C# Class OpenIdProvider.Controllers.AffiliateFormsController

This actually services requests for the forms sign up/in made by affiliates. These will only be served to proper registered affiliates (there is no anon option). Unlike the entire rest of the site, we allow authorized third-parties to frame these things.
Inheritance: ControllerBase
Show file Open project: StackExchange/StackID

Protected Properties

Property Type Description
CurrentAffiliate OpenIdProvider.Models.Affiliate

Public Methods

Method Description
LoginIFrame ( string onLoad, string background, string color ) : System.Web.Mvc.ActionResult

Displays a handy login IFrame (username and password) as well as any asked for attributes (though it *DOES NOT* actually display those attributes, mearly their type)

SignupIFrame ( string onLoad, string background, string color ) : System.Web.Mvc.ActionResult

Returns a "give us your email" signup form for embedding in an iframe.

Protected Methods

Method Description
OnActionExecuting ( System.Web.Mvc.ActionExecutingContext filterContext ) : void

We greatly restrict access to this controller. It can only be entered with a request signed by a registered affiliate. That is, all GETs must carry a signed authCode. All POSTs are protected by our standard XSRF tricks.

Private Methods

Method Description
AccountRecovery ( string callback, string email ) : System.Web.Mvc.ActionResult
AddIdentifier ( string callback, Uri identifier ) : string
AffiliateRedirect ( string redirectUrl ) : System.Web.Mvc.ActionResult

When we redirect from an affiliate form, we're being framed. This means a simple redirect won't work, we actually need to serve something to do some javascript magic to bust out of the frame (though we're pushing the user to the site *doing* the framing, which is a tad odd).

CallbackKey ( System.Web.HttpCookie cookie ) : string
ConfirmLoginIFrame ( string callback, string onLoad, string background, string color ) : System.Web.Mvc.ActionResult

Returns a "Confirm" form, for users who are logged in. We don't want to *just* slam them into a site because they drove past it, after all.

HandleAffiliateLogin ( string email, string password, string background, string color ) : System.Web.Mvc.ActionResult
HandleConfirmLogin ( ) : System.Web.Mvc.ActionResult
LoginOrSignupIFrame ( string callback, bool signupByDefault, string onLoad, string background, string color ) : System.Web.Mvc.ActionResult
SetThirdPartyCookieFallbackHtml ( string html ) : void

Set a message to display to users when they don't have third-party cookies enabled, which really shoots the whole iframe approach to hell.

SignupIFrameSubmit ( string email, string password, string password2, string realname, string background, string color ) : System.Web.Mvc.ActionResult
SwitchAffiliateForms ( string to, string nonce, string authCode, string affId, string background, string color, string callback, string newCookie ) : System.Web.Mvc.ActionResult
SwitchLink ( string to, string affId, string background, string color, string callback, bool newCookie ) : string

Generate a link to switch to a specific form

TriggerLogout ( string callback ) : System.Web.Mvc.ActionResult
VerifySignature ( string>.Dictionary @params, Affiliate &validFor, string &failureReason ) : bool

Returns true if the parameters contain a valid signature for a request.

Method Details

LoginIFrame() public method

Displays a handy login IFrame (username and password) as well as any asked for attributes (though it *DOES NOT* actually display those attributes, mearly their type)
public LoginIFrame ( string onLoad, string background, string color ) : System.Web.Mvc.ActionResult
onLoad string
background string
color string
return System.Web.Mvc.ActionResult

OnActionExecuting() protected method

We greatly restrict access to this controller. It can only be entered with a request signed by a registered affiliate. That is, all GETs must carry a signed authCode. All POSTs are protected by our standard XSRF tricks.
protected OnActionExecuting ( System.Web.Mvc.ActionExecutingContext filterContext ) : void
filterContext System.Web.Mvc.ActionExecutingContext
return void

SignupIFrame() public method

Returns a "give us your email" signup form for embedding in an iframe.
public SignupIFrame ( string onLoad, string background, string color ) : System.Web.Mvc.ActionResult
onLoad string
background string
color string
return System.Web.Mvc.ActionResult

Property Details

CurrentAffiliate protected property

The affiliate who requested any form on this page
protected Affiliate,OpenIdProvider.Models CurrentAffiliate
return OpenIdProvider.Models.Affiliate