public List <PemsCity> GetCitiesForUser(string username)
{
//we have to get the id of the user for our caching table
var rbacEntities = new PEMRBACEntities();
username = username.Trim();
var user = rbacEntities.UserProfiles.FirstOrDefault(x => x.UserName == username);
if (user != null)
{
int userId = user.UserId;
//added caching to curcumvent azman performance issues
//first, try to get a list of cities in the caching table
var ucaManager = new UserCustomerAccessManager();
var existingCustomerIds = ucaManager.GetCustomersIds(userId);
//if we found any, build a lsit of pems cities and return
if (existingCustomerIds.Any())
{
return(existingCustomerIds.Select(customerId => new PemsCity(customerId.ToString())).ToList());
}
//if we havent found any, we have to get them,
var cities = _azManager.GetAuthorizedCities(username);
var customerIds = cities.Select(x => x.Id).Distinct().ToList();
// save them to the caching table,
ucaManager.SetCustomersIds(userId, customerIds);
// then return them.
return(cities);
}
return(new List <PemsCity>());
}
public List <PasswordQuestion> GetQuestions()
{
// Get a list of security questions.
// If they do not yet exist for this user then return empty ones.
var rbacEntities = new PEMRBACEntities();
var questionList = new List <PasswordQuestion>();
var questions = from securityQuestions in rbacEntities.UserPasswordQuestions
orderby securityQuestions.QuestionNumber ascending
where securityQuestions.UserId == _userId select securityQuestions;
foreach (var userPasswordQuestion in questions)
{
var question = new PasswordQuestion(userPasswordQuestion.QuestionNumber, userPasswordQuestion.Question, userPasswordQuestion.Answer);
questionList.Add(question);
}
// Are there enough questions? (For now, assume 0 or 2.)
if (questionList.Count == 0)
{
questionList.Add(new PasswordQuestion(1, "", ""));
questionList.Add(new PasswordQuestion(2, "", ""));
}
return(questionList);
}
/// <summary>
/// Gets a dictionary list of all items for a type and culture code.
/// </summary>
/// <param name="customerId">ID of the customer to get the data for</param>
/// <returns></returns>
public static IDictionary GetCustomResources(int customerId)
{
//make sure the customerid is valid
//get resourrce where type and culture match
using (var pemsRbacContext = new PEMRBACEntities())
{
var customResources = (from ss in pemsRbacContext.LocaleResourcesCustoms
where ss.CustomerId == customerId
select ss).Distinct().ToList();
//return a dictionary list of items with the name and value
//if there are custom resources for this customerTime of Complaint
if (customResources.Any())
{
var dictionary = new Dictionary <string, string>();
//DO NOT convert this to lambda
foreach (var item in customResources)
{
if (!dictionary.ContainsKey(item.Name))
{
dictionary.Add(item.Name, item.Value);
}
}
return(dictionary);
}
}
return(new ListDictionary());
}
public void SaveQuestion(PasswordQuestion question)
{
// Get a list of security questions.
// If they do not yet exist for this user then return empty ones.
var rbacEntities = new PEMRBACEntities();
var securityQuestion = (from securityQuestions in rbacEntities.UserPasswordQuestions
where securityQuestions.UserId == _userId && securityQuestions.QuestionNumber == question.QuestionNumber
select securityQuestions).FirstOrDefault();
if (securityQuestion == null)
{
// Add new record
securityQuestion = new UserPasswordQuestion
{
UserId = _userId,
QuestionNumber = question.QuestionNumber,
Question = question.Question,
Answer = question.Answer // EncryptionManager.Hash(question.Answer.ToLower(), _salt)
};
rbacEntities.UserPasswordQuestions.Add(securityQuestion);
}
else
{
// Update existing record
securityQuestion.Question = question.Question;
securityQuestion.Answer = question.Answer; // EncryptionManager.Hash(question.Answer.ToLower(), _salt);
}
rbacEntities.SaveChanges();
}
public ActionResult GetLink(string currentArea, string currentController, string currentAction, string currentLocale)
{
PEMRBACEntities rbacEntities = new PEMRBACEntities();
HelpLinkModel model = null;
Uri url = Request.Url;
var baseUrl = Request.IsLocal
? String.Format("{0}://{1}:{2}", url.Scheme, url.Host, url.Port)
: String.Format("{0}://{1}", url.Scheme, url.Host);
var helpMap = rbacEntities.HelpMaps.FirstOrDefault(x => x.Area == currentArea &&
x.Controller == currentController &&
x.Action == currentAction && x.CultureCode == currentLocale);
if (helpMap != null)
{
model = new HelpLinkModel()
{
Server = helpMap.Server == null ? baseUrl :
helpMap.Server.EndsWith("/") ? helpMap.Server.Remove(helpMap.Server.Length - 1) : helpMap.Server,
File = helpMap.File.StartsWith("/") ? helpMap.File.Substring(1) : helpMap.File,
Topic = helpMap.Topic
};
}
return(PartialView(model));
}
public ActionResult ResetPassword(string id)
{
string token = id;
using (var userContext = new PEMRBACEntities())
{
var user = userContext.Memberships.SingleOrDefault(u => u.PasswordVerificationToken == token);
if (user != null && user.PasswordVerificationTokenExpirationDate != null)
{
DateTime expiration = ((DateTime)user.PasswordVerificationTokenExpirationDate).ToLocalTime();
if (DateTime.Now > expiration)
{
// token expired
ModelState.AddModelError("", "This token has expired. You must complete the reset password process within 10 minutes.");
var model = new ResetPasswordModel {
Expired = true
};
return(View(model));
}
else
{
// token is valid, show password reset form
var model = new ResetPasswordModel {
Token = token, Expired = false
};
return(View(model));
}
}
else
{
// no user exists with this token
return(SendToLoginPage());
}
}
}
//public static int CustomerId { get; set; }
/// <summary>
/// Gets a dictionary list of all items for a type and culture code.
/// </summary>
/// <param name="type">Type to get (Glossary, Config, etc)</param>
/// <param name="cultureCode">Culture code for the resource items to get (en-US, es-EC, etc)</param>
/// <returns></returns>
public static IDictionary GetResources(string type, string cultureCode)
{
//get resourrce where type and culture match
using (var pemsRbacContext = new PEMRBACEntities())
{
var result = (from ss in pemsRbacContext.LocaleResources
where ss.Type == type
where ss.CultureCode == cultureCode
select ss).Distinct().ToList();
//return a dictionary list of items with the name and value
if (result.Any())
{
var dictionary = new Dictionary <string, string>();
//DO NOT convert this to lambda
foreach (var item in result)
{
if (!dictionary.ContainsKey(item.Name))
{
dictionary.Add(item.Name, item.Value);
}
}
return(dictionary);
}
}
return(new ListDictionary());
}
/// <summary>
/// Attempts to change the user password. Adds the password to user password history.
/// Hashes password appropriately.
/// </summary>
/// <param name="password">New password.</param>
/// <param name="token">Token from WebSecurity.GeneratePasswordResetToken</param>
public ChangeResult ChangePassword(string password, string token, bool adminOverride = false)
{
// Can this password be used?
ChangeResult changeResult = CheckPasswordHistory(password);
if (changeResult == ChangeResult.Ok || adminOverride)
{
changeResult = WebSecurity.ResetPassword(token, password) ? ChangeResult.Ok : ChangeResult.TokenResetFailed;
if (changeResult == ChangeResult.Ok)
{
//dont update the pw history if the admin is doing it
if (!adminOverride)
{
AddPasswordToHistory(password);
}
//we also need to reset their password attempts here
var rbacEntities = new PEMRBACEntities();
var membership = rbacEntities.Memberships.FirstOrDefault(x => x.UserId == _userId);
if (membership != null)
{
membership.PasswordFailuresSinceLastSuccess = 0;
rbacEntities.SaveChanges();
}
}
}
SetLastError(changeResult);
return(changeResult);
}
/// <summary>
/// Adds the password to user password history. Hashes password appropriately.
/// </summary>
/// <param name="password">Password to add to history.</param>
public void AddPasswordToHistory(string password)
{
var rbacEntities = new PEMRBACEntities();
rbacEntities.UserPasswordHistories.Add(
new UserPasswordHistory {
Password = EncryptionManager.Hash(password, _salt), UserId = _userId, ChangeDate = DateTime.Now
}
);
rbacEntities.SaveChanges();
}
public static bool IsCustomerMaintenanceGroup(string cityname)
{
//we are using a new rbac entities here since this has to be a static method
using (var rbacEntities = new PEMRBACEntities())
{
var existingCustomer = rbacEntities.CustomerProfiles.FirstOrDefault(x => x.DisplayName == cityname);
if (existingCustomer != null)
{
return(existingCustomer.CustomerTypeId == (int)CustomerProfileType.MaintenanceGroup);
}
}
return(false);
}
/// <summary>
/// Adds the password to user password history. Hashes password appropriately.
/// </summary>
public void ClearPasswordHistory()
{
var rbacEntities = new PEMRBACEntities();
var oldPasswords = (from pwdHistory in rbacEntities.UserPasswordHistories
orderby pwdHistory.ChangeDate descending
where pwdHistory.UserId == _userId
select pwdHistory).ToList();
foreach (var oldPassword in oldPasswords)
{
rbacEntities.UserPasswordHistories.Remove(oldPassword);
}
rbacEntities.SaveChanges();
}
public ActionResult ResetPassword(ResetPasswordModel model)
{
if (ModelState.IsValid)
{
//get the user to reset the password for
using (var userContext = new PEMRBACEntities())
{
var user = userContext.Memberships.SingleOrDefault(u => u.PasswordVerificationToken == model.Token);
if (user != null && user.PasswordVerificationTokenExpirationDate != null)
{
DateTime expiration = ((DateTime)user.PasswordVerificationTokenExpirationDate).ToLocalTime();
if (DateTime.Now > expiration)
{
// token expired
ModelState.AddModelError("", "This token has expired. You must complete the reset password process within 10 minutes.");
var newModel = new ResetPasswordModel {
Expired = false
};
return(View(newModel));
}
else
{
// token is valid, reset their password
var passwordManager = new PasswordManager(user.UserProfile.UserName);
var returnValue = passwordManager.ChangePassword(model.NewPassword, model.Token);
if (returnValue != PasswordManager.ChangeResult.Ok)
{
ModelState.AddModelError("", passwordManager.LastError);
return(View(model));
}
//return ContactSupport(passwordManager.LastError);
return(ReturnLoginRedirectView("Your password has been reset.", "Password Reset - Success"));
}
}
else
{
// no user exists with this token
return(SendToLoginPage());
}
}
}
// If we got this far, something failed. redisplay form
return(View(model));
}
/// <summary>
/// Gets a dictionary list of all items for a type and culture code.
/// </summary>
/// <param name="type">Type to get (Glossary, Config, etc)</param>
/// <param name="cultureCode">Culture code for the resource items to get (en-US, es-EC, etc)</param>
/// <param name="customerId">Customer Id </param>
/// <returns></returns>
public static IDictionary GetCustomerLocaleResources(string type, string cultureCode, int customerId)
{
//get resourrce where type and culture match
using (var pemsRbacContext = new PEMRBACEntities())
{
var result = (from ss in pemsRbacContext.LocaleResources
where ss.Type == type
where ss.CultureCode == cultureCode
select ss).Distinct().ToList();
//return a dictionary list of items with the name and value
if (result.Any())
{
var customResources = (from ss in pemsRbacContext.LocaleResourcesCustoms
where ss.Type == type
where ss.CustomerId == customerId
select ss).Distinct().ToList();
//if there are custom resources for this customer
if (customResources.Any())
{
foreach (var resource in result)
{
//check to see if there is a custom value
var localeResourcesCustom =
customResources.FirstOrDefault(x => x.Name == resource.Name);
if (localeResourcesCustom != null)
{
resource.Value = localeResourcesCustom.Value;
}
}
}
var dictionary = new Dictionary <string, string>();
//DO NOT convert this to lambda
foreach (var item in result)
{
if (!dictionary.ContainsKey(item.Name))
{
dictionary.Add(item.Name, item.Value);
}
}
return(dictionary);
}
}
return(new ListDictionary());
}
/// <summary>
/// Adds a Locale Resource to the system for the specified culture and type. Defaults the value to the name of the item if the value isnt passed in
/// </summary>
/// <param name="name">Name of hte resource item</param>
/// <param name="type">Type of the item (Glossary, config, etc)</param>
/// <param name="cultureCode">Culture code for the resource (en-US, etc)</param>
/// <param name="value">(Optional) Value for the resource</param>
public static void AddLocaleResource(string name, string type, string cultureCode, string value = null)
{
using (var pemsRbacContext = new PEMRBACEntities())
{
//create the item and add it to the system
var item = new LocaleResource
{
CultureCode = cultureCode,
Name = name,
Value = value ?? name,
Type = type
};
pemsRbacContext.LocaleResources.Add(item);
pemsRbacContext.SaveChanges();
}
}
public PasswordManager(string userName)
{
_userName = userName;
// Get user id.
var rbacEntities = new PEMRBACEntities();
var user = (from userProfiles in rbacEntities.UserProfiles
where userProfiles.UserName == _userName
select userProfiles).SingleOrDefault();
_userId = user != null ? user.UserId : -1;
_saltLength = 32;
_salt = new byte[_saltLength];
}
public bool Login(string username, string password)
{
// Validate credentials
if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
{
return(false);
}
bool credentialsAreValid = WebSecurity.Login(username, password);
if (credentialsAreValid)
{
// Must add object to session in order to create a _persistent_ session id
HttpContext.Current.Session.Add("sessionPlaceholder", "");
// Log event
PEMRBACEntities context = new PEMRBACEntities();
context.AccessLogMembershipEvents.Add(new AccessLogMembershipEvent()
{
EventTypeId = (int)MembershipEvent.Login,
UserId = WebSecurity.GetUserId(username),
IPAddress = HttpContext.Current.Request.GetIpAddress().ToString(),
SessionID = HttpContext.Current.Session.SessionID,
TimeStamp = DateTime.Now
});
context.SaveChanges();
}
else
{
if (WebSecurity.UserExists(username))
{
// username is valid, so password must have been invalid
PEMRBACEntities context = new PEMRBACEntities();
context.AccessLogMembershipEvents.Add(new AccessLogMembershipEvent()
{
EventTypeId = (int)MembershipEvent.LoginFailure,
UserId = WebSecurity.GetUserId(username),
IPAddress = HttpContext.Current.Request.GetIpAddress().ToString(),
SessionID = null,
TimeStamp = DateTime.Now
});
context.SaveChanges();
}
}
return(credentialsAreValid);
}
public static void Logout()
{
PEMRBACEntities context = new PEMRBACEntities();
context.AccessLogMembershipEvents.Add(new AccessLogMembershipEvent()
{
EventTypeId = (int)MembershipEvent.Logout,
UserId = WebSecurity.CurrentUserId,
IPAddress = HttpContext.Current.Request.GetIpAddress().ToString(),
SessionID = HttpContext.Current.Session.SessionID,
TimeStamp = DateTime.Now
});
context.SaveChanges();
DeleteSessionCookie();
WebSecurity.Logout();
}
private ChangeResult CheckPasswordHistory(string password)
{
// Does password match user name?
if (password.Trim().Equals(_userName, StringComparison.CurrentCultureIgnoreCase))
{
return(ChangeResult.MatchesUserName);
}
// Has pasword already been used?
var rbacEntities = new PEMRBACEntities();
var oldPasswords = (from pwdHistory in rbacEntities.UserPasswordHistories
orderby pwdHistory.ChangeDate descending
where pwdHistory.UserId == _userId
select pwdHistory).Take(5);
string passwordHash = EncryptionManager.Hash(password, _salt);
foreach (var oldPassword in oldPasswords)
{
if (oldPassword.Password.Equals(passwordHash))
{
return(ChangeResult.AlreadyUsed);
}
// If user has just been created then allow password change even though
// before the 24 hour mark.
var userProfile = rbacEntities.UserProfiles.FirstOrDefault(m => m.UserName.Equals(_userName));
if (userProfile == null)
{
// This should never happen but...
return(ChangeResult.GeneralError);
}
// Is user more than 24 hours old then enforce the 24-hour rule.
if ((DateTime.Now - userProfile.CreatedDate).TotalHours > 24.0)
{
if ((DateTime.Now - oldPassword.ChangeDate).TotalHours < 24.0)
{
return(ChangeResult.OnlyOneChangePerDay);
}
}
}
return(ChangeResult.Ok);
}
public bool CheckAnswer(PasswordQuestion question)
{
bool answerMatches = false;
var rbacEntities = new PEMRBACEntities();
var securityQuestion = (from securityQuestions in rbacEntities.UserPasswordQuestions
where securityQuestions.UserId == _userId && securityQuestions.QuestionNumber == question.QuestionNumber
select securityQuestions).First();
if (securityQuestion != null)
{
answerMatches =
securityQuestion.Answer.Equals(question.Answer, StringComparison.CurrentCultureIgnoreCase);
// securityQuestion.Answer.Equals(EncryptionManager.Hash(question.Answer.ToLower(), _salt));
}
return(answerMatches);
}
/// Log login attempts. This can be enabled/disabled in the web.config.
/// <appSettings>
/// <add key="pems.logging.log_attempts" value="true" />
/// </appSettings>
public void LogLogin(string username, string password, string url)
{
var key = System.Configuration.ConfigurationManager.AppSettings["pems.logging.log_attempts"];
if (key != null && key.Equals("true", StringComparison.InvariantCultureIgnoreCase))
{
var ipAddress = url == null? "-" :GetDomainName(url);
PEMRBACEntities context = new PEMRBACEntities();
context.LoginAttemptHistories.Add(new LoginAttemptHistory()
{
UserName = username ?? "-",
Password = password ?? "-",
IpAddress = url == null ? "-" : url.Substring(0, Math.Min(url.Length, 128)),
AccessDate = DateTime.Now
});
context.SaveChanges();
}
}
public PasswordQuestion.QuestionState QuestionState(PasswordQuestion question)
{
// Is question number valid?
if (question.QuestionNumber == 0)
{
if (!string.IsNullOrEmpty(question.Question) && !string.IsNullOrEmpty(question.Answer))
{
return(PasswordQuestion.QuestionState.New);
}
return(PasswordQuestion.QuestionState.Empty);
}
var rbacEntities = new PEMRBACEntities();
var securityQuestion = (from securityQuestions in rbacEntities.UserPasswordQuestions
where securityQuestions.UserId == _userId && securityQuestions.QuestionNumber == question.QuestionNumber
select securityQuestions).FirstOrDefault();
if (securityQuestion == null)
{
if (!string.IsNullOrEmpty(question.Question) && !string.IsNullOrEmpty(question.Answer))
{
return(PasswordQuestion.QuestionState.New);
}
return(PasswordQuestion.QuestionState.Invalid);
}
// Has the question changed?
if (!securityQuestion.Question.Equals(question.Question, StringComparison.CurrentCultureIgnoreCase))
{
//if ( securityQuestion.Answer.Equals( Utilities.Constants.Security.DummyAnswer ) )
//{
// return PasswordQuestion.QuestionState.QuestionChangedNeedAnswer;
//}
return(PasswordQuestion.QuestionState.Changed);
}
// At this point only thing left to check is whether the Answer is still the same as the original stored answer.
//return securityQuestion.Answer.Equals( EncryptionManager.Hash(question.Answer.ToLower(), _salt))
// ? PasswordQuestion.QuestionState.NoChange : PasswordQuestion.QuestionState.Changed;
return(securityQuestion.Answer.Equals(question.Answer, StringComparison.CurrentCultureIgnoreCase)
? PasswordQuestion.QuestionState.NoChange : PasswordQuestion.QuestionState.Changed);
}
/// <summary>
/// Gets the local time for a customer
/// </summary>
/// <param name="customerId"></param>
/// <returns></returns>
public DateTime GetCustomerLocalTime(int customerId)
{
// Get the basic UTC offset of server.
var utcOffset = (int)System.TimeZone.CurrentTimeZone.GetUtcOffset(DateTime.Now).TotalHours;
var rbacEntities = new PEMRBACEntities();
var customerProfile = rbacEntities.CustomerProfiles.SingleOrDefault(cp => cp.CustomerId == customerId);
if (customerProfile != null)
{
var timeZone = rbacEntities.CustomerTimeZones.FirstOrDefault(m => m.TimeZoneID == customerProfile.TimeZoneID);
// LocalTimeUTCDifference is in minutes in the [TimeZones] table. Convert it to hours.
if (timeZone != null)
{
// If timeZone.DaylightSavingAdjustment != 0 add 1 hour to UTCOffset to handle Daylight Saving Time
utcOffset = timeZone.LocalTimeUTCDifference / 60 + (timeZone.DaylightSavingAdjustment != 0 ? 1 : 0);
}
}
var localTime = DateTime.UtcNow + new TimeSpan(0, utcOffset, 0, 0);
return(localTime);
}
/// <summary>
/// Updates the value of a resource inthe system for the type, name, and culture code passed in.
/// </summary>
/// <param name="name">Name if the Locale Resource item</param>
/// <param name="type">Type of the resourse (Glossary, Config, etc)</param>
/// <param name="cultureCode">Culture code for the item (en-US, es-EC, etc)</param>
/// <param name="value">Value of the resource for that paricular culture</param>
public static void UpdateLocaleResource(string name, string type, string cultureCode, string value)
{
using (var pemsRbacContext = new PEMRBACEntities())
{
//get the item
var result = (from ss in pemsRbacContext.LocaleResources
where ss.Type == type
where ss.CultureCode == cultureCode
where ss.Name == name
select ss).FirstOrDefault();
//update the item
if (result != null)
{
result.Value = value;
pemsRbacContext.SaveChanges();
}
//if it wasnt found, add the item
else
{
AddLocaleResource(name, type, cultureCode, value);
}
}
}
/// <summary>
/// Add the RBAC entry for the admin site.
/// </summary>
private void AddAdminSite()
{
var authorizationManager = new AuthorizationManager();
Log = "Creating RBAC store for the Admin site.";
if (authorizationManager.CreateCity(_options.AdminSiteId, "Admin", "PEMS Administration"))
{
Log = "Created RBAC Admin store";
}
else
{
LogError = "Failed to create RBAC Admin store";
}
Log = "Creating RBAC entries for the administration site...";
bool success = authorizationManager.SetConfiguration(_options.AdminSiteTemplate);
// Now write out the process log.
foreach (var xmlProcessLog in authorizationManager.XmlProcessLogs)
{
Log = xmlProcessLog;
}
if (success)
{
Log = "***** RBAC entries successfully processed. *****";
}
else
{
LogError = "***** Errors were encountered creating the RBAC entries. See below. *****";
// Now write out errors.
foreach (var xmlProcessError in authorizationManager.XmlProcessErrors)
{
LogError = xmlProcessError;
}
}
// Create an entry in [CustomerProfiles] if required.
var RbacEntities = new PEMRBACEntities();
// Get the user id that is adding this Admin site.
UserFactory userFactory = new UserFactory();
int userId = userFactory.GetUserId(_options.AdminUserName);
if (userId != (int)Constants.User.InvalidUserId)
{
CustomerProfile customerProfile = RbacEntities.CustomerProfiles.FirstOrDefault(m => m.DisplayName.Equals("Admin"));
if (customerProfile == null)
{
customerProfile = new CustomerProfile()
{
CustomerId = _options.AdminSiteId,
DisplayName = "Admin",
CreatedOn = DateTime.Now,
CreatedBy = userId,
StatusChangeDate = DateTime.Now,
PEMSConnectionStringName = null,
ReportingConnectionStringName = null,
CustomerTypeId = (int)CustomerProfileType.Admin,
Status = (int)CustomerStatus.Active
};
RbacEntities.CustomerProfiles.Add(customerProfile);
RbacEntities.SaveChanges();
Log = "Created entry in CustomerProfiles for Admin.";
}
}
else
{
LogError = "Unable to create an entry in CustomerProfiles for Admin - Invalid admin user name.";
}
}
public ActionResult SecurityQuestions(SecurityQuestionsModel model, string username, string failureCount, string questionID)
{
if (ModelState.IsValid)
{
// string username = model.UserName;
if (WebSecurity.UserExists(username))
{
//get the question being tested
var pwMgr = new PasswordManager(username);
//get the questions for this user
var questions = pwMgr.GetQuestions();
var question = questions.FirstOrDefault(x => x.QuestionNumber.ToString() == model.QuestionID);
//check to see if the answer is valid
bool questionMatch = false;
if (question != null)
{
question.Answer = model.QuestionValue;
questionMatch = pwMgr.CheckAnswer(question);
}
//if it is, email the user the link and display the redirect to login view
if (questionMatch)
{
string token = WebSecurity.GeneratePasswordResetToken(username, 10);
string email = "";
using (var userContext = new PEMRBACEntities())
{
var profile = userContext.UserProfiles.SingleOrDefault(u => u.UserName == username);
if (profile != null)
{
email = profile.Email;
}
}
if (!String.IsNullOrEmpty(email) && !String.IsNullOrEmpty(token))
{
// Send password reset email
var mailer = new UserMailer();
mailer.PasswordReset(token, email).Send();
}
else
{
ModelState.AddModelError("",
"Could not send email at this time. If the problem perists please contact your system administrator");
}
//if everythign was successful, then we need to return the login redirect view
return(ReturnLoginRedirectView("You have been emailed a link to reset your password.",
"Password Reset - Emailed"));
}
//if the question didnt match, and this is the first failure (0), then retry with the other question
//also, lets make sure we are telling hte user why they have to answer again
if (model.FailureCount == "0")
{
ModelState.AddModelError("", "Incorrect Answer. Please Try Again.");
//get the question that we did NOT just ask
var unansweredQuestion = questions.FirstOrDefault(x => x.QuestionNumber.ToString() != model.QuestionID);
//re-ask them
var secModel = new SecurityQuestionsModel
{
UserName = username,
FailureCount = "1",
QuestionID = unansweredQuestion.QuestionNumber.ToString(),
QuestionText = unansweredQuestion.Question,
QuestionValue = string.Empty
};
return(View("SecurityQuestions", secModel));
}
//they didnt answer their quesitons correctly, display the system admin contact view.
return(View("CustomerService", new CustomerSupportModel()));
}
else
{
ModelState.AddModelError("", "No account with that username found. Please enter a valid username");
}
}
// If we got this far, something failed. redisplay form
return(View(model));
}
public void Log(string area, string city, string controller, string action,
string sessionID, int userId, AuthorizationManager.AccessRights accessRights,
double accessDuration, double accessOverhead)
{
if (!Enabled)
{
return;
}
var rbacEntities = new PEMRBACEntities();
if (!_logAjax)
{
if (string.IsNullOrEmpty(area) && string.IsNullOrEmpty(city))
{
return;
}
}
if (!_logPages)
{
if (!string.IsNullOrEmpty(area) && !string.IsNullOrEmpty(city))
{
return;
}
}
if (!_logAccessAllowed)
{
if (accessRights == AuthorizationManager.AccessRights.Allowed)
{
return;
}
}
if (!_logAccessUndefined)
{
if (((int)accessRights) > 0)
{
return;
}
}
if (!_logAccessDenied)
{
if (((int)accessRights) < 0)
{
return;
}
}
rbacEntities.AccessLogs.Add(new AccessLog()
{
Area = area,
City = city,
Controller = controller,
Action = action,
SessionID = sessionID,
UserId = userId,
AccessRights = (int)accessRights,
AccessDuration = accessDuration,
AccessOverhead = accessOverhead,
AccessDate = DateTime.Now
});
rbacEntities.SaveChanges();
}
public ActionResult Landing()
{
//check to see if they have a city. if they do, then send them to the correct city homepage.
var cityCookie = GetCityCookie();
var userFactory = new UserFactory();
//if they have a cookie (which they should at this point
if (cityCookie != null)
{
//check to see if a city is set, if it is, then send them to that city
string username = WebSecurity.CurrentUserName;
string emptyCookieValue = username + "|None|" + CustomerLoginType.Unknown;
if (cityCookie.Value != emptyCookieValue)
{
return(SendToCityHomePage(cityCookie.Value.Split('|')[1]));
}
}
//if the cookie is null, send them to the login page
else
{
return(SendToLoginPage());
}
ViewBag.PWExpiration = userFactory.GetPasswordExpirationInDays();
var model = new LandingDropDownModel();
var secMgr = new SecurityManager();
var userCities = secMgr.GetCitiesForUser(WebSecurity.CurrentUserName);
// Need to check if CustomerProfile.Status == CustomerStatus.Active
var rbacEntities = new PEMRBACEntities();
var landingItems = new List <LandingDropDownItem>();
foreach (var userCity in userCities)
{
var customerProfile = rbacEntities.CustomerProfiles.FirstOrDefault(m => m.CustomerId == userCity.Id);
if (customerProfile != null && customerProfile.Status == (int)CustomerStatus.Active)
{
landingItems.Add(new LandingDropDownItem
{
Text = userCity.DisplayName,
Value = userCity.InternalName,
LoginType = CustomerLoginType.Customer
});
var _secMgr = new SecurityManager();
//if this is a amaintenance group, then you need to add all of the active
if (userCity.CustomerType == CustomerProfileType.MaintenanceGroup)
{
//t add the maint group customers login optoipns
foreach (var maintCustomer in userCity.MaintenanceCustomers.Where(x => x.IsActive))
{
//only add this option if they are a technician.
//first, go check to see if they have access ot this customer -
var cityGroups = _secMgr.GetGroupsForUser(maintCustomer, WebSecurity.CurrentUserName, true);
var authMgr = new AuthorizationManager(maintCustomer);
var storeRole = authMgr.GetMaintenanceUsersForStore(maintCustomer.InternalName);
var isMaintGroup = storeRole.Any(x => x == Constants.Security.DefaultMaintenanceGroupName);
//then test for the _maintenance group
var isPartOfMainGroup = cityGroups.Any(x => x.Key == Constants.Security.DefaultMaintenanceGroupName && x.Value);
if (isPartOfMainGroup || isMaintGroup)
{
landingItems.Add(new LandingDropDownItem
{
Text = maintCustomer.DisplayName,
Value = maintCustomer.InternalName,
LoginType = CustomerLoginType.MaintenanceGroupCustomer
});
}
}
}
}
}
//if the user only has one city, set their cookie and send them to the city homepage
if (landingItems.Count == 1)
{
//set the cookie and send them to ttheir new homepage.
var city = landingItems.FirstOrDefault();
SetCityCookie(WebSecurity.CurrentUserName + "|" + city.Value + "|" + city.LoginType);
return(SendToCityHomePage(city.Value));
}
model.Items = landingItems;
return(View(model));
}
