public static void LoginDB (DB db, LoginResponse response, string username, string roles, string ip4) { // We now create an account with an empty password and the specified roles. // Note that it is not possible to log into an account with an empty password // using the normal login procedure. DBPerson open_person = null; using (IDbCommand cmd = db.CreateCommand ()) { cmd.CommandText = @"SELECT * FROM Person WHERE login = @login;"; DB.CreateParameter (cmd, "login", username); using (var reader = cmd.ExecuteReader ()) { if (reader.Read ()) open_person = new DBPerson (reader); } } if (open_person == null) { open_person = new DBPerson (); open_person.login = username; open_person.roles = roles; open_person.Save (db); } else { // only save if something has changed if (open_person.roles != roles) { open_person.roles = roles; open_person.Save (db); } } WebServiceLogin login = new WebServiceLogin (); login.Ip4 = ip4; login.User = open_person.login; db.Audit (login, "DBLogin_Extensions.Login (username: {0}, ip4: {1})", username, ip4); var result = new DBLogin (); result.person_id = open_person.id; result.ip4 = ip4; result.cookie = CreateCookie (); result.expires = DateTime.Now.AddDays (1); result.Save (db); response.User = username; response.UserName = username; response.UserRoles = open_person.Roles; response.Cookie = result.cookie; }
public WebServiceResponse EditUser (WebServiceLogin login, DBPerson user) { WebServiceResponse response = new WebServiceResponse (); using (DB db = new DB ()) { Authenticate (db, login, response, true); if (user.id == 0) { /* new user, anybody can create new users */ /* create a new person object, and only copy over the fields self is allowed to edit */ if (string.IsNullOrEmpty (user.password) || user.password.Length < 8) { response.Exception = new WebServiceException ("Password must be at least 8 characters long"); return response; } DBPerson person = new DBPerson (); person.fullname = user.fullname; person.login = user.login; person.password = user.password; person.irc_nicknames = user.irc_nicknames; person.Save (db); } else { if (Utilities.IsInRole (response, Roles.Administrator)) { /* admin editing (or adming editing self) */ user.Save (db); // no restrictions } else if (response.UserName == user.login) { /* editing self */ /* create another person object, and only copy over the fields self is allowed to edit */ DBPerson person = DBPerson_Extensions.Create (db, user.id); person.fullname = user.fullname; person.password = user.password; person.irc_nicknames = user.irc_nicknames; person.Save (db); } else { /* somebody else editing some other person */ response.Exception = new WebServiceException (new HttpException (403, "You're not allowed to edit this user")); } } } return response; }
public static void LoginOpenId (DB db, LoginResponse response, string email, string ip4) { if (string.IsNullOrEmpty (Configuration.OpenIdProvider) && string.IsNullOrEmpty (Configuration.OauthClientId)) throw new Exception ("No OpenId provider available"); if (string.IsNullOrEmpty (Configuration.OpenIdRoles)) throw new Exception ("No OpenId roles specified"); if (string.IsNullOrEmpty (email)) throw new Exception ("OpenId authentication requires an email"); string [] specs = Configuration.OpenIdRoles.Split (';'); foreach (var spec in specs) { // email:role1,role2 string [] split = spec.Split (':'); if (split.Length != 2) { log.ErrorFormat ("AuthenticateOpenId: Invalid role spec: {0}", spec); continue; } if (string.IsNullOrEmpty (split [1])) { log.ErrorFormat ("AuthenticateOpenId: No roles specified for {0}", split [0]); continue; } if (!Regex.IsMatch (email, split [0])) continue; // We now create an account with an empty password and the specified roles. // Note that it is not possible to log into an account with an empty password // using the normal login procedure. DBPerson open_person = null; using (IDbCommand cmd = db.CreateCommand ()) { cmd.CommandText = @"SELECT * FROM Person WHERE login = @login;"; DB.CreateParameter (cmd, "login", email); using (var reader = cmd.ExecuteReader ()) { if (reader.Read ()) open_person = new DBPerson (reader); } } if (open_person == null) { open_person = new DBPerson (); open_person.login = email; open_person.roles = split [1]; open_person.Save (db); } else { // only save if something has changed if (open_person.roles != split [1]) { open_person.roles = split [1]; open_person.Save (db); } } WebServiceLogin login = new WebServiceLogin (); login.Ip4 = ip4; login.User = open_person.login; db.Audit (login, "DBLogin_Extensions.LoginOpenId (email: {0}, ip4: {1})", email, ip4); var result = new DBLogin (); result.person_id = open_person.id; result.ip4 = ip4; result.cookie = CreateCookie (); result.expires = DateTime.Now.AddDays (1); result.Save (db); response.User = email; response.UserName = email; response.UserRoles = open_person.Roles; response.Cookie = result.cookie; return; } throw new Exception ("The provided email address is not allowed to log in"); }