Password Reset Complete

using System; using System.Collections.Generic; using System.Security.Claims; using System.Security.Principal; using System.Threading.Tasks; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using SkyArtShop.Models; using SkyArtShop.Services; namespace SkyArtShop.Controllers; [Route("admin")] [Authorize(Roles = "Admin,MasterAdmin,Cashier,Accountant")] public class AdminController : Controller { private readonly PostgreSQLService _pgService; private readonly PostgreAuthService _pgAuthService; public AdminController(PostgreSQLService pgService, PostgreAuthService pgAuthService) { _pgService = pgService; _pgAuthService = pgAuthService; } [HttpGet("login")] [AllowAnonymous] public IActionResult Login() { IIdentity? identity = base.User.Identity; if (identity != null && identity.IsAuthenticated) { return RedirectToAction("Dashboard"); } return View(); } [HttpPost("login")] [AllowAnonymous] public async Task Login(string email, string password) { AdminUser adminUser = await _pgAuthService.AuthenticateAsync(email, password); if (adminUser == null) { base.ViewBag.Error = "Invalid email or password"; return View(); } ClaimsPrincipal principal = _pgAuthService.CreateClaimsPrincipal(adminUser); await base.HttpContext.SignInAsync("Cookies", principal, new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.AddDays(30.0) }); return RedirectToAction("Dashboard"); } [HttpGet("logout")] public async Task Logout() { await base.HttpContext.SignOutAsync("Cookies"); return RedirectToAction("Login"); } [HttpGet("dashboard")] public async Task Dashboard() { List products = await _pgService.GetAllAsync("Products"); List projects = await _pgService.GetAllAsync("PortfolioProjects"); List blogPosts = await _pgService.GetAllAsync("BlogPosts"); List pages = await _pgService.GetAllAsync("Pages"); SiteSettings siteSettings = await _pgService.GetSiteSettingsAsync(); base.ViewBag.ProductCount = products.Count; base.ViewBag.ProjectCount = projects.Count; base.ViewBag.BlogCount = blogPosts.Count; base.ViewBag.PageCount = pages.Count; base.ViewBag.SiteName = siteSettings?.SiteName ?? "Sky Art Shop"; base.ViewBag.AdminEmail = base.User.Identity?.Name; return View(); } [HttpGet("")] public IActionResult Index() { return RedirectToAction("Dashboard"); } [HttpGet("system-status")] [Authorize] public async Task SystemStatus() { try { var value = new { databaseConnected = true, dbType = "PostgreSQL", dbHost = "localhost", dbName = "skyartshop", dbVersion = "16", userCount = (await _pgService.GetAllAsync("AdminUsers")).Count, timestamp = DateTime.UtcNow.ToString("yyyy-MM-dd HH:mm:ss UTC") }; return new JsonResult(value); } catch (Exception ex) { var value2 = new { databaseConnected = false, error = ex.Message, timestamp = DateTime.UtcNow.ToString("yyyy-MM-dd HH:mm:ss UTC") }; return new JsonResult(value2); } } [HttpGet("change-password")] public IActionResult ChangePassword() { return View(); } [HttpGet("diagnostic")] public IActionResult DiagnosticTest() { return View(); } [HttpGet("reset-password-emergency")] [AllowAnonymous] public async Task EmergencyPasswordReset(string confirm, string secret) { string text = Environment.GetEnvironmentVariable("EMERGENCY_RESET_SECRET") ?? "skyart-emergency-2025"; if (secret != text) { return NotFound(); } if (confirm != "yes-reset-now") { return Content("Add ?confirm=yes-reset-now&secret=YOUR_SECRET to URL to reset admin password"); } string email = "admin@skyartshop.com"; string newPassword = "Admin123!"; AdminUser adminUser = await _pgService.GetUserByEmailAsync(email); if (adminUser == null) { adminUser = new AdminUser { Email = email, Name = "System Administrator", Role = "MasterAdmin", Permissions = new List { "manage_users", "manage_products", "manage_orders", "manage_content", "manage_settings", "view_reports", "manage_finances", "manage_inventory", "manage_customers", "manage_blog", "manage_portfolio", "manage_pages" }, IsActive = true, CreatedBy = "Emergency Reset", CreatedAt = DateTime.UtcNow }; } adminUser.PasswordHash = _pgAuthService.HashPassword(newPassword); adminUser.LastLogin = DateTime.UtcNow; await _pgService.CreateAdminUserAsync(adminUser); return Content($"\r\n\r\n\r\n\r\n Password Reset Complete\r\n \r\n\r\n\r\n

\r\n

✓ Password Reset Successful

\r\n

The admin password has been reset.

\r\n

\r\n Login Credentials:
\r\n Email: {email}
\r\n Password: {newPassword}\r\n

\r\n

→ Go to Login Page

\r\n

For security, this URL will be disabled after first successful login.

\r\n

\r\n\r\n\r\n", "text/html"); } [HttpPost("change-password")] public async Task ChangePassword(string currentPassword, string newPassword, string confirmPassword) { if (string.IsNullOrWhiteSpace(currentPassword) || string.IsNullOrWhiteSpace(newPassword)) { base.ViewBag.Error = "All fields are required"; return View(); } if (newPassword != confirmPassword) { base.ViewBag.Error = "New password and confirmation do not match"; return View(); } if (newPassword.Length < 6) { base.ViewBag.Error = "Password must be at least 6 characters"; return View(); } string text = base.User.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")?.Value; if (string.IsNullOrEmpty(text)) { base.ViewBag.Error = "User not found"; return View(); } AdminUser adminUser = await _pgService.GetByIdAsync("AdminUsers", text); if (adminUser == null || !_pgAuthService.VerifyPassword(currentPassword, adminUser.PasswordHash)) { base.ViewBag.Error = "Current password is incorrect"; return View(); } base.ViewBag.Info = "Password change temporarily disabled during migration. Contact system admin."; return View(); } }