public IEnumerable <AuditEventWrapper> GetAuditEventsByFilter(Guid userId, ProductType productType, ModuleType moduleType, ActionType actionType, MessageAction action, EntryType entryType, string target, ApiDateTime from, ApiDateTime to) { SecurityContext.DemandPermissions(SecutiryConstants.EditPortalSettings); var startIndex = (int)Context.StartIndex; var limit = (int)Context.Count; Context.SetDataPaginated(); action = action == 0 ? MessageAction.None : action; if (!TenantExtra.GetTenantQuota().Audit || !SetupInfo.IsVisibleSettings(ManagementType.LoginHistory.ToString())) { return(GetLastAuditEvents()); } else { DemandAuditPermission(); return(AuditEventsRepository.GetByFilter(userId, productType, moduleType, actionType, action, entryType, target, from, to, startIndex, limit).Select(x => new AuditEventWrapper(x))); } }
public string CreateAuditTrailReport() { SecurityContext.DemandPermissions(SecutiryConstants.EditPortalSettings); var tenantId = TenantProvider.CurrentTenantID; if (!SetupInfo.IsVisibleSettings(ManagementType.AuditTrail.ToString()) || CoreContext.Configuration.Standalone && !CoreContext.TenantManager.GetTenantQuota(tenantId).Audit) { throw new BillingException(Resource.ErrorNotAllowedOption, "Audit"); } var settings = TenantAuditSettings.LoadForTenant(tenantId); var to = DateTime.UtcNow; var from = to.Subtract(TimeSpan.FromDays(settings.AuditTrailLifeTime)); var reportName = string.Format(AuditReportResource.AuditTrailReportName + ".csv", from.ToString("MM.dd.yyyy"), to.ToString("MM.dd.yyyy")); var events = AuditEventsRepository.Get(tenantId, from, to); var result = AuditReportCreator.CreateCsvReport(events, reportName); MessageService.Send(Request, MessageAction.AuditTrailReportDownloaded); return(result); }
public string CreateAuditTrailReport() { SecurityContext.DemandPermissions(SecutiryConstants.EditPortalSettings); string fileUrl; var to = DateTime.UtcNow; var from = to.AddMonths(-6); var events = AuditEventsRepository.Get(CurrentTenant, from, to); var reportPath = AuditReportCreator.CreateXlsxReport(events); if (reportPath == null) { throw new ApplicationException(); } try { var reportName = string.Format(AuditReportResource.AuditTrailReportName + ".xlsx", from.ToString("MM.dd.yyyy"), to.ToString("MM.dd.yyyy")); using (var stream = new FileStream(reportPath, FileMode.Open)) { var file = FileUploader.Exec(Global.FolderMy.ToString(), reportName, stream.Length, stream, true); fileUrl = FilesLinkUtility.GetFileWebEditorUrl((int)file.ID); } } finally { AuditReportCreator.DeleteReport(reportPath); } MessageService.Send(context, MessageAction.AuditTrailReportDownloaded); return(fileUrl); }
public IEnumerable <AuditEventWrapper> GetLastAuditEvents() { SecurityContext.DemandPermissions(SecutiryConstants.EditPortalSettings); DemandBaseAuditPermission(); return(AuditEventsRepository.GetByFilter(startIndex: 0, limit: 20).Select(x => new AuditEventWrapper(x))); }
public IEnumerable <AuditEventWrapper> GetLastAuditEvents() { if (!SetupInfo.IsVisibleSettings(ManagementType.AuditTrail.ToString())) { throw new BillingException(Resource.ErrorNotAllowedOption, "Audit"); } SecurityContext.DemandPermissions(SecutiryConstants.EditPortalSettings); return(AuditEventsRepository.GetLast(TenantProvider.CurrentTenantID, 20).Select(x => new AuditEventWrapper(x))); }
public IEnumerable <EventWrapper> GetLastAuditEvents() { PermissionContext.DemandPermissions(SecutiryConstants.EditPortalSettings); if (!SetupInfo.IsVisibleSettings(ManagementType.LoginHistory.ToString()) || CoreBaseSettings.Standalone && !TenantExtra.GetTenantQuota().Audit) { throw new BillingException(Resource.ErrorNotAllowedOption, "Audit"); } return(AuditEventsRepository.GetLast(TenantManager.GetCurrentTenant().TenantId, 20).Select(x => new EventWrapper(x))); }
public string CreateAuditTrailReport() { SecurityContext.DemandPermissions(SecutiryConstants.EditPortalSettings); DemandAuditPermission(); var tenantId = TenantProvider.CurrentTenantID; var settings = TenantAuditSettings.LoadForTenant(tenantId); var to = DateTime.UtcNow; var from = to.Subtract(TimeSpan.FromDays(settings.AuditTrailLifeTime)); var reportName = string.Format(AuditReportResource.AuditTrailReportName + ".csv", from.ToShortDateString(), to.ToShortDateString()); var events = AuditEventsRepository.GetByFilter(from: from, to: to); var result = AuditReportCreator.CreateCsvReport(events, reportName); MessageService.Send(Request, MessageAction.AuditTrailReportDownloaded); return(result); }
public SecurityController( PermissionContext permissionContext, CoreBaseSettings coreBaseSettings, TenantExtra tenantExtra, TenantManager tenantManager, MessageService messageService, LoginEventsRepository loginEventsRepository, AuditEventsRepository auditEventsRepository, AuditReportCreator auditReportCreator, SettingsManager settingsManager) { PermissionContext = permissionContext; CoreBaseSettings = coreBaseSettings; TenantExtra = tenantExtra; TenantManager = tenantManager; MessageService = messageService; LoginEventsRepository = loginEventsRepository; AuditEventsRepository = auditEventsRepository; AuditReportCreator = auditReportCreator; SettingsManager = settingsManager; }
public object CreateAuditTrailReport() { PermissionContext.DemandPermissions(SecutiryConstants.EditPortalSettings); var tenantId = TenantManager.GetCurrentTenant().TenantId; if (!TenantExtra.GetTenantQuota().Audit || !SetupInfo.IsVisibleSettings(ManagementType.AuditTrail.ToString())) { throw new BillingException(Resource.ErrorNotAllowedOption, "Audit"); } var settings = SettingsManager.LoadForTenant <TenantAuditSettings>(TenantManager.GetCurrentTenant().TenantId); var to = DateTime.UtcNow; var from = to.Subtract(TimeSpan.FromDays(settings.AuditTrailLifeTime)); var reportName = string.Format(AuditReportResource.AuditTrailReportName + ".csv", from.ToString("MM.dd.yyyy"), to.ToString("MM.dd.yyyy")); var events = AuditEventsRepository.Get(tenantId, from, to); var result = AuditReportCreator.CreateCsvReport(events, reportName); MessageService.Send(MessageAction.AuditTrailReportDownloaded); return(result); }
public IEnumerable <AuditEventWrapper> GetLastAuditEvents() { SecurityContext.DemandPermissions(SecutiryConstants.EditPortalSettings); return(AuditEventsRepository.GetLast(CurrentTenant, 20).Select(x => new AuditEventWrapper(x))); }
private bool CheckValidationKey() { var key = Request["key"] ?? ""; var emplType = Request["emplType"] ?? ""; var social = Request["social"] ?? ""; var validInterval = SetupInfo.ValidEmailKeyInterval; var authInterval = SetupInfo.ValidAuthKeyInterval; EmailValidationKeyProvider.ValidationResult checkKeyResult; switch (_type) { case ConfirmType.PortalContinue: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key); break; case ConfirmType.PhoneActivation: case ConfirmType.PhoneAuth: case ConfirmType.TfaActivation: case ConfirmType.TfaAuth: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval); break; case ConfirmType.Auth: { var first = Request["first"] ?? ""; var module = Request["module"] ?? ""; var smsConfirm = Request["sms"] ?? ""; checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module + smsConfirm, key, authInterval); if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok) { var user = _email.Contains("@") ? CoreContext.UserManager.GetUserByEmail(_email) : CoreContext.UserManager.GetUsers(new Guid(_email)); if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID) { Auth.ProcessLogout(); } if (!SecurityContext.IsAuthenticated) { if (!CoreContext.UserManager.UserExists(user.ID) || user.Status != EmployeeStatus.Active) { ShowError(Auth.MessageKey.ErrorUserNotFound); return(false); } if (StudioSmsNotificationSettings.IsVisibleAndAvailableSettings && StudioSmsNotificationSettings.Enable && smsConfirm.ToLower() != "true") { //todo: think about 'first' & 'module' Response.Redirect(SmsConfirmUrl(user), true); } if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable) { //todo: think about 'first' & 'module' Response.Redirect(TfaConfirmUrl(user), true); } var messageAction = social == "true" ? MessageAction.LoginSuccessViaSocialAccount : MessageAction.LoginSuccess; CookiesManager.AuthenticateMeAndSetCookies(user.Tenant, user.ID, messageAction); } SetDefaultModule(module); AuthRedirect(first.ToLower() == "true"); } } break; case ConfirmType.DnsChange: { var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] }); checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval); } break; case ConfirmType.PortalOwnerChange: { Guid uid; try { uid = new Guid(Request["uid"]); } catch { uid = Guid.Empty; } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval); } break; case ConfirmType.EmpInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval); break; case ConfirmType.LinkInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval); break; case ConfirmType.EmailChange: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + SecurityContext.CurrentAccount.ID, key, validInterval); break; case ConfirmType.PasswordChange: var userInfo = CoreContext.UserManager.GetUserByEmail(_email); var auditEvent = AuditEventsRepository.GetByFilter(action: MessageAction.UserSentPasswordChangeInstructions, entry: EntryType.User, target: MessageTarget.Create(userInfo.ID).ToString(), limit: 1).FirstOrDefault(); var passwordStamp = CoreContext.Authentication.GetUserPasswordStamp(userInfo.ID); string hash; if (auditEvent != null) { var auditEventDate = TenantUtil.DateTimeToUtc(auditEvent.Date); hash = (auditEventDate.CompareTo(passwordStamp) > 0 ? auditEventDate : passwordStamp).ToString("s"); } else { hash = passwordStamp.ToString("s"); } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + hash, key, validInterval); break; default: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval); break; } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired) { ShowError(Auth.MessageKey.ErrorExpiredActivationLink); return(false); } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid) { ShowError(_type == ConfirmType.LinkInvite ? Auth.MessageKey.ErrorInvalidActivationLink : Auth.MessageKey.ErrorConfirmURLError); return(false); } if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex()) { ShowError(Auth.MessageKey.ErrorNotCorrectEmail); return(false); } return(true); }