/// <summary>
/// Tomamos un Usuario, cambiamos la Persona asociada al mismo, algunas propiedades escalares, eliminamos un perfil
/// y agregamos otro. Tambien modificamos la contraseña
/// Luego de probar este metodo se puede acceder a la app principal y ver que pasa, obviamente ingresando con la
/// nueva password
/// [[IMPORTANTE]]
/// Antes de probar este metodo, asegurarse de haber llamado a CrearUsuarioCompleto()
/// </summary>
public static void CambiarCompleto()
{
SecurityServices serv = new SecurityServices();
Usuario user;
user = serv.GetUsuarioFromLogin("lsimpson");
var perfiles = from p in DB.Contexto.Perfiles where p.ID == 4 select p;
user.Perfiles.RemoveWhere(perf => perf.ID == 2);
user.Perfiles.Add(perfiles.Single());
Persona nuevaPersona;
// primero chequeamos que la Persona no exista, si no existe la creamos
nuevaPersona = (from per in DB.Contexto.Personas where per.Apellido == "Olsen" && per.Nombre == "Mona Penelope"
select per).SingleOrDefault();
if (nuevaPersona == null)
{
nuevaPersona = CrearPersonaInternal("Mona Penelope", "Olsen", "*****@*****.**", 78);
}
user.Persona = nuevaPersona;
user.EnforceExpiration = true;
user.FechaExpiracionPassword = DateTime.Now.AddDays(120);
serv.UpdateUsuario(user, "123-lisa");
}
// GET: Competitors/Edit/5
public IActionResult Edit(int?id)
{
if (id == null)
{
return(NotFound());
}
CompetitorServices services = new CompetitorServices(_context);
Competitor competitor = services.GetCompetitor((int)id);
if (competitor == null)
{
return(NotFound());
}
SecurityServices secServices = new SecurityServices(_context);
bool isValid = secServices.IsClubIDValidToClubNumber(competitor.ClubID, User.Identity.Name);
if (isValid == true)
{
CompetitorsViewModel competitorsVM = new CompetitorsViewModel();
competitorsVM.Competitor = competitor;
return(View(competitorsVM));
}
else
{
return(RedirectToAction("YouCanOnlyLookUpYourOwnData", "Verify"));
}
}
/// <summary>
/// Log out from application
/// </summary>
protected bool LogoutByNewUser(Guid user_id, string pass)
{
try
{
Guid?loggedsession_id = null;
using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["SumonERPContext"].ConnectionString.ToString()))
{
var sql = "select session_id from sessionManagements where user_id='" + user_id + "' and Password ='******'";
SqlCommand cmd = new SqlCommand(sql, con);
con.Open();
SqlDataReader oReader = cmd.ExecuteReader();
if (((System.Data.SqlClient.SqlDataReader)(oReader)).HasRows)
{
while (oReader.Read())
{
loggedsession_id = Guid.Parse(Convert.ToString(oReader["session_id"]));
if (loggedsession_id != null)
{
SecurityServices.CloseSession(loggedsession_id.ToString());
}
}
}
oReader.Close();
return(true);
}
}
catch (Exception)
{
throw;
}
}
protected void VerifyPasswordsClicked(object o, EventArgs e)
{
var u = new PersonServices().GetByEmail(Email);
if (Password.Equals(ConfirmPassword))
{
u.Password = SecurityUtils.GetMd5Hash(ConfirmPassword);
new PersonServices().Save(u);
Message = "Password Changed Successfully!";
var response = new SecurityServices().AuthenticateUser(CurrentUser.Email, CurrentUser.Password, "");
if (response.IsAuthenticated)
{
if (Request.QueryString["redirect"] != null)
{
Response.Redirect(Request.QueryString["redirect"]);
}
Response.Redirect(ResourceStrings.Page_Default);
}
}
else
{
Message = "Passwords do not match.";
}
if (PasswordMatch)
{
divPassword.Visible = false;
}
divMessage.Visible = true;
}
public AccountController(IConfiguration configuration, RedisRepository redisRepository)
{
_securityServices = new SecurityServices(configuration);
_databaseServices = new DatabaseServices(configuration);
_dataServices = new DataServices();
_redisRepository = redisRepository;
}
void _loginView_OnLogin(object sender, EventArgs e)
{
string userName = _loginView.UserName;
string password = _loginView.Password;
// Example of managing state without referencing System.Web
if (this.Session != null && Session["userName"] == null)
{
Session["userName"] = userName;
}
var response = new SecurityServices().AuthenticateUser(userName, password, "", this.SecurityContext);
if (response.IsAuthenticated)
{
_loginView.LoginSuccessful();
}
else
{
_loginView.LoginFailed();
}
//if (userName.Equals("user") && password.Equals("pass"))
//{
// _loginView.LoginSuccessful();
//}
//else
//{
// _loginView.LoginFailed();
//}
}
// GET: Coaches/Edit/5
public IActionResult Edit(int?id)
{
if (id == null)
{
return(NotFound());
}
CoachServices services = new CoachServices(_context);
Coach coach = services.GetCoach((int)id);
if (coach == null)
{
return(NotFound());
}
SecurityServices secServices = new SecurityServices(_context);
bool isValid = secServices.IsClubIDValidToClubNumber(coach.ClubID, User.Identity.Name);
if (isValid == true)
{
return(View(coach));
}
else
{
return(RedirectToAction("YouCanOnlyLookUpYourOwnData", "Verify"));
}
}
protected override object ProcessCommand(CommandCriteria criteria)
{
SecurityServices authenticateService = new SecurityServices();
LiveStatus loginStatus = authenticateService.AuthenticateUser(criteria);
return(loginStatus);
}
public void ProbarLoginConDatosCorrectos()
{
SecurityServices serv = new SecurityServices();
bool result;
result = serv.Login("ethedy", "12345678");
Assert.IsTrue(result, " Hay un usuario pi???");
}
private void LoginUser(object sender, EventArgs e)
{
errLogin.ClearErrors();
if (!string.IsNullOrWhiteSpace(txtUser.Text))
{
if (!string.IsNullOrWhiteSpace(txtPassword.Text))
{
// all right intentar login...
SecurityServices ss = new SecurityServices();
try
{
Sesion newSes = ss.LoginUser(txtUser.Text, txtPassword.Text);
if (LoginOK != null)
{
LoginOK(null, newSes);
}
}
catch (HidAuthException ex)
{
if (LoginIssues != null)
{
LoginIssues(null, ex);
}
}
catch (HidPasswordExpiredException ex)
{
if (LoginIssues != null)
{
LoginIssues(null, ex);
}
}
catch (EntityException ex)
{
if (LoginIssues != null)
{
LoginIssues(null, ex);
}
}
catch (System.Data.SqlClient.SqlException ex)
{
if (LoginIssues != null)
{
LoginIssues(null, ex);
}
}
}
else
{
errLogin.SetError(txtPassword, "Debe indicarse la contraseña de ingreso para este usuario", DevExpress.XtraEditors.DXErrorProvider.ErrorType.Critical);
}
}
else
{
errLogin.SetError(txtUser, "El nombre de usuario no puede estar vacio para efectuar el ingreso", DevExpress.XtraEditors.DXErrorProvider.ErrorType.Critical);
}
}
private void Logout()
{
SecurityServices serv = new SecurityServices();
serv.CerrarSesion();
UserConnectedName = "<Desconectado>";
UserConnected = false;
}
public void ProbarLoginConDatosIncorrectos()
{
SecurityServices serv = new SecurityServices();
bool result;
result = serv.Login("pirulo", "12345678");
Assert.IsFalse(result, "Hay un usuario pirulo???");
}
public void ProbarLoginConDatosIncorrectos()
{
SecurityServices serv = new SecurityServices();
bool result;
result = serv.Login("cosme", "fulanito");
Assert.IsFalse(result, "Hay un usuario cosme?????");
}
private void LimpiarUsuario(Usuario toDelete)
{
if (toDelete != null)
{
SecurityServices serv = new SecurityServices();
// tambien elimina la Persona
serv.EliminarUsuario(toDelete.Login);
}
}
public virtual bool ChangePassword(string oldPassword, string newPassword)
{
SecurityServices.CheckPasswordParameter(oldPassword, "oldPassword");
SecurityServices.CheckPasswordParameter(newPassword, "newPassword");
if (!SystemWebProxy.Membership.Providers[this.ProviderName].ChangePassword(this.UserName, oldPassword, newPassword))
{
return(false);
}
this.UpdateSelf();
return(true);
}
void SaveItem()
{
var item = new User();
bool isInsert = false;
string url = "";
if (!IsInsert <User>())
{
item = GetCurrentItemReference <User>();
}
else
{
item.DateCreated = DateTime.Now;
item.EnteredBy = SecurityContextManager.Current.CurrentUser.ID;
isInsert = true;
url = SecurityContextManager.Current.CurrentURL.Replace("New", "ID=");
item.Password = SecurityUtils.GetMd5Hash(SecurityUtils.GeneratePassword());
item.PasswordAnswer = SecurityUtils.GetMd5Hash("changeme");
item.PasswordLastChangedDate = DateTime.Now;
item.PasswordQuestion = "The answer is changeme";
item.LastLoginDate = DateTime.Now;
}
item.ChangedBy = SecurityContextManager.Current.CurrentUser.ID;
item.Avatar = _view.Avatar;
item.CellPhone = Utilities.FormatPhoneNumberForStorage(_view.CellPhone);
item.FirstName = _view.FirstName;
item.HomePhone = Utilities.FormatPhoneNumberForStorage(_view.HomePhone);
item.DepartmentID = _view.DepartmentID;
item.LastName = _view.LastName;
item.WorkPhone = Utilities.FormatPhoneNumberForStorage(_view.WorkPhone);
item.Description = _view.Description;
item.IsActive = _view.IsActive;
item.Email = _view.Email;
item.LastUpdated = DateTime.Now;
if (!item.UserName.Equals(_view.UserName))
{
if (SecurityServices.IsUsernameAvailable(_view.UserName))
{
item.UserName = _view.UserName;
}
}
item.MarkedForDeletion = _view.MarkedForDeletion;
item.IMHandle = _view.IMHandle;
item.Name = _view.Name;
new UserServices().Save(item);
if (isInsert)
{
_view.NavigateTo(url + item.ID.ToString());
}
else
{
_view.LoadItem(item);
}
}
public static void UseCloudFoundrySecurity(IConfiguration configuration, IEnumerable <ISecurityService> securityServices = null, ILoggerFactory loggerFactory = null)
{
var managementOptions = _mgmtOptions.OfType <CloudFoundryManagementOptions>().SingleOrDefault();
if (managementOptions == null)
{
managementOptions = new CloudFoundryManagementOptions(configuration, Platform.IsCloudFoundry);
_mgmtOptions.Add(managementOptions);
}
SecurityServices.Add(new CloudFoundrySecurity(new CloudFoundryEndpointOptions(configuration), managementOptions, CreateLogger <CloudFoundrySecurity>(loggerFactory)));
}
/// <summary>
///
/// </summary>
/// <param name="cbPerfiles">Valor option del elemento actualmente seleccionado en el dropdown</param>
/// <param name="login">Argumento adicional que se obtiene desde el modelo y se vuelve a pasar al controlador
/// Otra posibilidad seria incluirlo en un campo hidden
/// </param>
/// <returns></returns>
public ActionResult SelectPerfil(string cbPerfiles, string login)
{
SecurityServices serv = new SecurityServices();
Usuario user = serv.GetUsuarioFromLogin(login);
Perfil perfilElegido;
Sesion newSesion;
perfilElegido = user.Perfiles.Where(pf => pf.Nombre == cbPerfiles).Single();
Session["SESION_USER"] = newSesion = serv.CrearSesion(user, perfilElegido);
return(View("LoginOK_v2", newSesion));
}
public virtual bool ChangePasswordQuestionAndAnswer(string password, string newPasswordQuestion, string newPasswordAnswer)
{
SecurityServices.CheckPasswordParameter(password, "password");
SecurityServices.CheckForEmptyOrWhiteSpaceParameter(ref newPasswordQuestion, "newPasswordQuestion");
SecurityServices.CheckForEmptyOrWhiteSpaceParameter(ref newPasswordAnswer, "newPasswordAnswer");
if (!SystemWebProxy.Membership.Providers[this.ProviderName].ChangePasswordQuestionAndAnswer(this.UserName, password, newPasswordQuestion, newPasswordAnswer))
{
return(false);
}
this.UpdateSelf();
return(true);
}
public SecurityServiceTest()
{
AutoMapper.Mapper.Reset();
AutoMapperConfig.Configure();
_unitOfWork = new UnitOfWorkTest();
_queueListRepository = new QueueListRepositoryTest();
_gatePassRepository = new GatePassRepositoryTest();
_stateRepository = new StateRepositoryTest();
_stateRecordRepository = new StateRecordRepositoryTest();
_rfidCardRepository = new RFIDCardRepositoryTest();
_securityServices = new SecurityServices(_unitOfWork, _queueListRepository, _gatePassRepository, _stateRecordRepository, _rfidCardRepository, _stateRepository);
}
public async Task GetVerifyCode()
{
Response.ContentType = "image/jpeg";
using (var stream = VerifyCodeHelper.Create(out string code))
{
var buffer = stream.ToArray();
// 将验证码的token放入cookie
Response.Cookies.Append(VERFIY_CODE_TOKEN_COOKIE_NAME, await SecurityServices.GetVerifyCodeToken(code));
await Response.Body.WriteAsync(buffer, 0, buffer.Length);
}
}
public async Task <IActionResult> Logout()
{
bool hasValue = Request.Headers.TryGetValue(INVOKER_TOKEN_HEADER, out StringValues token);
if (!hasValue || token.Count == 0)
{
return(new EmptyResult());
}
await SecurityServices.Logout(token[0]);
return(new EmptyResult());
}
protected void LogoutClicked(object o, EventArgs e)
{
if (SecurityContextManager.Current != null)
{
SecurityServices.ClearUserCouchbaseCache((Person)SecurityContextManager.Current.CurrentUser);
SecurityContextManager.Current.LogEvent(SecurityContextManager.Current.CurrentUser.ID, DateTime.Now, (int)ApplicationLogTypes.USER_LOGOUT, SecurityContextManager.Current.CurrentUser.AccountID, "User clicked logout button", "", "");
}
SecurityContextManager.Current = null;
HttpContext.Current.Session.Clear();
HttpContext.Current.Response.Cookies.Clear();
FormsAuthentication.SignOut();
HttpContext.Current.Response.Redirect(ResourceStrings.Page_Login);
}
public async Task <LoginResult> GetQRResult()
{
string qrToken = Request.Cookies[QRTOKEN_COOKIE_NAME];
if (string.IsNullOrWhiteSpace(qrToken))
{
return(new LoginResult {
Code = (int)LoginResultCode.InvalidAccess
});
}
return(await SecurityServices.QRResult(qrToken));
}
public virtual bool ChangePassword(string oldPassword, string newPassword)
{
SecurityServices.CheckPasswordParameter(oldPassword, "oldPassword");
SecurityServices.CheckPasswordParameter(newPassword, "newPassword");
if (!SystemWebProxy.Membership.Providers[ProviderName].ChangePassword(UserName, oldPassword, newPassword))
{
return(false);
}
UpdateSelf();
//_LastPasswordChangedDate = Membership.Providers[ ProviderName ].GetUser( UserName, false ).LastPasswordChangedDate;
return(true);
}
public TestUIViewModel()
{
_editEnabled = false;
SecurityServices sec = new SecurityServices();
Contexto.Current.Sesion = sec.LoginUser("ethedy", "viterilove");
// lo creo porque lo necesito, puede que ya este creado por otra VIEW...
_viewModel = ViewModelSource.Create(() => new ProveedoresViewModel());
UserName = Contexto.Current.Sesion.FullName;
}
public IActionResult WhatToDoNow(int clubID)
{
SecurityServices services = new SecurityServices(_context);
bool isValid = services.IsClubIDValidToClubNumber(clubID, User.Identity.Name);
if (isValid == true)
{
return(View("WhatToDoNow", clubID));
}
else
{
return(View("YouCanOnlyLookUpYourOwnData"));
}
}
public async Task GetQRCode()
{
Response.ContentType = "image/jpeg";
string qrToken = await SecurityServices.GetQRToken();
var bitmap = QRCodeHelper.GetQRCode($"{domain}/Security/Login?token={qrToken}", 4);
// 将二维码回调标识输出给cookie
// 创建cookie
Response.Cookies.Append(QRTOKEN_COOKIE_NAME, qrToken);
bitmap.Save(Response.Body, ImageFormat.Jpeg);
}
public void IniciarTest()
{
SecurityServices serv = new SecurityServices();
serv.EliminarUsuario("lsimpson");
// observar que para cada test creo un contexto fresh....sin entidades residuales
// este contexto es diferente del que usa SecurityServices...
Contexto = new OMBContext();
// siempre pongo el lazy load en false, la mayoria de las pruebas lo usa asi
Contexto.Configuration.LazyLoadingEnabled = false;
Contexto.Configuration.AutoDetectChangesEnabled = false;
}
public ActionResult SignIn(int id)
{
var employee = EmployeeServices.GetUser(id);
if (employee == null)
{
throw new ArgumentException(string.Format("No employee found with an id = {0}", id));
}
SecurityServices.SignIn(employee, base.LocationId);
var employees = InvoiceServices.GetSignedInEmployees(base.LocationId, forceRefresh: true);
return(PartialView("_AvailableEmployees", employees));
}
