public CPGroup UpdateGroup(CPGroup group)
{
if (group == null)
{
return(null);
}
using (CPSecurityEntities context = new CPSecurityEntities())
{
var match = context.SecurityGroups.FirstOrDefault(g => g.GroupId == group.ID);
if (match == null)
{
return(null);
}
match.GroupName = group.Name;
match.UserRights = (int)group.UserRights;
try
{
context.SaveChanges();
}
catch (OptimisticConcurrencyException)
{
context.Refresh(RefreshMode.ClientWins, match);
context.SaveChanges();
}
catch (ConstraintException)
{
}
return(GetGroup(match.GroupName));
}
}
public bool ChangePassword(string username, string oldPassword, string newPassword)
{
MembershipUser user = Membership.GetUser(username);
if (user != null && user.ChangePassword(oldPassword, newPassword))
{
using (CPSecurityEntities context = new CPSecurityEntities())
{
var match = context.SecurityUserProfiles.FirstOrDefault(p => p.UserName == username);
if (match != null)
{
match.PasswordExpired = false;
try
{
context.SaveChanges();
}
catch (OptimisticConcurrencyException)
{
context.Refresh(RefreshMode.ClientWins, match);
context.SaveChanges();
}
}
}
return(true);
}
return(false);
}
public bool RemoveUserFromGroups(string username, List <byte> groupIDs)
{
if (groupIDs == null || groupIDs.Count == 0)
{
return(true);
}
using (CPSecurityEntities context = new CPSecurityEntities())
{
foreach (var m in from m in context.SecurityGroupMemberships
where m.UserName == username && groupIDs.Contains(m.GroupId)
select m)
{
context.DeleteObject(m);
}
try
{
context.SaveChanges();
return(true);
}
catch (ConstraintException)
{
return(false);
}
}
}
public bool AddUserToGroups(string username, List <byte> groupIDs)
{
using (CPSecurityEntities context = new CPSecurityEntities())
{
foreach (var id in (groupIDs ?? new List <byte>()).Except(from m in context.SecurityGroupMemberships
where m.UserName == username
select m.GroupId))
{
context.SecurityGroupMemberships.AddObject(new SecurityGroupMembership()
{
UserName = username,
GroupId = id
});
}
try
{
context.SaveChanges();
return(true);
}
catch (ConstraintException)
{
return(false);
}
}
}
/// <summary>
/// Creates a new login token for authenticating a specific user for a specific application.
/// </summary>
/// <param name="username">The login name of the user requesting authentication.</param>
/// <param name="applicationID">The unique identifier of the application requesting authentication.</param>
/// <returns>A new login token if the specified user has access to the specified application; otherwise, null.</returns>
public Token CreateToken(string username, byte applicationID)
{
using (CPSecurityEntities context = new CPSecurityEntities())
{
var app = context.SecuritySsoApplications.FirstOrDefault(a => a.ApplicationId == applicationID);
if (app != null && HasUserRights(username, (CPUserRights)app.UserRights))
{
SecuritySsoToken token = new SecuritySsoToken()
{
UserName = username,
SecuritySsoApplication = app
};
try
{
context.SecuritySsoTokens.AddObject(token);
context.SaveChanges();
return(TokenFactory.CreateToken(token));
}
catch
{
}
}
}
return(null);
}
/// <summary>
/// Deletes a security user profile from the datastore.
/// </summary>
/// <param name="context">The datastore entity context to use.</param>
/// <param name="username">The username of the profile to delete.</param>
public static void DeleteSecurityUserProfile(this CPSecurityEntities context, string username)
{
var match = context.SecurityUserProfiles.FirstOrDefault(p => p.UserName == username);
if (match != null)
{
try
{
context.DeleteObject(match);
context.SaveChanges();
}
catch (OptimisticConcurrencyException)
{
context.Refresh(RefreshMode.ClientWins, match);
context.DeleteObject(match);
}
}
}
/// <summary>
/// Adds a new security user profile entity instance to the datastore.
/// </summary>
/// <param name="context">The datastore entity context to use.</param>
/// <param name="username">The username for the new profile.</param>
/// <param name="candidateID">The candidate ID for the new profile.</param>
/// <param name="displayName">The display name for the profile.</param>
/// <param name="type">The entity type of the CFB-registered contact used to create the profile.</param>
/// <param name="committeeID">If not representing a candidate, the ID of the profile's committee.</param>
/// <param name="electionCycle">If representing a treasurer, the election cycle for which the profile's committee is authorized.</param>
/// <param name="liaisonID">If representing a liaison, the committee-relative liaison ID of the profile.</param>
/// <param name="passwordExpired">Indicates whether or not the password on the newly created profile is to be expired.</param>
/// <returns>A <see cref="SecurityUserProfile"/> instance representing the newly created profile that has been added to the datastore.</returns>
public static SecurityUserProfile AddToSecurityUserProfiles(this CPSecurityEntities context, string username, string candidateID, string displayName = null, EntityType type = EntityType.Generic, char?committeeID = null, string electionCycle = null, byte?liaisonID = null, bool passwordExpired = true)
{
if (context == null || string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(candidateID))
{
return(null);
}
SecurityUserProfile profile = SecurityUserProfile.CreateSecurityUserProfile(username, candidateID, passwordExpired, (byte)type);
profile.DisplayName = displayName;
if (committeeID.HasValue)
{
profile.CfisCommitteeID = committeeID.Value.ToString();
}
profile.CfisCommitteeContactID = liaisonID.HasValue ? liaisonID.Value.ToString() : electionCycle;
context.SecurityUserProfiles.AddObject(profile);
context.SaveChanges();
return(profile);
}
/// <summary>
/// Checks whether or not a login token exists and is valid for authentication.
/// </summary>
/// <param name="tokenID">The unique identifier of the token to validate.</param>
/// <returns>The login name of the user attempting to authenticate with the specified token, if valid; otherwise, null.</returns>
/// <remarks>The login token is automatically discarded once validated.</remarks>
public string ValidateToken(Guid tokenID)
{
string username = null;
if (tokenID != null)
{
using (CPSecurityEntities context = new CPSecurityEntities())
{
var token = context.SecuritySsoTokens.FirstOrDefault(t => t.TokenId == tokenID);
if (token != null)
{
if (DateTime.Now <= token.Created.Add(Properties.Settings.Default.TokenValidationWindow))
{
username = token.UserName;
}
context.DeleteObject(token);
context.SaveChanges();
}
}
}
return(username);
}
public CPGroup CreateGroup(string groupName)
{
using (CPSecurityEntities context = new CPSecurityEntities())
{
if (!context.SecurityGroups.Any(g => g.GroupName == groupName))
{
SecurityGroup group = new SecurityGroup()
{
GroupName = groupName
};
try
{
context.SecurityGroups.AddObject(group);
context.SaveChanges();
return(CPGroupFactory.CreateGroup(group));
}
catch (ConstraintException)
{
}
}
}
return(null);
}
public bool DeleteGroup(string groupName)
{
using (CPSecurityEntities context = new CPSecurityEntities())
{
var match = context.SecurityGroups.FirstOrDefault(g => g.GroupName == groupName);
if (match == null)
{
return(true);
}
context.DeleteObject(match);
try
{
return(context.SaveChanges() > 0);
}
catch (OptimisticConcurrencyException)
{
return(false);
}
catch (ConstraintException)
{
return(false);
}
}
}
public UpdateResult UpdateUser(CPUser user)
{
UpdateResultState state = UpdateResultState.Success;
// .NET Membership properties
MembershipUser muser = user == null ? null : Membership.GetUser(user.UserName);
if (muser == null)
{
state |= UpdateResultState.MembershipUserNotFound;
}
else
{
bool dirty = false;
if (muser.Email != user.Email)
{
muser.Email = user.Email;
dirty = true;
}
if (muser.IsApproved != user.Enabled)
{
muser.IsApproved = user.Enabled;
dirty = true;
}
if (muser.IsLockedOut && !user.LockedOut)
{
muser.UnlockUser();
dirty = true;
}
if (dirty)
{
try
{
Membership.UpdateUser(muser);
}
catch
{
state |= UpdateResultState.AspNetMembershipFailure;
}
}
// C-Access Security
using (CPSecurityEntities context = new CPSecurityEntities())
{
var match = context.SecurityUserProfiles.FirstOrDefault(u => u.UserName == user.UserName);
if (match == null)
{
state |= UpdateResultState.ProfileNotFound;
}
else
{
// basic properties
match.CandidateId = user.Cid;
match.DisplayName = user.DisplayName;
match.CfisType = (byte)user.SourceType;
match.CfisCommitteeID = user.SourceCommitteeID.HasValue ? user.SourceCommitteeID.Value.ToString() : null;
match.CfisCommitteeContactID = user.SourceLiaisonID.HasValue ? user.SourceLiaisonID.Value.ToString() : user.SourceElectionCycle;
// election cycles
var currentCycles = context.SecurityUserElectionCycles.Where(c => c.UserName == user.UserName);
var updateCycles = user.ElectionCycles;
if (user.ImplicitElectionCycles == updateCycles.Any()) // implicit EC access requires both an empty EC collection AND a set flag
{
state |= UpdateResultState.ElectionCycleNotFound;
}
else
{
// delete old cycles
foreach (var cycle in currentCycles.Where(c => !updateCycles.Contains(c.ElectionCycle)))
{
context.SecurityUserElectionCycles.DeleteObject(cycle);
}
// add new cycles
foreach (var cycle in updateCycles.Except(currentCycles.Select(c => c.ElectionCycle)))
{
context.SecurityUserElectionCycles.AddObject(SecurityUserElectionCycle.CreateSecurityUserElectionCycle(user.UserName, cycle));
}
}
// save changes
try
{
context.SaveChanges();
}
catch (OptimisticConcurrencyException)
{
context.Refresh(RefreshMode.ClientWins, match);
context.SaveChanges();
}
catch (ConstraintException)
{
state |= UpdateResultState.ProfileFailure;
}
}
}
}
return(new UpdateResult(GetUser(user.UserName), state));
}