public async Task AddTwoStepLoginFailureAsync()
{
int userId = Manager.SessionSettings.SiteSettings.GetValue <int>(LoginTwoStepController.IDENTITY_TWOSTEP_USERID);
if (userId == 0)
{
throw new InternalError("No user id available in AddTwoStepLoginFailure");
}
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
UserDefinition user = await userDP.GetItemByUserIdAsync(userId);
if (user == null)
{
throw new InternalError("Unexpected error in AddTwoStepLoginFailure - no user found");
}
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
user.LoginFailures = user.LoginFailures + 1;
if (config.MaxLoginFailures != 0 && user.LoginFailures >= config.MaxLoginFailures)
{
if (user.UserStatus != UserStatusEnum.Suspended)
{
user.UserStatus = UserStatusEnum.Suspended;
}
}
UpdateStatusEnum status = await userDP.UpdateItemAsync(user);
if (status != UpdateStatusEnum.OK)
{
throw new InternalError("Unexpected status {0} updating user account in AddTwoStepLoginFailure", status);
}
}
}
public async Task <bool> GetTwoStepLoginFailuresExceededAsync()
{
int userId = Manager.SessionSettings.SiteSettings.GetValue <int>(LoginTwoStepController.IDENTITY_TWOSTEP_USERID);
if (userId == 0)
{
throw new InternalError("No user id available in GetTwoStepLoginFailures");
}
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
UserDefinition user = await userDP.GetItemByUserIdAsync(userId);
if (user == null)
{
throw new InternalError("Unexpected error in GetTwoStepLoginFailures - no user found");
}
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
return(config.MaxLoginFailures != 0 && user.LoginFailures >= config.MaxLoginFailures);
}
}
public async Task RehashAllPasswordsAsync()
{
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
if (!config.SavePlainTextPassword)
{
throw new InternalError("Rehashing all passwords is only available if plain text passwords are saved");
}
UserManager <UserDefinition> userManager = Managers.GetUserManager();
const int TAKE = 10;
for (int skip = 0; ; skip += TAKE)
{
DataProviderGetRecords <UserDefinition> list = await GetItemsAsync(skip, TAKE, null, null);
if (list.Data.Count == 0)
{
break;
}
foreach (UserDefinition user in list.Data)
{
if (!string.IsNullOrWhiteSpace(user.PasswordPlainText))
{
#if MVC6
IPasswordHasher <UserDefinition> passwordHasher = (IPasswordHasher <UserDefinition>)YetaWFManager.ServiceProvider.GetService(typeof(IPasswordHasher <UserDefinition>));
user.PasswordHash = passwordHasher.HashPassword(user, user.PasswordPlainText);
#else
user.PasswordHash = userManager.PasswordHasher.HashPassword(user.PasswordPlainText);
#endif
UpdateStatusEnum status = await UpdateItemAsync(user);
if (status != UpdateStatusEnum.OK)
{
throw new InternalError("Update failed - status {0} user id {1}", status, user.Id);
}
}
}
}
}
public static async Task <LoginConfigData> GetConfigAsync()
{
using (LoginConfigDataProvider configDP = new LoginConfigDataProvider()) {
return(await configDP.GetItemAsync());
}
}
public async Task <AddUserInfo> AddUserAsync(string name, string email, string password, bool needsNewPassword, string comment)
{
AddUserInfo info = new AddUserInfo();
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
UserDefinition user = new UserDefinition {
UserName = name,
Email = email,
PasswordPlainText = config.SavePlainTextPassword || needsNewPassword ? password : null,
Comment = comment,
};
if (config.RegistrationType == RegistrationTypeEnum.NameAndEmail)
{
using (UserDefinitionDataProvider dataProvider = new UserDefinitionDataProvider()) {
// Email == user.Email
List <DataProviderFilterInfo> filters = new List <DataProviderFilterInfo> {
new DataProviderFilterInfo {
Field = nameof(UserDefinition.Email), Operator = "==", Value = user.Email,
},
};
UserDefinition userExists = await dataProvider.GetItemAsync(filters);
if (userExists != null && user.UserName != userExists.Email)
{
info.ErrorType = AddUserInfo.ErrorTypeEnum.Email;
info.Errors.Add(this.__ResStr("emailUsed", "An account with email address {0} already exists.", user.Email));
return(info);
}
}
}
user.UserStatus = UserStatusEnum.Approved;
// create user
var result = await Managers.GetUserManager().CreateAsync(user, password);
if (!result.Succeeded)
{
info.ErrorType = AddUserInfo.ErrorTypeEnum.Name;
foreach (var error in result.Errors)
{
#if MVC6
info.Errors.Add(error.Description);
#else
info.Errors.Add(error);
#endif
return(info);
}
}
if (needsNewPassword)
{
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
user.NeedsNewPassword = true;
if (await userDP.UpdateItemAsync(user) != UpdateStatusEnum.OK)
{
throw new InternalError($"Failed to update new user to set {nameof(user.NeedsNewPassword)}");
}
}
}
info.ErrorType = AddUserInfo.ErrorTypeEnum.None;
info.UserId = user.UserId;
return(info);
}
public async Task ResolveUserAsync()
{
if (!Manager.HaveCurrentRequest)
{
throw new InternalError("No httpRequest");
}
// check whether we have a logged on user
#if MVC6
if (SiteDefinition.INITIAL_INSTALL || !Manager.CurrentContext.User.Identity.IsAuthenticated)
#else
if (SiteDefinition.INITIAL_INSTALL || !Manager.CurrentRequest.IsAuthenticated)
#endif
{
return;// no user logged in
}
// get user info and save in Manager
string userName = Manager.CurrentContext.User.Identity.Name;
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
if (!await userDP.IsInstalledAsync())
{
Logging.AddErrorLog("UserDefinitionDataProvider not installed");
return;
}
UserDefinition user = await userDP.GetItemAsync(userName);
if (user == null)
{
Logging.AddErrorLog("Authenticated user {0} doesn't exist", userName);
#if DEBUG
//throw new InternalError("Authenticated user doesn't exist");
#endif
return;
}
// Check whether user needs to set up two-step authentication
// External login providers don't require local two-step authentication (should be offered by external login provider)
// If any of the user's roles require two-step authentication and the user has not enabled two-step authentication providers,
// set marker so we can redirect the user
if (Manager.Need2FAState == null)
{
Manager.Need2FAState = false;
using (UserLoginInfoDataProvider logInfoDP = new UserLoginInfoDataProvider()) {
if (!await logInfoDP.IsExternalUserAsync(user.UserId))
{
// not an external login, so check if we need two-step auth
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
if (config.TwoStepAuth != null && user.RolesList != null)
{
foreach (Role role in config.TwoStepAuth)
{
if (role.RoleId == Resource.ResourceAccess.GetUserRoleId() || user.RolesList.Contains(new Role {
RoleId = role.RoleId
}, new RoleComparer()))
{
if ((await user.GetEnabledAndAvailableTwoStepAuthenticationsAsync()).Count == 0)
{
Manager.Need2FAState = true;
}
break;
}
}
}
}
}
}
// Check whether the user needs to change the password
Manager.NeedNewPassword = user.NeedsNewPassword;
// user good to go
Manager.UserName = user.UserName;
Manager.UserEmail = user.Email;
Manager.UserId = user.UserId;
Manager.UserObject = user;
await UserSettings.UserSettingsAccess.ResolveUserAsync();
Manager.UserRoles = (from l in user.RolesList select l.RoleId).ToList();
int superuserRole = Resource.ResourceAccess.GetSuperuserRoleId();
if (user.RolesList.Contains(new Role {
RoleId = superuserRole
}, new RoleComparer()))
{
Manager.SetSuperUserRole(true);
}
}
}
