public void AddRole(object query, string role)
{
var disallow = new[]
{
"admin",
"applicationreview",
"backgroundcheck",
"creditcheck",
"delete",
"developer",
"finance",
"financeadmin",
"manager",
"manager2",
"membership",
"managetransactions",
"memberdocs",
};
if (disallow.Any(rr => rr.Equal(role)))
{
db.LogActivity($"PythonModel.AddRole(query, {role}) denied");
return;
}
db.LogActivity($"PythonModel.AddRole(query, {role})");
using (var db2 = NewDataContext())
{
var q = db2.PeopleQuery2(query);
foreach (var p in q)
{
var user = p.Users.FirstOrDefault();
if (user != null)
{
user.AddRole(db2, role);
db2.SubmitChanges();
}
else
{
var uname = MembershipService.FetchUsername(db2, p.PreferredName, p.LastName);
var pword = Guid.NewGuid().ToString();
user = new User() {PeopleId = p.PeopleId, Password = pword, Username = uname, MustChangePassword = false, IsApproved = true, Name = p.Name};
db2.SubmitChanges();
db2.Users.InsertOnSubmit(user);
user.AddRole(db2, role);
db2.SubmitChanges();
}
}
}
}
private void UpdateFailureCount(CMSDataContext Db, User user, string failureType)
{
var windowStart = new DateTime();
int failureCount = 0;
if (failureType == "password")
{
failureCount = user.FailedPasswordAttemptCount;
windowStart = user.FailedPasswordAttemptWindowStart ?? Util.Now;
}
else if (failureType == "passwordAnswer")
{
failureCount = user.FailedPasswordAnswerAttemptCount;
windowStart = user.FailedPasswordAnswerAttemptWindowStart ?? Util.Now;
}
var windowEnd = windowStart.AddMinutes(PasswordAttemptWindow);
if (failureCount == 0 || Util.Now > windowEnd)
{
if (failureType == "password")
{
user.FailedPasswordAttemptCount = 1;
user.FailedPasswordAttemptWindowStart = Util.Now;
}
else if (failureType == "passwordAnswer")
{
user.FailedPasswordAnswerAttemptCount = 1;
user.FailedPasswordAnswerAttemptWindowStart = Util.Now;
}
}
else if (failureCount++ >= MaxInvalidPasswordAttempts)
{
user.IsLockedOut = true;
user.LastLockedOutDate = DateTime.Now;
}
else if (failureType == "password")
user.FailedPasswordAttemptCount = failureCount;
else if (failureType == "passwordAnswer")
user.FailedPasswordAnswerAttemptCount = failureCount;
Db.SubmitChanges();
}
private MembershipUser GetMu(User u)
{
return new MembershipUser(this.Name,
u.Username,
u.UserId,
u.Person.EmailAddress,
u.PasswordQuestion,
u.Comment,
u.IsApproved,
u.IsLockedOut,
u.CreationDate ?? new DateTime(),
u.LastLoginDate ?? new DateTime(),
u.LastActivityDate ?? new DateTime(),
u.LastPasswordChangedDate ?? new DateTime(),
u.LastLockedOutDate ?? new DateTime());
}
public override MembershipUser CreateUser(string username,
string password,
string email,
string passwordQuestion,
string passwordAnswer,
bool isApproved,
object providerUserKey,
out MembershipCreateStatus status)
{
username = Util.GetUserName(username);
var args = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(args);
if (args.Cancel)
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
if (RequiresUniqueEmail && GetUserNameByEmail(email) != "")
{
status = MembershipCreateStatus.DuplicateEmail;
return null;
}
var Db = GetDb();
var u = GetUser(username, false);
if (u == null)
{
int? pid = null;
Person per = null;
if (providerUserKey != null && providerUserKey is int)
per = Db.People.SingleOrDefault(p => p.PeopleId == (int)providerUserKey);
else
per = Db.People.SingleOrDefault(p => p.EmailAddress == email);
if (per != null)
pid = per.PeopleId;
var createDate = Util.Now;
var user = new User
{
PeopleId = pid,
Username = username,
//EmailAddress = email,
Password = EncodePassword(password),
PasswordQuestion = passwordQuestion,
PasswordAnswer = EncodePassword(passwordAnswer),
IsApproved = isApproved,
Comment = "",
CreationDate = createDate,
LastPasswordChangedDate = createDate,
LastActivityDate = createDate,
IsLockedOut = false,
LastLockedOutDate = createDate,
FailedPasswordAttemptCount = 0,
FailedPasswordAttemptWindowStart = createDate,
FailedPasswordAnswerAttemptCount = 0,
FailedPasswordAnswerAttemptWindowStart = createDate,
};
Db.Users.InsertOnSubmit(user);
Db.SubmitChanges();
status = MembershipCreateStatus.Success;
return GetUser(username, false);
}
else
status = MembershipCreateStatus.DuplicateUserName;
return null;
}
public static User MakeNewUser(string username, string password, string email, bool isApproved, int? PeopleId)
{
var createDate = DateTime.Now;
var user = new User
{
PeopleId = PeopleId,
Username = username,
Password = password,
MustChangePassword = false,
IsApproved = isApproved,
Comment = "",
CreationDate = createDate,
LastPasswordChangedDate = createDate,
LastActivityDate = createDate,
IsLockedOut = false,
LastLockedOutDate = createDate,
FailedPasswordAttemptCount = 0,
FailedPasswordAttemptWindowStart = createDate,
FailedPasswordAnswerAttemptCount = 0,
FailedPasswordAnswerAttemptWindowStart = createDate,
};
DbUtil.Db.Users.InsertOnSubmit(user);
DbUtil.Db.SubmitChanges();
return user;
}
private static int RecordAttend2Extracted(int id, int peopleId, bool present, DateTime dt, User u)
{
var meetingId = DbUtil.Db.CreateMeeting(id, dt);
Attend.RecordAttendance(peopleId, meetingId, present);
DbUtil.Db.UpdateMeetingCounters(id);
DbUtil.LogActivity($"Mobile RecAtt o:{id} p:{peopleId} u:{Util.UserPeopleId} a:{present}");
return meetingId;
}
private void detach_Users(User entity)
{
this.SendPropertyChanging();
entity.Person = null;
}
private void attach_Users(User entity)
{
this.SendPropertyChanging();
entity.Person = this;
}
private static void RecordAttend2Extracted(int id, int PeopleId, bool Present, DateTime dt, User u)
{
var meeting = DbUtil.Db.Meetings.SingleOrDefault(m => m.OrganizationId == id && m.MeetingDate == dt);
if (meeting == null)
{
meeting = new CmsData.Meeting
{
OrganizationId = id,
MeetingDate = dt,
CreatedDate = Util.Now,
CreatedBy = u.UserId,
GroupMeetingFlag = false,
};
DbUtil.Db.Meetings.InsertOnSubmit(meeting);
DbUtil.Db.SubmitChanges();
var acr = (from s in DbUtil.Db.OrgSchedules
where s.OrganizationId == id
where s.SchedTime.Value.TimeOfDay == dt.TimeOfDay
where s.SchedDay == (int)dt.DayOfWeek
select s.AttendCreditId).SingleOrDefault();
meeting.AttendCreditId = acr;
}
Attend.RecordAttendance(PeopleId, meeting.MeetingId, Present);
DbUtil.Db.UpdateMeetingCounters(id);
DbUtil.LogActivity("Mobile RecAtt o:{0} p:{1} u:{2} a:{3}".Fmt(meeting.OrganizationId, PeopleId, Util.UserPeopleId, Present));
// var n = DbUtil.Db.Attends.Count(a => a.MeetingId == meeting.MeetingId && a.AttendanceFlag == true);
// if (n == 0)
// {
// DbUtil.Db.Meetings.DeleteOnSubmit(meeting);
// DbUtil.Db.SubmitChanges();
// }
}
public static UserValidationResult Invalid(UserValidationStatus status, string errorMessage = null, User user = null)
{
return new UserValidationResult { User = user, ErrorMessage = errorMessage, Status = status };
}
public static UserValidationResult Valid(User user)
{
return new UserValidationResult { User = user, Status = UserValidationStatus.Success };
}
private static UserValidationResult ValidateUserBeforeLogin(string userName, string url, User user, bool userExists, int failedPasswordCount = 0, bool impersonating = false)
{
var maxInvalidPasswordAttempts = CMSMembershipProvider.provider.MaxInvalidPasswordAttempts;
const string DEFAULT_PROBLEM = "There is a problem with your username and password combination. If you are using your email address, it must match the one we have on record. Try again or use one of the links below.";
if (user == null && userExists)
{
DbUtil.LogActivity($"failed password #{failedPasswordCount} by {userName}");
if (failedPasswordCount == maxInvalidPasswordAttempts)
return UserValidationResult.Invalid(UserValidationStatus.TooManyFailedPasswordAttempts,
"Your account has been locked out for too many failed attempts, use the forgot password link, or notify an Admin");
return UserValidationResult.Invalid(UserValidationStatus.IncorrectPassword, DEFAULT_PROBLEM);
}
if (user == null)
{
DbUtil.LogActivity("attempt to login by non-user " + userName);
return UserValidationResult.Invalid(UserValidationStatus.NoUserFound, DEFAULT_PROBLEM);
}
if (user.IsLockedOut)
{
NotifyAdmins($"{userName} locked out #{user.FailedPasswordAttemptCount} on {url}",
$"{userName} tried to login at {Util.Now} but is locked out");
return UserValidationResult.Invalid(UserValidationStatus.LockedOut,
$"Your account has been locked out for {maxInvalidPasswordAttempts} failed attempts in a short window of time, please use the forgot password link or notify an Admin");
}
if (!user.IsApproved)
{
NotifyAdmins($"unapproved user {userName} logging in on {url}",
$"{userName} tried to login at {Util.Now} but is not approved");
return UserValidationResult.Invalid(UserValidationStatus.UserNotApproved, DEFAULT_PROBLEM);
}
if (impersonating)
{
if (user.Roles.Contains("Finance"))
{
NotifyAdmins($"cannot impersonate Finance user {userName} on {url}",
$"{userName} tried to login at {Util.Now}");
return UserValidationResult.Invalid(UserValidationStatus.CannotImpersonateFinanceUser, DEFAULT_PROBLEM);
}
}
if (user.Roles.Contains("APIOnly"))
{
return UserValidationResult.Invalid(UserValidationStatus.NoUserFound,
"Api User is limited to API use only, no interactive login allowed.");
}
return UserValidationResult.Valid(user);
}
private void NotifyAboutExistingAccount(Person p)
{
var message = db.ContentHtml("ExistingUserConfirmation", Resource1.CreateAccount_ExistingUser);
message = message
.Replace("{name}", p.Name)
.Replace("{host}", db.CmsHost);
db.Email(DbUtil.AdminMail, p, "Account information for " + db.Host, message);
User = p.Users.OrderByDescending(uu => uu.LastActivityDate).FirstOrDefault()
?? MembershipService.CreateUser(db, p.PeopleId);
Result = ResultCode.FoundPersonWithSameEmail;
}
private void CreateNewUserSendNewUserWelcome(Person p)
{
User = MembershipService.CreateUser(db, p.PeopleId);
db.SubmitChanges();
AccountModel.SendNewUserEmail(User.Username);
}
