public static void AddNewGroupMember(CloneDeployUserGroup userGroup, CloneDeployUser user)
{
user.Membership = userGroup.Membership;
user.UserGroupId = userGroup.Id;
BLL.User.UpdateUser(user);
var rights = BLL.UserGroupRight.Get(userGroup.Id);
var groupManagement = BLL.UserGroupGroupManagement.Get(userGroup.Id);
var imageManagement = BLL.UserGroupImageManagement.Get(userGroup.Id);
var userRights =
rights.Select(right => new Models.UserRight { UserId = user.Id, Right = right.Right }).ToList();
BLL.UserRight.DeleteUserRights(user.Id);
BLL.UserRight.AddUserRights(userRights);
var userGroupManagement =
groupManagement.Select(g => new Models.UserGroupManagement { GroupId = g.GroupId, UserId = user.Id })
.ToList();
BLL.UserGroupManagement.DeleteUserGroupManagements(user.Id);
BLL.UserGroupManagement.AddUserGroupManagements(userGroupManagement);
var userImageManagement =
imageManagement.Select(g => new Models.UserImageManagement { ImageId = g.ImageId, UserId = user.Id })
.ToList();
BLL.UserImageManagement.DeleteUserImageManagements(user.Id);
BLL.UserImageManagement.AddUserImageManagements(userImageManagement);
}
protected void Page_Load(object sender, EventArgs e)
{
userBasePage = (Page as BasePages.Users);
CloneDeployUser = userBasePage.CloneDeployUser;
if (CloneDeployUser == null) Response.Redirect("~/", true);
if (CloneDeployUser.Membership == "Administrator")
{
PageBaseMaster.EndUserMessage = "Administrators Do Not Use ACL's";
Response.Redirect("~/views/users/edit.aspx?userid=" + CloneDeployUser.Id);
}
}
public static Models.ValidationResult AddUser(CloneDeployUser user)
{
using (var uow = new DAL.UnitOfWork())
{
var validationResult = ValidateUser(user, true);
if (validationResult.IsValid)
{
uow.UserRepository.Insert(user);
validationResult.IsValid = uow.Save();
}
return validationResult;
}
}
public static Models.ValidationResult ValidateUser(Models.CloneDeployUser user, bool isNewUser)
{
var validationResult = new Models.ValidationResult();
if (string.IsNullOrEmpty(user.Name) || !user.Name.All(c => char.IsLetterOrDigit(c) || c == '_'))
{
validationResult.IsValid = false;
validationResult.Message = "User Name Is Not Valid";
return(validationResult);
}
if (isNewUser)
{
if (string.IsNullOrEmpty(user.Password))
{
validationResult.IsValid = false;
validationResult.Message = "Password Is Not Valid";
return(validationResult);
}
using (var uow = new DAL.UnitOfWork())
{
if (uow.UserRepository.Exists(h => h.Name == user.Name))
{
validationResult.IsValid = false;
validationResult.Message = "This User Already Exists";
return(validationResult);
}
}
}
else
{
using (var uow = new DAL.UnitOfWork())
{
var originalUser = uow.UserRepository.GetById(user.Id);
if (originalUser.Name != user.Name)
{
if (uow.UserRepository.Exists(h => h.Name == user.Name))
{
validationResult.IsValid = false;
validationResult.Message = "This User Already Exists";
return(validationResult);
}
}
}
}
return(validationResult);
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
if (!chkldap.Checked)
{
if (txtUserPwd.Text != txtUserPwdConfirm.Text)
{
EndUserMessage = "Passwords Did Not Match";
return;
}
if (string.IsNullOrEmpty(txtUserPwd.Text))
{
EndUserMessage = "Passwords Cannot Be Empty";
return;
}
}
else
{
//Create a local random db pass, should never actually be possible to use.
txtUserPwd.Text = new Guid().ToString();
txtUserPwdConfirm.Text = txtUserPwd.Text;
}
var user = new CloneDeployUser
{
Name = txtUserName.Text,
Membership = ddluserMembership.Text,
Salt = Helpers.Utility.CreateSalt(64),
Email = txtEmail.Text,
Token = txtToken.Text,
NotifyLockout = chkLockout.Checked ? 1 : 0,
NotifyError = chkError.Checked ? 1 : 0,
NotifyComplete = chkComplete.Checked ? 1 : 0,
NotifyImageApproved = chkApproved.Checked ? 1 : 0,
IsLdapUser = chkldap.Checked ? 1: 0,
UserGroupId = -1
};
user.Password = Helpers.Utility.CreatePasswordHash(txtUserPwd.Text, user.Salt);
var result = BLL.User.AddUser(user);
if (!result.IsValid)
EndUserMessage = result.Message;
else
{
EndUserMessage = "Successfully Created User";
Response.Redirect("~/views/users/edit.aspx?userid=" + user.Id);
}
}
protected void Page_Load(object sender, EventArgs e)
{
userBasePage = (Page as BasePages.Users);
CloneDeployUser = userBasePage.CloneDeployUser;
if (CloneDeployUser == null)
{
Response.Redirect("~/", true);
}
if (CloneDeployUser.Membership == "Administrator")
{
PageBaseMaster.EndUserMessage = "Administrators Do Not Use ACL's";
Response.Redirect("~/views/users/edit.aspx?userid=" + CloneDeployUser.Id);
}
}
protected void Page_Load(object sender, EventArgs e)
{
UsersBasePage = (Page as Users);
CloneDeployUser = UsersBasePage.CloneDeployUser;
if (CloneDeployUser == null) //level 2
{
Level2.Visible = false;
Level3.Visible = false;
actions_left.Visible = false;
}
else
{
Level1.Visible = false;
if (Request.QueryString["level"] == "3")
Level2.Visible = false;
}
if (UsersBasePage.CloneDeployCurrentUser.Membership == "User")
Level1.Visible = false;
}
public static Models.ValidationResult UpdateUser(CloneDeployUser user)
{
using (var uow = new DAL.UnitOfWork())
{
var validationResult = ValidateUser(user, false);
if (validationResult.IsValid)
{
uow.UserRepository.Update(user, user.Id);
validationResult.IsValid = uow.Save();
}
return validationResult;
}
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
CloneDeployUser = !string.IsNullOrEmpty(Request["userid"]) ? BLL.User.GetUser(Convert.ToInt32(Request.QueryString["userid"])) : null;
//Don't Check Authorization here for admin because reset pass for users won't work.
}
public Models.ValidationResult GlobalLogin(string userName, string password, string loginType)
{
var validationResult = new Models.ValidationResult
{
Message = "Login Was Not Successful",
IsValid = false
};
//Check if user exists in Clone Deploy
var user = BLL.User.GetUser(userName);
if (user == null)
{
//Check For a first time LDAP User Group Login
if (Settings.LdapEnabled == "1")
{
foreach (var ldapGroup in BLL.UserGroup.GetLdapGroups())
{
if (new BLL.Ldap().Authenticate(userName, password, ldapGroup.GroupLdapName))
{
//user is a valid ldap user via ldap group that has not yet logged in.
//Add the user and allow login.
var cdUser = new CloneDeployUser
{
Name = userName,
Salt = Helpers.Utility.CreateSalt(64),
Token = Utility.GenerateKey(),
IsLdapUser = 1
};
//Create a local random db pass, should never actually be possible to use.
cdUser.Password = Helpers.Utility.CreatePasswordHash(new System.Guid().ToString(), cdUser.Salt);
if (BLL.User.AddUser(cdUser).IsValid)
{
//add user to group
var newUser = BLL.User.GetUser(userName);
BLL.UserGroup.AddNewGroupMember(ldapGroup,newUser);
}
validationResult.Message = "Success";
validationResult.IsValid = true;
break;
}
}
}
return validationResult;
}
if (BLL.UserLockout.AccountIsLocked(user.Id))
{
BLL.UserLockout.ProcessBadLogin(user.Id);
validationResult.Message = "Account Is Locked";
return validationResult;
}
//Check against AD
if (user.IsLdapUser == 1 && Settings.LdapEnabled == "1")
{
//Check if user is authenticated against an ldap group
if (user.UserGroupId != -1)
{
//user is part of a group, is the group an ldap group?
var userGroup = BLL.UserGroup.GetUserGroup(user.UserGroupId);
if (userGroup != null)
{
if (userGroup.IsLdapGroup == 1)
{
//the group is an ldap group
//make sure user is still in that ldap group
if (new BLL.Ldap().Authenticate(userName, password, userGroup.GroupLdapName))
{
validationResult.IsValid = true;
}
else
{
//user is either not in that group anymore, not in the directory, or bad password
validationResult.IsValid = false;
if (new BLL.Ldap().Authenticate(userName, password))
{
//password was good but user is no longer in the group
//delete the user
BLL.User.DeleteUser(user.Id);
}
}
}
else
{
//the group is not an ldap group
//still need to check creds against directory
if (new BLL.Ldap().Authenticate(userName, password)) validationResult.IsValid = true;
}
}
else
{
//group didn't exist for some reason
//still need to check creds against directory
if (new BLL.Ldap().Authenticate(userName, password)) validationResult.IsValid = true;
}
}
else
{
//user is not part of a group, check creds against directory
if (new BLL.Ldap().Authenticate(userName, password)) validationResult.IsValid = true;
}
}
else if (user.IsLdapUser == 1 && Settings.LdapEnabled != "1")
{
//prevent ldap user from logging in with local pass if ldap auth gets turned off
validationResult.IsValid = false;
}
//Check against local DB
else
{
var hash = Helpers.Utility.CreatePasswordHash(password, user.Salt);
if (user.Password == hash) validationResult.IsValid = true;
}
if (validationResult.IsValid)
{
BLL.UserLockout.DeleteUserLockouts(user.Id);
validationResult.Message = "Success";
return validationResult;
}
else
{
BLL.UserLockout.ProcessBadLogin(user.Id);
return validationResult;
}
}
public Authorize(CloneDeployUser user, string requiredRight )
{
_cloneDeployUser = user;
_currentUserRights = BLL.UserRight.Get(_cloneDeployUser.Id).Select(right => right.Right).ToList();
_requiredRight = requiredRight;
}
