private static UserInfo GetUserInfo(Token token, out bool isNew)
{
isNew = false;
if (token == null)
{
Global.Logger.Error("GoogleDriveApp: token is null");
throw new SecurityException("Access token is null");
}
LoginProfile loginProfile = null;
try
{
loginProfile = new GoogleLoginProvider().GetLoginProfile(token.ToString());
}
catch (Exception ex)
{
Global.Logger.Error("GoogleDriveApp: userinfo request", ex);
}
if (loginProfile == null)
{
Global.Logger.Error("Error in userinfo request");
return(null);
}
var userInfo = CoreContext.UserManager.GetUserByEmail(loginProfile.EMail);
if (Equals(userInfo, Constants.LostUser))
{
userInfo = LoginWithThirdParty.ProfileToUserInfo(loginProfile);
var cultureName = loginProfile.Locale;
if (string.IsNullOrEmpty(cultureName))
{
cultureName = Thread.CurrentThread.CurrentUICulture.Name;
}
var cultureInfo = SetupInfo.EnabledCultures.Find(c => String.Equals(c.Name, cultureName, StringComparison.InvariantCultureIgnoreCase));
if (cultureInfo != null)
{
userInfo.CultureName = cultureInfo.Name;
}
else
{
Global.Logger.DebugFormat("From google app new personal user '{0}' without culture {1}", userInfo.Email, cultureName);
}
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword());
}
finally
{
SecurityContext.Logout();
}
isNew = true;
Global.Logger.Debug("GoogleDriveApp: new user " + userInfo.ID);
}
return(userInfo);
}
public IEnumerable <string> GetLinkedObjects(LoginProfile profile)
{
return(GetLinkedObjectsByHashId(profile.HashId));
}
public void RemoveLink(string obj, LoginProfile profile)
{
RemoveProvider(obj, hashId: profile.HashId);
}
protected void Page_Load(object sender, EventArgs e)
{
var accountLink = (AccountLinkControl)LoadControl(AccountLinkControl.Location);
accountLink.ClientCallback = "loginJoinCallback";
accountLink.SettingsView = false;
ThirdPartyList.Controls.Add(accountLink);
var loginProfile = Request.Url.GetProfile();
if (loginProfile == null && !IsPostBack || SecurityContext.IsAuthenticated)
{
return;
}
string cookiesKey;
try
{
if (loginProfile == null)
{
if (string.IsNullOrEmpty(Request["__EVENTARGUMENT"]) || Request["__EVENTTARGET"] != "thirdPartyLogin")
{
return;
}
loginProfile = new LoginProfile(Request["__EVENTARGUMENT"]);
}
var userInfo = GetUserByThirdParty(loginProfile);
if (!CoreContext.UserManager.UserExists(userInfo.ID))
{
return;
}
cookiesKey = SecurityContext.AuthenticateMe(userInfo.ID);
CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey);
MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccessViaSocialAccount);
}
catch (System.Security.SecurityException)
{
LoginMessage = Resource.InvalidUsernameOrPassword;
MessageService.Send(HttpContext.Current.Request, loginProfile != null ? loginProfile.EMail : AuditResource.EmailNotSpecified, MessageAction.LoginFailDisabledProfile);
return;
}
catch (Exception exception)
{
LoginMessage = exception.Message;
MessageService.Send(HttpContext.Current.Request, AuditResource.EmailNotSpecified, MessageAction.LoginFail);
return;
}
var refererURL = (string)Session["refererURL"];
if (String.IsNullOrEmpty(refererURL))
{
refererURL = CommonLinkUtility.GetDefault();
}
if (Request.DesktopApp())
{
refererURL += (refererURL.Contains("?") ? "&" : "?") + "token=" + HttpUtility.HtmlEncode(cookiesKey);
}
Session["refererURL"] = null;
Response.Redirect(refererURL);
}
private void SendJsCallback(HttpContext context, LoginProfile profile)
{
//Render a page
context.Response.ContentType = "text/html";
context.Response.Write(JsCallbackHelper.GetCallbackPage().Replace("%PROFILE%", profile.ToJson()).Replace("%CALLBACK%", Callback));
}
protected void Page_Load(object sender, EventArgs e)
{
Page.RegisterBodyScripts("~/js/third-party/xregexp.js", "~/UserControls/Management/ConfirmInviteActivation/js/confirm_invite_activation.js")
.RegisterStyle("~/UserControls/Management/ConfirmInviteActivation/css/confirm_invite_activation.less");
var uid = Guid.Empty;
try
{
uid = new Guid(Request["uid"]);
}
catch
{
}
var email = GetEmailAddress();
if (_type != ConfirmType.Activation && AccountLinkControl.IsNotEmpty && !CoreContext.Configuration.Personal)
{
var thrd = (AccountLinkControl)LoadControl(AccountLinkControl.Location);
thrd.InviteView = true;
thrd.ClientCallback = "loginJoinCallback";
thrdParty.Visible = true;
thrdParty.Controls.Add(thrd);
}
Page.Title = HeaderStringHelper.GetPageTitle(Resource.Authorization);
UserInfo user;
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
user = CoreContext.UserManager.GetUserByEmail(email);
var usr = CoreContext.UserManager.GetUsers(uid);
if (usr.ID.Equals(Constants.LostUser.ID) || usr.ID.Equals(ASC.Core.Configuration.Constants.Guest.ID))
{
usr = CoreContext.UserManager.GetUsers(CoreContext.TenantManager.GetCurrentTenant().OwnerId);
}
var photoData = UserPhotoManager.GetUserPhotoData(usr.ID, UserPhotoManager.MediumFotoSize);
_userAvatar = photoData == null?usr.GetMediumPhotoURL() : "data:image/png;base64," + Convert.ToBase64String(photoData);
_userName = usr.DisplayUserName(true);
_userPost = (usr.Title ?? "").HtmlEncode();
}
finally
{
SecurityContext.Logout();
}
if (_type == ConfirmType.LinkInvite || _type == ConfirmType.EmpInvite)
{
if (!CoreContext.Configuration.Personal)
{
if (_employeeType == EmployeeType.User && TenantStatisticsProvider.GetUsersCount() >= TenantExtra.GetTenantQuota().ActiveUsers)
{
ShowError(UserControlsCommonResource.TariffUserLimitReason);
return;
}
if (_employeeType == EmployeeType.Visitor && !(CoreContext.Configuration.Standalone || TenantStatisticsProvider.GetVisitorsCount() < TenantExtra.GetTenantQuota().ActiveUsers *Constants.CoefficientOfVisitors))
{
ShowError(UserControlsCommonResource.TariffVisitorLimitReason);
return;
}
}
if (!user.ID.Equals(Constants.LostUser.ID))
{
ShowError(CustomNamingPeople.Substitute <Resource>("ErrorEmailAlreadyExists"));
return;
}
}
else if (_type == ConfirmType.Activation)
{
if (user.IsActive)
{
Response.Redirect(CommonLinkUtility.GetDefault());
return;
}
if (user.ID.Equals(Constants.LostUser.ID) || user.Status == EmployeeStatus.Terminated)
{
ShowError(string.Format(Resource.ErrorUserNotFoundByEmail, email));
return;
}
}
var tenant = CoreContext.TenantManager.GetCurrentTenant();
if (tenant != null)
{
var settings = IPRestrictionsSettings.Load();
if (settings.Enable && !IPSecurity.IPSecurity.Verify(tenant))
{
ShowError(Resource.ErrorAccessRestricted);
return;
}
}
if (!IsPostBack)
{
return;
}
var firstName = GetFirstName();
var lastName = GetLastName();
var passwordHash = (Request["passwordHash"] ?? "").Trim();
var mustChangePassword = false;
LoginProfile thirdPartyProfile;
//thirdPartyLogin confirmInvite
if (Request["__EVENTTARGET"] == "thirdPartyLogin")
{
var valueRequest = Request["__EVENTARGUMENT"];
thirdPartyProfile = new LoginProfile(valueRequest);
if (!string.IsNullOrEmpty(thirdPartyProfile.AuthorizationError))
{
// ignore cancellation
if (thirdPartyProfile.AuthorizationError != "Canceled at provider")
{
ShowError(HttpUtility.HtmlEncode(thirdPartyProfile.AuthorizationError));
}
return;
}
if (string.IsNullOrEmpty(thirdPartyProfile.EMail))
{
ShowError(HttpUtility.HtmlEncode(Resource.ErrorNotCorrectEmail));
return;
}
}
if (Request["__EVENTTARGET"] == "confirmInvite")
{
if (String.IsNullOrEmpty(email))
{
_errorMessage = Resource.ErrorEmptyUserEmail;
return;
}
if (!email.TestEmailRegex())
{
_errorMessage = Resource.ErrorNotCorrectEmail;
return;
}
if (String.IsNullOrEmpty(firstName))
{
_errorMessage = Resource.ErrorEmptyUserFirstName;
return;
}
if (String.IsNullOrEmpty(lastName))
{
_errorMessage = Resource.ErrorEmptyUserLastName;
return;
}
if (String.IsNullOrEmpty(passwordHash))
{
_errorMessage = Resource.ErrorPasswordEmpty;
return;
}
}
var userID = Guid.Empty;
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
if (_type == ConfirmType.EmpInvite || _type == ConfirmType.LinkInvite)
{
if (!CoreContext.Configuration.Personal && TenantStatisticsProvider.GetUsersCount() >= TenantExtra.GetTenantQuota().ActiveUsers&& _employeeType == EmployeeType.User)
{
ShowError(UserControlsCommonResource.TariffUserLimitReason);
return;
}
UserInfo newUser;
if (Request["__EVENTTARGET"] == "confirmInvite")
{
var fromInviteLink = _type == ConfirmType.LinkInvite;
newUser = CreateNewUser(firstName, lastName, email, passwordHash, _employeeType, fromInviteLink);
var messageAction = _employeeType == EmployeeType.User ? MessageAction.UserCreatedViaInvite : MessageAction.GuestCreatedViaInvite;
MessageService.Send(HttpContext.Current.Request, MessageInitiator.System, messageAction, MessageTarget.Create(newUser.ID), newUser.DisplayUserName(false));
userID = newUser.ID;
}
if (Request["__EVENTTARGET"] == "thirdPartyLogin")
{
if (String.IsNullOrEmpty(passwordHash))
{
passwordHash = UserManagerWrapper.GeneratePassword();
mustChangePassword = true;
}
var valueRequest = Request["__EVENTARGUMENT"];
thirdPartyProfile = new LoginProfile(valueRequest);
newUser = CreateNewUser(GetFirstName(thirdPartyProfile), GetLastName(thirdPartyProfile), GetEmailAddress(thirdPartyProfile), passwordHash, _employeeType, false);
var messageAction = _employeeType == EmployeeType.User ? MessageAction.UserCreatedViaInvite : MessageAction.GuestCreatedViaInvite;
MessageService.Send(HttpContext.Current.Request, MessageInitiator.System, messageAction, MessageTarget.Create(newUser.ID), newUser.DisplayUserName(false));
userID = newUser.ID;
if (!String.IsNullOrEmpty(thirdPartyProfile.Avatar))
{
SaveContactImage(userID, thirdPartyProfile.Avatar);
}
var linker = new AccountLinker("webstudio");
linker.AddLink(userID.ToString(), thirdPartyProfile);
}
}
else if (_type == ConfirmType.Activation)
{
if (!UserFormatter.IsValidUserName(firstName, lastName))
{
throw new Exception(Resource.ErrorIncorrectUserName);
}
SecurityContext.SetUserPasswordHash(user.ID, passwordHash);
user.ActivationStatus = EmployeeActivationStatus.Activated;
user.FirstName = firstName;
user.LastName = lastName;
CoreContext.UserManager.SaveUserInfo(user);
userID = user.ID;
//notify
if (user.IsVisitor())
{
StudioNotifyService.Instance.GuestInfoAddedAfterInvite(user);
MessageService.Send(HttpContext.Current.Request, MessageInitiator.System, MessageAction.GuestActivated, MessageTarget.Create(user.ID), user.DisplayUserName(false));
}
else
{
StudioNotifyService.Instance.UserInfoAddedAfterInvite(user);
MessageService.Send(HttpContext.Current.Request, MessageInitiator.System, MessageAction.UserActivated, MessageTarget.Create(user.ID), user.DisplayUserName(false));
}
}
}
catch (SecurityContext.PasswordException)
{
_errorMessage = HttpUtility.HtmlEncode(Resource.ErrorPasswordRechange);
return;
}
catch (Exception exception)
{
_errorMessage = HttpUtility.HtmlEncode(exception.Message);
return;
}
finally
{
SecurityContext.Logout();
}
user = CoreContext.UserManager.GetUsers(userID);
try
{
var cookiesKey = SecurityContext.AuthenticateMe(user.Email, passwordHash);
CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey);
MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess);
StudioNotifyService.Instance.UserHasJoin();
if (mustChangePassword)
{
StudioNotifyService.Instance.UserPasswordChange(user);
}
}
catch (Exception exception)
{
(Page as Confirm).ErrorMessage = HttpUtility.HtmlEncode(exception.Message);
return;
}
UserHelpTourHelper.IsNewUser = true;
if (CoreContext.Configuration.Personal)
{
PersonalSettings.IsNewUser = true;
}
Response.Redirect(CommonLinkUtility.GetDefault());
}
private bool AuthProcess(LoginProfile thirdPartyProfile, bool withAccountLink)
{
var authMethod = AuthMethod.Login;
var tfaLoginUrl = string.Empty;
var loginCounter = 0;
ShowRecaptcha = false;
try
{
if (thirdPartyProfile != null)
{
if (string.IsNullOrEmpty(thirdPartyProfile.AuthorizationError))
{
HashId = thirdPartyProfile.HashId;
Login = thirdPartyProfile.EMail;
}
else
{
// ignore cancellation
if (thirdPartyProfile.AuthorizationError != "Canceled at provider")
{
ErrorMessage = thirdPartyProfile.AuthorizationError;
}
}
}
else
{
if (!string.IsNullOrEmpty(Request["__EVENTARGUMENT"]) && Request["__EVENTTARGET"] == "signInLogin" && withAccountLink)
{
HashId = ASC.Common.Utils.Signature.Read <string>(Request["__EVENTARGUMENT"]);
}
}
if (!string.IsNullOrEmpty(Request["login"]))
{
Login = Request["login"].Trim();
}
else if (string.IsNullOrEmpty(HashId))
{
IsLoginInvalid = true;
throw new InvalidCredentialException("login");
}
if (!string.IsNullOrEmpty(Request["passwordHash"]))
{
PasswordHash = Request["passwordHash"];
}
else if (string.IsNullOrEmpty(HashId))
{
IsPasswordInvalid = true;
throw new InvalidCredentialException("password");
}
if (string.IsNullOrEmpty(HashId) && !SetupInfo.IsSecretEmail(Login))
{
int.TryParse(cache.Get <String>("loginsec/" + Login), out loginCounter);
loginCounter++;
if (!RecaptchaEnable)
{
if (loginCounter > SetupInfo.LoginThreshold)
{
throw new BruteForceCredentialException();
}
}
else
{
if (loginCounter > SetupInfo.LoginThreshold - 1)
{
ShowRecaptcha = true;
}
if (loginCounter > SetupInfo.LoginThreshold)
{
var ip = Request.Headers["X-Forwarded-For"] ?? Request.UserHostAddress;
var recaptchaResponse = Request["g-recaptcha-response"];
if (String.IsNullOrEmpty(recaptchaResponse) ||
!ValidateRecaptcha(recaptchaResponse, ip))
{
throw new RecaptchaException();
}
}
}
cache.Insert("loginsec/" + Login, loginCounter.ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));
}
var userInfo = GetUser(out authMethod);
if (!CoreContext.UserManager.UserExists(userInfo.ID) || userInfo.Status != EmployeeStatus.Active)
{
IsLoginInvalid = true;
IsPasswordInvalid = true;
throw new InvalidCredentialException();
}
var tenant = CoreContext.TenantManager.GetCurrentTenant();
var settings = IPRestrictionsSettings.Load();
if (settings.Enable && userInfo.ID != tenant.OwnerId && !IPSecurity.IPSecurity.Verify(tenant))
{
throw new IPSecurityException();
}
if (StudioSmsNotificationSettings.IsVisibleSettings &&
StudioSmsNotificationSettings.Enable)
{
tfaLoginUrl = Studio.Confirm.SmsConfirmUrl(userInfo);
}
else if (TfaAppAuthSettings.IsVisibleSettings &&
TfaAppAuthSettings.Enable)
{
tfaLoginUrl = Studio.Confirm.TfaConfirmUrl(userInfo);
}
else
{
var session = EnableSession && string.IsNullOrEmpty(Request["remember"]);
var cookiesKey = SecurityContext.AuthenticateMe(userInfo.ID);
CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey, session);
MessageService.Send(HttpContext.Current.Request,
authMethod == AuthMethod.ThirdParty
? MessageAction.LoginSuccessViaSocialAccount
: MessageAction.LoginSuccess
);
}
}
catch (InvalidCredentialException ex)
{
Auth.ProcessLogout();
Auth.MessageKey messageKey;
MessageAction messageAction;
if (ex is BruteForceCredentialException)
{
messageKey = Auth.MessageKey.LoginWithBruteForce;
messageAction = MessageAction.LoginFailBruteForce;
}
else if (ex is RecaptchaException)
{
messageKey = Auth.MessageKey.RecaptchaInvalid;
messageAction = MessageAction.LoginFailRecaptcha;
}
else if (authMethod == AuthMethod.ThirdParty)
{
messageKey = Auth.MessageKey.LoginWithAccountNotFound;
messageAction = MessageAction.LoginFailSocialAccountNotFound;
}
else
{
messageKey = Auth.MessageKey.InvalidUsernameOrPassword;
messageAction = MessageAction.LoginFailInvalidCombination;
}
var loginName = !string.IsNullOrWhiteSpace(Login)
? Login
: authMethod == AuthMethod.ThirdParty && !string.IsNullOrWhiteSpace(HashId)
? HashId
: AuditResource.EmailNotSpecified;
MessageService.Send(HttpContext.Current.Request, loginName, messageAction);
if (authMethod == AuthMethod.ThirdParty && thirdPartyProfile != null)
{
Response.Redirect("~/Auth.aspx?am=" + (int)messageKey + (Request.DesktopApp() ? "&desktop=true" : ""), true);
}
else
{
ErrorMessage = Auth.GetAuthMessage(messageKey);
}
return(false);
}
catch (SecurityException)
{
Auth.ProcessLogout();
ErrorMessage = Resource.ErrorDisabledProfile;
MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFailDisabledProfile);
return(false);
}
catch (IPSecurityException)
{
Auth.ProcessLogout();
ErrorMessage = Resource.ErrorIpSecurity;
MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFailIpSecurity);
return(false);
}
catch (Exception ex)
{
Auth.ProcessLogout();
ErrorMessage = ex.Message;
MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFail);
return(false);
}
if (loginCounter > 0)
{
cache.Insert("loginsec/" + Login, (--loginCounter).ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));
}
if (!string.IsNullOrEmpty(tfaLoginUrl))
{
if (Request.DesktopApp())
{
tfaLoginUrl += "&desktop=true";
}
Response.Redirect(tfaLoginUrl, true);
}
return(true);
}
public IEnumerable <string> GetLinkedObjects(LoginProfile profile)
{
return(_accountLinkers.Values.SelectMany(x => x.GetLinkedObjects(profile)));
}
public void RemoveLink(string hostedRegion, string obj, LoginProfile profile)
{
_accountLinkers[GetDatabaseId(hostedRegion)].RemoveLink(obj, profile);
}
private UserInfo GetUser(AuthModel memberModel, out bool viaEmail)
{
viaEmail = true;
var action = MessageAction.LoginFailViaApi;
UserInfo user;
try
{
if ((string.IsNullOrEmpty(memberModel.Provider) && string.IsNullOrEmpty(memberModel.SerializedProfile)) || memberModel.Provider == "email")
{
memberModel.UserName.ThrowIfNull(new ArgumentException(@"userName empty", "userName"));
if (!string.IsNullOrEmpty(memberModel.Password))
{
memberModel.Password.ThrowIfNull(new ArgumentException(@"password empty", "password"));
}
else
{
memberModel.PasswordHash.ThrowIfNull(new ArgumentException(@"PasswordHash empty", "PasswordHash"));
}
int counter;
int.TryParse(Cache.Get <string>("loginsec/" + memberModel.UserName), out counter);
if (++counter > SetupInfo.LoginThreshold && !SetupInfo.IsSecretEmail(memberModel.UserName))
{
throw new BruteForceCredentialException();
}
Cache.Insert("loginsec/" + memberModel.UserName, counter.ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));
memberModel.PasswordHash = (memberModel.PasswordHash ?? "").Trim();
if (string.IsNullOrEmpty(memberModel.PasswordHash))
{
memberModel.Password = (memberModel.Password ?? "").Trim();
if (!string.IsNullOrEmpty(memberModel.Password))
{
memberModel.PasswordHash = PasswordHasher.GetClientPassword(memberModel.Password);
}
}
user = UserManager.GetUsersByPasswordHash(
TenantManager.GetCurrentTenant().TenantId,
memberModel.UserName,
memberModel.PasswordHash);
if (user == null || !UserManager.UserExists(user))
{
throw new Exception("user not found");
}
Cache.Insert("loginsec/" + memberModel.UserName, (--counter).ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));
}
else
{
viaEmail = false;
action = MessageAction.LoginFailViaApiSocialAccount;
LoginProfile thirdPartyProfile;
if (!string.IsNullOrEmpty(memberModel.SerializedProfile))
{
thirdPartyProfile = new LoginProfile(Signature, InstanceCrypto, memberModel.SerializedProfile);
}
else
{
thirdPartyProfile = ProviderManager.GetLoginProfile(memberModel.Provider, memberModel.AccessToken);
}
memberModel.UserName = thirdPartyProfile.EMail;
user = GetUserByThirdParty(thirdPartyProfile);
}
}
catch (BruteForceCredentialException)
{
MessageService.Send(!string.IsNullOrEmpty(memberModel.UserName) ? memberModel.UserName : AuditResource.EmailNotSpecified, MessageAction.LoginFailBruteForce);
throw new AuthenticationException("Login Fail. Too many attempts");
}
catch
{
MessageService.Send(!string.IsNullOrEmpty(memberModel.UserName) ? memberModel.UserName : AuditResource.EmailNotSpecified, action);
throw new AuthenticationException("User authentication failed");
}
return(user);
}
private UserInfo GetUserByThirdParty(LoginProfile loginProfile)
{
try
{
if (!string.IsNullOrEmpty(loginProfile.AuthorizationError))
{
// ignore cancellation
if (loginProfile.AuthorizationError != "Canceled at provider")
{
throw new Exception(loginProfile.AuthorizationError);
}
return(Constants.LostUser);
}
var userInfo = Constants.LostUser;
Guid userId;
if (TryGetUserByHash(loginProfile.HashId, out userId))
{
userInfo = UserManager.GetUsers(userId);
}
var isNew = false;
if (CoreBaseSettings.Personal)
{
if (UserManager.UserExists(userInfo.ID) && SetupInfo.IsSecretEmail(userInfo.Email))
{
try
{
SecurityContext.AuthenticateMeWithoutCookie(ASC.Core.Configuration.Constants.CoreSystem);
UserManager.DeleteUser(userInfo.ID);
userInfo = Constants.LostUser;
}
finally
{
SecurityContext.Logout();
}
}
if (!UserManager.UserExists(userInfo.ID))
{
userInfo = JoinByThirdPartyAccount(loginProfile);
isNew = true;
}
}
if (isNew)
{
//TODO:
//var spam = HttpContext.Current.Request["spam"];
//if (spam != "on")
//{
// try
// {
// const string _databaseID = "com";
// using (var db = DbManager.FromHttpContext(_databaseID))
// {
// db.ExecuteNonQuery(new SqlInsert("template_unsubscribe", false)
// .InColumnValue("email", userInfo.Email.ToLowerInvariant())
// .InColumnValue("reason", "personal")
// );
// Log.Debug(string.Format("Write to template_unsubscribe {0}", userInfo.Email.ToLowerInvariant()));
// }
// }
// catch (Exception ex)
// {
// Log.Debug(string.Format("ERROR write to template_unsubscribe {0}, email:{1}", ex.Message, userInfo.Email.ToLowerInvariant()));
// }
//}
StudioNotifyService.UserHasJoin();
UserHelpTourHelper.IsNewUser = true;
PersonalSettingsHelper.IsNewUser = true;
}
return(userInfo);
}
catch (Exception)
{
CookiesManager.ClearCookies(CookiesType.AuthKey);
CookiesManager.ClearCookies(CookiesType.SocketIO);
SecurityContext.Logout();
throw;
}
}
public override LoginProfile GetLoginProfile(string accessToken)
{
var tokenPayloadString = JsonWebToken.Decode(accessToken, string.Empty, false, true);
var tokenPayload = JObject.Parse(tokenPayloadString);
if (tokenPayload == null)
{
throw new Exception("Payload is incorrect");
}
var oid = tokenPayload.Value <string>("urn:esia:sbj_id");
var userInfoString = RequestHelper.PerformRequest(GosUslugiProfileUrl + oid, "application/x-www-form-urlencoded", headers: new Dictionary <string, string> {
{ "Authorization", "Bearer " + accessToken }
});
var userInfo = JObject.Parse(userInfoString);
if (userInfo == null)
{
throw new Exception("userinfo is incorrect");
}
var profile = new LoginProfile(Signature, InstanceCrypto)
{
Id = oid,
FirstName = userInfo.Value <string>("firstName"),
LastName = userInfo.Value <string>("lastName"),
Provider = ProviderConstants.GosUslugi,
};
var userContactsString = RequestHelper.PerformRequest(GosUslugiProfileUrl + oid + "/ctts", "application/x-www-form-urlencoded", headers: new Dictionary <string, string> {
{ "Authorization", "Bearer " + accessToken }
});
var userContacts = JObject.Parse(userContactsString);
if (userContacts == null)
{
throw new Exception("usercontacts is incorrect");
}
var contactElements = userContacts.Value <JArray>("elements");
if (contactElements == null)
{
throw new Exception("usercontacts elements is incorrect");
}
foreach (var contactElement in contactElements.ToObject <List <string> >())
{
var userContactString = RequestHelper.PerformRequest(contactElement, "application/x-www-form-urlencoded", headers: new Dictionary <string, string> {
{ "Authorization", "Bearer " + accessToken }
});
var userContact = JObject.Parse(userContactString);
if (userContact == null)
{
throw new Exception("usercontacts is incorrect");
}
var type = userContact.Value <string>("type");
if (type != "EML")
{
continue;
}
profile.EMail = userContact.Value <string>("value");
break;
}
return(profile);
}
private async Task <User> RegisterUserAsync(User user, string password, bool isMigrating = false)
{
ArgumentGuard.NotNull(user, nameof(user));
ArgumentGuard.NotNullOrEmpty(user.Email, nameof(user.Email));
ArgumentGuard.NotNullOrEmpty(user.FirstName, nameof(user.FirstName));
ArgumentGuard.NotNullOrEmpty(user.LastName, nameof(user.LastName));
var dbUser = await _userService.FindUserByEmailAsync(user.Email.Trim().ToLower());
if (!dbUser.IsNull())
{
throw new AppException($"User With {user.Email} Already Exists");
}
var userRoles = new List <UserRole>();
var roleUser = await _userRepository.GetRole(UserRoleEnum.User.ToString());
if (roleUser.IsNull())
{
throw new Exception("Role not found");
}
userRoles.Add(new UserRole {
Role = roleUser
});
// add admin role to admin users specified in appsettings
var admins = _configuration.GetValue <string>("Admins");
if (admins.Contains(user.Email.ToLower()))
{
var roleAdmin = await _userRepository.GetRole(UserRoleEnum.Admin.ToString());
if (roleAdmin.IsNull())
{
throw new Exception("Admin role not found in db");
}
userRoles.Add(new UserRole {
Role = roleAdmin
});
}
// add admin role to admin users specified in appsettings
var superAdmins = _configuration.GetValue <string>("SuperAdmins");
if (superAdmins.Contains(user.Email.ToLower()))
{
var roleSuperAdmin = await _userRepository.GetRole(UserRoleEnum.SuperAdmin.ToString());
if (roleSuperAdmin.IsNull())
{
throw new Exception("Super Admin role not found in db");
}
userRoles.Add(new UserRole {
Role = roleSuperAdmin
});
}
var newUser = new User
{
Email = user.Email.Trim().ToLower(),
FirstName = user.FirstName,
LastName = user.LastName,
PhoneNumber = user.PhoneNumber,
InformationPreference = user.InformationPreference,
PhotoUrl = user.PhotoUrl,
CreatedAt = DateTime.UtcNow,
UserRoles = userRoles
};
if (!string.IsNullOrEmpty(password))
{
var loginProfile = new LoginProfile();
var salt = _cryptoService.GenerateSalt(32);
loginProfile.Salt = salt;
loginProfile.Password = _cryptoService.Hash(password, salt, 1963);
var loginProfileId = await _userRepository.AddLoginProfileAsync(loginProfile);
newUser.LoginProfileId = loginProfileId;
var resUser = await _userRepository.AddUserAsync(newUser);
var emailConfirmationToken = _cryptoService.CreateUniqueKey();
resUser.Token = emailConfirmationToken;
await _userRepository.UpdateUserAsync(resUser);
if (isMigrating)
{
// send a migration notice email with link to change their password
await _emailSender.SendMigrationEmail(resUser, emailConfirmationToken);
}
else
{
await _emailSender.SendRegistrationConfirmationEmail(resUser, emailConfirmationToken);
}
return(resUser);
}
else
{
return(await _userRepository.AddUserAsync(newUser));
}
}
protected void Page_Load(object sender, EventArgs e)
{
Page.ClientScript.RegisterClientScriptBlock(this.GetType(), "confirm_invite_activation_style", "<link rel=\"stylesheet\" type=\"text/css\" href=\"" + WebSkin.GetUserSkin().GetAbsoluteWebPath("usercontrols/management/confirminviteactivation/css/<theme_folder>/confirm_invite_activation.css") + "\">", false);
Page.ClientScript.RegisterClientScriptInclude(typeof(string), "confirm_invite_activation_script", WebPath.GetPath("usercontrols/management/confirminviteactivation/js/confirm_invite_activation.js"));
_tenantInfoSettings = SettingsManager.Instance.LoadSettings <TenantInfoSettings>(TenantProvider.CurrentTenantID);
Guid uid = Guid.Empty;
try
{
uid = new Guid(Request["uid"]);
}
catch { }
var type = typeof(ConfirmType).TryParseEnum(Request["type"] ?? "", ConfirmType.EmpInvite);
var email = GetEmailAddress();
var key = Request["key"] ?? "";
var fap = Request["fap"] ?? "";
//if (!string.IsNullOrEmpty(_email))
//{
//var thrd = LoadControl(AccountLinkControl.Location) as AccountLinkControl;
//thrd.InviteView = true;
//thrd.ClientCallback = "loginJoinCallback";
//thrdParty.Controls.Add(thrd);
//}
Page.Title = HeaderStringHelper.GetPageTitle(Resources.Resource.Authorization, null, null);
UserInfo user;
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
user = CoreContext.UserManager.GetUserByEmail(email);
var usr = CoreContext.UserManager.GetUsers(uid);
if (usr.ID.Equals(ASC.Core.Users.Constants.LostUser.ID) || usr.ID.Equals(ASC.Core.Configuration.Constants.Guest.ID))
{
usr = CoreContext.UserManager.GetUsers(CoreContext.TenantManager.GetCurrentTenant().OwnerId);
}
_userAvatar = usr.GetMediumPhotoURL();
_userName = usr.DisplayUserName(true);
_userPost = (usr.Title ?? "").HtmlEncode();
}
finally
{
SecurityContext.Logout();
}
if (type == ConfirmType.LinkInvite || type == ConfirmType.EmpInvite)
{
if (!user.ID.Equals(ASC.Core.Users.Constants.LostUser.ID))
{
ShowError(CustomNamingPeople.Substitute <Resources.Resource>("ErrorEmailAlreadyExists"));
return;
}
}
else if (type == ConfirmType.Activation)
{
if (user.IsActive)
{
ShowError(Resources.Resource.ErrorConfirmURLError);
return;
}
if (user.ID.Equals(ASC.Core.Users.Constants.LostUser.ID))
{
ShowError(string.Format(Resources.Resource.ErrorUserNotFoundByEmail, email));
return;
}
}
if (!IsPostBack)
{
return;
}
var firstName = GetFirstName();
var lastName = GetLastName();
var pwd = (Request["pwdInput"] ?? "").Trim();
var repwd = (Request["repwdInput"] ?? "").Trim();
LoginProfile thirdPartyProfile;
//thirdPartyLogin confirmInvite
if (Request["__EVENTTARGET"] == "thirdPartyLogin")
{
var valueRequest = Request["__EVENTARGUMENT"];
thirdPartyProfile = new LoginProfile(valueRequest);
if (!string.IsNullOrEmpty(thirdPartyProfile.AuthorizationError))
{
// ignore cancellation
if (thirdPartyProfile.AuthorizationError != "Canceled at provider")
{
ShowError(HttpUtility.HtmlEncode(thirdPartyProfile.AuthorizationError));
}
return;
}
if (string.IsNullOrEmpty(thirdPartyProfile.EMail))
{
ShowError(HttpUtility.HtmlEncode(Resources.Resource.ErrorNotCorrectEmail));
return;
}
}
if (Request["__EVENTTARGET"] == "confirmInvite")
{
if (String.IsNullOrEmpty(email))
{
_errorMessage = Resources.Resource.ErrorEmptyUserEmail;
return;
}
if (!email.TestEmailRegex())
{
_errorMessage = Resources.Resource.ErrorNotCorrectEmail;
return;
}
if (String.IsNullOrEmpty(firstName))
{
_errorMessage = Resources.Resource.ErrorEmptyUserFirstName;
return;
}
if (String.IsNullOrEmpty(lastName))
{
_errorMessage = Resources.Resource.ErrorEmptyUserLastName;
return;
}
var checkPassResult = CheckPassword(pwd, repwd);
if (!String.IsNullOrEmpty(checkPassResult))
{
_errorMessage = checkPassResult;
return;
}
}
var userID = Guid.Empty;
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
if (type == ConfirmType.EmpInvite || type == ConfirmType.LinkInvite)
{
UserInfo newUser;
if (Request["__EVENTTARGET"] == "confirmInvite")
{
newUser = CreateNewUser(firstName, lastName, email, pwd);
userID = newUser.ID;
}
if (Request["__EVENTTARGET"] == "thirdPartyLogin")
{
if (!String.IsNullOrEmpty(CheckPassword(pwd, repwd)))
{
pwd = UserManagerWrapper.GeneratePassword();
}
var valueRequest = Request["__EVENTARGUMENT"];
thirdPartyProfile = new LoginProfile(valueRequest);
newUser = CreateNewUser(GetFirstName(thirdPartyProfile), GetLastName(thirdPartyProfile), GetEmailAddress(thirdPartyProfile), pwd);
userID = newUser.ID;
var linker = new AccountLinker(WebConfigurationManager.ConnectionStrings["webstudio"]);
linker.AddLink(userID.ToString(), thirdPartyProfile);
}
#region Department
try
{
var deptID = new Guid((Request["deptID"] ?? "").Trim());
CoreContext.UserManager.AddUserIntoGroup(userID, deptID);
}
catch
{
}
#endregion
}
else if (type == ConfirmType.Activation)
{
user.ActivationStatus = EmployeeActivationStatus.Activated;
user.FirstName = firstName;
user.LastName = lastName;
CoreContext.UserManager.SaveUserInfo(user);
SecurityContext.SetUserPassword(user.ID, pwd);
userID = user.ID;
//notify
StudioNotifyService.Instance.UserInfoAddedAfterInvite(user, pwd);
}
if (String.Equals(fap, "1"))
{
CoreContext.UserManager.AddUserIntoGroup(userID, ASC.Core.Users.Constants.GroupAdmin.ID);
}
}
catch (Exception exception)
{
(Page as confirm).ErrorMessage = HttpUtility.HtmlEncode(exception.Message);
return;
}
finally
{
SecurityContext.Logout();
}
try
{
var cookiesKey = SecurityContext.AuthenticateMe(userID.ToString(), pwd);
CookiesManager.SetCookies(CookiesType.UserID, userID.ToString());
CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey);
StudioNotifyService.Instance.UserHasJoin();
}
catch (Exception exception)
{
(Page as confirm).ErrorMessage = HttpUtility.HtmlEncode(exception.Message);
return;
}
UserOnlineManager.Instance.RegistryOnlineUser(SecurityContext.CurrentAccount.ID);
WebItemManager.Instance.ItemGlobalHandlers.Login(SecurityContext.CurrentAccount.ID);
var smsAuthSettings = SettingsManager.Instance.LoadSettings <StudioSmsNotificationSettings>(TenantProvider.CurrentTenantID);
if (smsAuthSettings.Enable)
{
var uData = new UserTransferData();
var usr = CoreContext.UserManager.GetUsers(userID);
uData.Login = usr.Email;
uData.UserId = userID;
Session["UserTransferData"] = uData;
}
Response.Redirect("~/");
}
public LoginProfile ProcessAuthoriztion(HttpContext context, IDictionary <string, string> @params)
{
var response = Openid.GetResponse();
if (response == null)
{
if (Identifier.TryParse(@params["oid"], out var id))
{
try
{
IAuthenticationRequest request;
var realmUrlString = string.Empty;
if (@params.ContainsKey("realmUrl"))
{
realmUrlString = @params["realmUrl"];
}
if (!string.IsNullOrEmpty(realmUrlString))
{
request = Openid.CreateRequest(id, new Realm(realmUrlString));
}
else
{
request = Openid.CreateRequest(id);
}
request.AddExtension(new ClaimsRequest
{
Email = DemandLevel.Require,
Nickname = DemandLevel.Require,
Country = DemandLevel.Request,
Gender = DemandLevel.Request,
PostalCode = DemandLevel.Request,
TimeZone = DemandLevel.Request,
FullName = DemandLevel.Request,
});
var fetch = new FetchRequest();
fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
//Duplicating attributes
fetch.Attributes.AddRequired("http://schema.openid.net/contact/email");//Add two more
fetch.Attributes.AddRequired("http://openid.net/schema/contact/email");
fetch.Attributes.AddRequired(WellKnownAttributes.Name.Alias);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.First);
fetch.Attributes.AddRequired(WellKnownAttributes.Media.Images.Default);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.Last);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.Middle);
fetch.Attributes.AddRequired(WellKnownAttributes.Person.Gender);
fetch.Attributes.AddRequired(WellKnownAttributes.BirthDate.WholeBirthDate);
request.AddExtension(fetch);
request.RedirectToProvider();
//context.Response.End();//TODO This will throw thread abort
}
catch (ProtocolException ex)
{
return(LoginProfile.FromError(ex));
}
}
else
{
return(LoginProfile.FromError(new Exception("invalid OpenID identifier")));
}
}
else
{
// Stage 3: OpenID Provider sending assertion response
switch (response.Status)
{
case AuthenticationStatus.Authenticated:
var spprofile = response.GetExtension <ClaimsResponse>();
var fetchprofile = response.GetExtension <FetchResponse>();
var realmUrlString = string.Empty;
if (@params.ContainsKey("realmUrl"))
{
realmUrlString = @params["realmUrl"];
}
var profile = ProfileFromOpenId(spprofile, fetchprofile, response.ClaimedIdentifier.ToString(), realmUrlString);
return(profile);
case AuthenticationStatus.Canceled:
return(LoginProfile.FromError(new Exception("Canceled at provider")));
case AuthenticationStatus.Failed:
return(LoginProfile.FromError(response.Exception));
}
}
return(null);
}
public static UserInfo GetUserByThirdParty(LoginProfile loginProfile)
{
try
{
if (!string.IsNullOrEmpty(loginProfile.AuthorizationError))
{
// ignore cancellation
if (loginProfile.AuthorizationError != "Canceled at provider")
{
throw new Exception(loginProfile.AuthorizationError);
}
return(ASC.Core.Users.Constants.LostUser);
}
if (string.IsNullOrEmpty(loginProfile.EMail))
{
throw new Exception(Resource.ErrorNotCorrectEmail);
}
var userInfo = new UserInfo();
Guid userId;
if (TryGetUserByHash(loginProfile.HashId, out userId))
{
userInfo = CoreContext.UserManager.GetUsers(userId);
}
if (!CoreContext.UserManager.UserExists(userInfo.ID))
{
userInfo = CoreContext.UserManager.GetUserByEmail(loginProfile.EMail);
}
var isNew = false;
if (CoreContext.Configuration.Personal)
{
if (CoreContext.UserManager.UserExists(userInfo.ID) && SetupInfo.IsSecretEmail(userInfo.Email))
{
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
CoreContext.UserManager.DeleteUser(userInfo.ID);
userInfo = ASC.Core.Users.Constants.LostUser;
}
finally
{
SecurityContext.Logout();
}
}
if (!CoreContext.UserManager.UserExists(userInfo.ID))
{
userInfo = JoinByThirdPartyAccount(loginProfile);
isNew = true;
}
}
if (isNew)
{
StudioNotifyService.Instance.UserHasJoin();
UserHelpTourHelper.IsNewUser = true;
PersonalSettings.IsNewUser = true;
}
return(userInfo);
}
catch (Exception)
{
Auth.ProcessLogout();
throw;
}
}
private string GetLastName(LoginProfile account)
{
var value = GetLastName();
return(String.IsNullOrEmpty(value) ? account.LastName : value);
}
public static UserInfo GetUserByThirdParty(LoginProfile loginProfile)
{
try
{
if (!string.IsNullOrEmpty(loginProfile.AuthorizationError))
{
// ignore cancellation
if (loginProfile.AuthorizationError != "Canceled at provider")
{
throw new Exception(loginProfile.AuthorizationError);
}
return(Constants.LostUser);
}
var userInfo = Constants.LostUser;
Guid userId;
if (TryGetUserByHash(loginProfile.HashId, out userId))
{
userInfo = CoreContext.UserManager.GetUsers(userId);
}
var isNew = false;
if (CoreContext.Configuration.Personal)
{
if (CoreContext.UserManager.UserExists(userInfo.ID) && SetupInfo.IsSecretEmail(userInfo.Email))
{
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
CoreContext.UserManager.DeleteUser(userInfo.ID);
userInfo = Constants.LostUser;
}
finally
{
SecurityContext.Logout();
}
}
if (!CoreContext.UserManager.UserExists(userInfo.ID))
{
userInfo = JoinByThirdPartyAccount(loginProfile);
isNew = true;
}
}
if (isNew)
{
var spam = HttpContext.Current.Request["spam"];
if (spam != "on")
{
try
{
const string _databaseID = "com";
using (var db = DbManager.FromHttpContext(_databaseID))
{
db.ExecuteNonQuery(new SqlInsert("template_unsubscribe", false)
.InColumnValue("email", userInfo.Email.ToLowerInvariant())
.InColumnValue("reason", "personal")
);
LogManager.GetLogger("ASC.Web").Debug(String.Format("Write to template_unsubscribe {0}", userInfo.Email.ToLowerInvariant()));
}
}
catch (Exception ex)
{
LogManager.GetLogger("ASC.Web").Debug(String.Format("ERROR write to template_unsubscribe {0}, email:{1}", ex.Message, userInfo.Email.ToLowerInvariant()));
}
}
var analytics = HttpContext.Current.Request["analytics"] == "on";
var settings = TenantAnalyticsSettings.LoadForCurrentUser();
settings.Analytics = analytics;
settings.SaveForCurrentUser();
StudioNotifyService.Instance.UserHasJoin();
UserHelpTourHelper.IsNewUser = true;
PersonalSettings.IsNewUser = true;
}
return(userInfo);
}
catch (Exception)
{
Auth.ProcessLogout();
throw;
}
}
private string GetEmailAddress(LoginProfile account)
{
var value = GetEmailAddress();
return(String.IsNullOrEmpty(value) ? account.EMail : value);
}
public IEnumerable <string> GetLinkedObjects(LoginProfile profile)
{
//Retrieve by uinque id
return(GetLinkedObjectsByHashId(profile.HashId));
}
