private string HandleResetPassword(DynamicDictionary _parameters)
{
string email = Request.Headers["EmailAddress"].First();
if (email != null)
{
HydrantWikiManager hwm = new HydrantWikiManager();
User user = hwm.GetUserByEmail(UserSources.HydrantWiki, email.ToLower());
if (user != null)
{
string newPassword = RandomString.GetRandomString(10);
TGUserPassword up = TGUserPassword.GetNew(user.Guid, user.Username, newPassword);
hwm.Persist(up);
NameValueCollection nvc = new NameValueCollection
{
{ "Password", newPassword }
};
hwm.SendCannedEmail(user, CannedEmailNames.ResetPasswordEmail, nvc);
}
return("{ \"Result\":\"Success\"}");
}
return("{ \"Result\":\"Failure\"}");
}
public bool ValidateUser(TGUser _user, string _testPassword)
{
TGUserPassword userPassword = GetTGUserPassword(_user.Guid);
if (userPassword != null)
{
string testHash = TGUserPassword.HashPassword(userPassword.Salt, _testPassword);
if (testHash.Equals(userPassword.HashedPassword))
{
return(true);
}
}
return(false);
}
private string Register(DynamicDictionary _parameters)
{
string username = Request.Headers["Username"].First();
string email = Request.Headers["Email"].First();
string password = Request.Headers["Password"].First();
HydrantWikiManager hwm = new HydrantWikiManager();
User user = hwm.GetUser(UserSources.HydrantWiki, username);
if (user == null)
{
user = new User
{
UserSource = UserSources.HydrantWiki,
IsVerified = false,
Active = true,
DisplayName = username,
EmailAddress = email,
UserType = UserTypes.User,
Username = username
};
hwm.Persist(user);
TGUserPassword userPassword = TGUserPassword.GetNew(user.Guid, username, password);
hwm.Persist(userPassword);
TGUserEmailValidation validation = new TGUserEmailValidation(user);
hwm.Persist(validation);
NameValueCollection nvc = new NameValueCollection
{
{ "SystemUrl", Config.GetSettingValue("SystemUrl") },
{ "ValidationText", validation.ValidationText }
};
hwm.SendCannedEmail(user, CannedEmailNames.ValidateEmailAddress, nvc);
return("{ \"Result\":\"Success\" }");
}
return("{ \"Result\":\"UsernameNotAvailable\" }");
}
private string HandleChangePassword(DynamicDictionary _parameters)
{
string currentPassword = Request.Form["currentpassword"];
string newPassword = Request.Form["newpassword"];
string username = Request.Headers["Username"].First();
User user = null;
AuthHelper.Authorize(username, currentPassword, out user);
if (user != null)
{
TGUserPassword up = TGUserPassword.GetNew(user.Guid, user.Username, newPassword);
HydrantWikiManager hwm = new HydrantWikiManager();
hwm.Persist(up);
return(@"{ ""Result"":""Success"" }");;
}
return(@"{ ""Result"":""Failure"" }");
}
public string HandleUserAddPost(DynamicDictionary _parameters)
{
OpenFormGraphManager manager = new OpenFormGraphManager();
BaseResult result = new BaseResult();
User jUser = AuthHelper.ValidateToken(manager, Request);
if (jUser != null && jUser.IsUserAdmin)
{
string json = ReadBody();
NewUser jNewUser = JsonConvert.DeserializeObject <NewUser>(json);
if (jNewUser != null)
{
jNewUser.Guid = Guid.NewGuid();
TGUser testUser = manager.GetUser(jNewUser.Username);
if (testUser == null)
{
TGUser newUser = new TGUser
{
FamilyName = jNewUser.LastName,
GivenName = jNewUser.FirstName,
EmailAddress = jNewUser.EmailAddress,
IsVerified = true,
DisplayName = jNewUser.Username,
Username = jNewUser.Username
};
manager.Persist(newUser);
TGUserPassword userPassword = TGUserPassword.GetNew(newUser.Guid, newUser.Username,
jNewUser.Password);
manager.Persist(userPassword);
//Add Admin Roles as required
if (jNewUser.IsUserAdmin)
{
TGUserRole userAdminRole = new TGUserRole
{
Active = true,
ParentGuid = newUser.Guid,
Name = UserRoles.UserAdmin
};
manager.Persist(userAdminRole);
}
if (jNewUser.IsDataAdmin)
{
TGUserRole dataAdminRole = new TGUserRole
{
Active = true,
ParentGuid = newUser.Guid,
Name = UserRoles.DataAdmin
};
manager.Persist(dataAdminRole);
}
result.Result = "Success";
}
else
{
result.Result = "UsernameNotAvailable";
}
}
}
return(JsonConvert.SerializeObject(result));
}
private BaseResponse ChangePassword(DynamicDictionary _parameters)
{
User user;
BaseResponse response = new BaseResponse();
if (AuthHelper.IsAuthorized(Request, out user))
{
HydrantWikiManager hwm = new HydrantWikiManager();
string json = Request.Body.ReadAsString();
Objects.ChangePassword cp = JsonConvert.DeserializeObject <Objects.ChangePassword>(json);
if (cp != null)
{
if (cp.Username == user.Username &&
user.UserSource == UserSources.HydrantWiki)
{
if (hwm.ValidateUser(user, cp.ExistingPassword))
{
TGUserPassword userPassword = TGUserPassword.GetNew(user.Guid, user.Username, cp.NewPassword);
hwm.Persist(userPassword);
response.Message = "Password changed";
response.Success = true;
hwm.LogInfo(user.Guid, response.Message);
}
else
{
//Record failure to test if this is an attack.
hwm.RecordAuthenticationFailure(user.Guid);
//Existing password doesn't match
response.Message = "Existing password does not match";
response.Success = false;
hwm.LogWarning(user.Guid, response.Message);
}
}
else
{
//Usernames don't match
response.Message = "Mismatched user";
response.Success = false;
hwm.LogWarning(user.Guid, response.Message);
}
}
else
{
//no body
response.Message = "No body";
response.Success = false;
hwm.LogWarning(user.Guid, response.Message);
}
}
else
{
LogUnauthorized(Request);
response.Message = "Unauthorized";
response.Success = false;
}
return(response);
}
public BaseResponse CreateAccount(DynamicDictionary _parameters)
{
BaseResponse response = new BaseResponse();
HydrantWikiManager hwm = new HydrantWikiManager();
try
{
string json = Request.Body.ReadAsString();
Objects.CreateAccount account = JsonConvert.DeserializeObject <Objects.CreateAccount>(json);
User user = hwm.GetUser(UserSources.HydrantWiki, account.Username);
if (user == null)
{
user = hwm.GetUserByEmail(UserSources.HydrantWiki, account.Email);
if (user == null)
{
user = new User();
user.Guid = Guid.NewGuid();
user.Active = true;
user.DisplayName = account.Username;
user.Username = account.Username;
user.EmailAddress = account.Email;
user.UserSource = UserSources.HydrantWiki;
user.UserType = UserTypes.User;
user.IsVerified = false;
hwm.Persist(user);
TGUserPassword userPassword = TGUserPassword.GetNew(user.Guid, user.Username, account.Password);
hwm.Persist(userPassword);
TGUserEmailValidation validation = new TGUserEmailValidation(user);
hwm.Persist(validation);
NameValueCollection nvc = new NameValueCollection
{
{ "SystemUrl", Config.GetSettingValue("SystemUrl") },
{ "ValidationText", validation.ValidationText }
};
hwm.SendCannedEmail(user, CannedEmailNames.ValidateEmailAddress, nvc);
hwm.LogInfo(user.Guid, "User created");
response.Success = true;
response.Message = "Please check your email to finish activating your account";
return(response);
}
else
{
response.Success = false;
response.Message = "Email already in use.";
}
}
else
{
response.Success = false;
response.Message = "Username already exists.";
}
hwm.LogWarning(Guid.Empty, response.Message);
}
catch (Exception ex)
{
response.Success = false;
response.Message = "An error occurred";
response.Error = "An error occurred";
hwm.LogException(Guid.Empty, ex);
}
return(response);
}
public BaseResponse ResetPassword(DynamicDictionary _parameters)
{
BaseResponse response = new BaseResponse();
string json = Request.Body.ReadAsString();
if (json != null)
{
ResetPassword rr = JsonConvert.DeserializeObject <ResetPassword>(json);
if (rr.Email != null &&
rr.InstallId != null &&
rr.Code != null &&
rr.NewPassword != null)
{
HydrantWikiManager manager = new HydrantWikiManager();
User user = manager.GetUserByEmail(UserSources.HydrantWiki, rr.Email);
if (user != null)
{
DateTime now = DateTime.UtcNow;
PasswordReset pr = manager.GetPasswordReset(user.Guid, rr.Code);
if (pr != null)
{
if (pr.CreationDateTime > now.AddHours(-2))
{
TGUserPassword userPassword = TGUserPassword.GetNew(
user.Guid,
user.Username,
rr.NewPassword);
manager.Persist(userPassword);
pr.Active = false;
manager.Persist(pr);
manager.LogInfo(user.Guid, "Password successfully reset");
response.Success = true;
response.Message = "Password successfully reset.";
}
else
{
manager.LogWarning(user.Guid, "Password Reset request has expired");
response.Success = false;
response.Message = "Password Reset request has expired";
}
}
else
{
manager.LogWarning(user.Guid, "Invalid reset code");
response.Success = false;
response.Message = "Invalid reset code.";
}
}
else
{
TraceFileHelper.Warning("User not found ({0})", rr.Email);
response.Success = false;
response.Message = "User not found.";
}
}
else
{
response.Message = "Invalid information supplied";
}
}
else
{
response.Message = "Body not supplied";
}
return(response);
}
public AppModule()
{
Get["/"] = _parameters =>
{
return(View["index.sshtml"]);
};
Get["/dev/BuildDB"] = _parameters =>
{
bool devMode = Config.GetBooleanValue("DevMode", false);
if (devMode)
{
OpenFormGraphStructureManager structureManager = new OpenFormGraphStructureManager();
structureManager.BuildDB();
return(View["dev_dbbuildresult.sshtml"]);
}
return(null);
};
Get["/dev/BuildAdminUser"] = _parameters =>
{
bool devMode = Config.GetBooleanValue("DevMode", false);
if (devMode)
{
OpenFormGraphManager manager = new OpenFormGraphManager();
TGUser user = manager.GetUser("OFGAdmin");
if (user == null)
{
user = new TGUser {
Username = "******", GivenName = "Admin", FamilyName = "User"
};
manager.Persist(user);
string password = RandomString.GetRandomString(10);
TGUserPassword tgPassword = TGUserPassword.GetNew(user.Guid, user.Username, password);
manager.Persist(tgPassword);
TGUserRole userAdminRole = new TGUserRole
{
Active = true,
Name = UserRoles.UserAdmin,
ParentGuid = user.Guid
};
manager.Persist(userAdminRole);
TGUserRole dataAdminRole = new TGUserRole
{
Active = true,
Name = UserRoles.DataAdmin,
ParentGuid = user.Guid
};
manager.Persist(dataAdminRole);
JsonObjects.NewUser jNewUser = new NewUser(user, password);
return(View["dev_buildadminuserresult.sshtml", jNewUser]);
}
}
return(null);
};
}
public void Persist(TGUserPassword _userPassword)
{
TGUserPasswordDAO dao = new TGUserPasswordDAO(MongoDB);
dao.Persist(_userPassword);
}
