orchard.Users.Services; @@ -17,7 +18,6 @@ namespace Orchard.Users.Controllers { private readonly IMembershipService _membershipService; private readonly IUserService _userService; - public AccountController( IAuthenticationService authenticationService, IMembershipService membershipService, @@ -30,46 +30,47 @@ namespace Orchard.Users.Controllers { public ILogger Logger { get; set; } - public ActionResult AccessDenied(string returnUrl) { + public ActionResult AccessDenied() { + var returnUrl = Request.QueryString["ReturnUrl"]; var currentUser = _authenticationService.GetAuthenticatedUser(); if (currentUser == null) { Logger.Information("Access denied to anonymous request on {0}", returnUrl); - return View("LogOn", new LogOnViewModel { Title = "Access Denied", ReturnUrl = returnUrl }); + return View("LogOn", new LogOnViewModel {Title = "Access Denied"}); } + //TODO: (erikpo) Add a setting for whether or not to log access denieds since these can fill up a database pretty fast from bots on a high traffic site Logger.Information("Access denied to user #{0} '{1}' on {2}", currentUser.Id, currentUser.UserName, returnUrl); + return View(new BaseViewModel()); } - public ActionResult LogOn(string returnUrl) { - if(_authenticationService.GetAuthenticatedUser() != null) + public ActionResult LogOn() { + if (_authenticationService.GetAuthenticatedUser() != null) return Redirect("~/"); - return View("LogOn", new LogOnViewModel { Title = "Log On", ReturnUrl = returnUrl }); + + return View("LogOn", new LogOnViewModel {Title = "Log On"}); } - [HttpPost] + [HttpPost, FollowReturnUrl] [SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", Justification = "Needs to take same parameter type as Controller.Redirect()")] - public ActionResult LogOn(string userName, string password, bool rememberMe, string returnUrl) { + public ActionResult LogOn(string userName, string password, bool rememberMe) { var user = ValidateLogOn(userName, password); if (!ModelState.IsValid) { - return View("LogOn", new LogOnViewModel { Title = "Log On", ReturnUrl = returnUrl }); + return View("LogOn", new LogOnViewModel {Title = "Log On"}); } _authenticationService.SignIn(user, rememberMe); - return !String.IsNullOrEmpty(returnUrl) - ? Redirect(returnUrl) - : Redirect("~/"); + return Redirect("~/"); } - public ActionResult LogOff(string returnUrl) { + [FollowReturnUrl] + public ActionResult LogOff() { _authenticationService.SignOut(); - return !String.IsNullOrEmpty(returnUrl) - ? Redirect(returnUrl) - : Redirect("~/"); + return Redirect("~/"); } int MinPasswordLength { diff --git a/src/Orchard.Web/Modules/Orchard.Users/ViewModels/LogOnViewModel.cs b/src/Orchard.Web/Modules/Orchard.Users/ViewModels/LogOnViewModel.cs index b1f3eed4f..fabf9871b 100644 --- a/src/Orchard.Web/Modules/Orchard.Users/ViewModels/LogOnViewModel.cs +++ b/src/Orchard.Web/Modules/Orchard.Users/ViewModels/LogOnViewModel.cs @@ -1,10 +1,7 @@ -using System; -using Orchard.Mvc.ViewModels; +using Orchard.Mvc.ViewModels; namespace Orchard.Users.ViewModels { public class LogOnViewModel : BaseViewModel { public string Title { get; set; } - - public string ReturnUrl { get; set; } } } diff --git a/src/Orchard.Web/Modules/Orchard.Users/Views/Account/LogOn.ascx b/src/Orchard.Web/Modules/Orchard.Users/Views/Account/LogOn.ascx index d850a88e2..e6ff14d8b 100644 --- a/src/Orchard.Web/Modules/Orchard.Users/Views/Account/LogOn.ascx +++ b/src/Orchard.Web/Modules/Orchard.Users/Views/Account/LogOn.ascx @@ -3,25 +3,23 @@

<%=Html.TitleForPage(Model.Title)%>

<%=_Encoded("Please enter your username and password.")%> <%= Html.ActionLink("Register", "Register")%><%=_Encoded(" if you don't have an account.")%>

<%= Html.ValidationSummary(T("Login was unsuccessful. Please correct the errors and try again.").ToString())%> -<% using (Html.BeginForm(new { Action = "LogOn" })) - { %> -
- <%=_Encoded("Account Information")%> -
- - <%= Html.TextBox("username")%> - <%= Html.ValidationMessage("username")%> -
-
- - <%= Html.Password("password")%> - <%= Html.ValidationMessage("password")%> -
-
- <%= Html.CheckBox("rememberMe")%> -
- <%=Html.HiddenFor(m => m.ReturnUrl)%> - <%=Html.AntiForgeryTokenOrchard()%> - " /> -
-<% } %> \ No newline at end of file +<% +using (Html.BeginFormAntiForgeryPost(Url.Action("LogOn", new {ReturnUrl = Request.QueryString["ReturnUrl"]}))) { %> +
+ <%=_Encoded("Account Information")%> +
+ + <%= Html.TextBox("username")%> + <%= Html.ValidationMessage("username")%> +
+
+ + <%= Html.Password("password")%> + <%= Html.ValidationMessage("password")%> +
+
+ <%= Html.CheckBox("rememberMe")%> +
+ " /> +
<% +} %> \ No newline at end of file