/// <summary>
/// Create the message that are sent from the server to the client with the salts that should be used during the
/// authentication.
/// </summary>
/// <param name="user">User that want to be authenticated</param>
/// <returns>
/// <see cref="AuthenticationHandshakeReply" />
/// </returns>
public IAuthenticationHandshakeReply CreateServerPreAuthentication(IUserAccount user)
{
return new AuthenticationHandshakeReply()
{
AccountSalt = user.PasswordSalt,
SessionSalt = Hasher.CreateSalt()
};
}
///// <summary>
///// Send a plain text email with the specified properties. The email will appear to come from the name and email specified in the
///// EmailFromName and EmailFromAddress configuration settings. The email
///// is sent to the address configured in the emailToAddress setting in the configuration file. If
///// <paramref name="sendOnBackgroundThread"/> is true, the e-mail is sent on a background thread and the function
///// returns immediately. An exception is thrown if an error occurs while sending the e-mail, unless <paramref name="sendOnBackgroundThread"/>
///// is true, in which case the error is logged but the exception does not propagate back to the UI thread.
///// </summary>
///// <param name="subject">The text to appear in the subject of the email.</param>
///// <param name="body">The body of the email. If the body is HTML, specify true for the isBodyHtml parameter.</param>
///// <param name="galleryId">The gallery ID.</param>
///// <param name="sendOnBackgroundThread">If set to <c>true</c> send e-mail on a background thread. This causes any errors
///// to be silently handled by the error logging system, so if it is important for any errors to propogate to the UI,
///// such as when testing the e-mail function in the Site Administration area, set to <c>false</c>.</param>
///// <overloads>
///// Send an e-mail message.
///// </overloads>
///// <exception cref="WebException">Thrown when a SMTP Server is not specified. (Not thrown when
///// <paramref name="sendOnBackgroundThread"/> is true.)</exception>
///// <exception cref="SmtpException">Thrown when the connection to the SMTP server failed, authentication failed,
///// or the operation timed out. (Not thrown when <paramref name="sendOnBackgroundThread"/> is true.)</exception>
///// <exception cref="SmtpFailedRecipientsException">The message could not be delivered to one or more
///// recipients. (Not thrown when <paramref name="sendOnBackgroundThread"/> is true.)</exception>
//public static void SendEmail(string subject, string body, int galleryId, bool sendOnBackgroundThread)
//{
// MailAddress recipient = new MailAddress(Config.GetCore().EmailToAddress, Config.GetCore().EmailToName);
// SendEmail(recipient, subject, body, galleryId, sendOnBackgroundThread);
//}
/// <overloads>
/// Send an e-mail.
/// </overloads>
/// <summary>
/// Send a plain text e-mail to the <paramref name="user" />. The email will appear to come from the name and email specified in the
/// <see cref="IAppSetting.EmailFromName" /> and <see cref="IAppSetting.EmailFromAddress" /> configuration settings.
/// The e-mail is sent on a background thread, so if an error occurs on that thread no exception bubbles to the caller (the error, however, is
/// recorded in the error log). If it is important to know if the e-mail was successfully sent, use the overload of this
/// method that specifies a sendOnBackgroundThread parameter.
/// </summary>
/// <param name="user">The user to receive the email. If the user does not have a valid e-mail, no action is taken.</param>
/// <param name="subject">The text to appear in the subject of the email.</param>
/// <param name="body">The body of the email. Must be plain text.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="user" /> is null.</exception>
public static void SendEmail(IUserAccount user, string subject, string body)
{
if (user == null)
throw new ArgumentNullException("user");
if (HelperFunctions.IsValidEmail(user.Email))
{
SendEmail(new MailAddress(user.Email, user.UserName), subject, body, false);
}
}
public RegistrationModel(IUserAccount entity)
{
NickName = entity.NickName;
Email = entity.Email;
Description = entity.Description;
Avatar = entity.Avatar;
RegistrationDate = entity.RegistrationDate;
if(string.IsNullOrEmpty(entity.PasswordHash))
{
IsTempUser = true;
}
}
///// <summary>
///// Send a plain text email with the specified properties. The email will appear to come from the name and email specified in the
///// EmailFromName and EmailFromAddress configuration settings. The email
///// is sent to the address configured in the emailToAddress setting in the configuration file. If
///// <paramref name="sendOnBackgroundThread"/> is true, the e-mail is sent on a background thread and the function
///// returns immediately. An exception is thrown if an error occurs while sending the e-mail, unless <paramref name="sendOnBackgroundThread"/>
///// is true, in which case the error is logged but the exception does not propagate back to the UI thread.
///// </summary>
///// <param name="subject">The text to appear in the subject of the email.</param>
///// <param name="body">The body of the email. If the body is HTML, specify true for the isBodyHtml parameter.</param>
///// <param name="galleryId">The gallery ID.</param>
///// <param name="sendOnBackgroundThread">If set to <c>true</c> send e-mail on a background thread. This causes any errors
///// to be silently handled by the error logging system, so if it is important for any errors to propogate to the UI,
///// such as when testing the e-mail function in the Site Administration area, set to <c>false</c>.</param>
///// <overloads>
///// Send an e-mail message.
///// </overloads>
///// <exception cref="WebException">Thrown when a SMTP Server is not specified. (Not thrown when
///// <paramref name="sendOnBackgroundThread"/> is true.)</exception>
///// <exception cref="SmtpException">Thrown when the connection to the SMTP server failed, authentication failed,
///// or the operation timed out. (Not thrown when <paramref name="sendOnBackgroundThread"/> is true.)</exception>
///// <exception cref="SmtpFailedRecipientsException">The message could not be delivered to one or more
///// recipients. (Not thrown when <paramref name="sendOnBackgroundThread"/> is true.)</exception>
//public static void SendEmail(string subject, string body, int galleryId, bool sendOnBackgroundThread)
//{
// MailAddress recipient = new MailAddress(Config.GetCore().EmailToAddress, Config.GetCore().EmailToName);
// SendEmail(recipient, subject, body, galleryId, sendOnBackgroundThread);
//}
/// <overloads>
/// Send an e-mail.
/// </overloads>
/// <summary>
/// Send a plain text e-mail to the <paramref name="user" />. The email will appear to come from the name and email specified in the
/// <see cref="IAppSetting.EmailFromName" /> and <see cref="IAppSetting.EmailFromAddress" /> configuration settings.
/// The e-mail is sent on a background thread, so if an error occurs on that thread no exception bubbles to the caller (the error, however, is
/// recorded in the error log). If it is important to know if the e-mail was successfully sent, use the overload of this
/// method that specifies a sendOnBackgroundThread parameter.
/// </summary>
/// <param name="user">The user to receive the email. If the user does not have a valid e-mail, no action is taken.</param>
/// <param name="subject">The text to appear in the subject of the email.</param>
/// <param name="body">The body of the email. Must be plain text.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="user" /> is null.</exception>
public static void SendEmail(IUserAccount user, string subject, string body)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (HelperFunctions.IsValidEmail(user.Email))
{
SendEmail(new MailAddress(user.Email, user.UserName), subject, body, false);
}
}
/// <summary>
/// Gets the email template. Replacement parameters in the template are replaced with their appropriate values. The data
/// in the template can be used to construct an e-mail.
/// </summary>
/// <param name="template">The template to retrieve.</param>
/// <param name="user">The user associated with the template.</param>
/// <returns>Returns an e-mail template.</returns>
public static EmailTemplate GetEmailTemplate(EmailTemplateForm template, IUserAccount user)
{
EmailTemplate emailTemplate = new EmailTemplate();
emailTemplate.EmailTemplateId = template;
string filePath = Utils.GetPath(String.Format(CultureInfo.InvariantCulture, "/templates/{0}.txt", template));
// Step 1: Get subject and body from text file and assign to fields.
using (StreamReader sr = File.OpenText(filePath))
{
while (sr.Peek() >= 0)
{
string lineText = sr.ReadLine().Trim();
if (lineText == "[Subject]")
{
emailTemplate.Subject = sr.ReadLine();
}
if (lineText == "[Body]")
{
emailTemplate.Body = sr.ReadToEnd();
}
}
}
// Step 2: Update replacement parameters with real values.
emailTemplate.Body = emailTemplate.Body.Replace("{CurrentPageUrlFull}", Utils.GetCurrentPageUrlFull());
string userName = (user != null ? user.UserName : String.Empty);
string email = (user != null ? user.Email : String.Empty);
emailTemplate.Body = emailTemplate.Body.Replace("{UserName}", userName);
emailTemplate.Body = emailTemplate.Body.Replace("{Email}", String.IsNullOrEmpty(email) ? Resources.GalleryServerPro.Email_Template_No_Email_For_User_Replacement_Text : email);
if (emailTemplate.Body.Contains("{VerificationUrl}"))
{
emailTemplate.Body = emailTemplate.Body.Replace("{VerificationUrl}", GenerateVerificationLink(userName));
}
if (emailTemplate.Body.Contains("{Password}"))
{
emailTemplate.Body = emailTemplate.Body.Replace("{Password}", UserController.GetPassword(userName));
}
if (emailTemplate.Body.Contains("{ManageUserUrl}"))
{
emailTemplate.Body = emailTemplate.Body.Replace("{ManageUserUrl}", GenerateManageUserLink(userName));
}
return(emailTemplate);
}
public AdminController(IUser iuser, ISetting isetting, ILog ilog, IPrice iprice, INotice inotice, IRequestMoney irequestmoney, IMoney imoney, IHelp ihelp, IUserAccount iuseraccount)
{
this.iuser = iuser;
this.isetting = isetting;
this.ilog = ilog;
this.iprice = iprice;
this.inotice = inotice;
this.irequestmoney = irequestmoney;
this.imoney = imoney;
this.ihelp = ihelp;
this.iuseraccount = iuseraccount;
}
private void AssertVisibility(IUserAccount custodian)
{
Assert.IsTrue(_fullNameTextBox.IsVisible);
Assert.IsTrue(_loginIdTextBox.IsVisible);
Assert.IsTrue(_isEnabledTextBox.IsVisible);
Assert.AreEqual(_enableButton.IsVisible, !custodian.IsEnabled);
Assert.AreEqual(_disableButton.IsVisible, custodian.IsEnabled);
Assert.IsTrue(_passwordTextBox.IsVisible);
Assert.IsTrue(_changeButton.IsVisible);
}
void IUserAccountsCommand.ActivateUserAccount(IUserAccount user, Guid activatedById)
{
_repository.ActivateUserAccount(user.Id, activatedById, DateTime.Now);
// Fire events.
var handlers = UserActivated;
if (handlers != null)
{
handlers(this, new UserAccountEventArgs(user.Id, user.UserType, activatedById));
}
}
public void MatchPassword_CorrectPassword_ResultTrue()
{
// prepare
string PlainPassword = "******";
IUserAccount shopOwnerAccount = _kernel.Get <IUserAccount>();
shopOwnerAccount.Password = "******";
// act
bool isCorrect = shopOwnerAccount.MatchPassword(PlainPassword);
// assert
Assert.Equals(true, isCorrect);
}
public async Task <string> GeneratePinCode(IUserAccount user, string cellular, string email)
{
IAccessToken accessToken = await GenerateToken(user);
PasswordBuilder pb = new PasswordBuilder();
PinCodeGenerator gen = new PinCodeGenerator();
string pinCode = gen.GenerateNextPinCode();
await m_session_repository.ResetPinCode(accessToken.Guid, pb.MakeGuid(cellular, email, pinCode), pb.MakePasswordHash(cellular, email, pinCode));
return(pinCode);
}
/// <summary>
/// Sends an e-mail based on the <paramref name="templateForm"/> to the specified <paramref name="user"/>.
/// No action is taken if the user's e-mail is null or empty. The e-mail is sent on a
/// background thread, so if an error occurs on that thread no exception bubbles to the caller (the error, however, is
/// recorded in the error log). If <paramref name="sendOnBackgroundThread"/> is true, the e-mail is sent on a background
/// thread and the function returns immediately. An exception is thrown if an error occurs while sending the e-mail,
/// unless <paramref name="sendOnBackgroundThread"/> is true, in which case the error is logged but the exception does
/// not propagate back to the UI thread.
/// </summary>
/// <param name="user">The user to receive the e-mail.</param>
/// <param name="templateForm">The template form specifying the type of e-mail to send.</param>
/// <param name="galleryId">The gallery ID containing the e-mail configuration settings to use.</param>
/// <param name="sendOnBackgroundThread">If set to <c>true</c> send e-mail on a background thread. This causes any errors
/// to be silently handled by the error logging system, so if it is important for any errors to propogate to the UI,
/// such as when testing the e-mail function in the Site Administration area, set to <c>false</c>.</param>
public static void SendNotificationEmail(IUserAccount user, EmailTemplateForm templateForm, int galleryId, bool sendOnBackgroundThread)
{
if (String.IsNullOrEmpty(user.Email))
{
return;
}
EmailTemplate emailTemplate = GetEmailTemplate(templateForm, user);
MailAddress emailRecipient = new MailAddress(user.Email, user.UserName);
SendEmail(emailRecipient, emailTemplate.Subject, emailTemplate.Body, galleryId, sendOnBackgroundThread);
}
private void SaveUserAccount(IUserAccount userAccount, string path)
{
try
{
string serialized = JsonConvert.SerializeObject(userAccount);
File.WriteAllText(path, serialized);
}
catch (IOException ex)
{
Debug.WriteLine($"Failed to save user account to {path}: {ex.Message}");
throw new CredentialsStoreException(ex.Message, ex);
}
}
private void AssertVisibility(IUserAccount administrator)
{
Assert.IsTrue(_fullNameTextBox.IsVisible);
Assert.IsTrue(_loginIdTextBox.IsVisible);
Assert.IsTrue(_isEnabledTextBox.IsVisible);
Assert.AreEqual(!administrator.IsEnabled, _enableButton.IsVisible);
Assert.AreEqual(administrator.IsEnabled, _disableButton.IsVisible);
Assert.IsTrue(_passwordTextBox.IsVisible);
Assert.IsTrue(_changeButton.IsVisible);
}
void IUserAccountsCommand.DeactivateUserAccount(IUserAccount user, Guid deactivatedById)
{
_repository.DeactivateUserAccount(user.Id, deactivatedById, DateTime.Now);
// Fire events.
var handlers = UserDeactivated;
if (handlers != null)
{
handlers(this, new UserDeactivatedEventArgs(user.Id, user.UserType, deactivatedById, DeactivationReason.Other, null));
}
}
public static UserAccountJson CreateInstance(IUserAccount ua)
{
UserAccountJson user = new UserAccountJson();
user.UserId = ua.UserId;
user.Name = ua.Name;
user.Description = ua.Description;
user.IsBlocked = ua.IsBlocked;
user.Password = ua.Password;
user.Scope = ua.Scope;
user.Username = ua.Username;
return(user);
}
public UserAccount(IUserAccount user) : base(user)
{
CreatedDateTime = user.CreatedDateTime;
IsAdmin = user.IsAdmin;
IsStaff = user.IsStaff;
IsCustomer = user.IsCustomer;
LoginName = user.LoginName;
if (user.Address != null)
{
Address = new Address(user.Address);
}
}
/// <summary>
/// Updates the current account for the extension.
/// This method will also invalidate the project.
/// It is up to the caller to select an appropriate one.
/// </summary>
public void UpdateCurrentAccount(IUserAccount account)
{
if (CurrentAccount?.AccountName != account?.AccountName)
{
CurrentAccount = account;
CurrentProjectId = null;
CurrentProjectNumericId = null;
InvalidateProjectList();
UpdateDefaultCredentials();
CurrentAccountChanged?.Invoke(this, EventArgs.Empty);
}
}
/// <summary>
/// Handles the LoggedIn event of the Login control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void Login1_LoggedIn(object sender, EventArgs e)
{
// Get the user. This will ensure we get the username with the correct case, regardless of how the user logged on (Admin vs. admin, etc).
IUserAccount user = UserController.GetUser(Login1.UserName, false);
UserController.UserLoggedOn(user.UserName, this.GalleryPage.GalleryId);
if (this.GalleryPage.GallerySettings.EnableUserAlbum && this.GalleryPage.GallerySettings.RedirectToUserAlbumAfterLogin)
{
Utils.Redirect(Utils.GetUrl(PageId.album, "aid={0}", UserController.GetUserAlbumId(user.UserName, this.GalleryPage.GalleryId)));
}
ReloadPage();
}
public void DeleteUser(string userId)
{
if (String.IsNullOrWhiteSpace(userId))
{
throw new Exception("user ID is not set");
}
IUserAccount ua = GetUserById(userId);
if (ua != null)
{
_userAccounts.Remove(ua);
RemoveFromDisk(userId);
}
}
public void GetUserProfile()
{
User user;
using (SMPSEntities123 objectContext = new SMPSEntities123())
{
IQueryable <User> users = objectContext.Users;
user = users.FirstOrDefault();
}
IUserAccount obj = this.container.Resolve <IUserAccount>();
UserProfile profileuser = obj.GetUserProfile(user.UserLoginId);
Assert.AreEqual(true, profileuser != null);
}
public void CheckValidUser()
{
User user;
using (SMPSEntities123 objectContext = new SMPSEntities123())
{
IQueryable <User> users = objectContext.Users;
user = users.FirstOrDefault();
}
IUserAccount obj = this.container.Resolve <IUserAccount>();
UserProfile userProfile = obj.ValidateUser(user.UserLoginId, user.UserLoginPassword);
Assert.AreEqual(true, userProfile != null);
}
void IUserAccountsCommand.DeactivateUserAccount(IUserAccount user, DeactivationReason reason, string comments)
{
// Deactivated themselves.
_repository.DeactivateUserAccount(user.Id, user.Id, DateTime.Now, reason, comments);
// Fire events.
var handlers = UserDeactivated;
if (handlers != null)
{
handlers(this, new UserDeactivatedEventArgs(user.Id, user.UserType, user.Id, reason, comments));
}
}
/// <summary>
/// Copies the current account information to the specified <paramref name="userAccount" />. The <paramref name="userAccount" />
/// must be able to be cast to an instance of <see cref="UserAccount" />. If not, an <see cref="ArgumentNullException" />
/// is thrown.
/// </summary>
/// <param name="userAccount">The user account to populate with information from the current instance.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="userAccount" /> is null.</exception>
/// <exception cref="ArgumentOutOfRangeException">Thrown when <paramref name="userAccount" /> cannot be cast to an instance of
/// <see cref="UserAccount" />.</exception>
public void CopyTo(IUserAccount userAccount)
{
if (userAccount == null)
{
throw new ArgumentNullException("userAccount");
}
try
{
CopyToInstance(userAccount as UserAccount);
}
catch (ArgumentNullException)
{
throw new ArgumentOutOfRangeException("userAccount", "The parameter 'userAccount' cannot be cast to an instance of UserAccount.");
}
}
public void BeforeEach()
{
_defaultProject = new Project {
ProjectId = DefaultProjectId
};
_defaultUserAccount = Mock.Of <IUserAccount>(ua => ua.AccountName == DefaultAccountName);
_fileSystemMock = new Mock <IFileSystem> {
DefaultValueProvider = DefaultValueProvider.Mock
};
_objectUnderTest = new CredentialsStore(_fileSystemMock.ToLazy());
_projectIdChangedHandlerMock = new Mock <Action <object, EventArgs> >();
_accountChangedHandlerMock = new Mock <Action <object, EventArgs> >();
}
private static string GetFileName(IUserAccount userAccount)
{
string serialized = JsonConvert.SerializeObject(userAccount);
SHA1 sha1 = SHA1.Create();
byte[] hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(serialized));
var sb = new StringBuilder();
foreach (byte b in hash)
{
sb.AppendFormat("{0:x2}", b);
}
sb.Append(".json");
return(sb.ToString());
}
protected void cbValidateNewUserName_Callback(object sender, ComponentArt.Web.UI.CallBackEventArgs e)
{
// The user just typed in a user name in the Add New User wizard. Let's check to see if it already
// exists and let the user know the result.
string requestedUsername = e.Parameter;
if (String.IsNullOrEmpty(requestedUsername))
{
lblUserNameValidationResult.Text = String.Empty;
}
else
{
if (UseEmailForAccountName && (!HelperFunctions.IsValidEmail(requestedUsername)))
{
// App is configured to use an e-mail address as the account name, but the name is not a valid
// e-mail.
lblUserNameValidationResult.Text = Resources.GalleryServerPro.CreateAccount_Verification_Username_Not_Valid_Email_Text;
lblUserNameValidationResult.CssClass = "gsp_msgwarning";
}
else if (Util.RemoveHtmlTags(requestedUsername).Length != requestedUsername.Length)
{
// The user name has HTML tags, which are not allowed.
lblUserNameValidationResult.Text = Resources.GalleryServerPro.Site_Invalid_Text;
lblUserNameValidationResult.CssClass = "gsp_msgwarning";
}
else
{
// We passed the first test above. Now verify that the requested user name is not already taken.
IUserAccount user = UserController.GetUser(requestedUsername, false);
bool userNameIsInUse = (user != null);
if (userNameIsInUse)
{
lblUserNameValidationResult.Text = Resources.GalleryServerPro.Admin_Manage_Users_Username_Already_In_Use_Msg;
lblUserNameValidationResult.CssClass = "gsp_msgwarning";
}
else
{
lblUserNameValidationResult.Text = Resources.GalleryServerPro.Admin_Manage_Users_Username_Already_Is_Valid_Msg;
lblUserNameValidationResult.CssClass = "gsp_msgfriendly";
}
}
}
lblUserNameValidationResult.RenderControl(e.Output);
}
public void WhenUpdateUserAccountWithPartialAddress_ThenUpdatesAccount()
{
var account = new UserAccount
{
Id = "foo",
Username = "******",
PasswordHash = "apasswordhash",
Forenames = "aforename",
Surname = "asurname",
Email = "anemail",
MobilePhone = "amobilephone",
Address = new Address
{
Street1 = "astreet1",
Street2 = "",
Town = "atown",
},
Roles = "roles"
};
var newAccount = new UserAccount();
storageProvider.Setup(sp => sp.Get(It.IsAny <string>()))
.Returns(account);
storageProvider.Setup(sp => sp.Update(It.IsAny <string>(), It.IsAny <IUserAccount>()))
.Returns(newAccount);
IUserAccount result = manager.UpdateUserAccount("auserid", "bar1", "apasswordhash", "newpasswordhash",
"newforename",
"newsurname", "newemail", "newmobilephone",
new Address {
Street2 = "newstreet2",
});
storageProvider.Verify(sp => sp.Update("bar1", It.Is <IUserAccount>(
ua => ua.Username == "ausername" &&
ua.PasswordHash == "newpasswordhash" &&
ua.Forenames == "newforename" &&
ua.Surname == "newsurname" &&
ua.Email == "newemail" &&
ua.MobilePhone == "newmobilephone" &&
ua.Address.Street1 == "astreet1" &&
ua.Address.Street2 == "newstreet2" &&
ua.Address.Town == "atown"
)), Times.Once());
Assert.Equal(newAccount, result);
}
private void AssertVisibility(IUserAccount employer)
{
Assert.IsTrue(_firstNameTextBox.IsVisible);
Assert.IsTrue(_lastNameTextBox.IsVisible);
Assert.IsTrue(_emailAddressTextBox.IsVisible);
Assert.IsTrue(_phoneNumberTextBox.IsVisible);
Assert.IsTrue(_loginIdTextBox.IsVisible);
Assert.IsTrue(_isEnabledTextBox.IsVisible);
Assert.AreEqual(_enableButton.IsVisible, !employer.IsEnabled);
Assert.AreEqual(_disableButton.IsVisible, employer.IsEnabled);
Assert.IsTrue(_changePasswordTextBox.IsVisible);
Assert.IsTrue(_changeButton.IsVisible);
Assert.IsTrue(_sendPasswordEmailCheckBox.IsVisible);
}
public virtual void Edit(IUserAccount user)
{
DbCommand command = _dbCommandFactory.CreateCommand("AdminAccount_Edit",
_dbCommandFactory.CreateParameter("ID", user.ID),
_dbCommandFactory.CreateParameter("AccountCreationDateTime", user.AccountCreationDateTime),
_dbCommandFactory.CreateParameter("AccountStatus", user.AccountStatus),
_dbCommandFactory.CreateParameter("EmailAddress", user.EmailAddress),
_dbCommandFactory.CreateParameter("FirstName", user.FirstName),
_dbCommandFactory.CreateParameter("LastName", user.LastName),
_dbCommandFactory.CreateParameter("LastWrongPasswordAttemptDateTime", user.LastWrongPasswordAttemptDateTime),
_dbCommandFactory.CreateParameter("MobileNumber", user.MobileNumber),
_dbCommandFactory.CreateParameter("Password", user.EncryptedPassword),
_dbCommandFactory.CreateParameter("WrongPasswordAttempt", user.WrongPasswordAttempt)
);
_dbCommandExecutionService.ExecuteCommand(command);
}
private void SendTestEmail()
{
string subject = Resources.GalleryServer.Admin_Gallery_Settings_Test_Email_Subject;
string body = Resources.GalleryServer.Admin_Gallery_Settings_Test_Email_Body;
string msgResult = String.Empty;
bool emailSent = false;
MessageStyle msgStyle;
IUserAccount user = UserController.GetUser();
if (HelperFunctions.IsValidEmail(user.Email))
{
try
{
EmailController.SendEmail(user, subject, body);
emailSent = true;
}
catch (Exception ex)
{
string errorMsg = EventController.GetExceptionDetails(ex);
msgResult = String.Format(CultureInfo.CurrentCulture, Resources.GalleryServer.Admin_Gallery_Settings_Test_Email_Failure_Text, errorMsg);
}
}
else
{
msgResult = String.Format(CultureInfo.CurrentCulture, Resources.GalleryServer.Admin_Gallery_Settings_Test_Email_Invalid_Text, user.UserName);
}
if (emailSent)
{
msgStyle = MessageStyle.Success;
msgResult = String.Format(CultureInfo.CurrentCulture, Resources.GalleryServer.Admin_Gallery_Settings_Test_Email_Success_Text, user.UserName, user.Email);
}
else
{
msgStyle = MessageStyle.Error;
}
ClientMessage = new ClientMessageOptions
{
Title = "Send Test E-mail",
Message = msgResult,
Style = msgStyle
};
}
/// <summary>
/// Gets an entity from the <see cref="IUserAccount" />.
/// </summary>
public static UserAccountEntity FromDto(IUserAccount dto)
{
Guard.NotNull(() => dto, dto);
return(new UserAccountEntity
{
Id = EntityHelper.SerializeForStorage(dto.Id),
Forenames = EntityHelper.SerializeForStorage(dto.Forenames),
Surname = EntityHelper.SerializeForStorage(dto.Surname),
Email = EntityHelper.SerializeForStorage(dto.Email),
Username = EntityHelper.SerializeForStorage(dto.Username),
PasswordHash = EntityHelper.SerializeForStorage(dto.PasswordHash),
Roles = EntityHelper.SerializeForStorage(dto.Roles),
MobilePhone = EntityHelper.SerializeForStorage(dto.MobilePhone),
Address = EntityHelper.SerializeForStorage(dto.Address),
IsRegistered = EntityHelper.SerializeForStorage(dto.IsRegistered),
});
}
/// <summary>
/// Deletes the <paramref name="account"/> from the store. The account must exist in the store
/// or it will throw.
/// </summary>
/// <param name="account">The account to delete.</param>
/// <returns>True if the current account was deleted, false otherwise.</returns>
public void DeleteAccount(IUserAccount account)
{
string accountFilePath = GetUserAccountPath(account.AccountName);
if (accountFilePath == null)
{
throw new InvalidOperationException($"Unknown account name: {account.AccountName}");
}
File.Delete(accountFilePath);
bool isCurrentAccount = account.AccountName == CurrentAccount?.AccountName;
_cachedCredentials = LoadAccounts();
if (isCurrentAccount)
{
ResetCredentials(null, null);
}
}
public static void Initialization(IUserAccount user, CancellationTokenSource cToken,
IUserInteractor GUI)
{
if (!isInitialized)
{
userAccount = user;
token = cToken;
mainWindowGUI = GUI;
lock (myLock)
{
instance = new Server();
}
isInitialized = true;
}
}
/// <summary>
/// Gets the email template. Replacement parameters in the template are replaced with their appropriate values. The data
/// in the template can be used to construct an e-mail.
/// </summary>
/// <param name="template">The template to retrieve.</param>
/// <param name="user">The user associated with the template.</param>
/// <returns>Returns an e-mail template.</returns>
public static EmailTemplate GetEmailTemplate(EmailTemplateForm template, IUserAccount user)
{
EmailTemplate emailTemplate = new EmailTemplate();
emailTemplate.EmailTemplateId = template;
string filePath = Utils.GetPath(String.Format(CultureInfo.InvariantCulture, "/templates/{0}.txt", template));
// Step 1: Get subject and body from text file and assign to fields.
using (StreamReader sr = File.OpenText(filePath))
{
while (sr.Peek() >= 0)
{
string lineText = sr.ReadLine().Trim();
if (lineText == "[Subject]")
emailTemplate.Subject = sr.ReadLine();
if (lineText == "[Body]")
emailTemplate.Body = sr.ReadToEnd();
}
}
// Step 2: Update replacement parameters with real values.
emailTemplate.Body = emailTemplate.Body.Replace("{CurrentPageUrlFull}", Utils.GetCurrentPageUrlFull());
string userName = (user != null ? user.UserName : String.Empty);
string email = (user != null ? user.Email : String.Empty);
emailTemplate.Body = emailTemplate.Body.Replace("{UserName}", userName);
emailTemplate.Body = emailTemplate.Body.Replace("{Email}", String.IsNullOrEmpty(email) ? Resources.GalleryServerPro.Email_Template_No_Email_For_User_Replacement_Text : email);
if (emailTemplate.Body.Contains("{VerificationUrl}"))
emailTemplate.Body = emailTemplate.Body.Replace("{VerificationUrl}", GenerateVerificationLink(userName));
if (emailTemplate.Body.Contains("{Password}"))
emailTemplate.Body = emailTemplate.Body.Replace("{Password}", UserController.GetPassword(userName));
if (emailTemplate.Body.Contains("{ManageUserUrl}"))
emailTemplate.Body = emailTemplate.Body.Replace("{ManageUserUrl}", GenerateManageUserLink(userName));
return emailTemplate;
}
private void SetAuditProperties(AbstractPreDatabaseOperationEvent @event, IEntityPersister persister,
object[] state, IUserAccount auditUser, DateTime auditDate)
{
foreach (var propertyPair in _auditProperties) {
if (propertyPair.Key.Contains(ModelConstants.UPDATEDBY)) {
propertyPair.Value.SetValue(@event.Entity, auditUser, null);
Set(persister, state, propertyPair.Key, auditUser);
}
if (propertyPair.Key.Contains(ModelConstants.UPDATEDON)) {
propertyPair.Value.SetValue(@event.Entity, auditDate, null);
Set(persister, state, propertyPair.Key, auditDate);
}
if (propertyPair.Key.Contains(ModelConstants.CREATEDBY)) {
var currentValue = (IUserAccount)propertyPair.Value.GetValue(@event.Entity, null);
if(currentValue == null) {
propertyPair.Value.SetValue(@event.Entity, auditUser, null);
Set(persister, state, propertyPair.Key, auditUser);
}
else {
propertyPair.Value.SetValue(@event.Entity, currentValue, null);
Set(persister, state, propertyPair.Key, currentValue);
}
}
if (propertyPair.Key.Contains(ModelConstants.CREATEDON)) {
var currentValue = (DateTime?)propertyPair.Value.GetValue(@event.Entity, null);
if(currentValue == null ||
!((DateTime)currentValue).IsBetween(DateTime.Parse("1/1/1900"), DateTime.Parse("1/1/3000"))) {
propertyPair.Value.SetValue(@event.Entity, auditDate, null);
Set(persister, state, propertyPair.Key, auditDate);
}
else {
propertyPair.Value.SetValue(@event.Entity, currentValue, null);
Set(persister, state, propertyPair.Key, currentValue);
}
}
}
}
/// <summary>
/// Updates information about a user in the data source.
/// </summary>
/// <param name="user">A <see cref="IUserAccount"/> object that represents the user to update and the updated information for the user.</param>
private static void UpdateUser(IUserAccount user)
{
if (UserHasBeenModified(user))
{
MembershipGsp.UpdateUser(ToMembershipUser(user));
}
}
private static MembershipUser ToMembershipUser(IUserAccount u)
{
if (String.IsNullOrEmpty(u.UserName))
{
throw new ArgumentException("IUserAccount.UserName cannot be empty.");
}
MembershipUser user = MembershipGsp.GetUser(u.UserName, false);
user.Comment = u.Comment;
user.Email = u.Email;
user.IsApproved = u.IsApproved;
return user;
}
/// <summary>
/// Sends an e-mail based on the <paramref name="templateForm"/> to the specified <paramref name="user"/>.
/// No action is taken if the user's e-mail is null or empty. The e-mail is sent on a
/// background thread, so if an error occurs on that thread no exception bubbles to the caller (the error, however, is
/// recorded in the error log).
/// </summary>
/// <param name="user">The user to receive the e-mail.</param>
/// <param name="templateForm">The template form specifying the type of e-mail to send.</param>
public static void SendNotificationEmail(IUserAccount user, EmailTemplateForm templateForm)
{
SendNotificationEmail(user.UserName, user.Email, templateForm, true);
}
/// <summary>
/// Persist the <paramref name="user"/> to the data store, including associating the specified roles with the user. The user is
/// automatically removed from any other roles they may be a member of. Prior to saving, validation is performed and a
/// <see cref="GallerySecurityException"/> is thrown if a business rule would be violated.
/// </summary>
/// <param name="user">The user to save.</param>
/// <param name="roles">The roles to associate with the user.</param>
/// <exception cref="GallerySecurityException">Thrown when the user cannot be saved because doing so would violate a business rule.</exception>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="user" /> is null.</exception>
/// <exception cref="InvalidUserException">Thrown when the e-mail address is not valid.</exception>
public static void SaveUser(IUserAccount user, string[] roles)
{
if (user == null)
throw new ArgumentNullException("user");
if (roles == null)
throw new ArgumentNullException("roles");
ValidateSaveUser(user, roles);
UserController.UpdateUser(user);
var rolesForUser = RoleController.GetRolesForUser(user.UserName);
var rolesToAdd = roles.Where(r => !rolesForUser.Contains(r)).ToArray();
var rolesToRemove = rolesForUser.Where(r => !roles.Contains(r)).ToArray();
RoleController.AddUserToRoles(user.UserName, rolesToAdd);
RoleController.RemoveUserFromRoles(user.UserName, rolesToRemove);
var addingOrDeletingRoles = ((rolesToAdd.Length > 0) || (rolesToRemove.Length > 0));
if (addingOrDeletingRoles)
{
HelperFunctions.RemoveCache(CacheItem.GalleryServerRoles);
}
}
public IEmployee Logon(int password)
{
var employee = Facade.Logon(password);
_userAccount = employee.UserAccount;
return employee;
}
private async Task<object> AuthenticateUser(IClientContext context, IUserAccount user, string sessionSalt,
IAuthenticate authenticateRequest)
{
object response;
if (user.IsLocked)
response = _authenticationMessageFactory.CreateAuthenticationResult(AuthenticateReplyState.Locked, null);
else
{
var serverHash = _passwordHasher.HashPassword(user.HashedPassword, sessionSalt);
if (_passwordHasher.Compare(serverHash, authenticateRequest.AuthenticationToken))
{
context.ChannelData["Principal"] = await PrincipalFactory.CreatePrincipalAsync(user);
var proof = _passwordHasher.HashPassword(user.HashedPassword, authenticateRequest.ClientSalt);
response = _authenticationMessageFactory.CreateAuthenticationResult(AuthenticateReplyState.Success,
proof);
}
else
response =
_authenticationMessageFactory.CreateAuthenticationResult(AuthenticateReplyState.IncorrectLogin,
null);
}
return response;
}
/// <summary>
/// Sends an e-mail based on the <paramref name="templateForm"/> to the specified <paramref name="user"/>.
/// No action is taken if the user's e-mail is null or empty. The e-mail is sent on a
/// background thread, so if an error occurs on that thread no exception bubbles to the caller (the error, however, is
/// recorded in the error log). If <paramref name="sendOnBackgroundThread"/> is true, the e-mail is sent on a background
/// thread and the function returns immediately. An exception is thrown if an error occurs while sending the e-mail,
/// unless <paramref name="sendOnBackgroundThread"/> is true, in which case the error is logged but the exception does
/// not propagate back to the UI thread.
/// </summary>
/// <param name="user">The user to receive the e-mail.</param>
/// <param name="templateForm">The template form specifying the type of e-mail to send.</param>
/// <param name="galleryId">The gallery ID containing the e-mail configuration settings to use.</param>
/// <param name="sendOnBackgroundThread">If set to <c>true</c> send e-mail on a background thread. This causes any errors
/// to be silently handled by the error logging system, so if it is important for any errors to propogate to the UI,
/// such as when testing the e-mail function in the Site Administration area, set to <c>false</c>.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="user" /> is null.</exception>
public static void SendNotificationEmail(IUserAccount user, EmailTemplateForm templateForm, int galleryId, bool sendOnBackgroundThread)
{
if (user == null)
throw new ArgumentNullException("user");
if (String.IsNullOrEmpty(user.Email))
return;
EmailTemplate emailTemplate = GetEmailTemplate(templateForm, user);
MailAddress emailRecipient = new MailAddress(user.Email, user.UserName);
SendEmail(emailRecipient, emailTemplate.Subject, emailTemplate.Body, galleryId, sendOnBackgroundThread);
}
/// <summary>
/// Sends an e-mail containing details about the <paramref name="appError" /> to the specified <paramref name="user" />. Returns
/// <c>true</c> if the e-mail is successfully sent.
/// </summary>
/// <param name="appError">The application error to be sent to users.</param>
/// <param name="user">The user to send the e-mail to.</param>
/// <param name="gallerySettings">The gallery settings containing the e-mail configuration data.</param>
/// <param name="emailSender">The account that that will appear in the "From" portion of the e-mail.</param>
/// <returns>Returns <c>true</c> if the e-mail is successfully sent; otherwise <c>false</c>.</returns>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="appError" />, <paramref name="user" />,
/// <paramref name="gallerySettings" />, or <paramref name="emailSender" /> is null.</exception>
private static bool SendMail(IAppError appError, IUserAccount user, IGallerySettings gallerySettings, MailAddress emailSender)
{
#region Validation
if (appError == null)
throw new ArgumentNullException("appError");
if (user == null)
throw new ArgumentNullException("user");
if (gallerySettings == null)
throw new ArgumentNullException("gallerySettings");
if (emailSender == null)
throw new ArgumentNullException("emailSender");
#endregion
bool emailWasSent = false;
if (!IsValidEmail(user.Email))
{
return false;
}
MailAddress emailRecipient = new MailAddress(user.Email, user.UserName);
try
{
using (MailMessage mail = new MailMessage(emailSender, emailRecipient))
{
if (String.IsNullOrEmpty(appError.ExceptionType))
mail.Subject = Resources.Email_Subject_When_No_Ex_Type_Present;
else
mail.Subject = String.Concat(Resources.Email_Subject_Prefix_When_Ex_Type_Present, " ", appError.ExceptionType);
mail.Body = appError.ToHtmlPage();
mail.IsBodyHtml = true;
using (SmtpClient smtpClient = new SmtpClient())
{
smtpClient.EnableSsl = gallerySettings.SendEmailUsingSsl;
// Specify SMTP server if it is specified. The server might have been assigned via web.config,
// so only update this if we have a config setting.
if (!String.IsNullOrEmpty(gallerySettings.SmtpServer))
{
smtpClient.Host = gallerySettings.SmtpServer;
}
// Specify port number if it is specified and it's not the default value of 25. The port
// might have been assigned via web.config, so only update this if we have a config setting.
int smtpServerPort;
if (!Int32.TryParse(gallerySettings.SmtpServerPort, out smtpServerPort))
smtpServerPort = int.MinValue;
if ((smtpServerPort > 0) && (smtpServerPort != 25))
{
smtpClient.Port = smtpServerPort;
}
smtpClient.Send(mail);
}
emailWasSent = true;
}
}
catch (Exception ex2)
{
string errorMsg = String.Concat(ex2.GetType(), ": ", ex2.Message);
if (ex2.InnerException != null)
errorMsg += String.Concat(" ", ex2.InnerException.GetType(), ": ", ex2.InnerException.Message);
appError.ExceptionData.Add(new KeyValuePair<string, string>(Resources.Cannot_Send_Email_Lbl, errorMsg));
}
return emailWasSent;
}
/// <summary>
/// Get all roles that the specified user is a member of
/// </summary>
/// <param name="account">Account previously fetched using <see cref="IUserFetcher.FindUserAsync" />.</param>
/// <returns>An array of roles (or an empty array if roles are not used)</returns>
/// <exception cref="ArgumentException">user is not found</exception>
/// <exception cref="ArgumentNullException">User was not supplied</exception>
public Task<string[]> GetRolesAsync(IUserAccount account)
{
return Task.FromResult(new string[0]);
}
/// <summary>
/// Sends an e-mail based on the <paramref name="templateForm"/> to the specified <paramref name="user"/>.
/// No action is taken if the user's e-mail is null or empty. The e-mail is sent on a
/// background thread, so if an error occurs on that thread no exception bubbles to the caller (the error, however, is
/// recorded in the error log).
/// </summary>
/// <param name="user">The user to receive the e-mail.</param>
/// <param name="templateForm">The template form specifying the type of e-mail to send.</param>
/// <param name="galleryId">The gallery ID.</param>
public static void SendNotificationEmail(IUserAccount user, EmailTemplateForm templateForm, int galleryId)
{
SendNotificationEmail(user, templateForm, galleryId, true);
}
/// <overloads>
/// Persist the user to the data store.
/// </overloads>
/// <summary>
/// Persist the <paramref name="userToSave" /> to the data store.
/// </summary>
/// <param name="userToSave">The user to save.</param>
public static void SaveUser(IUserAccount userToSave)
{
UserController.UpdateUser(userToSave);
}
/// <summary>
/// Persist the <paramref name="userToSave"/> to the data store, including adding or removing the specified roles.
/// Prior to saving, validation is performed and a <see cref="GallerySecurityException"/> is thrown if a business rule
/// would be violated.
/// </summary>
/// <param name="userToSave">The user to save.</param>
/// <param name="rolesToAdd">The roles to associate with the user. The roles should not already be associated with the
/// user, although no harm is done if they do.</param>
/// <param name="rolesToRemove">The roles to remove from the user.</param>
/// <param name="galleryId">The ID of the current gallery.</param>
/// <exception cref="GallerySecurityException">Thrown when the user cannot be saved because doing so would violate a business rule.</exception>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="userToSave" /> is null.</exception>
public static void SaveUser(IUserAccount userToSave, string[] rolesToAdd, string[] rolesToRemove, int galleryId)
{
if (userToSave == null)
throw new ArgumentNullException("userToSave");
ValidateSaveUser(userToSave, rolesToAdd, rolesToRemove, galleryId);
UserController.UpdateUser(userToSave);
RoleController.AddUserToRoles(userToSave.UserName, rolesToAdd);
RoleController.RemoveUserFromRoles(userToSave.UserName, rolesToRemove);
bool addingOrDeletingRoles = ((rolesToAdd != null) && (rolesToAdd.Length > 0) || (rolesToRemove != null) && (rolesToRemove.Length > 0));
if (addingOrDeletingRoles)
{
HelperFunctions.RemoveCache(CacheItem.GalleryServerRoles);
}
}
/// <summary>
/// Validates the logged on user has permission to save the specified <paramref name="userToSave"/> and add/remove the user
/// to/from the specified <paramref name="rolesToAdd"/> and <paramref name="rolesToRemove" />. Throw a
/// <see cref="GallerySecurityException"/> if user is not authorized.
/// This method assumes the logged on user is a site administrator or gallery administrator but does not verify it.
/// </summary>
/// <param name="userToSave">The user to save. The only property that must be specified is <see cref="IUserAccount.UserName" />.</param>
/// <param name="rolesToAdd">The roles to be associated with the user. The roles should not already be assigned to the
/// user, although no harm is done if they are.</param>
/// <param name="rolesToRemove">The roles to remove from user.</param>
/// <exception cref="GallerySecurityException">Thrown when the user cannot be saved because doing so would violate a business rule.</exception>
public static void ValidateLoggedOnUserHasPermissionToSaveUser(IUserAccount userToSave, string[] rolesToAdd, string[] rolesToRemove)
{
#region Parameter validation
if (rolesToAdd == null)
rolesToAdd = new string[] { };
if (rolesToRemove == null)
rolesToRemove = new string[] { };
#endregion
// Enforces the following rules:
// 1. A user with site administration permission has no restrictions. Subsequent rules do not apply.
// 2. Gallery admin is not allowed to add admin site permission to any user or update any user that has site admin permission.
// 3. Gallery admin cannot add or remove a user to/from a role associated with other galleries, UNLESS he is also a gallery admin
// to those galleries.
// 4. NOT ENFORCED: If user to be updated is a member of roles that apply to other galleries, Gallery admin must be a gallery admin
// in every one of those galleries. Not enforced because this is considered acceptable behavior.
if (Utils.IsCurrentUserSiteAdministrator())
return;
VerifyGalleryAdminIsNotUpdatingUserWithAdminSitePermission(userToSave, rolesToAdd);
VerifyGalleryAdminCanAddOrRemoveRolesForUser(rolesToAdd, rolesToRemove);
#region RULE 4 (Not enforced)
// RULE 4: Gallery admin can update user only when he is a gallery admin in every gallery the user to be updated is a member of.
//// Step 1: Get a list of galleries the user to be updated is associated with.
//IGalleryCollection userGalleries = new GalleryCollection();
//foreach (IGalleryServerRole role in RoleController.GetGalleryServerRolesForUser(userToSave.UserName))
//{
// foreach (IGallery gallery in role.Galleries)
// {
// if (!userGalleries.Contains(gallery))
// {
// userGalleries.Add(gallery);
// }
// }
//}
//// Step 2: Validate that the current user is a gallery admin for every gallery the user to be updated is a member of.
//foreach (IGallery userGallery in userGalleries)
//{
// if (!adminGalleries.Contains(userGallery))
// {
// throw new GallerySecurityException("You are attempting to save changes to a user that affects multiple galleries, including at least one gallery you do not have permission to administer. To edit this user, you must be a gallery administrator in every gallery this user is a member of.");
// }
//}
#endregion
}
/// <summary>
/// Send an e-mail to the user associated with the new account. This will be a verification e-mail if e-mail verification
/// is enabled; otherwise it is a welcome message. The calling method should ensure that the <paramref name="user"/>
/// has a valid e-mail configured before invoking this function.
/// </summary>
/// <param name="user">An instance of <see cref="IUserAccount"/> that represents the newly created account.</param>
/// <param name="galleryId">The gallery ID. This specifies which gallery to use to look up configuration settings.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="user" /> is null.</exception>
private static void NotifyUserOfNewlyCreatedAccount(IUserAccount user, int galleryId)
{
if (user == null)
throw new ArgumentNullException("user");
IGallerySettings gallerySetting = Factory.LoadGallerySetting(galleryId);
bool enableEmailVerification = gallerySetting.RequireEmailValidationForSelfRegisteredUser;
bool requireAdminApproval = gallerySetting.RequireApprovalForSelfRegisteredUser;
if (enableEmailVerification)
{
EmailController.SendNotificationEmail(user, EmailTemplateForm.UserNotificationAccountCreatedNeedsVerification, galleryId);
}
else if (requireAdminApproval)
{
EmailController.SendNotificationEmail(user, EmailTemplateForm.UserNotificationAccountCreatedNeedsApproval, galleryId);
}
else
{
EmailController.SendNotificationEmail(user, EmailTemplateForm.UserNotificationAccountCreated, galleryId);
}
}
/// <summary>
/// Populates the properties of <paramref name="userToLoad" /> with information about the user. Requires that the
/// <see cref="IUserAccount.UserName" /> property of the <paramref name="userToLoad" /> parameter be assigned a value.
/// If no user with the specified username exists, no action is taken.
/// </summary>
/// <param name="userToLoad">The user account whose properties should be populated.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="userToLoad" /> is null.</exception>
public static void LoadUser(IUserAccount userToLoad)
{
if (userToLoad == null)
throw new ArgumentNullException("userToLoad");
if (String.IsNullOrEmpty(userToLoad.UserName))
{
throw new ArgumentException("The UserName property of the userToLoad parameter must have a valid value. Instead, it was null or empty.");
}
IUserAccount user = GetUser(userToLoad.UserName, false);
if (user != null)
{
user.CopyTo(userToLoad);
}
}
/// <summary>
/// Send an e-mail to the users that are subscribed to new account notifications. These are specified in the
/// <see cref="IGallerySettings.UsersToNotifyWhenAccountIsCreated" /> configuration setting. If
/// <see cref="IGallerySettings.RequireEmailValidationForSelfRegisteredUser" /> is enabled, do not send an e-mail at this time.
/// Instead, it is sent when the user clicks the confirmation link in the e-mail.
/// </summary>
/// <param name="user">An instance of <see cref="IUserAccount"/> that represents the newly created account.</param>
/// <param name="isSelfRegistration">Indicates when the user is creating his or her own account. Set to false when an
/// administrator creates an account.</param>
/// <param name="isEmailVerified">If set to <c>true</c> the e-mail has been verified to be a valid, active e-mail address.</param>
/// <param name="galleryId">The gallery ID storing the e-mail configuration information and the list of users to notify.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="user" /> is null.</exception>
private static void NotifyAdminsOfNewlyCreatedAccount(IUserAccount user, bool isSelfRegistration, bool isEmailVerified, int galleryId)
{
if (user == null)
throw new ArgumentNullException("user");
IGallerySettings gallerySettings = Factory.LoadGallerySetting(galleryId);
if (isSelfRegistration && !isEmailVerified && gallerySettings.RequireEmailValidationForSelfRegisteredUser)
{
return;
}
EmailTemplate emailTemplate;
if (isSelfRegistration && gallerySettings.RequireApprovalForSelfRegisteredUser)
{
emailTemplate = EmailController.GetEmailTemplate(EmailTemplateForm.AdminNotificationAccountCreatedRequiresApproval, user);
}
else
{
emailTemplate = EmailController.GetEmailTemplate(EmailTemplateForm.AdminNotificationAccountCreated, user);
}
foreach (IUserAccount userToNotify in gallerySettings.UsersToNotifyWhenAccountIsCreated)
{
if (!String.IsNullOrEmpty(userToNotify.Email))
{
MailAddress admin = new MailAddress(userToNotify.Email, userToNotify.UserName);
try
{
EmailController.SendEmail(admin, emailTemplate.Subject, emailTemplate.Body, galleryId);
}
catch (WebException ex)
{
AppErrorController.LogError(ex);
}
catch (SmtpException ex)
{
AppErrorController.LogError(ex);
}
}
}
}
/// <summary>
/// Verifies that the specified <paramref name="userToSave" /> is not a site administrator or is being added to a site administrator
/// role. Calling methods should invoke this function ONLY when the current user is a gallery administrator.
/// </summary>
/// <param name="userToSave">The user to save. The only property that must be specified is <see cref="IUserAccount.UserName" />.</param>
/// <param name="rolesToAdd">The roles to be associated with the user. Must not be null. The roles should not already be assigned to the
/// user, although no harm is done if they are.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="userToSave" /> or <paramref name="rolesToAdd" /> is null.</exception>
private static void VerifyGalleryAdminIsNotUpdatingUserWithAdminSitePermission(IUserAccount userToSave, IEnumerable<string> rolesToAdd)
{
if (userToSave == null)
throw new ArgumentNullException("userToSave");
if (rolesToAdd == null)
throw new ArgumentNullException("rolesToAdd");
IGalleryServerRoleCollection rolesAssignedOrBeingAssignedToUser = RoleController.GetGalleryServerRolesForUser(userToSave.UserName).Copy();
foreach (string roleToAdd in rolesToAdd)
{
if (rolesAssignedOrBeingAssignedToUser.GetRole(roleToAdd) == null)
{
IGalleryServerRole role = Factory.LoadGalleryServerRole(roleToAdd);
if (role != null)
{
rolesAssignedOrBeingAssignedToUser.Add(role);
}
}
}
foreach (IGalleryServerRole role in rolesAssignedOrBeingAssignedToUser)
{
if (role.AllowAdministerSite)
{
throw new GallerySecurityException("You must be a site administrator to add a user to a role with Administer site permission or update an existing user who has Administer site permission. Sadly, you are just a gallery administrator.");
}
}
}
private void ReportSuccess(IUserAccount user)
{
string title = Resources.GalleryServerPro.CreateAccount_Success_Header_Text;
string detailPendingNotification = String.Concat("<p>", Resources.GalleryServerPro.CreateAccount_Success_Detail1_Text, "</p>");
detailPendingNotification += String.Concat(@"<p>", String.Format(CultureInfo.CurrentCulture, Resources.GalleryServerPro.CreateAccount_Success_Pending_Notification_Detail2_Text, user.Email), "</p>");
detailPendingNotification += String.Concat(@"<p>", Resources.GalleryServerPro.CreateAccount_Success_Pending_Notification_Detail3_Text, "</p>");
string detailPendingApproval = String.Concat("<p>", Resources.GalleryServerPro.CreateAccount_Success_Detail1_Text, "</p>");
detailPendingApproval += String.Concat(@"<p>", String.Format(CultureInfo.CurrentCulture, Resources.GalleryServerPro.CreateAccount_Success_Pending_Approval_Detail2_Text), "</p>");
detailPendingApproval += String.Concat(@"<p>", Resources.GalleryServerPro.CreateAccount_Success_Pending_Approval_Detail3_Text, "</p>");
string detailActivated = String.Format(CultureInfo.InvariantCulture, @"<p>{0}</p><p><a href=""{1}"">{2}</a></p>",
Resources.GalleryServerPro.CreateAccount_Success_Detail1_Text,
Utils.GetCurrentPageUrl(),
Resources.GalleryServerPro.CreateAccount_Gallery_Link_Text);
if (EnableEmailVerification)
{
DisplaySuccessMessage(title, detailPendingNotification);
}
else if (RequireAdminApproval)
{
DisplaySuccessMessage(title, detailPendingApproval);
}
else
{
UserController.LogOnUser(user.UserName, GalleryId);
if (EnableUserAlbum && (UserController.GetUserAlbumId(user.UserName, GalleryId) > int.MinValue))
{
detailActivated += String.Format(CultureInfo.InvariantCulture, @"<p><a href=""{0}"">{1}</a></p>",
Utils.GetUrl(PageId.album, "aid={0}", UserController.GetUserAlbumId(user.UserName, GalleryId)),
Resources.GalleryServerPro.CreateAccount_User_Album_Link_Text);
}
DisplaySuccessMessage(title, detailActivated);
}
pnlCreateUser.Visible = false;
}
/// <summary>
/// Validates the user can save his own account. Throws a <see cref="GallerySecurityException" /> when the action is not allowed.
/// </summary>
/// <param name="userToSave">The user to save.</param>
/// <param name="rolesToRemoveFromUser">The roles to remove from user.</param>
/// <exception cref="GallerySecurityException">Thrown when the user cannot be saved because doing so would violate a business rule.</exception>
private static void ValidateUserCanSaveOwnAccount(IUserAccount userToSave, string[] rolesToRemoveFromUser)
{
// This function should be called only when the logged on person is updating their own account. They are not allowed to
// revoke approval and they must remain in at least one role that has Administer Site or Administer Gallery permission.
if (!userToSave.IsApproved)
{
throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Users_Cannot_Revoke_Approval_Msg);
}
bool rolesAreBeingRemovedFromAccount = ((rolesToRemoveFromUser != null) && (rolesToRemoveFromUser.Length > 0));
if (rolesAreBeingRemovedFromAccount)
{
bool hasAdminPermission = false;
foreach (IGalleryServerRole galleryRole in RoleController.GetGalleryServerRolesForUser(userToSave.UserName))
{
if (Array.IndexOf<string>(rolesToRemoveFromUser, galleryRole.RoleName) < 0)
{
// This is a role the user is in that is NOT being removed.
if (galleryRole.AllowAdministerSite || galleryRole.AllowAdministerGallery)
{
hasAdminPermission = true;
break;
}
}
}
if (!hasAdminPermission)
{
throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Users_Cannot_Save_User_Msg);
}
}
}
/// <summary>
/// Create a principal
/// </summary>
/// <param name="account">Account which have been authenticated</param>
/// <returns>Principal</returns>
/// <exception cref="InvalidOperationException">Failed to create principal using the specified account</exception>
/// <exception cref="ArgumentNullException">account</exception>
public async Task<IPrincipal> CreatePrincipalAsync(IUserAccount account)
{
if (account == null) throw new ArgumentNullException("account");
var roles = await _fetcher.GetRolesAsync(account);
return new GenericPrincipal(new GenericIdentity(account.UserName, "ThreeWay"), roles);
}
/// <summary>
/// Make sure the loggod-on person has authority to save the user info and that h/she isn't doing anything stupid,
/// like removing admin permission from his or her own account. Throws a <see cref="GallerySecurityException"/> when
/// the action is not allowed.
/// </summary>
/// <param name="userToSave">The user to save.</param>
/// <param name="rolesToAdd">The roles to associate with the user. The roles should not already be associated with the
/// user, although no harm is done if they do.</param>
/// <param name="rolesToRemoveFromUser">The roles to remove from user.</param>
/// <param name="galleryId">The gallery ID.</param>
/// <exception cref="GallerySecurityException">Thrown when the user cannot be saved because doing so would violate a business rule.</exception>
private static void ValidateSaveUser(IUserAccount userToSave, string[] rolesToAdd, string[] rolesToRemoveFromUser, int galleryId)
{
if (!Utils.IsCurrentUserSiteAdministrator() && !Utils.IsCurrentUserGalleryAdministrator(galleryId))
{
throw new GallerySecurityException("You must be a gallery or site administrator to save changes to this user.");
}
if (userToSave.UserName.Equals(Utils.UserName, StringComparison.OrdinalIgnoreCase))
{
ValidateUserCanSaveOwnAccount(userToSave, rolesToRemoveFromUser);
}
ValidateLoggedOnUserHasPermissionToSaveUser(userToSave, rolesToAdd, rolesToRemoveFromUser);
}
/// <overloads>
/// Gets the email template.
/// </overloads>
/// <summary>
/// Gets the email template. Replacement parameters in the template are replaced with their appropriate values. The data
/// in the template can be used to construct an e-mail.
/// </summary>
/// <param name="template">The template to retrieve.</param>
/// <param name="user">The user associated with the template.</param>
/// <returns>Returns an e-mail template.</returns>
public static EmailTemplate GetEmailTemplate(EmailTemplateForm template, IUserAccount user)
{
return GetEmailTemplate(template, user.UserName, user.Email);
}
/// <summary>
/// Gets a value indicating whether the <paramref name="userToSave" /> is different than the one stored in the
/// membership provider.
/// </summary>
/// <param name="userToSave">The user to persist to the membership provider.</param>
/// <returns>A bool indicating whether the <paramref name="userToSave" /> is different than the one stored in the
/// membership provider.</returns>
private static bool UserHasBeenModified(IUserAccount userToSave)
{
MembershipUser user = MembershipGsp.GetUser(userToSave.UserName, false);
if (user == null)
return true;
bool commentEqual = ((String.IsNullOrEmpty(userToSave.Comment) && String.IsNullOrEmpty(user.Comment)) || userToSave.Comment == user.Comment);
bool emailEqual = ((String.IsNullOrEmpty(userToSave.Email) && String.IsNullOrEmpty(user.Email)) || userToSave.Email == user.Email);
bool isApprovedEqual = (userToSave.IsApproved == user.IsApproved);
return (!(commentEqual && emailEqual && isApprovedEqual));
}
/// <summary>
/// Tries to log in an account.
/// </summary>
/// <param name="socket">The socket used to communicate with the client.</param>
/// <param name="name">The name of the account.</param>
/// <param name="password">The account password.</param>
/// <param name="userAccount">When this method returns <see cref="AccountLoginResult.Successful"/>,
/// contains the <see cref="IUserAccount"/> that was logged in to. Otherwise, this value will be null.</param>
/// <returns>If <see cref="AccountLoginResult.Successful"/>, the login was successful. Otherwise, contains
/// the reason why the login failed.</returns>
public AccountLoginResult Login(IIPSocket socket, string name, string password, out IUserAccount userAccount)
{
// Try to load the account data
var accountTable = DbController.GetQuery<SelectAccountQuery>().TryExecute(name);
if (accountTable == null)
{
userAccount = null;
return AccountLoginResult.InvalidName;
}
// Check the password
var encodedPass = EncodePassword(password);
if (!StringComparer.OrdinalIgnoreCase.Equals(encodedPass, accountTable.Password))
{
userAccount = null;
return AccountLoginResult.InvalidPassword;
}
// Check if the account is already logged in to
if (accountTable.CurrentIp.HasValue)
{
if (ServerSettings.Default.AccountDropExistingConnectionWhenInUse)
{
// Kick existing user so the new connection can enter the account
UserAccount existingAccount;
lock (_accountsSync)
{
if (!_accounts.TryGetValue(name, out existingAccount))
existingAccount = null;
}
if (existingAccount != null)
existingAccount.Dispose();
}
else
{
// Let the existing user stay connected and reject the new connection to the account
userAccount = null;
return AccountLoginResult.AccountInUse;
}
}
// Try to mark the account as in use
if (!DbController.GetQuery<TrySetAccountIPIfNullQuery>().Execute(accountTable.ID, socket.IP))
{
userAccount = null;
return AccountLoginResult.AccountInUse;
}
// Try to add the new account to the collection
lock (_accountsSync)
{
// If for some reason an account instance already exists, close it
UserAccount existingAccount;
if (_accounts.TryGetValue(name, out existingAccount))
{
const string errmsg = "UserAccount for `{0}` already existing in _accounts collection somehow.";
if (log.IsErrorEnabled)
log.ErrorFormat(errmsg, name);
Debug.Fail(string.Format(errmsg, name));
userAccount = null;
return AccountLoginResult.AccountInUse;
}
// Create the account instance
userAccount = new UserAccount(accountTable, socket, this);
// Add
_accounts.Add(name, (UserAccount)userAccount);
}
// Load the characters in this account
userAccount.LoadCharacterIDs();
// Record the login IP
DbController.GetQuery<InsertAccountIPQuery>().Execute(userAccount.ID, socket.IP);
return AccountLoginResult.Successful;
}
/// <summary>
/// Copies the current account information to the specified <paramref name="userAccount" />. The <paramref name="userAccount" />
/// must be able to be cast to an instance of <see cref="UserAccount" />. If not, an <see cref="ArgumentNullException" />
/// is thrown.
/// </summary>
/// <param name="userAccount">The user account to populate with information from the current instance.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="userAccount" /> is null.</exception>
/// <exception cref="ArgumentOutOfRangeException">Thrown when <paramref name="userAccount" /> cannot be cast to an instance of
/// <see cref="UserAccount" />.</exception>
public void CopyTo(IUserAccount userAccount)
{
if (userAccount == null)
throw new ArgumentNullException("userAccount");
try
{
CopyToInstance(userAccount as UserAccount);
}
catch (ArgumentNullException)
{
throw new ArgumentOutOfRangeException("userAccount", "The parameter 'userAccount' cannot be cast to an instance of UserAccount.");
}
}
