public NavigationModel()
{
Items = TwoLevelCache.GetLocalStoreOnly("LeftNavigationModel:NavigationItems:" + (Authorization.UserId ?? "-1"), TimeSpan.Zero,
UserPermissionRow.Fields.GenerationKey, () =>
NavigationHelper.GetNavigationItems(x =>
x != null && x.StartsWith("~/") ? VirtualPathUtility.ToAbsolute(x) : x));
SetActivePath();
try
{
var user = Serenity.Authorization.UserDefinition;
if (user != null)
{
DirtyObjects.FillUserData(user.Username);
}
}
catch { }
}
private bool ValidateExistingUser(ref string username, string password, UserDefinition user)
{
username = user.Username;
SetSignal("Log in done by " + username);
if (user.IsActive != 1)
{
if (Log.IsInfoEnabled)
{
Log.Error(String.Format("Inactive user login attempt: {0}", username), this.GetType());
}
return(false);
}
// prevent more than 50 invalid login attempts in 30 minutes
var throttler = new Throttler("ValidateUser:"******"site" || user.Source == "sign" || directoryService == null)
{
if (validatePassword())
{
throttler.Reset();
//Get all User
try
{
DirtyObjects.FillUserData(username);// = db.Roles.where
}
catch (Exception ae)
{
}
return(true);
}
return(false);
}
if (user.Source != "ldap")
{
throw new ArgumentOutOfRangeException("userSource");
}
if (!string.IsNullOrEmpty(user.PasswordHash) &&
user.LastDirectoryUpdate != null &&
user.LastDirectoryUpdate.Value.AddHours(1) >= DateTime.Now)
{
if (validatePassword())
{
throttler.Reset();
return(true);
}
return(false);
}
DirectoryEntry entry;
try
{
entry = directoryService.Validate(username, password);
if (entry == null)
{
return(false);
}
throttler.Reset();
}
catch (Exception ex)
{
Log.Error("Error on directory access", ex, this.GetType());
// couldn't access directory. allow user to login with cached password
if (!user.PasswordHash.IsTrimmedEmpty())
{
if (validatePassword())
{
throttler.Reset();
return(true);
}
return(false);
}
throw;
}
try
{
string salt = user.PasswordSalt.TrimToNull();
var hash = UserRepository.GenerateHash(password, ref salt);
var displayName = entry.FirstName + " " + entry.LastName;
var email = entry.Email.TrimToNull() ?? user.Email ?? (username + "@yourdefaultdomain.com");
using (var connection = SqlConnections.NewFor <UserRow>())
using (var uow = new UnitOfWork(connection))
{
var fld = UserRow.Fields;
new SqlUpdate(fld.TableName)
.Set(fld.DisplayName, displayName)
.Set(fld.PasswordHash, hash)
.Set(fld.PasswordSalt, salt)
.Set(fld.Email, email)
.Set(fld.LastDirectoryUpdate, DateTime.Now)
.WhereEqual(fld.UserId, user.UserId)
.Execute(connection, ExpectedRows.One);
uow.Commit();
UserRetrieveService.RemoveCachedUser(user.UserId, username);
}
return(true);
}
catch (Exception ex)
{
Log.Error("Error while updating directory user", ex, this.GetType());
return(true);
}
}
