private static UserInfo GetUser(string userName, string password, string provider, string accessToken, out bool viaEmail)
{
viaEmail = true;
var action = MessageAction.LoginFailViaApi;
UserInfo user;
try
{
if (string.IsNullOrEmpty(provider) || provider == "email")
{
userName.ThrowIfNull(new ArgumentException("userName empty", "userName"));
password.ThrowIfNull(new ArgumentException("password empty", "password"));
if (!ActiveDirectoryUserImporter.TryGetLdapUserInfo(userName, password, out user))
{
user = CoreContext.UserManager.GetUsers(
CoreContext.TenantManager.GetCurrentTenant().TenantId,
userName,
Hasher.Base64Hash(password, HashAlg.SHA256));
}
if (user == null || !CoreContext.UserManager.UserExists(user.ID))
{
throw new Exception("user not found");
}
}
else
{
viaEmail = false;
action = MessageAction.LoginFailViaApiSocialAccount;
var thirdPartyProfile = ProviderManager.GetLoginProfile(provider, accessToken);
userName = thirdPartyProfile.EMail;
user = LoginWithThirdParty.GetUserByThirdParty(thirdPartyProfile);
}
}
catch
{
MessageService.Send(Request, string.IsNullOrEmpty(userName) ? userName : AuditResource.EmailNotSpecified, action);
throw new AuthenticationException("User authentication failed");
}
var tenant = CoreContext.TenantManager.GetCurrentTenant();
var settings = SettingsManager.Instance.LoadSettings <IPRestrictionsSettings>(tenant.TenantId);
if (settings.Enable && user.ID != tenant.OwnerId && !IPSecurity.IPSecurity.Verify(tenant))
{
throw new IPSecurityException();
}
return(user);
}
private UserInfo GetUser(out AuthMethod method)
{
UserInfo userInfo;
if (ActiveDirectoryUserImporter.TryGetLdapUserInfo(Login, Password, out userInfo))
{
method = AuthMethod.Ldap;
return(userInfo);
}
Guid userId;
if (LoginWithThirdParty.TryGetUserByHash(HashId, out userId))
{
method = AuthMethod.ThirdParty;
return(CoreContext.UserManager.GetUsers(userId));
}
method = AuthMethod.Login;
return(CoreContext.UserManager.GetUsers(TenantProvider.CurrentTenantID, Login, Hasher.Base64Hash(Password, HashAlg.SHA256)));
}
protected void Page_Load(object sender, EventArgs e)
{
Page.RegisterStyleControl(VirtualPathUtility.ToAbsolute("~/usercontrols/common/authorize/css/authorize.less"));
Page.RegisterBodyScripts(ResolveUrl("~/usercontrols/common/authorize/js/authorize.js"));
Login = "";
Password = "";
HashId = "";
//Account link control
AccountLinkControl accountLink = null;
if (SetupInfo.ThirdPartyAuthEnabled && AccountLinkControl.IsNotEmpty)
{
accountLink = (AccountLinkControl)LoadControl(AccountLinkControl.Location);
accountLink.Visible = true;
accountLink.ClientCallback = "authCallback";
accountLink.SettingsView = false;
signInPlaceholder.Controls.Add(accountLink);
}
//top panel
var master = Page.Master as BaseTemplate;
if (master != null)
{
master.TopStudioPanel.DisableProductNavigation = true;
master.TopStudioPanel.DisableSearch = true;
}
Page.Title = HeaderStringHelper.GetPageTitle(Resource.Authorization);
pwdReminderHolder.Controls.Add(LoadControl(PwdTool.Location));
var msg = Request["m"];
var urlError = Request.QueryString["error"];
if (!string.IsNullOrEmpty(msg))
{
ErrorMessage = msg;
}
else if (urlError == "ipsecurity")
{
ErrorMessage = Resource.LoginFailIPSecurityMsg;
}
var thirdPartyProfile = Request.Url.GetProfile();
if ((IsPostBack || thirdPartyProfile != null) && !SecurityContext.IsAuthenticated)
{
var tryByHash = false;
var smsLoginUrl = string.Empty;
try
{
if (thirdPartyProfile != null)
{
if (string.IsNullOrEmpty(thirdPartyProfile.AuthorizationError))
{
HashId = thirdPartyProfile.HashId;
}
else
{
// ignore cancellation
if (thirdPartyProfile.AuthorizationError != "Canceled at provider")
{
ErrorMessage = thirdPartyProfile.AuthorizationError;
}
}
}
else
{
if (!string.IsNullOrEmpty(Request["__EVENTARGUMENT"]) && Request["__EVENTTARGET"] == "signInLogin" && accountLink != null)
{
HashId = ASC.Common.Utils.Signature.Read <string>(Request["__EVENTARGUMENT"]);
}
}
if (!string.IsNullOrEmpty(Request["login"]))
{
Login = Request["login"].Trim();
}
else if (string.IsNullOrEmpty(HashId))
{
throw new InvalidCredentialException("login");
}
if (!string.IsNullOrEmpty(Request["pwd"]))
{
Password = Request["pwd"];
}
else if (string.IsNullOrEmpty(HashId))
{
throw new InvalidCredentialException("password");
}
if (string.IsNullOrEmpty(HashId))
{
var counter = (int)(cache.Get("loginsec/" + Login) ?? 0);
if (++counter % 5 == 0)
{
Thread.Sleep(TimeSpan.FromSeconds(10));
}
cache.Insert("loginsec/" + Login, counter, DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));
}
if (!ActiveDirectoryUserImporter.TryLdapAuth(Login, Password))
{
smsLoginUrl = SmsLoginUrl(accountLink);
if (string.IsNullOrEmpty(smsLoginUrl))
{
var session = string.IsNullOrEmpty(Request["remember"]);
if (string.IsNullOrEmpty(HashId))
{
var cookiesKey = SecurityContext.AuthenticateMe(Login, Password);
CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey, session);
MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess);
}
else
{
Guid userId;
tryByHash = TryByHashId(accountLink, HashId, out userId);
var cookiesKey = SecurityContext.AuthenticateMe(userId);
CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey, session);
MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccessViaSocialAccount);
}
}
}
}
catch (InvalidCredentialException)
{
Auth.ProcessLogout();
ErrorMessage = tryByHash ? Resource.LoginWithAccountNotFound : Resource.InvalidUsernameOrPassword;
var loginName = tryByHash && !string.IsNullOrWhiteSpace(HashId)
? HashId
: string.IsNullOrWhiteSpace(Login) ? AuditResource.EmailNotSpecified : Login;
var messageAction = tryByHash ? MessageAction.LoginFailSocialAccountNotFound : MessageAction.LoginFailInvalidCombination;
MessageService.Send(HttpContext.Current.Request, loginName, messageAction);
return;
}
catch (System.Security.SecurityException)
{
Auth.ProcessLogout();
ErrorMessage = Resource.ErrorDisabledProfile;
MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFailDisabledProfile);
return;
}
catch (IPSecurityException)
{
Auth.ProcessLogout();
ErrorMessage = Resource.ErrorIpSecurity;
MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFailIpSecurity);
return;
}
catch (Exception ex)
{
Auth.ProcessLogout();
ErrorMessage = ex.Message;
MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFail);
return;
}
if (!string.IsNullOrEmpty(smsLoginUrl))
{
Response.Redirect(smsLoginUrl);
}
var refererURL = (string)Session["refererURL"];
if (string.IsNullOrEmpty(refererURL))
{
Response.Redirect(CommonLinkUtility.GetDefault());
}
else
{
Session["refererURL"] = null;
Response.Redirect(refererURL);
}
}
ProcessConfirmedEmailCondition();
}
