private string HandleResetPassword(DynamicDictionary _parameters) { string email = Request.Headers["EmailAddress"].First(); if (email != null) { HydrantWikiManager hwm = new HydrantWikiManager(); User user = hwm.GetUserByEmail(UserSources.HydrantWiki, email.ToLower()); if (user != null) { string newPassword = RandomString.GetRandomString(10); TGUserPassword up = TGUserPassword.GetNew(user.Guid, user.Username, newPassword); hwm.Persist(up); NameValueCollection nvc = new NameValueCollection { { "Password", newPassword } }; hwm.SendCannedEmail(user, CannedEmailNames.ResetPasswordEmail, nvc); } return("{ \"Result\":\"Success\"}"); } return("{ \"Result\":\"Failure\"}"); }
public bool ValidateUser(TGUser _user, string _testPassword) { TGUserPassword userPassword = GetTGUserPassword(_user.Guid); if (userPassword != null) { string testHash = TGUserPassword.HashPassword(userPassword.Salt, _testPassword); if (testHash.Equals(userPassword.HashedPassword)) { return(true); } } return(false); }
private string Register(DynamicDictionary _parameters) { string username = Request.Headers["Username"].First(); string email = Request.Headers["Email"].First(); string password = Request.Headers["Password"].First(); HydrantWikiManager hwm = new HydrantWikiManager(); User user = hwm.GetUser(UserSources.HydrantWiki, username); if (user == null) { user = new User { UserSource = UserSources.HydrantWiki, IsVerified = false, Active = true, DisplayName = username, EmailAddress = email, UserType = UserTypes.User, Username = username }; hwm.Persist(user); TGUserPassword userPassword = TGUserPassword.GetNew(user.Guid, username, password); hwm.Persist(userPassword); TGUserEmailValidation validation = new TGUserEmailValidation(user); hwm.Persist(validation); NameValueCollection nvc = new NameValueCollection { { "SystemUrl", Config.GetSettingValue("SystemUrl") }, { "ValidationText", validation.ValidationText } }; hwm.SendCannedEmail(user, CannedEmailNames.ValidateEmailAddress, nvc); return("{ \"Result\":\"Success\" }"); } return("{ \"Result\":\"UsernameNotAvailable\" }"); }
private string HandleChangePassword(DynamicDictionary _parameters) { string currentPassword = Request.Form["currentpassword"]; string newPassword = Request.Form["newpassword"]; string username = Request.Headers["Username"].First(); User user = null; AuthHelper.Authorize(username, currentPassword, out user); if (user != null) { TGUserPassword up = TGUserPassword.GetNew(user.Guid, user.Username, newPassword); HydrantWikiManager hwm = new HydrantWikiManager(); hwm.Persist(up); return(@"{ ""Result"":""Success"" }");; } return(@"{ ""Result"":""Failure"" }"); }
public string HandleUserAddPost(DynamicDictionary _parameters) { OpenFormGraphManager manager = new OpenFormGraphManager(); BaseResult result = new BaseResult(); User jUser = AuthHelper.ValidateToken(manager, Request); if (jUser != null && jUser.IsUserAdmin) { string json = ReadBody(); NewUser jNewUser = JsonConvert.DeserializeObject <NewUser>(json); if (jNewUser != null) { jNewUser.Guid = Guid.NewGuid(); TGUser testUser = manager.GetUser(jNewUser.Username); if (testUser == null) { TGUser newUser = new TGUser { FamilyName = jNewUser.LastName, GivenName = jNewUser.FirstName, EmailAddress = jNewUser.EmailAddress, IsVerified = true, DisplayName = jNewUser.Username, Username = jNewUser.Username }; manager.Persist(newUser); TGUserPassword userPassword = TGUserPassword.GetNew(newUser.Guid, newUser.Username, jNewUser.Password); manager.Persist(userPassword); //Add Admin Roles as required if (jNewUser.IsUserAdmin) { TGUserRole userAdminRole = new TGUserRole { Active = true, ParentGuid = newUser.Guid, Name = UserRoles.UserAdmin }; manager.Persist(userAdminRole); } if (jNewUser.IsDataAdmin) { TGUserRole dataAdminRole = new TGUserRole { Active = true, ParentGuid = newUser.Guid, Name = UserRoles.DataAdmin }; manager.Persist(dataAdminRole); } result.Result = "Success"; } else { result.Result = "UsernameNotAvailable"; } } } return(JsonConvert.SerializeObject(result)); }
private BaseResponse ChangePassword(DynamicDictionary _parameters) { User user; BaseResponse response = new BaseResponse(); if (AuthHelper.IsAuthorized(Request, out user)) { HydrantWikiManager hwm = new HydrantWikiManager(); string json = Request.Body.ReadAsString(); Objects.ChangePassword cp = JsonConvert.DeserializeObject <Objects.ChangePassword>(json); if (cp != null) { if (cp.Username == user.Username && user.UserSource == UserSources.HydrantWiki) { if (hwm.ValidateUser(user, cp.ExistingPassword)) { TGUserPassword userPassword = TGUserPassword.GetNew(user.Guid, user.Username, cp.NewPassword); hwm.Persist(userPassword); response.Message = "Password changed"; response.Success = true; hwm.LogInfo(user.Guid, response.Message); } else { //Record failure to test if this is an attack. hwm.RecordAuthenticationFailure(user.Guid); //Existing password doesn't match response.Message = "Existing password does not match"; response.Success = false; hwm.LogWarning(user.Guid, response.Message); } } else { //Usernames don't match response.Message = "Mismatched user"; response.Success = false; hwm.LogWarning(user.Guid, response.Message); } } else { //no body response.Message = "No body"; response.Success = false; hwm.LogWarning(user.Guid, response.Message); } } else { LogUnauthorized(Request); response.Message = "Unauthorized"; response.Success = false; } return(response); }
public BaseResponse CreateAccount(DynamicDictionary _parameters) { BaseResponse response = new BaseResponse(); HydrantWikiManager hwm = new HydrantWikiManager(); try { string json = Request.Body.ReadAsString(); Objects.CreateAccount account = JsonConvert.DeserializeObject <Objects.CreateAccount>(json); User user = hwm.GetUser(UserSources.HydrantWiki, account.Username); if (user == null) { user = hwm.GetUserByEmail(UserSources.HydrantWiki, account.Email); if (user == null) { user = new User(); user.Guid = Guid.NewGuid(); user.Active = true; user.DisplayName = account.Username; user.Username = account.Username; user.EmailAddress = account.Email; user.UserSource = UserSources.HydrantWiki; user.UserType = UserTypes.User; user.IsVerified = false; hwm.Persist(user); TGUserPassword userPassword = TGUserPassword.GetNew(user.Guid, user.Username, account.Password); hwm.Persist(userPassword); TGUserEmailValidation validation = new TGUserEmailValidation(user); hwm.Persist(validation); NameValueCollection nvc = new NameValueCollection { { "SystemUrl", Config.GetSettingValue("SystemUrl") }, { "ValidationText", validation.ValidationText } }; hwm.SendCannedEmail(user, CannedEmailNames.ValidateEmailAddress, nvc); hwm.LogInfo(user.Guid, "User created"); response.Success = true; response.Message = "Please check your email to finish activating your account"; return(response); } else { response.Success = false; response.Message = "Email already in use."; } } else { response.Success = false; response.Message = "Username already exists."; } hwm.LogWarning(Guid.Empty, response.Message); } catch (Exception ex) { response.Success = false; response.Message = "An error occurred"; response.Error = "An error occurred"; hwm.LogException(Guid.Empty, ex); } return(response); }
public BaseResponse ResetPassword(DynamicDictionary _parameters) { BaseResponse response = new BaseResponse(); string json = Request.Body.ReadAsString(); if (json != null) { ResetPassword rr = JsonConvert.DeserializeObject <ResetPassword>(json); if (rr.Email != null && rr.InstallId != null && rr.Code != null && rr.NewPassword != null) { HydrantWikiManager manager = new HydrantWikiManager(); User user = manager.GetUserByEmail(UserSources.HydrantWiki, rr.Email); if (user != null) { DateTime now = DateTime.UtcNow; PasswordReset pr = manager.GetPasswordReset(user.Guid, rr.Code); if (pr != null) { if (pr.CreationDateTime > now.AddHours(-2)) { TGUserPassword userPassword = TGUserPassword.GetNew( user.Guid, user.Username, rr.NewPassword); manager.Persist(userPassword); pr.Active = false; manager.Persist(pr); manager.LogInfo(user.Guid, "Password successfully reset"); response.Success = true; response.Message = "Password successfully reset."; } else { manager.LogWarning(user.Guid, "Password Reset request has expired"); response.Success = false; response.Message = "Password Reset request has expired"; } } else { manager.LogWarning(user.Guid, "Invalid reset code"); response.Success = false; response.Message = "Invalid reset code."; } } else { TraceFileHelper.Warning("User not found ({0})", rr.Email); response.Success = false; response.Message = "User not found."; } } else { response.Message = "Invalid information supplied"; } } else { response.Message = "Body not supplied"; } return(response); }
public AppModule() { Get["/"] = _parameters => { return(View["index.sshtml"]); }; Get["/dev/BuildDB"] = _parameters => { bool devMode = Config.GetBooleanValue("DevMode", false); if (devMode) { OpenFormGraphStructureManager structureManager = new OpenFormGraphStructureManager(); structureManager.BuildDB(); return(View["dev_dbbuildresult.sshtml"]); } return(null); }; Get["/dev/BuildAdminUser"] = _parameters => { bool devMode = Config.GetBooleanValue("DevMode", false); if (devMode) { OpenFormGraphManager manager = new OpenFormGraphManager(); TGUser user = manager.GetUser("OFGAdmin"); if (user == null) { user = new TGUser { Username = "******", GivenName = "Admin", FamilyName = "User" }; manager.Persist(user); string password = RandomString.GetRandomString(10); TGUserPassword tgPassword = TGUserPassword.GetNew(user.Guid, user.Username, password); manager.Persist(tgPassword); TGUserRole userAdminRole = new TGUserRole { Active = true, Name = UserRoles.UserAdmin, ParentGuid = user.Guid }; manager.Persist(userAdminRole); TGUserRole dataAdminRole = new TGUserRole { Active = true, Name = UserRoles.DataAdmin, ParentGuid = user.Guid }; manager.Persist(dataAdminRole); JsonObjects.NewUser jNewUser = new NewUser(user, password); return(View["dev_buildadminuserresult.sshtml", jNewUser]); } } return(null); }; }
public void Persist(TGUserPassword _userPassword) { TGUserPasswordDAO dao = new TGUserPasswordDAO(MongoDB); dao.Persist(_userPassword); }