public WebServiceResponse EditUser (WebServiceLogin login, DBPerson user)
{
WebServiceResponse response = new WebServiceResponse ();
using (DB db = new DB ()) {
Authenticate (db, login, response, true);
if (user.id == 0) {
/* new user, anybody can create new users */
/* create a new person object, and only copy over the fields self is allowed to edit */
if (string.IsNullOrEmpty (user.password) || user.password.Length < 8) {
response.Exception = new WebServiceException ("Password must be at least 8 characters long");
return response;
}
DBPerson person = new DBPerson ();
person.fullname = user.fullname;
person.login = user.login;
person.password = user.password;
person.irc_nicknames = user.irc_nicknames;
person.Save (db);
} else {
if (Utilities.IsInRole (response, Roles.Administrator)) {
/* admin editing (or adming editing self) */
user.Save (db); // no restrictions
} else if (response.UserName == user.login) {
/* editing self */
/* create another person object, and only copy over the fields self is allowed to edit */
DBPerson person = DBPerson_Extensions.Create (db, user.id);
person.fullname = user.fullname;
person.password = user.password;
person.irc_nicknames = user.irc_nicknames;
person.Save (db);
} else {
/* somebody else editing some other person */
response.Exception = new WebServiceException (new HttpException (403, "You're not allowed to edit this user"));
}
}
}
return response;
}
public GetUserResponse GetUser (WebServiceLogin login, int? id, string username)
{
DBPerson result = null;
GetUserResponse response = new GetUserResponse ();
using (DB db = new DB ()) {
Authenticate (db, login, response, true);
if (!id.HasValue) {
using (IDbCommand cmd = db.CreateCommand ()) {
cmd.CommandText = "SELECT * FROM Person WHERE login = @login;";
DB.CreateParameter (cmd, "login", username);
using (IDataReader reader = cmd.ExecuteReader ()) {
if (reader.Read ())
result = new DBPerson (reader);
}
}
} else {
result = DBPerson_Extensions.Create (db, id.Value);
}
if (result != null && (result.login == response.UserName || Utilities.IsInRole (response, Roles.Administrator))) {
result.Emails = result.GetEmails (db).ToArray ();
response.User = result;
} else {
response.Exception = new WebServiceException (new HttpException (403, "You don't have access to this user's data"));
}
}
return response;
}
private void FindPerson (DBPerson person, List<DBPerson> people)
{
using (DB db = new DB ()) {
using (IDbCommand cmd = db.CreateCommand ()) {
cmd.CommandText = string.Empty;
// find registered people with the same email
if (person.Emails != null) {
int email_counter = 0;
foreach (string email in person.Emails) {
if (string.IsNullOrEmpty (email))
continue;
email_counter++;
cmd.CommandText += "SELECT Person.* FROM Person INNER JOIN UserEmail ON Person.id = UserEmail.person_id WHERE UserEmail.email ILIKE @email" + email_counter.ToString () + ";\n";
DB.CreateParameter (cmd, "email" + email_counter.ToString (), email);
}
}
// find registered people with the same fullname
if (!string.IsNullOrEmpty (person.fullname)) {
cmd.CommandText += "SELECT Person.* FROM Person WHERE fullname ILIKE @fullname;";
DB.CreateParameter (cmd, "fullname", person.fullname);
}
using (IDataReader reader = cmd.ExecuteReader ()) {
do {
while (reader.Read ()) {
DBPerson guy = new DBPerson (reader);
if (people.Exists ((v) => v.id == guy.id))
continue;
people.Add (guy);
}
} while (reader.NextResult ());
}
}
}
if (people.Count == 0)
people.Add (person);
}
public void EditHostWithPassword (WebServiceLogin login, DBHost host, string password)
{
using (DB db = new DB ()) {
using (IDbTransaction transaction = db.BeginTransaction ()) {
VerifyUserInRole (db, login, Roles.Administrator);
var oldHost = FindHost (db, host.id, null);
host.Save (db);
// NOTE: it is possible to change the password of an existing account by creating
// a host with the same name and specify the password. Given that admin rights
// are required to create/modify hosts, it shouldn't pose a security issue.
// TODO: if host changed name, delete the old user account.
DBPerson person = FindPerson (db, host.host);
if (person == null) {
person = new DBPerson ();
person.login = host.host;
person.roles = Roles.BuildBot;
} else {
if (person.roles != Roles.BuildBot)
throw new ArgumentException ("The hosts entry in the person table must have its roles set to 'BuildBot'.");
}
person.password = password;
person.Save (db);
transaction.Commit ();
Audit (login, "edited host `{0}` -> `{1}`",
Newtonsoft.Json.JsonConvert.SerializeObject(oldHost),
Newtonsoft.Json.JsonConvert.SerializeObject(host)
);
}
}
}
public static void FindPeopleForCommit (DBLane lane, DBRevision revision, List<DBPerson> people)
{
DBPerson person;
try {
foreach (string repository in lane.repository.Split (new char [] { ',' }, StringSplitOptions.RemoveEmptyEntries)) {
string cache_dir = Configuration.GetSchedulerRepositoryCacheDirectory (repository);
if (!Directory.Exists (cache_dir))
continue;
using (Process git = new Process ()) {
DateTime git_start = DateTime.Now;
git.StartInfo.FileName = "git";
git.StartInfo.Arguments = "log -1 --pretty=format:'%aE%n%aN%n%cE%n%cN' " + revision.revision;
git.StartInfo.WorkingDirectory = cache_dir;
git.StartInfo.UseShellExecute = false;
git.StartInfo.RedirectStandardOutput = true;
git.Start ();
string author_email = git.StandardOutput.ReadLine ();
string author_name = git.StandardOutput.ReadLine ();
string committer_email = git.StandardOutput.ReadLine ();
string committer_name = git.StandardOutput.ReadLine ();
// Wait 10 minutes for git to finish, otherwise abort.
if (!git.WaitForExit (1000 * 60 * 10)) {
GITUpdater.log.Error ("Getting commit info took more than 10 minutes, aborting.");
try {
git.Kill ();
git.WaitForExit (10000); // Give the process 10 more seconds to completely exit.
} catch (Exception ex) {
GITUpdater.log.ErrorFormat ("Aborting commit info retrieval failed: {0}", ex.ToString ());
}
}
if (git.HasExited && git.ExitCode == 0) {
GITUpdater.log.InfoFormat ("Got commit info successfully in {0} seconds", (DateTime.Now - git_start).TotalSeconds);
person = new DBPerson ();
person.fullname = author_name;
person.Emails = new string [] { author_email };
people.Add (person);
if (author_name != committer_name && !string.IsNullOrEmpty (committer_name)) {
person = new DBPerson ();
person.fullname = committer_name;
person.Emails = new string [] {committer_email};
people.Add (person);
}
GITUpdater.log.DebugFormat ("Git commit info for {0}: author_name = {1} author_email: {2} committer_name: {3} committer_email: {4}", revision.revision, author_name, author_email, committer_name, committer_email);
} else {
GITUpdater.log.ErrorFormat ("Didn't get commit info, HasExited: {0}, ExitCode: {1}", git.HasExited, git.HasExited ? git.ExitCode.ToString () : "N/A");
}
}
}
} catch (Exception ex) {
GITUpdater.log.ErrorFormat ("Exception while trying to get commit info: {0}", ex.ToString ());
}
}
public static void LoginDB (DB db, LoginResponse response, string username, string roles, string ip4) {
// We now create an account with an empty password and the specified roles.
// Note that it is not possible to log into an account with an empty password
// using the normal login procedure.
DBPerson open_person = null;
using (IDbCommand cmd = db.CreateCommand ()) {
cmd.CommandText = @"SELECT * FROM Person WHERE login = @login;";
DB.CreateParameter (cmd, "login", username);
using (var reader = cmd.ExecuteReader ()) {
if (reader.Read ())
open_person = new DBPerson (reader);
}
}
if (open_person == null) {
open_person = new DBPerson ();
open_person.login = username;
open_person.roles = roles;
open_person.Save (db);
} else {
// only save if something has changed
if (open_person.roles != roles) {
open_person.roles = roles;
open_person.Save (db);
}
}
WebServiceLogin login = new WebServiceLogin ();
login.Ip4 = ip4;
login.User = open_person.login;
db.Audit (login, "DBLogin_Extensions.Login (username: {0}, ip4: {1})", username, ip4);
var result = new DBLogin ();
result.person_id = open_person.id;
result.ip4 = ip4;
result.cookie = CreateCookie ();
result.expires = DateTime.Now.AddDays (1);
result.Save (db);
response.User = username;
response.UserName = username;
response.UserRoles = open_person.Roles;
response.Cookie = result.cookie;
}
protected void cmdSave_OnClick (object sender, EventArgs e)
{
WebServiceResponse rsp;
DBPerson user;
bool created = false;
if (response == null) {
user = new DBPerson ();
user.login = txtUserName.Text;
created = true;
} else {
user = response.User;
}
user.fullname = txtFullName.Text;
user.password = txtPassword.Text;
user.roles = txtRoles.Text;
user.irc_nicknames = txtIRCNicks.Text;
rsp = Utils.LocalWebService.EditUser (Master.WebServiceLogin, user);
if (rsp.Exception != null) {
lblMessage.Text = rsp.Exception.Message;
} else {
if (!Authentication.IsLoggedIn (rsp) && created) {
Authentication.Login (user.login, user.password, Request, Response);
}
Response.Redirect ("User.aspx?username=" + HttpUtility.UrlEncode (user.login), false);
}
}
public static void LoginOpenId (DB db, LoginResponse response, string email, string ip4)
{
if (string.IsNullOrEmpty (Configuration.OpenIdProvider) && string.IsNullOrEmpty (Configuration.OauthClientId))
throw new Exception ("No OpenId provider available");
if (string.IsNullOrEmpty (Configuration.OpenIdRoles))
throw new Exception ("No OpenId roles specified");
if (string.IsNullOrEmpty (email))
throw new Exception ("OpenId authentication requires an email");
string [] specs = Configuration.OpenIdRoles.Split (';');
foreach (var spec in specs) {
// email:role1,role2
string [] split = spec.Split (':');
if (split.Length != 2) {
log.ErrorFormat ("AuthenticateOpenId: Invalid role spec: {0}", spec);
continue;
}
if (string.IsNullOrEmpty (split [1])) {
log.ErrorFormat ("AuthenticateOpenId: No roles specified for {0}", split [0]);
continue;
}
if (!Regex.IsMatch (email, split [0]))
continue;
// We now create an account with an empty password and the specified roles.
// Note that it is not possible to log into an account with an empty password
// using the normal login procedure.
DBPerson open_person = null;
using (IDbCommand cmd = db.CreateCommand ()) {
cmd.CommandText = @"SELECT * FROM Person WHERE login = @login;";
DB.CreateParameter (cmd, "login", email);
using (var reader = cmd.ExecuteReader ()) {
if (reader.Read ())
open_person = new DBPerson (reader);
}
}
if (open_person == null) {
open_person = new DBPerson ();
open_person.login = email;
open_person.roles = split [1];
open_person.Save (db);
} else {
// only save if something has changed
if (open_person.roles != split [1]) {
open_person.roles = split [1];
open_person.Save (db);
}
}
WebServiceLogin login = new WebServiceLogin ();
login.Ip4 = ip4;
login.User = open_person.login;
db.Audit (login, "DBLogin_Extensions.LoginOpenId (email: {0}, ip4: {1})", email, ip4);
var result = new DBLogin ();
result.person_id = open_person.id;
result.ip4 = ip4;
result.cookie = CreateCookie ();
result.expires = DateTime.Now.AddDays (1);
result.Save (db);
response.User = email;
response.UserName = email;
response.UserRoles = open_person.Roles;
response.Cookie = result.cookie;
return;
}
throw new Exception ("The provided email address is not allowed to log in");
}
public static void FindPeopleForCommit (DBLane lane, DBRevision revision, List<DBPerson> people)
{
DBPerson person = new DBPerson ();
person.fullname = revision.author;
people.Add (person);
}
