private static UserInfo GetUser(string userName, string password, string provider, string accessToken, out bool viaEmail)
{
viaEmail = true;
var action = MessageAction.LoginFailViaApi;
UserInfo user;
try
{
if (string.IsNullOrEmpty(provider) || provider == "email")
{
userName.ThrowIfNull(new ArgumentException(@"userName empty", "userName"));
password.ThrowIfNull(new ArgumentException(@"password empty", "password"));
var localization = new LdapLocalization(Resource.ResourceManager);
var ldapUserManager = new LdapUserManager(localization);
if (!ldapUserManager.TryGetAndSyncLdapUserInfo(userName, password, out user))
{
user = CoreContext.UserManager.GetUsers(
CoreContext.TenantManager.GetCurrentTenant().TenantId,
userName,
Hasher.Base64Hash(password, HashAlg.SHA256));
}
if (user == null || !CoreContext.UserManager.UserExists(user.ID))
{
throw new Exception("user not found");
}
}
else
{
viaEmail = false;
action = MessageAction.LoginFailViaApiSocialAccount;
var thirdPartyProfile = ProviderManager.GetLoginProfile(provider, accessToken);
userName = thirdPartyProfile.EMail;
user = LoginWithThirdParty.GetUserByThirdParty(thirdPartyProfile);
}
}
catch
{
MessageService.Send(Request, string.IsNullOrEmpty(userName) ? userName : AuditResource.EmailNotSpecified, action);
throw new AuthenticationException("User authentication failed");
}
var tenant = CoreContext.TenantManager.GetCurrentTenant();
var settings = IPRestrictionsSettings.Load();
if (settings.Enable && user.ID != tenant.OwnerId && !IPSecurity.IPSecurity.Verify(tenant))
{
throw new IPSecurityException();
}
return(user);
}
private static UserInfo GetUser(string userName, string password, string provider, string accessToken, out bool viaEmail)
{
viaEmail = true;
var action = MessageAction.LoginFailViaApi;
try
{
UserInfo user;
if (string.IsNullOrEmpty(provider) || provider == "email")
{
userName.ThrowIfNull(new ArgumentException("userName empty", "userName"));
password.ThrowIfNull(new ArgumentException("password empty", "password"));
if (!ActiveDirectoryUserImporter.TryGetLdapUserInfo(userName, password, out user))
{
user = CoreContext.UserManager.GetUsers(
CoreContext.TenantManager.GetCurrentTenant().TenantId,
userName,
Hasher.Base64Hash(password, HashAlg.SHA256));
}
if (user == null || !CoreContext.UserManager.UserExists(user.ID))
{
throw new Exception("user not found");
}
return(user);
}
viaEmail = false;
action = MessageAction.LoginFailViaApiSocialAccount;
var thirdPartyProfile = ProviderManager.GetLoginProfile(provider, accessToken);
userName = thirdPartyProfile.EMail;
user = LoginWithThirdParty.GetUserByThirdParty(thirdPartyProfile);
return(user);
}
catch
{
MessageService.Send(Request, string.IsNullOrEmpty(userName) ? userName : AuditResource.EmailNotSpecified, action);
throw new AuthenticationException("User authentication failed");
}
}
private static UserInfo GetUserInfo(Token token, out bool isNew)
{
isNew = false;
if (token == null)
{
Global.Logger.Error("GoogleDriveApp: token is null");
throw new SecurityException("Access token is null");
}
LoginProfile loginProfile = null;
try
{
loginProfile = new GoogleLoginProvider().GetLoginProfile(token.ToString());
}
catch (Exception ex)
{
Global.Logger.Error("GoogleDriveApp: userinfo request", ex);
}
if (loginProfile == null)
{
Global.Logger.Error("Error in userinfo request");
return(null);
}
var userInfo = CoreContext.UserManager.GetUserByEmail(loginProfile.EMail);
if (Equals(userInfo, Constants.LostUser))
{
userInfo = LoginWithThirdParty.ProfileToUserInfo(loginProfile);
var cultureName = loginProfile.Locale;
if (string.IsNullOrEmpty(cultureName))
{
cultureName = Thread.CurrentThread.CurrentUICulture.Name;
}
var cultureInfo = SetupInfo.EnabledCultures.Find(c => String.Equals(c.Name, cultureName, StringComparison.InvariantCultureIgnoreCase));
if (cultureInfo != null)
{
userInfo.CultureName = cultureInfo.Name;
}
else
{
Global.Logger.DebugFormat("From google app new personal user '{0}' without culture {1}", userInfo.Email, cultureName);
}
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword());
}
finally
{
SecurityContext.Logout();
}
isNew = true;
Global.Logger.Debug("GoogleDriveApp: new user " + userInfo.ID);
}
return(userInfo);
}
private static UserInfo GetUser(string userName, string password, string provider, string accessToken, out bool viaEmail)
{
viaEmail = true;
var action = MessageAction.LoginFailViaApi;
UserInfo user;
try
{
if (string.IsNullOrEmpty(provider) || provider == "email")
{
userName.ThrowIfNull(new ArgumentException(@"userName empty", "userName"));
password.ThrowIfNull(new ArgumentException(@"password empty", "password"));
int counter;
int.TryParse(Cache.Get <String>("loginsec/" + userName), out counter);
if (++counter > 5 && !SetupInfo.IsSecretEmail(userName))
{
throw new Authorize.BruteForceCredentialException();
}
Cache.Insert("loginsec/" + userName, counter.ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));
var localization = new LdapLocalization(Resource.ResourceManager);
var ldapUserManager = new LdapUserManager(localization);
if (!ldapUserManager.TryGetAndSyncLdapUserInfo(userName, password, out user))
{
user = CoreContext.UserManager.GetUsers(
CoreContext.TenantManager.GetCurrentTenant().TenantId,
userName,
Hasher.Base64Hash(password, HashAlg.SHA256));
}
if (user == null || !CoreContext.UserManager.UserExists(user.ID))
{
throw new Exception("user not found");
}
Cache.Insert("loginsec/" + userName, (--counter).ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));
}
else
{
viaEmail = false;
action = MessageAction.LoginFailViaApiSocialAccount;
var thirdPartyProfile = ProviderManager.GetLoginProfile(provider, accessToken);
userName = thirdPartyProfile.EMail;
user = LoginWithThirdParty.GetUserByThirdParty(thirdPartyProfile);
}
}
catch (Authorize.BruteForceCredentialException)
{
MessageService.Send(Request, !string.IsNullOrEmpty(userName) ? userName : AuditResource.EmailNotSpecified, MessageAction.LoginFailBruteForce);
throw new AuthenticationException("Login Fail. Too many attempts");
}
catch
{
MessageService.Send(Request, !string.IsNullOrEmpty(userName) ? userName : AuditResource.EmailNotSpecified, action);
throw new AuthenticationException("User authentication failed");
}
var tenant = CoreContext.TenantManager.GetCurrentTenant();
var settings = IPRestrictionsSettings.Load();
if (settings.Enable && user.ID != tenant.OwnerId && !IPSecurity.IPSecurity.Verify(tenant))
{
throw new IPSecurityException();
}
return(user);
}
