More reliable recognition of anonymous visitors (bad bots, cookie-rejecting morons etc.)

Author: muratcakir

src/Libraries/SmartStore.Core/IWebHelper.cs

@@ -13,11 +13,21 @@ public partial interface IWebHelper
         /// <returns>URL referrer</returns>
         string GetUrlReferrer();
 
-        /// <summary>
-        /// Get context IP address
-        /// </summary>
-        /// <returns>URL referrer</returns>
-        string GetCurrentIpAddress();
+		/// <summary>
+		/// Gets a unique client identifier
+		/// </summary>
+		/// <returns>A unique identifier</returns>
+		/// <remarks>
+		/// The client identifier is a hashed combination of client ip address and user agent.
+		/// This method returns <c>null</c> if IP or user agent (or both) cannot be determined.
+		/// </remarks>
+		string GetClientIdent();
+
+		/// <summary>
+		/// Get context IP address
+		/// </summary>
+		/// <returns>URL referrer</returns>
+		string GetCurrentIpAddress();
 
         /// <summary>
         /// Gets this page name

src/Libraries/SmartStore.Core/IWorkContext.cs

@@ -59,10 +59,5 @@ public interface IWorkContext
         /// Gets or sets a value indicating whether we're in admin area
         /// </summary>
 		bool IsAdmin { get; set; }
-
-        ///// <summary>
-        ///// Gets a value indicating whether we're in the public shop
-        ///// </summary>
-        //bool IsPublic { get; }
-    }
+	}
 }

src/Libraries/SmartStore.Core/WebHelper.cs

@@ -34,6 +34,7 @@ public partial class WebHelper : IWebHelper
         private bool? _isCurrentConnectionSecured;
 		private string _storeHost;
 		private string _storeHostSsl;
+		private string _ipAddress;
 		private bool? _appPathPossiblyAppended;
 		private bool? _appPathPossiblyAppendedSsl;
 
@@ -56,17 +57,71 @@ public virtual string GetUrlReferrer()
             return referrerUrl;
         }
 
+		public virtual string GetClientIdent()
+		{
+			var ipAddress = this.GetCurrentIpAddress();
+			var userAgent = _httpContext.Request != null ? _httpContext.Request.UserAgent : string.Empty;
+
+			if (ipAddress.HasValue() && userAgent.HasValue())
+			{
+				return (ipAddress + userAgent).GetHashCode().ToString();
+			}
+
+			return null;
+		}
+
         public virtual string GetCurrentIpAddress()
         {
+			if (_ipAddress != null)
+			{
+				return _ipAddress;
+			}
+
+			if (_httpContext == null && _httpContext.Request == null)
+			{
+				return string.Empty;
+			}
+
+			var vars = _httpContext.Request.ServerVariables;
+
+			var keysToCheck = new string[] 
+			{
+				"HTTP_CLIENT_IP",
+				"HTTP_X_FORWARDED_FOR",
+				"HTTP_X_FORWARDED",
+				"HTTP_X_CLUSTER_CLIENT_IP",
+				"HTTP_FORWARDED_FOR",
+				"HTTP_FORWARDED",
+				"REMOTE_ADDR",
+				"HTTP_CF_CONNECTING_IP"
+			};
+
 			string result = null;
 
-			if (_httpContext != null && _httpContext.Request != null)
-				result = _httpContext.Request.UserHostAddress;
+			foreach (var key in keysToCheck)
+			{
+				var ipString = vars[key];
+				if (ipString.HasValue())
+				{
+					var arrStrings = ipString.Split(',');
+					// Take the last entry
+					ipString = arrStrings[arrStrings.Length - 1].Trim();
+
+					IPAddress address;
+					if (IPAddress.TryParse(ipString, out address))
+					{
+						result = ipString;
+						break;
+					}
+				}
+			}			
 
 			if (result == "::1")
+			{
 				result = "127.0.0.1";
+			}			
 
-			return result.EmptyNull();
+			return (_ipAddress = result.EmptyNull());
         }
 
         public virtual string GetThisPageUrl(bool includeQueryString)

src/Libraries/SmartStore.Services/Authentication/FormsAuthenticationService.cs

@@ -12,7 +12,7 @@ namespace SmartStore.Services.Authentication
     /// </summary>
     public partial class FormsAuthenticationService : IAuthenticationService
     {
-        private readonly HttpContextBase _httpContext;
+		private readonly HttpContextBase _httpContext;
         private readonly ICustomerService _customerService;
         private readonly CustomerSettings _customerSettings;
         private readonly TimeSpan _expirationTimeSpan;
@@ -33,7 +33,6 @@ public FormsAuthenticationService(HttpContextBase httpContext, ICustomerService
             this._expirationTimeSpan = FormsAuthentication.Timeout;
         }
 
-
         public virtual void SignIn(Customer customer, bool createPersistentCookie)
         {
             var now = DateTime.UtcNow.ToLocalTime();
@@ -95,6 +94,21 @@ public virtual Customer GetAuthenticatedCustomer()
 
 			if (customer != null && customer.Active && !customer.Deleted && customer.IsRegistered())
 			{
+				if (customer.LastLoginDateUtc == null)
+				{
+					try
+					{
+						// This is most probably the very first "login" after registering. Delete the
+						// ASP.NET anonymous id cookie so that a new guest account can be created
+						// upon signing out.
+						System.Web.Security.AnonymousIdentificationModule.ClearAnonymousIdentifier();
+					}
+					finally
+					{
+						customer.LastLoginDateUtc = DateTime.UtcNow;
+						_customerService.UpdateCustomer(customer);
+					}
+				}
 				_cachedCustomer = customer;
 			}
 
@@ -117,5 +131,5 @@ public virtual Customer GetAuthenticatedCustomerFromTicket(FormsAuthenticationTi
 
             return customer;
         }
-    }
+	}
 }

src/Libraries/SmartStore.Services/Common/UAParserUserAgent.cs

@@ -205,7 +205,8 @@ public virtual bool IsBot
 			{
 				if (!_isBot.HasValue)
 				{
-					_isBot = _httpContext.Request.Browser.Crawler || this.Device.IsBot || this.UserAgent.IsBot;
+					// empty useragent > bad bot!
+					_isBot = this.RawValue.IsEmpty() || _httpContext.Request.Browser.Crawler || this.Device.IsBot || this.UserAgent.IsBot;
 				}
 				return _isBot.Value;
 			}

src/Libraries/SmartStore.Services/Customers/CustomerExtentions.cs

@@ -53,7 +53,7 @@ public static bool IsBackgroundTaskAccount(this Customer customer)
         }
 
         /// <summary>
-        /// Gets a value indicating whether customer a search engine
+        /// Gets a value indicating whether customer is a search engine
         /// </summary>
         /// <param name="customer">Customer</param>
         /// <returns>Result</returns>
@@ -84,13 +84,13 @@ public static bool IsPdfConverter(this Customer customer)
 			return result;
 		}
 
-        /// <summary>
-        /// Gets a value indicating whether customer is administrator
-        /// </summary>
-        /// <param name="customer">Customer</param>
-        /// <param name="onlyActiveCustomerRoles">A value indicating whether we should look only in active customer roles</param>
-        /// <returns>Result</returns>
-        public static bool IsAdmin(this Customer customer, bool onlyActiveCustomerRoles = true)
+		/// <summary>
+		/// Gets a value indicating whether customer is administrator
+		/// </summary>
+		/// <param name="customer">Customer</param>
+		/// <param name="onlyActiveCustomerRoles">A value indicating whether we should look only in active customer roles</param>
+		/// <returns>Result</returns>
+		public static bool IsAdmin(this Customer customer, bool onlyActiveCustomerRoles = true)
         {
             return IsInCustomerRole(customer, SystemCustomerRoleNames.Administrators, onlyActiveCustomerRoles);
         }