public void Update(User user)
{
User oldUser = Get(user.UserId);
bool nonAdminWantsToBeAdmin = !oldUser.UserName.Equals("ippsadmin") && user.UserName.Equals("ippsadmin");
bool adminWantsToBeNonAdmin = oldUser.UserName.Equals("ippsadmin") && !user.UserName.Equals("ippsadmin");
bool adminWantsToUpdateAdminStatus = oldUser.UserName.Equals("ippsadmin");
if (adminWantsToBeNonAdmin)
throw new AdminCanNotBeChangedException();
else if (adminWantsToUpdateAdminStatus)
throw new AdminCanNotBeDeletedException();
else if (nonAdminWantsToBeAdmin)
throw new UserCanNotBeAdminException();
//upon changing of email or userid, generate a new password and notify the user
bool generatePassword = !oldUser.Email.Equals(user.Email) || !oldUser.UserName.Equals(user.UserName);
oldUser.UserName = user.UserName;
oldUser.FirstName = user.FirstName;
oldUser.LastName = user.LastName;
oldUser.Email = user.Email;
AddOrUpdateUser(oldUser, true, generatePassword);
}
public void Add(User user)
{
bool serviceWantsToAddAdmin = user.UserName.Equals("ippsadmin");
if (serviceWantsToAddAdmin)
throw new GenericLogicException(LogicMessageHelper.ToString(LogicMessage.ADMIN_USER_MUST_BE_ADDED_BY_AUTOMATIC_SCRIPT));
AddOrUpdateUser(user);
}
public void Remove(User user)
{
if (user.UserName == null || user.UserName.Equals(""))
throw new ArgumentNullException("UserId is null.");
if (user.UserName.Equals("ippsadmin"))
throw new AdminCanNotBeDeletedException();
User removeUser = GetByName(user.UserName);
UserDao.Remove(removeUser);
}
public ActionResult UserPasswordRenew(User userForm)
{
try
{
UserRequest userRequest = new UserRequest
{
Users = new List<User> { new User { UserName = userForm.UserName, Email = userForm.Email } }
};
UserResponse userResponse;
if (string.IsNullOrEmpty(userForm.FirstName) && string.IsNullOrEmpty(userForm.LastName))
{
userResponse = RestPostUserRequest("GetByName", userRequest);
User user = userResponse.Users[0];
if (!user.Email.Equals(userForm.Email))
{
ModelState.AddModelError("", Resources.Global.MessageInvalidValues);
return View("UserPasswordRenewConfirm", userForm);
}
}
userResponse = RestPostUserRequest("IssueNewPassword", userRequest);
if (userResponse.Result == Result.OK)
userResponse.ResultMessages.Add(Resources.Global.MessageRenewPassword);
ViewBag.Result = userResponse.Result;
ViewBag.ResultMessages = userResponse.ResultMessages;
ViewBag.ReturnToAction = ReturnToAction;
ViewBag.ReturnToController = ReturnToController;
ViewBag.Title = Resources.Global.PasswordRenew;
return View(NippsSiteHelper.ResultMessageView);
}
catch (Exception ex)
{
Logger.Error("{0}: {1}", userForm, ex.ToString());
if (CommonHelper.CheckNoDataFoundException(ex))
ModelState.AddModelError("", Resources.Global.MessageInvalidValues);
else
ModelState.AddModelError("", Resources.Global.MessageUnknownError);
}
return View("UserPasswordRenewConfirm", userForm);
}
public ActionResult UserPasswordRenewConfirm(User user)
{
return View(user == null ? new User() : user);
}
public ActionResult UserRemove(User user)
{
ViewBag.ReturnToAction = ReturnToAction;
ViewBag.ReturnToController = ReturnToController;
ViewBag.Title = Resources.Global.UserRemoveTitle;
ViewBag.Name = Resources.Global.UserRemove;
try
{
string svcUri = CommonHelper.AuthManagerServiceUrl + "UserService/Remove";
UserRequest userRequest = new UserRequest { Users = new List<User> { user } };
UserResponse userResponse = RestHelper.RestPostObject<UserResponse, UserRequest>(svcUri, userRequest);
if (userResponse.Result == Result.OK)
return RedirectToAction("UserList");
SetViewBagResult(userResponse, ViewBag);
}
catch (Exception ex)
{
Logger.Error("{0}: {1}", user, ex.ToString());
SetViewBagResult(new UserResponse { Result = Result.FAIL, ResultMessages = new List<string> { ex.ToString() } }, ViewBag);
}
return View(NippsSiteHelper.ResultMessageView);
}
public ActionResult UserAddConfirm(User user)
{
return View(user == null ? new User() : user);
}
private bool ValidateUserPassword(User user, string passWord)
{
//newly created user is entering the system first time
if (user.CreateDate.Equals(user.PasswordUpdateDate))
{
//is timed out?
if (user.PasswordUpdateDate.AddHours(1) < DateTime.Now)
{
throw new PasswordExpiredException();
}
}
if (user.PasswordHash.Equals(PasswordCrypto.EncryptUserPassword(user.UserName, passWord)))
{
//update successfull attempt
user.LastSuccessAttempt = DateTime.Now;
user.InvalidAttemptCount = 0;
UserDao.Update(user);
return true;
}
else
{
//update invalid attempt
user.LastInvalidAttempt = DateTime.Now;
user.InvalidAttemptCount += 1;
UserDao.Update(user);
throw new InvalidPasswordException();
}
}
private void AddOrUpdateUser(User user, bool isUpdate = false, bool generatePassword = true)
{
string messagePart = "";
if (generatePassword)
{
user.PasswordHash = GenerateRandomNumber();
messagePart = string.Format("Kullanıcı Kodunuz: {0}\nŞifreniz: {1}\n\n", user.UserName, user.PasswordHash);
HashPassword(user, user.PasswordHash);
}
if (isUpdate)
UserDao.Update(user);
else
UserDao.Add(user);
if (generatePassword)
{
//send an e-mail to the user to inform a new password generated and available to enter to the system
try
{
EmailLogic.MessageTemplate = string.Format(ConfigurationManager.AppSettings.Get("PasswordNotificationTemplate").ToString(), DateTime.Now, "{0}");
EmailLogic.SendNewPasswordNotification(user.Email, messagePart);
}
catch (Exception ex)
{
mLogger.Error(ex.ToString());
}
}
}
private void HashPassword(User user, string passWord)
{
user.PasswordHash = PasswordCrypto.EncryptUserPassword(user.UserName, passWord);
user.InvalidAttemptCount = 0;
user.PasswordUpdateDate = DateTime.Now;
}
