private void GoToSecurityProfile(string sShopID, string sEmpName)
{
errorLabel.Text = string.Empty;
string errorCode;
string errorMesg;
UserVO selectedEmployeeData;
try
{
if (SecurityProfileProcedures.GetUserSecurityProfile(sEmpName, sShopID, "", "Y", GlobalDataAccessor.Instance.DesktopSession, out selectedEmployeeData, out errorCode, out errorMesg))
{
GlobalDataAccessor.Instance.DesktopSession.SelectedUserProfile = selectedEmployeeData;
NavControlBox.IsCustom = true;
NavControlBox.CustomDetail = "EmployeeDetails";
NavControlBox.Action = NavBox.NavAction.BACKANDSUBMIT;
}
else
{
FileLogger.Instance.logMessage(LogLevel.ERROR, this, "Error in loading security profile for the selected employee " + errorCode + " " + errorMesg);
}
}
catch (Exception ex)
{
FileLogger.Instance.logMessage(LogLevel.ERROR, this, "Error in loading security profile for the selected employee " + ex.Message);
BasicExceptionHandler.Instance.AddException("Security profile could not be loaded for " + sEmpName, new ApplicationException());
}
}
/// <summary>
/// Function to to check if the user is authorized to override
/// </summary>
/// <param name="userName"></param>
/// <returns></returns>
private bool checkRole(string userName)
{
string errorCode;
string errorMesg;
//Get the security profile of the user whose credentials were entered in the override form
if (SecurityProfileProcedures.GetUserSecurityProfile(userName, GlobalDataAccessor.Instance.CurrentSiteId.StoreNumber, null, "N", GlobalDataAccessor.Instance.DesktopSession, out managerUserProfile, out errorCode, out errorMesg))
{
//check if the manager whose credentials were entered
//has modify access on the override resource
//return true if yes and false if not
if (SecurityProfileProcedures.CanUserModifyResource("OVERRIDE", managerUserProfile, GlobalDataAccessor.Instance.DesktopSession))
{
//If the override type is for new pawn loan override
//check that the overriding user's limits allow override
var managerLimit = 0.0m;
if (ManagerOverrideTypes[0] == ManagerOverrideType.NLO)
{
if (!(SecurityProfileProcedures.CanUserOverridePawnLoanLimit(managerUserProfile, _OverrideAmount[0], GlobalDataAccessor.Instance.DesktopSession, new BusinessRulesProcedures(GlobalDataAccessor.Instance.DesktopSession), out managerLimit)))
{
MessageBox.Show(@"The amount to override exceeds the amount you can override. Your override limit is " + managerLimit);
return(false);
}
}
if (ManagerOverrideTypes[0] == ManagerOverrideType.PURO)
{
if (!(SecurityProfileProcedures.CanUserOverrideBuyLimit(managerUserProfile, _OverrideAmount[0], out managerLimit)))
{
MessageBox.Show(@"The amount to override exceeds the amount you can override. Your override limit is " + managerLimit);
return(false);
}
}
return(true);
}
}
return(false);
}
public override void PerformAuthorization()
{
if (FileLogger.Instance.IsLogInfo)
{
FileLogger.Instance.logMessage(LogLevel.INFO, this, "Performing user authorization...");
}
LoggedInUserSecurityProfile = new UserVO();
this.userState = UserDesktopState.NOTLOGGEDIN;
//Ensure the LDAP is connected
if (PawnLDAPAccessor.Instance.State ==
PawnLDAPAccessor.LDAPState.DISCONNECTED)
{
string loginDN;
string pwdPolicyCN;
string searchDN;
string userIdKey;
string userPwd;
var conf = SecurityAccessor.Instance.EncryptConfig;
var ldapService =
conf.GetLDAPService(
out loginDN,
out searchDN,
out userIdKey,
out userPwd,
out pwdPolicyCN);//,
//out userName);
if (FileLogger.Instance.IsLogDebug)
{
FileLogger.Instance.logMessage(LogLevel.DEBUG, this, "- Connecting to LDAP server:{0}{1}",
System.Environment.NewLine, ldapService);
}
PawnLDAPAccessor.Instance.InitializeConnection(
conf.DecryptValue(ldapService.Server),
conf.DecryptValue(ldapService.Port),
loginDN,
userPwd,
pwdPolicyCN,
searchDN,
userIdKey);
}
var attemptCount = 1;
do
{
bool lockedOut;
bool needPasswordChange;
bool wantsPasswordChange;
var fullAuth = this.PerformLDAPAuthentication(
ref attemptCount,
out lockedOut,
out needPasswordChange,
out wantsPasswordChange);
if (FileLogger.Instance.IsLogInfo)
{
FileLogger.Instance.logMessage(
LogLevel.INFO, this,
"Authorization attempt: Count = {0}, IsLockedOut = {1}, NeedsPwdChange = {2}, WantsPwdChange = {3}",
attemptCount,
lockedOut,
needPasswordChange,
wantsPasswordChange);
}
var outVal = 0;
string errCode, errTxt;
if (!LoginCancel && fullAuth)
{
var retVal = ShopProcedures.ExecuteUpdateSelectUserInfoActivated(
username.ToLowerInvariant(), -1, out outVal, out errCode, out errTxt);
if (retVal == false || outVal == 0 ||
errCode != "0")
{
MessageBox.Show(
"The system has determined that you are not an active user. " +
"Please contact Shop System Support. " +
"The application will now exit.",
"Application Security",
MessageBoxButtons.OK,
MessageBoxIcon.Stop);
try
{
Application.Exit();
}
catch
{
throw new ApplicationException(
"Application has exited due to security violation");
}
finally
{
throw new ApplicationException(
"Application has exited due to security violation");
}
}
}
if (!LoginCancel &&
fullAuth == false)
{
if (lockedOut)
{
/*ShopProcedures.ExecuteUpdateSelectUserInfoActivated(
* username.ToLowerInvariant(), 0, out outVal, out errCode, out errTxt);*/
MessageBox.Show(
"The maximum number of attempted failed logins has been exceeded. " +
"The user account is now locked. " +
"Please contact Shop System Support. " +
"The application will now exit.",
"Application Security",
MessageBoxButtons.OK,
MessageBoxIcon.Stop);
try
{
Application.Exit();
}
catch
{
throw new ApplicationException(
"Application has exited due to security violation");
}
finally
{
throw new ApplicationException(
"Application has exited due to security violation");
}
}
if (needPasswordChange)
{
MessageBox.Show(
"Your password has expired. " +
"The application will now exit.",
"Application Security",
MessageBoxButtons.OK,
MessageBoxIcon.Exclamation);
try
{
Application.Exit();
}
catch
{
throw new ApplicationException(
"Application has exited due to an expired password");
}
finally
{
throw new ApplicationException(
"Application has exited due to an expired password");
}
}
}
if (!LoginCancel && fullAuth == false)
{
this.userState = UserDesktopState.NOTLOGGEDIN;
break;
}
else
{
break;
}
}while (this.userState != UserDesktopState.LOGGEDIN);
if (!LoginCancel && this.userState == UserDesktopState.LOGGEDIN)
{
if (FileLogger.Instance.IsLogInfo)
{
FileLogger.Instance.logMessage(LogLevel.INFO, this, "User {0} successfully authorized", FullUserName);
}
//Get role information
//The logged in user's security profile will be stored in LoggedInUserSecurityProfile object after the call
string errorCode;
string errorMesg;
if (!SecurityProfileProcedures.GetUserSecurityProfile(FullUserName, string.Empty,
GlobalDataAccessor.Instance.CurrentSiteId.StoreNumber, "N",
this, out errorCode, out errorMesg))
{
BasicExceptionHandler.Instance.AddException(
"Security Profile could not be loaded for the logged in user. Cannot Authorize",
new ApplicationException());
MessageBox.Show(
"User's security profile could not be loaded. Exiting the application");
Application.Exit();
}
else
{
if (FileLogger.Instance.IsLogInfo)
{
FileLogger.Instance.logMessage(LogLevel.INFO, this, "User {0} security profile retrieved", FullUserName);
}
//If the logged in user is not an auditor, display an error message and exit the application
if (!SecurityProfileProcedures.CanUserViewResource(
"AuditAppAccess", this.LoggedInUserSecurityProfile, this))
{
MessageBox.Show("You do not have sufficient security privileges to utilize this Audit application. Exiting the application");
Application.Exit();
}
}
if (userState == UserDesktopState.LOGGEDIN)
{
//Set the password in the users security profile
LoggedInUserSecurityProfile.UserCurrentPassword = password;
}
}
}
/// <summary>
/// Function to call LDAP to validate the user
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns></returns>
private bool callLdap(string userName, string password)
{
if (GlobalDataAccessor.Instance.DesktopSession.IsSkipLDAP)
{
return(true);
}
//See if ldap is enabled
var ldapObj = PawnLDAPAccessor.Instance;
if (ldapObj.State == PawnLDAPAccessor.LDAPState.CONNECTED)
{
var refCount = 0;
bool lockedOut;
DateTime lastModified;
string[] pwdHistory;
if (ldapObj.AuthorizeUser(
userName,
password,
ref refCount,
out lastModified,
out pwdHistory,
out userDisplayName,
out lockedOut))
{
if (lockedOut)
{
MessageBox.Show(
"You are now locked out of the system. Please call Shop System Support",
"Application Security");
return(false);
}
}
else
{
return(false);
}
if (TransferToSafe)
{
string errorCode;
string errorMesg;
UserVO transferUser;
if (!SecurityProfileProcedures.GetUserSecurityProfile(userName, GlobalDataAccessor.Instance.CurrentSiteId.StoreNumber, "", "N", GlobalDataAccessor.Instance.DesktopSession,
out transferUser, out errorCode, out errorMesg))
{
BasicExceptionHandler.Instance.AddException(
"Security Profile could not be loaded for the logged in user. Cannot Authorize",
new ApplicationException());
MessageBox.Show(
"User's security profile could not be loaded. Exiting the application");
return(false);
}
//Check if the user who logged in for destination has safe access if
//the transfer is done to safe from cash drawer
if (SecurityProfileProcedures.CanUserModifyResource(
"SAFEMANAGEMENT", transferUser, GlobalDataAccessor.Instance.DesktopSession))
{
transferUserSafeAccess = true;
}
}
}
else
{
FileLogger.Instance.logMessage(LogLevel.ERROR, this, "Cannot validate destination cash drawer user. The LDAP connection is not active");
BasicExceptionHandler.Instance.AddException("Cannot authorize transfer. The LDAP connection is not active", new ApplicationException());
}
return(true);
}
//Call to login the user and get their security profile
/*__________________________________________________________________________________________*/
public override void PerformAuthorization(bool chgUsrPasswd)
{
var password = string.Empty;
var username = string.Empty;
if (!this.skipLDAP)
{
LoggedInUserSecurityProfile = new UserVO();
this.userState = UserDesktopState.NOTLOGGEDIN;
//procMsgFormPwd.Show();
//Ensure the LDAP is connected
if (PawnLDAPAccessor.Instance.State ==
PawnLDAPAccessor.LDAPState.DISCONNECTED)
{
string loginDN;
string pwdPolicyCN;
string searchDN;
string userIdKey;
string userPwd;
var conf = SecurityAccessor.Instance.EncryptConfig;
var ldapService =
conf.GetLDAPService(
out loginDN,
out searchDN,
out userIdKey,
out userPwd,
out pwdPolicyCN);
//Initialize LDAP connection
PawnLDAPAccessor.Instance.InitializeConnection(
conf.DecryptValue(ldapService.Server),
conf.DecryptValue(ldapService.Port),
loginDN,
userPwd,
pwdPolicyCN,
searchDN,
userIdKey);
}
var attemptCount = 1;
do
{
bool lockedOut;
bool needPasswordChange;
bool wantsPasswordChange;
//var username = string.Empty;
var fullAuth = this.PerformLDAPAuthentication(
ref attemptCount,
ref username,
ref password,
out lockedOut,
out needPasswordChange,
out wantsPasswordChange);
int outVal = 1;
string errCode = string.Empty, errTxt;
if (LoginCancel)
{
try
{
Application.Exit();
}
catch
{
throw new ApplicationException(
"Application has exited due to security violation");
}
finally
{
throw new ApplicationException(
"Application has exited due to security violation");
}
}
if ((!LoginCancel && fullAuth) || (fullAuth && chgUsrPasswd))
{
//Check if the user wants to change the password
if (wantsPasswordChange || chgUsrPasswd)
{
var chngPwdForm =
new UserChangePassword(
PawnLDAPAccessor.Instance.PasswordPolicy, password);
DialogResult pwdResult = chngPwdForm.ShowDialog();
if (pwdResult == DialogResult.OK)
{
password = chngPwdForm.EnteredNewPassword;
}
}
var retVal = true;
//int outVal = 1;
//var errCode = "0";
//TODO: Update with reference to shared data procedure project when ready
// retVal = ShopProcedures.ExecuteUpdateSelectUserInfoActivated(
// username.ToLowerInvariant(), -1, out outVal, out errCode, out errTxt);
errCode = "0";
if (retVal == false || outVal == 0 ||
errCode != "0")
{
MessageBox.Show(
"The system has determined that you are not an active user. " +
"Please contact Shop System Support. " +
"The application will now exit.",
"Application Security",
MessageBoxButtons.OK,
MessageBoxIcon.Stop);
try
{
Application.Exit();
}
catch
{
throw new ApplicationException(
"Application has exited due to security violation");
}
finally
{
throw new ApplicationException(
"Application has exited due to security violation");
}
}
}
if (!LoginCancel &&
fullAuth == false)
{
if (lockedOut)
{
//TODO: Link to shared data procedures project when ready
//ShopProcedures.ExecuteUpdateSelectUserInfoActivated(
// username.ToLowerInvariant(), 0, out outVal, out errCode, out errTxt);
MessageBox.Show(
"The maximum number of attempted failed logins has been exceeded. " +
"The user account is now locked. " +
"Please contact Shop System Support. " +
"The application will now exit.",
"Application Security",
MessageBoxButtons.OK,
MessageBoxIcon.Stop);
try
{
Application.Exit();
}
catch
{
throw new ApplicationException(
"Application has exited due to security violation");
}
finally
{
throw new ApplicationException(
"Application has exited due to security violation");
}
}
if (needPasswordChange)
{
//Invoke password change form
//Do not increment attempt count
var uPwdForm =
new UserChangePassword(
PawnLDAPAccessor.Instance.PasswordPolicy, password);
DialogResult pwdResult = uPwdForm.ShowDialog();
if (pwdResult == DialogResult.OK)
{
this.userState = UserDesktopState.LOGGEDIN;
password = uPwdForm.EnteredNewPassword;
}
else
{
MessageBox.Show(
"You must change your password before you will be " +
"allowed to log in to the application. " +
"The application will now exit.",
"Application Security",
MessageBoxButtons.OK,
MessageBoxIcon.Exclamation);
try
{
Application.Exit();
}
catch
{
throw new ApplicationException(
"Application has exited due to user not changing their password");
}
finally
{
throw new ApplicationException(
"Application has exited due to user not changing their password");
}
}
}
}
if (!LoginCancel && fullAuth == false)
{
this.userState = UserDesktopState.NOTLOGGEDIN;
DialogResult dR =
MessageBox.Show(
"You have entered invalid credentials. " +
"This is your " + (attemptCount.FormatNumberWithSuffix()) +
" attempt. " +
"Would you like to retry?",
"Application Security",
MessageBoxButtons.RetryCancel,
MessageBoxIcon.Stop);
attemptCount++;
if (dR == DialogResult.Cancel)
{
try
{
Application.Exit();
}
catch
{
throw new ApplicationException(
"Application has exited due to security violation");
}
finally
{
throw new ApplicationException(
"Application has exited due to security violation");
}
}
}
else
{
break;
}
}while (this.userState != UserDesktopState.LOGGEDIN);
}
if (!LoginCancel && this.userState == UserDesktopState.LOGGEDIN)
{
//UpdateDesktopUserName(this.desktopForm);
//Get role information
//The logged in user's security profile will be stored in LoggedInUserSecurityProfile object after the call
//TODO: Change to select store prior to getting user security profile
//UpdateDesktopUserName(this.desktopForm);
if (userState == UserDesktopState.LOGGEDIN)
{
//Set the password in the users security profile
LoggedInUserSecurityProfile.UserCurrentPassword = password;
LoggedInUserSecurityProfile.UserID = username;
string errorCode = string.Empty;
string errorMesg = string.Empty;
if (!SecurityProfileProcedures.GetUserSecurityProfile(FullUserName, "", CurrentSiteId.StoreNumber, "N",
this, out errorCode, out errorMesg))
{
BasicExceptionHandler.Instance.AddException(
"Security Profile could not be loaded for the logged in user. Cannot Authorize",
new ApplicationException());
MessageBox.Show(
"User's security profile could not be loaded. Exiting the application");
Application.Exit();
}
}
}
procMsgFormPwd.Close();
procMsgFormPwd.Dispose();
}
