public bool UpdatePassword(string UserId, string Password, SessionInfo S, out ArrayOfErrorInfo Errors)
{
//bool IsValidPassword = EnforcePwdRules(Password);
Errors = EnforcePwdRules(UserId, Password);
if (Errors != null)
{
return(false);
}
SqlCommand Cmd = GetCommand("AUTH_UpdatePassword", S);
Cmd.Parameters["@UserId"].Value = UserId;
Cmd.Parameters["@NewPassword"].Value = MD5Hash(Password);
// 67811A0 - PCI Remediation for Payment systems CH2:START -Added code to get value from the output parameter @Result.
//return (Cmd.ExecuteNonQuery()>0);
Cmd.ExecuteNonQuery();
//if (Cmd.ExecuteNonQuery()>0) Result.Add(new ErrorInfo("VALID_PASSWORD", "Valid Password.",""));
//else Result.Add(new ErrorInfo("INVALID_PASSWORD", "Inalid Password.",""));
//return Result;
Cmd.Parameters["@Result"].Direction = ParameterDirection.Output;
if ((int)Cmd.Parameters["@Result"].Value == 0)
{
return(true);
}
else
{
Errors = new ArrayOfErrorInfo();
Errors.Add(new ErrorInfo("INVALID_PASSWORD", "The New Password and the Current Password cannot be the same.Please use a valid Password", ""));
return(false);
}
//67811A0 - PCI Remediation for Payment systems CH2:END
}
public ArrayOfErrorInfo UpdateDO(int DORid, string DOName, string DOnum, string HUB, bool Active, string CurrentUser)
{
ArrayOfErrorInfo Result = new ArrayOfErrorInfo();
SqlCommand Cmd = GetCommand("AUTH_UpdateDO");
Cmd.Parameters.Add("@DORid", DORid);
Cmd.Parameters.Add("@DOName", DOName);
Cmd.Parameters.Add("@DOID", DOnum);
Cmd.Parameters.Add("@HUB", HUB);
Cmd.Parameters.Add("@Active", Active);
Cmd.Parameters.Add("@CurrentUser", CurrentUser);
try
{
Cmd.ExecuteNonQuery();
}
catch (SqlException e)
{
if (e.Class == 11 || e.Class == 12 || e.Class == 13 || e.Class == 14 || e.Class == 15 || e.Class == 16)
{
Result.Add(new ErrorInfo("", e.Message, ""));
return(Result);
}
throw;
}
return(null);
}
private void HandleAuthErrors(ArrayOfErrorInfo Errors)
{
if (HasAuthErrors(Errors))
{
Page.Response.Clear();
FormsAuthentication.SignOut();
Page.Response.Redirect(CSAAWeb.Navigation.ACL.UnauthorizedUrl, true);
}
}
private bool HasAuthErrors(ArrayOfErrorInfo Errors)
{
if (Errors != null)
{
foreach (ErrorInfo E in Errors)
{
if (E.Code == "INVALID TOKEN" || E.Code == "TIMEOUT")
{
return(true);
}
}
}
return(false);
}
public ArrayOfErrorInfo ValidateSession(SessionInfo S, string Method)
{
ArrayOfErrorInfo Result = null;
SqlCommand Cmd = GetCommand("AUTH_VerifyToken", S);
Cmd.Parameters["@Timeout"].Value = SessionTimeout;
Cmd.Parameters["@Result"].Direction = ParameterDirection.Output;
int i;
try
{
Cmd.ExecuteNonQuery();
i = (int)Cmd.Parameters["@Result"].Value;
}
catch (Exception e)
{
if (e.Message == "Syntax error converting from a character string to uniqueidentifier.")
{
i = 2;
}
else
{
throw;
}
}
if (i > 0)
{
Result = new ArrayOfErrorInfo();
}
if (i == 1)
{
Result.Add(new ErrorInfo("TIMEOUT", "Session has timed out.", ""));
}
else if (i == 2)
{
Result.Add(new ErrorInfo("INVALID TOKEN", "Invalid token.", ""));
}
if (Result != null && Result.Count > 0)
{
CSAAWeb.AppLogger.Logger.LogToFile("SoapLog", "Token: " + Result[0].Message + " " + S.ToString());
}
return(Result);
}
/// <summary>
/// Used to enforce password rules.
/// </summary>
private ArrayOfErrorInfo EnforcePwdRules(string UserId, string Password)
{
ArrayOfErrorInfo Result = null;
Result = new ArrayOfErrorInfo();
if (Password.Length < 8 || Password.Length > 14)
{
Result.Add(new ErrorInfo("INVALID_PWD_LENGTH", "Password length should be between 8 and 14 characters.", ""));
return(Result);
}
string Pattern = "CSAA|" + UserId;
Regex rgReserved = new Regex(Pattern, RegexOptions.IgnoreCase);
bool Reserved = rgReserved.Match(Password).Success;
if (Reserved == true)
{
Result.Add(new ErrorInfo("RESERVED_WORDS", "Password should not contain any reserved words or UserId.", ""));
return(Result);
}
Regex rgNonAlpha = new Regex("[^a-zA-Z]", RegexOptions.Compiled);
bool NonAlpha = rgNonAlpha.Match(Password).Success;
Regex rgAlpha = new Regex("[^a-zA-Z]", RegexOptions.Compiled);
bool Alpha = rgAlpha.Match(Password).Success;
Regex rgNonCaps = new Regex("[a-z]", RegexOptions.Compiled);
bool NonCaps = rgNonCaps.Match(Password).Success;
Regex rgCaps = new Regex("[A-Z]", RegexOptions.Compiled);
bool Caps = rgCaps.Match(Password).Success;
if ((NonAlpha == true && Alpha == true) || (Caps == true && NonCaps == true))
{
return(null);
}
else
{
Result.Add(new ErrorInfo("VIOLATES_RULES", "Password must be a mix of upper/lower case OR mix of alpha/numeric OR mix of alpha/special chararcters.", ""));
return(Result);
}
//return null;
}
protected void UpdateDO_Click(object sender, System.Web.UI.ImageClickEventArgs e)
{
if (Page.IsValid)
{
NavACL.ResetNav();
ArrayOfErrorInfo Result = new ArrayOfErrorInfo();
Result = auth.UpdateDO(DORid, DOName, DOID, HUB, Active, currentUser);
if (Result != null)
{
string Msg = Result[0].Message.ToString();
//67811A0 START - PCI Remediation for Payment systems :Arcsight logging - To log the details of DO's Addition (on Failure)
Logger.DestinationProcessName = CSAAWeb.Constants.PCI_ARC_DEVICEACTION_DO;
Logger.DeviceEventCategory = CSAAWeb.Constants.PCI_ARC_DEVICEEVENTCATEGORY_FAILURE;
Logger.SourceUserName = currentUser;
Logger.SourceProcessName = CSAAWeb.Constants.PCI_SOURCE_PROCESS_NAME;
Logger.DeviceSeverity = CSAAWeb.Constants.PCI_ARC_SEVERITY_HIGH;
Logger.DeviceAction = Msg;
Logger.Name = CSAAWeb.Constants.PCI_ARC_NAME_DO_ADD_FAILED;
Logger.ArcsightLog();
//67811A0 END - PCI Remediation for Payment systems :Arcsight logging -To log the details of DO's Addition (on Failure)
Continue(Msg, "");
}
else
{
//Clear the cache to load the updated data.
Cache.Remove("AUTH_HUB");
Cache.Remove("AUTH_AllDOs");
Cache.Remove("AUTH_DO");
Cache.Remove("AUTH_REPDO");
//67811A0 START - PCI Remediation for Payment systems :Arcsight logging To log the details of DO's Addition/Editing (on Success)
if (this.Caption.Text == "Add Branch Office")
{
Logger.DestinationProcessName = CSAAWeb.Constants.PCI_ARC_DEVICEACTION_DO;
Logger.DeviceEventCategory = CSAAWeb.Constants.PCI_ARC_DEVICEEVENTCATEGORY_SUCCESS;
Logger.SourceUserName = currentUser;
Logger.SourceProcessName = CSAAWeb.Constants.PCI_SOURCE_PROCESS_NAME;
Logger.DeviceSeverity = CSAAWeb.Constants.PCI_ARC_SEVERITY_LOW;
Logger.DeviceAction = CSAAWeb.Constants.PCI_ARC_NAME_ADD_DO;
Logger.Name = CSAAWeb.Constants.PCI_ARC_NAME_DO_ADD;
Logger.ArcsightLog();
}
else if (this.Caption.Text == "Edit Branch Office")
{
Logger.DestinationProcessName = CSAAWeb.Constants.PCI_ARC_DEVICEACTION_DO;
Logger.DeviceEventCategory = CSAAWeb.Constants.PCI_ARC_DEVICEEVENTCATEGORY_SUCCESS;
Logger.SourceProcessName = CSAAWeb.Constants.PCI_SOURCE_PROCESS_NAME;
Logger.DeviceSeverity = CSAAWeb.Constants.PCI_ARC_SEVERITY_LOW;
Logger.SourceUserName = currentUser;
Logger.DeviceAction = CSAAWeb.Constants.PCI_ARC_NAME_EDIT_DO;
Logger.Name = CSAAWeb.Constants.PCI_ARC_NAME_DO_EDIT1;
Logger.ArcsightLog();
}
//67811A0 END - PCI Remediation for Payment systems :Arcsight logging - Arcsight logging To log the details of DO's Addition/Editing (on Success)
Continue("", DOName + " " + "Branch Office" + ((DORid == 0) ? " has been Created." : " details has been Updated."));
}
}
}
public object Lookup(string Token, string UserId, string AppId, string Service, string What, out ArrayOfErrorInfo Errors, object[] Params)
{
object[] Result = Invoke(new object[] { Token, UserId, AppId, Service, What, Params }, true);
//Errors = (ArrayOfErrorInfo)((Result.Length>1)?null:Result[1]);
Errors = (ArrayOfErrorInfo)((Result.Length > 1)?Result[1]:null);
return((Result.Length == 0)?null:Result[0]);
}
public UserInfo GetUserInfo(string Token, string UserId, string AppId, out ArrayOfErrorInfo Errors)
{
object[] Result = Invoke(new Object[] { Token, UserId, AppId, null });
Errors = (Result.Length == 1)?null:(ArrayOfErrorInfo)Result[1];
return((UserInfo)Result[0]);
}
/// <summary>
/// Performs specified lookup function.
/// </summary>
/// <param name="Service">The service from which to lookup the value.</param>
/// <param name="What">The name of the value to lookup</param>
/// <param name="Params">The parameters to provide to the lookup function</param>
/// <param name="Errors"></param>
public DataSet LookupDataSet(string Service, string What, out ArrayOfErrorInfo Errors, object[] Params)
{
return(O.LookupDataSet(Token, UserId, AppId, Service, What, out Errors, Params));
}
//Begin PC Phase II changes CH1 - Added the below code to Lookup Database for mapping IDP Request.
/// <summary>
/// Performs specified lookup function.
/// </summary>
/// <param name="Token">Security token provided by authenticate</param>
/// <param name="UserId">UserId of the logged-in user.</param>
/// <param name="AppId">Name of the calling application.</param>
/// <param name="Service">The service from which to lookup the value.</param>
/// <param name="What">The name of the value to lookup</param>
/// <param name="Errors"> Outs the Collection of errorrs logged in the method</param>
public DataSet LookupDataSet(string Token, string UserId, string AppId, string Service, string What, out ArrayOfErrorInfo Errors)
{
return(O.LookupDataSet(Token, UserId, AppId, Service, What, out Errors, new object[] { }));
}
/// <summary>
/// Performs specified lookup function.
/// </summary>
/// <param name="Service">The service from which to lookup the value.</param>
/// <param name="What">The name of the value to lookup</param>
/// <param name="Errors"></param>
public object Lookup(string Service, string What, out ArrayOfErrorInfo Errors)
{
return(O.Lookup(Token, UserId, AppId, Service, What, out Errors, new object[] {}));
}
public bool UpdatePassword(string UserId, string Password, SessionInfo S, out ArrayOfErrorInfo Errors)
{
object[] Result = Invoke(new object[] { UserId, Password, S });
Errors = (ArrayOfErrorInfo)Result[1];
return((bool)Result[0]);
}
/// <summary>
/// Sets new password for UserId
/// </summary>
public bool UpdatePassword(string UserId, string Password, out ArrayOfErrorInfo Errors)
{
return(Auth.UpdatePassword(UserId, Password, S, out Errors));
}
public ArrayOfErrorInfo UpdateUser(UserInfo User, SessionInfo S)
{
User.Validate();
//START Changed by Cognizant on 22/6/2004 for Displaying an Error message for Duplicate UserID
ArrayOfErrorInfo Result = new ArrayOfErrorInfo();
//END
if (User.Errors != null && User.Errors.Count > 0)
{
return(User.Errors);
}
SqlCommand Cmd = GetCommand("AUTH_UpdateUser", S);
User.CopyTo(Cmd);
//* * RFC 185138 - AD Integration - CH6 - Commented the below line to avoid password insertion in to the table CSAA_USERS on insert of newuser in UI
//if (User.UserRid == 0) AddPassword(Cmd, NewUserPasswordExpired, "");
try
{
Cmd.ExecuteNonQuery();
}
catch (SqlException e)
{
if (e.Class == 15)
{
if (e.Message.IndexOf("exists") > 0)
{
//START Code Modified by Cognizant on 22/6/2004 for Displaying an Error message for Duplicate UserID
Result.Add(new ErrorInfo("USER", e.Message, "User.UserId"));
//User.Errors.Add(new ErrorInfo("USER", e.Message, "User.UserId"));
//END
}
else
{
//START Code Modified by Cognizant on 22/6/2004 for Displaying an Error message for Duplicate UserID
Result.Add(new ErrorInfo("USER", e.Message, "User.Roles"));
//User.Errors.Add(new ErrorInfo("USER", e.Message, "User.Roles"));
//END
}
return(Result);
}
//CSR 4593.Ch1-START:To display an error message if the Active users count exceeds the maximum limit for an application, while adding a new user and log the exceptions in the application log file
if (e.Class == 13)
{
string message = e.Message;
string logMessage = message.Replace("User", "UserId(" + User.UserId + ")");
CSAAWeb.AppLogger.Logger.Log(logMessage);
Result.Add(new ErrorInfo("", e.Message, ""));
return(Result);
}
//CSR 4593.Ch1-END
//CSR 4593.Ch2-START To display an error message if the Active users count exceeds the maximum limit for an application, when trying to activate an user and log the exceptions in the application log file
if (e.Class == 14)
{
string message = e.Message;
string logMessage = message.Replace("User", "UserId(" + User.UserId + ")");
CSAAWeb.AppLogger.Logger.Log(logMessage);
Result.Add(new ErrorInfo("", e.Message, ""));
return(Result);
}
//CSR 4593.Ch2-END
//START Code Modified by Cognizant on 12/03/2005
//for displaying an error if Admin user try to remove him/her own Administrator role
if (e.Class == 16)
{
Result.Add(new ErrorInfo("USER", e.Message, ""));
return(Result);
}
//END
//STAR Retrofit III.Ch1 - START To display an error message if Admin user try to update user's DO who has active transactions in his turn-in
if (e.Class == 11)
{
Result.Add(new ErrorInfo("", e.Message, ""));
return(Result);
}
//STAR Retrofit III.Ch1 - END
throw;
}
return(null);
}
