protected void LoginToPortal()
{
try
{
var passwordHash = Request["passwordHash"];
if (string.IsNullOrEmpty(passwordHash))
{
throw new Exception(Resource.ErrorPasswordEmpty);
}
SecurityContext.SetUserPasswordHash(User.ID, passwordHash);
MessageService.Send(Request, MessageAction.UserUpdatedPassword);
CookiesManager.ResetUserCookie();
MessageService.Send(Request, MessageAction.CookieSettingsUpdated);
}
catch (SecurityContext.PasswordException)
{
ShowError(Resource.ErrorPasswordRechange, false);
return;
}
catch (Exception ex)
{
ShowError(ex.Message, false);
return;
}
Response.Redirect(CommonLinkUtility.GetDefault());
}
public void LogOutAllActiveConnections(Guid?userId = null)
{
var currentUserId = SecurityContext.CurrentAccount.ID;
var user = CoreContext.UserManager.GetUsers(userId ?? currentUserId);
var userName = user.DisplayUserName(false);
var auditEventDate = DateTime.UtcNow;
MessageService.Send(Request, auditEventDate,
(currentUserId.Equals(user.ID)) ? MessageAction.UserLogoutActiveConnections : MessageAction.UserLogoutActiveConnectionsForUser,
MessageTarget.Create(user.ID), userName);
CookiesManager.ResetUserCookie(user.ID);
}
[Read("logout")]// temp fix
public void Logout()
{
if (SecurityContext.IsAuthenticated)
{
CookiesManager.ResetUserCookie(SecurityContext.CurrentAccount.ID);
}
CookiesManager.ClearCookies(CookiesType.AuthKey);
CookiesManager.ClearCookies(CookiesType.SocketIO);
SecurityContext.Logout();
}
protected void DeleteProfile(object sender, EventArgs e)
{
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
var user = CoreContext.UserManager.GetUsers(UserId);
user.Status = EmployeeStatus.Terminated;
CoreContext.UserManager.SaveUserInfo(user);
MessageService.Send(HttpContext.Current.Request, MessageInitiator.System, MessageAction.UsersUpdatedStatus, MessageTarget.Create(user.ID), user.DisplayUserName(false));
CookiesManager.ResetUserCookie(user.ID);
MessageService.Send(HttpContext.Current.Request, MessageAction.CookieSettingsUpdated);
if (CoreContext.Configuration.Personal)
{
UserPhotoManager.RemovePhoto(user.ID);
CoreContext.UserManager.DeleteUser(user.ID);
MessageService.Send(Request, MessageAction.UserDeleted, MessageTarget.Create(user.ID), user.DisplayUserName(false));
}
else
{
StudioNotifyService.Instance.SendMsgProfileHasDeletedItself(user);
}
operationBlock.Visible = false;
result.Visible = true;
errorBlock.Visible = false;
}
catch (Exception ex)
{
operationBlock.Visible = false;
result.Visible = false;
errorBlock.InnerHtml = ex.Message;
errorBlock.Visible = true;
}
finally
{
Auth.ProcessLogout();
}
}
protected void LoginToPortal(object sender, EventArgs e)
{
try
{
var pwd = Request.Form["pwdInput"];
UserManagerWrapper.CheckPasswordPolicy(pwd);
SecurityContext.SetUserPassword(User.ID, pwd);
MessageService.Send(Request, MessageAction.UserUpdatedPassword);
CookiesManager.ResetUserCookie();
MessageService.Send(Request, MessageAction.CookieSettingsUpdated);
}
catch (Exception ex)
{
ShowError(ex.Message, false);
return;
}
Response.Redirect(CommonLinkUtility.GetDefault());
}
public EmployeeWraperFull ChangeUserPassword(Guid userid, String password, String email)
{
SecurityContext.DemandPermissions(new UserSecurityProvider(userid), Core.Users.Constants.Action_EditUser);
if (!CoreContext.UserManager.UserExists(userid))
{
return(null);
}
var user = CoreContext.UserManager.GetUsers(userid);
if (CoreContext.UserManager.IsSystemUser(user.ID))
{
throw new SecurityException();
}
if (!string.IsNullOrEmpty(email))
{
var address = new MailAddress(email);
if (!string.Equals(address.Address, user.Email, StringComparison.OrdinalIgnoreCase))
{
user.Email = address.Address.ToLowerInvariant();
user.ActivationStatus = EmployeeActivationStatus.Activated;
CoreContext.UserManager.SaveUserInfo(user);
}
}
if (!string.IsNullOrEmpty(password))
{
SecurityContext.SetUserPassword(userid, password);
MessageService.Send(HttpContext.Current.Request, MessageAction.UserUpdatedPassword);
CookiesManager.ResetUserCookie();
MessageService.Send(HttpContext.Current.Request, MessageAction.CookieSettingsUpdated);
}
return(new EmployeeWraperFull(GetUserInfo(userid.ToString())));
}
protected void Page_Load(object sender, EventArgs e)
{
Page.RegisterBodyScripts(
"~/js/third-party/xregexp.js",
"~/UserControls/Management/ConfirmActivation/js/confirmactivation.js")
.RegisterStyle("~/UserControls/Management/ConfirmActivation/css/confirmactivation.less");
Page.Title = HeaderStringHelper.GetPageTitle(Resource.Authorization);
var email = (Request["email"] ?? "").Trim();
if (string.IsNullOrEmpty(email))
{
ShowError(Resource.ErrorNotCorrectEmail);
return;
}
Type = typeof(ConfirmType).TryParseEnum(Request["type"] ?? "", ConfirmType.EmpInvite);
try
{
if (Type == ConfirmType.EmailChange)
{
User = CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID);
User.Email = email;
CoreContext.UserManager.SaveUserInfo(User);
MessageService.Send(Request, MessageAction.UserUpdatedEmail);
ActivateMail(User);
const string successParam = "email_change=success";
CookiesManager.ResetUserCookie();
if (User.IsVisitor())
{
Response.Redirect(CommonLinkUtility.ToAbsolute("~/My.aspx?" + successParam), true);
}
Response.Redirect(string.Format("{0}&{1}", User.GetUserProfilePageURL(), successParam), true);
return;
}
User = CoreContext.UserManager.GetUserByEmail(email);
if (User.ID.Equals(Constants.LostUser.ID))
{
ShowError(string.Format(Resource.ErrorUserNotFoundByEmail, email));
return;
}
if (!User.ID.Equals(SecurityContext.CurrentAccount.ID))
{
Auth.ProcessLogout();
}
UserAuth(User);
ActivateMail(User);
passwordSetter.Visible = true;
ButtonEmailAndPasswordOK.Text = Resource.EmailAndPasswordOK;
}
catch (ThreadAbortException)
{
}
catch (Exception ex)
{
ShowError(ex.Message);
}
if (IsPostBack)
{
LoginToPortal();
}
}
public bool TryGetAndSyncLdapUserInfo(string login, string password, out UserInfo userInfo)
{
userInfo = Constants.LostUser;
NovellLdapUserImporter importer = null;
try
{
var settings = LdapSettings.Load();
if (!settings.EnableLdapAuthentication)
{
return(false);
}
_log.DebugFormat("TryGetAndSyncLdapUserInfo(login: \"{0}\")", login);
importer = new NovellLdapUserImporter(settings, Resource);
var ldapUserInfo = importer.Login(login, password);
if (ldapUserInfo == null || ldapUserInfo.Item1.Equals(Constants.LostUser))
{
_log.DebugFormat("NovellLdapUserImporter.Login('{0}') failed.", login);
return(false);
}
var portalUser = CoreContext.UserManager.GetUserBySid(ldapUserInfo.Item1.Sid);
if (portalUser.Status == EmployeeStatus.Terminated || portalUser.Equals(Constants.LostUser))
{
if (!ldapUserInfo.Item2.IsDisabled)
{
_log.DebugFormat("TryCheckAndSyncToLdapUser(Username: '******', Email: {1}, DN: {2})",
ldapUserInfo.Item1.UserName, ldapUserInfo.Item1.Email, ldapUserInfo.Item2.DistinguishedName);
if (!TryCheckAndSyncToLdapUser(ldapUserInfo, importer, out userInfo))
{
importer.Dispose();
_log.Debug("TryCheckAndSyncToLdapUser() failed");
return(false);
}
importer.Dispose();
}
else
{
importer.Dispose();
return(false);
}
}
else
{
_log.DebugFormat("TryCheckAndSyncToLdapUser(Username: '******', Email: {1}, DN: {2})",
ldapUserInfo.Item1.UserName, ldapUserInfo.Item1.Email, ldapUserInfo.Item2.DistinguishedName);
var tenant = CoreContext.TenantManager.GetCurrentTenant();
new System.Threading.Tasks.Task(() =>
{
try
{
CoreContext.TenantManager.SetCurrentTenant(tenant);
SecurityContext.CurrentAccount = Core.Configuration.Constants.CoreSystem;
var uInfo = SyncLDAPUser(ldapUserInfo.Item1);
var newLdapUserInfo = new Tuple <UserInfo, LdapObject>(uInfo, ldapUserInfo.Item2);
if (importer.Settings.GroupMembership)
{
if (!importer.TrySyncUserGroupMembership(newLdapUserInfo))
{
_log.DebugFormat("TryGetAndSyncLdapUserInfo(login: \"{0}\") disabling user {1} due to not being included in any ldap group", login, uInfo);
uInfo.Status = EmployeeStatus.Terminated;
uInfo.Sid = null;
CoreContext.UserManager.SaveUserInfo(uInfo, syncCardDav: true);
CookiesManager.ResetUserCookie(uInfo.ID);
}
}
}
finally
{
importer.Dispose();
}
}).Start();
if (ldapUserInfo.Item2.IsDisabled)
{
_log.DebugFormat("TryGetAndSyncLdapUserInfo(login: \"{0}\") failed, user is disabled in ldap", login);
return(false);
}
else
{
userInfo = portalUser;
}
}
return(true);
}
catch (Exception ex)
{
if (importer != null)
{
importer.Dispose();
}
_log.ErrorFormat("TryGetLdapUserInfo(login: '******') failed. Error: {1}", login, ex);
userInfo = Constants.LostUser;
return(false);
}
}
public void ProcessRequest(HttpContext context)
{
try
{
if (!SetupInfo.IsVisibleSettings(ManagementType.SingleSignOnSettings.ToString()))
{
_log.DebugFormat("Single sign-on settings are disabled");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled),
false);
return;
}
if (CoreContext.Configuration.Standalone &&
!CoreContext.TenantManager.GetTenantQuota(TenantProvider.CurrentTenantID).Sso)
{
_log.DebugFormat("Single sign-on settings are not paid");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.ErrorNotAllowedOption), false);
return;
}
var settings = SsoSettingsV2.Load();
if (context.Request["config"] == "saml")
{
context.Response.StatusCode = 200;
var signedSettings = Signature.Create(settings);
var ssoConfig = JavaScriptSerializer.Serialize(signedSettings);
context.Response.Write(ssoConfig.Replace("\"", ""));
return;
}
if (!settings.EnableSso)
{
_log.DebugFormat("Single sign-on is disabled");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled),
false);
return;
}
var data = context.Request["data"];
if (string.IsNullOrEmpty(data))
{
_log.Error("SAML response is null or empty");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsEmptyToken), false);
return;
}
if (context.Request["auth"] == "true")
{
var userData = Signature.Read <SsoUserData>(data);
if (userData == null)
{
_log.Error("SAML response is not valid");
MessageService.Send(context.Request, MessageAction.LoginFailViaSSO);
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsNotValidToken), false);
return;
}
var userInfo = userData.ToUserInfo(true);
if (Equals(userInfo, Constants.LostUser))
{
_log.Error("Can't create userInfo using current SAML response");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsCantCreateUser), false);
return;
}
if (userInfo.Status == EmployeeStatus.Terminated)
{
_log.Error("Current user is terminated");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsUserTerminated), false);
return;
}
if (context.User != null && context.User.Identity != null && context.User.Identity.IsAuthenticated)
{
var authenticatedUserInfo = CoreContext.UserManager.GetUsers(((IUserAccount)context.User.Identity).ID);
if (!Equals(userInfo, authenticatedUserInfo))
{
var loginName = authenticatedUserInfo.DisplayUserName(false);
CookiesManager.ResetUserCookie();
SecurityContext.Logout();
MessageService.Send(HttpContext.Current.Request, loginName, MessageAction.Logout);
}
else
{
_log.DebugFormat("User {0} already authenticated", context.User.Identity);
}
}
userInfo = AddUser(userInfo);
var authKey = SecurityContext.AuthenticateMe(userInfo.ID);
CookiesManager.SetCookies(CookiesType.AuthKey, authKey);
MessageService.Send(context.Request, MessageAction.LoginSuccessViaSSO);
context.Response.Redirect(CommonLinkUtility.GetDefault() + "?token=" + HttpUtility.UrlEncode(authKey), false);
}
else if (context.Request["logout"] == "true")
{
var logoutSsoUserData = Signature.Read <LogoutSsoUserData>(data);
if (logoutSsoUserData == null)
{
_log.Error("SAML Logout response is not valid");
MessageService.Send(context.Request, MessageAction.LoginFailViaSSO);
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsNotValidToken), false);
return;
}
var userInfo = CoreContext.UserManager.GetSsoUserByNameId(logoutSsoUserData.NameId);
if (Equals(userInfo, Constants.LostUser))
{
_log.Error("Can't logout userInfo using current SAML response");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsCantCreateUser), false);
return;
}
if (userInfo.Status == EmployeeStatus.Terminated)
{
_log.Error("Current user is terminated");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsUserTerminated), false);
return;
}
SecurityContext.AuthenticateMe(userInfo.ID);
var loginName = userInfo.DisplayUserName(false);
CookiesManager.ResetUserCookie();
SecurityContext.Logout();
MessageService.Send(HttpContext.Current.Request, loginName, MessageAction.Logout);
context.Response.Redirect(AUTH_PAGE, false);
}
}
catch (Exception e)
{
_log.ErrorFormat("Unexpected error. {0}", e);
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(e.Message), false);
}
finally
{
context.ApplicationInstance.CompleteRequest();
}
}
