public AuthorizationServices(int userId, string requiredRight)
{
_userServices = new ServiceUser();
_toemsUser = _userServices.GetUser(userId);
_currentUserRights = _userServices.GetUserRights(userId).Select(right => right.Right).ToList();
_requiredRight = requiredRight;
}
public DtoActionResult ChangePassword(EntityToemsUser user)
{
user.Id = _userId;
var result = _userServices.UpdateUser(user);
if (result == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound));
}
return(result);
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
if (!chkldap.Checked)
{
if (txtUserPwd.Text != txtUserPwdConfirm.Text)
{
EndUserMessage = "Passwords Did Not Match";
return;
}
if (string.IsNullOrEmpty(txtUserPwd.Text))
{
EndUserMessage = "Passwords Cannot Be Empty";
return;
}
if (txtUserPwd.Text.Length < 8)
{
EndUserMessage = "Passwords Must Be At Least 8 Characters";
return;
}
}
else
{
//Create a local random db pass, should never actually be possible to use anyway.
txtUserPwd.Text = new Guid().ToString();
txtUserPwdConfirm.Text = txtUserPwd.Text;
}
var user = new EntityToemsUser
{
Name = txtUserName.Text,
Membership = ddluserMembership.Text,
Salt = Utility.CreateSalt(64),
Email = txtEmail.Text,
Theme = ddlTheme.Text,
IsLdapUser = chkldap.Checked ? 1 : 0,
UserGroupId = -1,
};
user.Password = Utility.CreatePasswordHash(txtUserPwd.Text, user.Salt);
var result = Call.ToemsUserApi.Post(user);
if (!result.Success)
{
EndUserMessage = result.ErrorMessage;
}
else
{
EndUserMessage = "Successfully Created User";
Response.Redirect("~/views/users/edit.aspx?userid=" + result.Id);
}
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
Call = new APICall();
var currentUser = Session["ToemsUser"];
if (currentUser == null)
{
HttpContext.Current.Session.Abandon();
FormsAuthentication.SignOut();
Response.Redirect("~/?session=expired", true);
}
ToemsCurrentUser = (EntityToemsUser)currentUser;
}
private DtoValidationResult ValidateUser(EntityToemsUser user, bool isNewUser)
{
var validationResult = new DtoValidationResult {
Success = true
};
if (string.IsNullOrEmpty(user.Name) || !user.Name.All(c => char.IsLetterOrDigit(c) || c == '_' || c == '-'))
{
validationResult.Success = false;
validationResult.ErrorMessage = "User Name Is Not Valid";
return(validationResult);
}
if (isNewUser)
{
if (string.IsNullOrEmpty(user.Password))
{
validationResult.Success = false;
validationResult.ErrorMessage = "Password Is Not Valid";
return(validationResult);
}
if (_uow.UserRepository.Exists(h => h.Name == user.Name))
{
validationResult.Success = false;
validationResult.ErrorMessage = "A User With This Name Already Exists";
return(validationResult);
}
}
else
{
var originalUser = _uow.UserRepository.GetById(user.Id);
if (originalUser.Name != user.Name)
{
if (_uow.UserRepository.Exists(h => h.Name == user.Name))
{
validationResult.Success = false;
validationResult.ErrorMessage = "A User With This Name Already Exists";
return(validationResult);
}
}
}
return(validationResult);
}
public DtoActionResult AddUser(EntityToemsUser user)
{
var validationResult = ValidateUser(user, true);
var actionResult = new DtoActionResult();
if (validationResult.Success)
{
_uow.UserRepository.Insert(user);
_uow.Save();
actionResult.Success = true;
actionResult.Id = user.Id;
}
else
{
actionResult.ErrorMessage = validationResult.ErrorMessage;
}
return(actionResult);
}
public DtoActionResult AddUser(EntityToemsUser user)
{
user.ImagingToken = Guid.NewGuid().ToString("N").ToUpper() + Guid.NewGuid().ToString("N").ToUpper();
var validationResult = ValidateUser(user, true);
var actionResult = new DtoActionResult();
if (validationResult.Success)
{
_uow.UserRepository.Insert(user);
_uow.Save();
actionResult.Success = true;
actionResult.Id = user.Id;
}
else
{
actionResult.ErrorMessage = validationResult.ErrorMessage;
}
return(actionResult);
}
public DtoActionResult UpdateUser(EntityToemsUser user)
{
var u = GetUser(user.Id);
if (u == null)
{
return new DtoActionResult {
ErrorMessage = "User Not Found", Id = 0
}
}
;
if (GetAdminCount() == 1 && user.Membership != "Administrator" && u.Membership.Equals("Administrator"))
{
return new DtoActionResult()
{
ErrorMessage = "There Must Be At Least 1 Administrator"
}
}
;
var validationResult = ValidateUser(user, false);
var actionResult = new DtoActionResult();
if (validationResult.Success)
{
user.ImagingToken = Guid.NewGuid().ToString("N").ToUpper() + Guid.NewGuid().ToString("N").ToUpper(); //create new token each time user is updated
_uow.UserRepository.Update(user, user.Id);
_uow.Save();
actionResult.Success = true;
actionResult.Id = user.Id;
}
else
{
actionResult.ErrorMessage = validationResult.ErrorMessage;
}
return(actionResult);
}
public DtoActionResult UpdateUser(EntityToemsUser user)
{
var u = GetUser(user.Id);
if (u == null)
{
return new DtoActionResult {
ErrorMessage = "User Not Found", Id = 0
}
}
;
if (GetAdminCount() == 1 && user.Membership != "Administrator" && u.Membership.Equals("Administrator"))
{
return new DtoActionResult()
{
ErrorMessage = "There Must Be At Least 1 Administrator"
}
}
;
var validationResult = ValidateUser(user, false);
var actionResult = new DtoActionResult();
if (validationResult.Success)
{
_uow.UserRepository.Update(user, user.Id);
_uow.Save();
actionResult.Success = true;
actionResult.Id = user.Id;
}
else
{
actionResult.ErrorMessage = validationResult.ErrorMessage;
}
return(actionResult);
}
public DtoValidationResult GlobalLogin(string userName, string password, string loginType)
{
var validationResult = new DtoValidationResult
{
ErrorMessage = "Incorrect Username Or Password",
Success = false
};
var auditLog = new EntityAuditLog();
var auditLogService = new ServiceAuditLog();
auditLog.ObjectId = -1;
auditLog.ObjectName = userName;
auditLog.UserId = -1;
auditLog.ObjectType = "User";
auditLog.AuditType = EnumAuditEntry.AuditType.FailedLogin;
//Check if user exists in database
var user = _userServices.GetUser(userName);
if (user == null)
{
//Check For a first time LDAP User Group Login
if (ServiceSetting.GetSettingValue(SettingStrings.LdapEnabled) == "1")
{
foreach (var ldapGroup in _userGroupServices.GetLdapGroups())
{
if (new LdapServices().Authenticate(userName, password, ldapGroup.GroupLdapName))
{
//user is a valid ldap user via ldap group that has not yet logged in.
//Add the user and allow login.
var cdUser = new EntityToemsUser
{
Name = userName,
Salt = Utility.CreateSalt(64),
IsLdapUser = 1,
Membership = "User",
Theme = "dark",
};
//Create a local random db pass, should never actually be possible to use.
cdUser.Password = Utility.CreatePasswordHash(Utility.GenerateKey(), cdUser.Salt);
if (_userServices.AddUser(cdUser).Success)
{
//add user to group
var newUser = _userServices.GetUser(userName);
_userGroupServices.AddNewGroupMember(ldapGroup.Id, newUser.Id);
auditLog.UserId = newUser.Id;
auditLog.ObjectId = newUser.Id;
validationResult.Success = true;
auditLog.AuditType = EnumAuditEntry.AuditType.SuccessfulLogin;
break;
}
}
}
}
auditLogService.AddAuditLog(auditLog);
return(validationResult);
}
if (_userLockoutServices.AccountIsLocked(user.Id))
{
_userLockoutServices.ProcessBadLogin(user.Id);
validationResult.ErrorMessage = "Account Is Locked";
auditLog.UserId = user.Id;
auditLog.ObjectId = user.Id;
auditLogService.AddAuditLog(auditLog);
return(validationResult);
}
//Check against AD
if (user.IsLdapUser == 1 && ServiceSetting.GetSettingValue(SettingStrings.LdapEnabled) == "1")
{
//Check if user is authenticated against an ldap group
if (user.UserGroupId != -1)
{
//user is part of a group, is the group an ldap group?
var userGroup = _userGroupServices.GetUserGroup(user.UserGroupId);
if (userGroup != null)
{
if (userGroup.IsLdapGroup == 1)
{
//the group is an ldap group
//make sure user is still in that ldap group
if (new LdapServices().Authenticate(userName, password, userGroup.GroupLdapName))
{
validationResult.Success = true;
}
else
{
//user is either not in that group anymore, not in the directory, or bad password
validationResult.Success = false;
if (new LdapServices().Authenticate(userName, password))
{
//password was good but user is no longer in the group
//delete the user
_userServices.DeleteUser(user.Id);
}
}
}
else
{
//the group is not an ldap group
//still need to check creds against directory
if (new LdapServices().Authenticate(userName, password))
{
validationResult.Success = true;
}
}
}
else
{
//group didn't exist for some reason
//still need to check creds against directory
if (new LdapServices().Authenticate(userName, password))
{
validationResult.Success = true;
}
}
}
else
{
//user is not part of a group, check creds against directory
if (new LdapServices().Authenticate(userName, password))
{
validationResult.Success = true;
}
}
}
else if (user.IsLdapUser == 1 && ServiceSetting.GetSettingValue(SettingStrings.LdapEnabled) != "1")
{
//prevent ldap user from logging in with local pass if ldap auth gets turned off
validationResult.Success = false;
}
//Check against local DB
else
{
var hash = Utility.CreatePasswordHash(password, user.Salt);
if (user.Password == hash)
{
validationResult.Success = true;
}
}
if (validationResult.Success)
{
auditLog.AuditType = EnumAuditEntry.AuditType.SuccessfulLogin;
auditLog.UserId = user.Id;
auditLog.ObjectId = user.Id;
auditLogService.AddAuditLog(auditLog);
_userLockoutServices.DeleteUserLockouts(user.Id);
return(validationResult);
}
auditLog.AuditType = EnumAuditEntry.AuditType.FailedLogin;
auditLog.UserId = user.Id;
auditLog.ObjectId = user.Id;
auditLogService.AddAuditLog(auditLog);
_userLockoutServices.ProcessBadLogin(user.Id);
return(validationResult);
}
public DtoActionResult Post(EntityToemsUser user)
{
return(_userServices.AddUser(user));
}
