Beispiel #1
0
        public User GetUser(User inUserDto, bool includeRoles)
        {
            User outUserDto = null;

            try
            {
                UserDalc userDalc = new UserDalc();

                outUserDto = userDalc.GetUser(inUserDto);

                if (includeRoles)
                {
                    RoleDalc roleDalc = new RoleDalc();

                    inUserDto.UserId = outUserDto.UserId;

                    outUserDto.RolesList = roleDalc.GetRoleList(inUserDto);
                }
            }
            catch (MNException mnEx)
            {
                //TODO:  Log error
                throw mnEx;
            }
            catch (Exception ex)
            {
                //TODO:  Log error
                throw ex;
            }

            return(outUserDto);
        }
Beispiel #2
0
        public ActionStatus UpdatePassword(User inUserDto)
        {
            ActionStatus status = new ActionStatus();

            try
            {
                UserDalc userDalc = new UserDalc(GetTransaction());

                //Start tran
                Start();

                User outUserDto = userDalc.GetUser(inUserDto);

                inUserDto.PasswordHash = Authentication.GenerateSaltedHash(inUserDto.Password, outUserDto.PasswordSalt);

                inUserDto.AccountStatus = Constants.Account_Status_Active;

                userDalc.UpdateUserPasswordHash(inUserDto);

                //commit tran
                SetComplete();

                status.IsSuccessful = true;

                status.Messages.Add(new ActionMessage("Your password has been successfully changed."));
            }
            catch (MNException mnEx)
            {
                //TODO:  Log error
                //abort tran
                SetAbort();

                throw mnEx;
            }
            catch (Exception ex)
            {
                //TODO:  Log error
                //abort tran
                SetAbort();

                throw ex;
            }

            if (!status.IsSuccessful)
            {
                status.Messages.Add(
                    new ActionMessage("Could not change your password.  Please contact the system administrator."));
            }

            return(status);
        }
Beispiel #3
0
        public bool VerifyPasswordAnswer(User inUserDto)
        {
            bool doAnswersMatch = false;


            try
            {
                UserDalc userDalc = new UserDalc();

                User outUserDto = userDalc.GetUser(inUserDto);

                if (inUserDto.SecretQuestionId == outUserDto.SecretQuestion1Id)
                {
                    doAnswersMatch =
                        Authentication.DoesHashedTextMatch(inUserDto.SecretAnswer, outUserDto.SecretAnswer1Hash);
                }
                else if (inUserDto.SecretQuestionId == outUserDto.SecretQuestion2Id)
                {
                    doAnswersMatch =
                        Authentication.DoesHashedTextMatch(inUserDto.SecretAnswer, outUserDto.SecretAnswer2Hash);
                }
                else
                {
                    throw new MNException("Password recovery information not available for user.");
                }
            }
            catch (MNException mnEx)
            {
                //TODO:  Log error
                throw mnEx;
            }
            catch (Exception ex)
            {
                //TODO:  Log error
                throw ex;
            }

            return(doAnswersMatch);
        }
Beispiel #4
0
        public User GetUser(User inUserDto)
        {
            User outUserDto = null;

            try
            {
                UserDalc userDalc = new UserDalc();

                outUserDto = userDalc.GetUser(inUserDto);
            }
            catch (MNException mnEx)
            {
                //TODO:  Log error
                throw mnEx;
            }
            catch (Exception ex)
            {
                //TODO:  Log error
                throw ex;
            }

            return(outUserDto);
        }
Beispiel #5
0
        public ActionStatus ResetPassword(User inUserDto)
        {
            ActionStatus status = new ActionStatus();


            try
            {
                UserDalc userDalc = new UserDalc(GetTransaction());

                //Start tran
                Start();

                //Get the password salt
                User outUserDto = userDalc.GetUser(inUserDto);

                //Generate a new password
                string newPassword = Membership.GeneratePassword(10, 0);

                //Generate a hash from the new password and salt
                inUserDto.PasswordHash = Authentication.GenerateSaltedHash(newPassword, outUserDto.PasswordSalt);

                //Set the account status to stale so that users have to change the password
                inUserDto.AccountStatus = Constants.Account_Status_Stale;

                //Update the password
                userDalc.UpdateUserPasswordHash(inUserDto);

                //Create a new mail message
                MailMessage msg = new MailMessage();

                //Set the subject
                msg.Subject = string.Format(ConfigurationManager.AppSettings["EmailSubject"], "Password Reset");

                //Set the to address
                msg.To.Add(inUserDto.EmailAddress);

                string msgBody = ConfigurationManager.AppSettings["ResetPassEmail"];

                msg.IsBodyHtml = true;

                //set the message body
                msg.Body = string.Format(msgBody, inUserDto.EmailAddress,
                                         newPassword);

                //Init a new smtpclient
                SmtpClient client = new SmtpClient();

                //Use the client to send the message
                client.Send(msg);

                //commit tran
                SetComplete();

                status.IsSuccessful = true;

                status.Messages.Add(
                    new ActionMessage(
                        string.Format("Password was successfully reset and emailed to {0}", inUserDto.EmailAddress)));
            }
            catch (MNException mnEx)
            {
                //TODO:  Log error
                //abort tran

                SetAbort();

                throw mnEx;
            }
            catch (Exception ex)
            {
                //TODO:  Log error
                //abort tran
                SetAbort();

                throw ex;
            }

            if (!status.IsSuccessful)
            {
                status.Messages.Add(new ActionMessage("Failed to reset password."));
            }

            return(status);
        }
 public JsonResult SetAdmin(int userId, bool isAdmin)
 {
     try {
         if (ActualUser.IsAdmin) {
             // Check to see whether the account being set is in the allowed domains, hpwd.com and intera.com
             var udalc = new UserDalc();
             var specimen = udalc.GetUser(userId);
             if (specimen == null) {
                 return Json(new { success = false, error = "Specified user does not exist." });
             }
             if (specimen.Email.EndsWith("@hpwd.com") || specimen.Email.EndsWith("@intera.com")) {
                 udalc.SetAdmin(userId, isAdmin);
                 return Json(new { success = true });
             } else {
                 return Json(new { success = false, error = "This account is a non-HPWD account and cannot become an admin." });
             }
         } else {
             return Json(new { success = false, error = "Your account does not have sufficient privileges to perform this action." });
         }
     } catch (Exception ex) {
         Logger.LogError(ex);
         return Json(new { success = false, error = ex.Message });
     }
 }
        /// <summary>
        /// Associates a property with the user account specified by actingUserId.
        /// </summary>
        /// <param name="actualUserId">(int) The actual logged-in user.</param>
        /// <param name="actingUserId">
        ///		(int) The "act-as" user (may be the same as the logged-in user; 
        ///		actualUser must have privileges to act-as if this ID is different).
        ///		This is the user account the property will be associated with.
        ///	</param>
        /// <param name="role">(PropertyRole) The acting user's role in relation to the property.</param>
        /// <param name="parcelId">(string) The parcel ID (PropertyNumber) corresponding to the property in appraisal roll records.</param>
        /// <param name="county">(string) The county of the </param>
        /// <param name="productionTypes"></param>
        /// <returns></returns>
        public JsonResult AddProperty(string authTicket, int actualUserId, int actingUserId, PropertyRole role, string parcelId, string county, DisclaimerDataType productionTypes)
        {
            var errors = new List<string>();
            Func<JsonResult> jsonStatus = () => {
                return Json(new JsonResponse(errors.Count == 0, errors.ToArray()));
            };

            // 0. Verify that all required data is present.
            if (actualUserId < 1) {
                errors.Add("Parameter 'actualUserId' is required and must be greater than 0.");
            }
            if (actingUserId < 1) {
                errors.Add("Parameter 'actingUserId' is required and must be greater than 0.");
            }
            if (string.IsNullOrWhiteSpace(parcelId)) {
                errors.Add("Parameter 'parcelId' is required and cannot be blank.");
            }
            if (string.IsNullOrWhiteSpace(county)) {
                errors.Add("Parameter 'county' is required and cannot be blank.");
            }
            if (!Enum.IsDefined(typeof(PropertyRole), role)) {
                errors.Add("Invalid property role: " + role.ToString());
            }
            // Check for validity of production types - this is a flags enum,
            // so valid values are anything > 0 and < (sum of all values)
            var maxVal = Enum.GetValues(typeof(DisclaimerDataType)).Cast<int>().Sum();
            if (productionTypes < 0 || (int)productionTypes > maxVal || (productionTypes == 0 && role != PropertyRole.installer)) {
                errors.Add("Invalid production type: " + productionTypes.ToString());
            }

            if (errors.Count > 0) {
                return jsonStatus();
            }

            var udalc = new UserDalc();
            User actualUser = GetUserFromAuthTicket(authTicket);
            User actingUser = udalc.GetUser(actingUserId);
            if (actualUser == null) {
                errors.Add("Unable to find user account based on provided auth ticket.");
            }
            if (actingUser == null) {
                errors.Add("Unable to find user account corresponding to actingUserId == " + actingUserId.ToString());
            }
            if (errors.Count > 0) {
                return jsonStatus();
            }

            if (actualUser.Id != actualUserId) {
                // Bizarre - the auth ticket is not for the specified user id.
                errors.Add("Unauthorized action: The specified authentication ticket does not match the provided actual user ID.");
                return jsonStatus();
            }

            // 1. Ensure actual user has permission to pose as acting user
            if (actualUserId != actingUserId && !actualUser.IsAdmin) {
                errors.Add("Unauthorized action: You do not have permission to act for that user.");
                return jsonStatus();
            }

            var propDalc = new PropertyDalc();

            // 2. Verify that the property matches values in AppraisalRolls.
            //    Also check to ensure there is only one property matching this parcel id
            //		and county. (This is in response to a bug in production where there
            //		where many parcelIds of 0 in Cochran county; without this check
            //		some hundreds of records would be associated with the user account.)
            int propertyCount = propDalc.GetPropertyCount(parcelId, county);

            if (propertyCount == 0) {
                errors.Add(string.Format("Unable to find a matching appraisal roll record for parcel ID '{0}', county '{1}'", parcelId, county));
                return jsonStatus();
            } else if (propertyCount > 1) {
                errors.Add(string.Format("Multiple ({0}) records found for parcel ID '{1}', county '{2}'. Cannot add property when duplicates exist.", propertyCount, parcelId, county));
                return jsonStatus();
            }

            // 3. If the property has already been associated with the user account,
            //		return an error message to that effect.
            if (propDalc.IsPropertyAssociated(actingUserId, parcelId, county)) {
                errors.Add("The property is already associated with your account. If you wish to change roles, please delete the existing property from your account and add it again with the different role.");
                return jsonStatus();
            }

            // 4. Create the association.
            propDalc.AssociateProperty(actingUser, new Property(parcelId, county, ""), role, true, productionTypes, false);

            return jsonStatus();
        }
        public JsonResult ChangeUserRole(string authTicket, int actingUserId, int actualUserId, PropertyRole? role, string parcelId, string county, DisclaimerDataType? productionTypes)
        {
            try {
                List<string> errors = new List<string>();
                Func<JsonResult> jsonStatus = () => {
                    return Json(new JsonResponse(errors.Count == 0, errors.ToArray()));
                };

                // 0. Verify that all required data is present.
                if (actualUserId < 1) {
                    errors.Add("Parameter 'actualUserId' is required and must be greater than 0.");
                }
                if (actingUserId < 1) {
                    errors.Add("Parameter 'actingUserId' is required and must be greater than 0.");
                }
                if (string.IsNullOrWhiteSpace(parcelId)) {
                    errors.Add("Parameter 'parcelId' is required and cannot be blank.");
                }
                if (string.IsNullOrWhiteSpace(county)) {
                    errors.Add("Parameter 'county' is required and cannot be blank.");
                }

                if (!role.HasValue) {
                    // Default to operator
                    role = PropertyRole.authorized_producer;
                }
                if (!Enum.IsDefined(typeof(PropertyRole), role)) {
                    errors.Add("Invalid property role: " + role.ToString());
                }

                if (!productionTypes.HasValue) {
                    productionTypes = DisclaimerDataType.agriculture;
                }
                // Check for validity of production types - this is a flags enum,
                // so valid values are anything > 0 and < (sum of all values)
                var maxVal = Enum.GetValues(typeof(DisclaimerDataType)).Cast<int>().Sum();
                if (productionTypes < 0 || (int)productionTypes > maxVal || (productionTypes == 0 && role != PropertyRole.installer)) {
                    errors.Add("Invalid production type: " + productionTypes.ToString());
                }

                if (errors.Count > 0) {
                    return jsonStatus();
                }

                var udalc = new UserDalc();
                User actualUser = GetUserFromAuthTicket(authTicket);
                User actingUser = udalc.GetUser(actingUserId);
                if (actualUser == null) {
                    errors.Add("Unable to find user account based on provided auth ticket.");
                }
                if (actingUser == null) {
                    errors.Add("Unable to find user account corresponding to actingUserId == " + actingUserId.ToString());
                }
                if (errors.Count > 0) {
                    return jsonStatus();
                }

                if (actualUser.Id != actualUserId) {
                    // Bizarre - the auth ticket is not for the specified user id.
                    errors.Add("Unauthorized action: The specified authentication ticket does not match the provided actual user ID.");
                    return jsonStatus();
                }

                // 1. Ensure actual user has permission to pose as acting user
                if (actualUserId != actingUserId && !actualUser.IsAdmin) {
                    errors.Add("Unauthorized action: You do not have permission to act for that user.");
                    return jsonStatus();
                }

                var propDalc = new PropertyDalc();

                // 2. Verify that the property matches values in AppraisalRolls.
                if (!propDalc.DoesPropertyExist(parcelId, county)) {
                    errors.Add(string.Format("Unable to find a matching appraisal roll record for parcel ID '{0}', county '{1}'", parcelId, county));
                    return jsonStatus();
                }

                // 3. If the property has not been associated with the user account,
                //		return an error message to that effect.
                int clientPropertyId;
                if (!propDalc.IsPropertyAssociated(actingUserId, parcelId, county, out clientPropertyId)) {
                    errors.Add("The specified property is not associated with your account. Please first add the property to your account.");
                    return jsonStatus();
                }

                propDalc.ChangePropertyRoleAndProductionType(actingUser, clientPropertyId, role.Value, productionTypes.Value);

                return jsonStatus();
            } catch (Exception ex) {
                return Json(new JsonResponse(false, ex.Message));
            }
        }