private static UserInfo GetUser(string userName, string password, string provider, string accessToken, out bool viaEmail)
{
viaEmail = true;
var action = MessageAction.LoginFailViaApi;
UserInfo user;
try
{
if (string.IsNullOrEmpty(provider) || provider == "email")
{
userName.ThrowIfNull(new ArgumentException(@"userName empty", "userName"));
password.ThrowIfNull(new ArgumentException(@"password empty", "password"));
var localization = new LdapLocalization(Resource.ResourceManager);
var ldapUserManager = new LdapUserManager(localization);
if (!ldapUserManager.TryGetAndSyncLdapUserInfo(userName, password, out user))
{
user = CoreContext.UserManager.GetUsers(
CoreContext.TenantManager.GetCurrentTenant().TenantId,
userName,
Hasher.Base64Hash(password, HashAlg.SHA256));
}
if (user == null || !CoreContext.UserManager.UserExists(user.ID))
{
throw new Exception("user not found");
}
}
else
{
viaEmail = false;
action = MessageAction.LoginFailViaApiSocialAccount;
var thirdPartyProfile = ProviderManager.GetLoginProfile(provider, accessToken);
userName = thirdPartyProfile.EMail;
user = LoginWithThirdParty.GetUserByThirdParty(thirdPartyProfile);
}
}
catch
{
MessageService.Send(Request, string.IsNullOrEmpty(userName) ? userName : AuditResource.EmailNotSpecified, action);
throw new AuthenticationException("User authentication failed");
}
var tenant = CoreContext.TenantManager.GetCurrentTenant();
var settings = IPRestrictionsSettings.Load();
if (settings.Enable && user.ID != tenant.OwnerId && !IPSecurity.IPSecurity.Verify(tenant))
{
throw new IPSecurityException();
}
return(user);
}
private static UserInfo GetUser(string userName, string password, string provider, string accessToken, out bool viaEmail)
{
viaEmail = true;
var action = MessageAction.LoginFailViaApi;
try
{
UserInfo user;
if (string.IsNullOrEmpty(provider) || provider == "email")
{
userName.ThrowIfNull(new ArgumentException("userName empty", "userName"));
password.ThrowIfNull(new ArgumentException("password empty", "password"));
if (!ActiveDirectoryUserImporter.TryGetLdapUserInfo(userName, password, out user))
{
user = CoreContext.UserManager.GetUsers(
CoreContext.TenantManager.GetCurrentTenant().TenantId,
userName,
Hasher.Base64Hash(password, HashAlg.SHA256));
}
if (user == null || !CoreContext.UserManager.UserExists(user.ID))
{
throw new Exception("user not found");
}
return(user);
}
viaEmail = false;
action = MessageAction.LoginFailViaApiSocialAccount;
var thirdPartyProfile = ProviderManager.GetLoginProfile(provider, accessToken);
userName = thirdPartyProfile.EMail;
user = LoginWithThirdParty.GetUserByThirdParty(thirdPartyProfile);
return(user);
}
catch
{
MessageService.Send(Request, string.IsNullOrEmpty(userName) ? userName : AuditResource.EmailNotSpecified, action);
throw new AuthenticationException("User authentication failed");
}
}
private static UserInfo GetUser(string userName, string password, string provider, string accessToken, out bool viaEmail)
{
viaEmail = true;
var action = MessageAction.LoginFailViaApi;
UserInfo user;
try
{
if (string.IsNullOrEmpty(provider) || provider == "email")
{
userName.ThrowIfNull(new ArgumentException(@"userName empty", "userName"));
password.ThrowIfNull(new ArgumentException(@"password empty", "password"));
int counter;
int.TryParse(Cache.Get <String>("loginsec/" + userName), out counter);
if (++counter > 5 && !SetupInfo.IsSecretEmail(userName))
{
throw new Authorize.BruteForceCredentialException();
}
Cache.Insert("loginsec/" + userName, counter.ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));
var localization = new LdapLocalization(Resource.ResourceManager);
var ldapUserManager = new LdapUserManager(localization);
if (!ldapUserManager.TryGetAndSyncLdapUserInfo(userName, password, out user))
{
user = CoreContext.UserManager.GetUsers(
CoreContext.TenantManager.GetCurrentTenant().TenantId,
userName,
Hasher.Base64Hash(password, HashAlg.SHA256));
}
if (user == null || !CoreContext.UserManager.UserExists(user.ID))
{
throw new Exception("user not found");
}
Cache.Insert("loginsec/" + userName, (--counter).ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));
}
else
{
viaEmail = false;
action = MessageAction.LoginFailViaApiSocialAccount;
var thirdPartyProfile = ProviderManager.GetLoginProfile(provider, accessToken);
userName = thirdPartyProfile.EMail;
user = LoginWithThirdParty.GetUserByThirdParty(thirdPartyProfile);
}
}
catch (Authorize.BruteForceCredentialException)
{
MessageService.Send(Request, !string.IsNullOrEmpty(userName) ? userName : AuditResource.EmailNotSpecified, MessageAction.LoginFailBruteForce);
throw new AuthenticationException("Login Fail. Too many attempts");
}
catch
{
MessageService.Send(Request, !string.IsNullOrEmpty(userName) ? userName : AuditResource.EmailNotSpecified, action);
throw new AuthenticationException("User authentication failed");
}
var tenant = CoreContext.TenantManager.GetCurrentTenant();
var settings = IPRestrictionsSettings.Load();
if (settings.Enable && user.ID != tenant.OwnerId && !IPSecurity.IPSecurity.Verify(tenant))
{
throw new IPSecurityException();
}
return(user);
}
private UserInfo GetUser(AuthModel memberModel, out bool viaEmail)
{
viaEmail = true;
var action = MessageAction.LoginFailViaApi;
UserInfo user;
try
{
if ((string.IsNullOrEmpty(memberModel.Provider) && string.IsNullOrEmpty(memberModel.SerializedProfile)) || memberModel.Provider == "email")
{
memberModel.UserName.ThrowIfNull(new ArgumentException(@"userName empty", "userName"));
if (!string.IsNullOrEmpty(memberModel.Password))
{
memberModel.Password.ThrowIfNull(new ArgumentException(@"password empty", "password"));
}
else
{
memberModel.PasswordHash.ThrowIfNull(new ArgumentException(@"PasswordHash empty", "PasswordHash"));
}
int counter;
int.TryParse(Cache.Get <string>("loginsec/" + memberModel.UserName), out counter);
if (++counter > SetupInfo.LoginThreshold && !SetupInfo.IsSecretEmail(memberModel.UserName))
{
throw new BruteForceCredentialException();
}
Cache.Insert("loginsec/" + memberModel.UserName, counter.ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));
memberModel.PasswordHash = (memberModel.PasswordHash ?? "").Trim();
if (string.IsNullOrEmpty(memberModel.PasswordHash))
{
memberModel.Password = (memberModel.Password ?? "").Trim();
if (!string.IsNullOrEmpty(memberModel.Password))
{
memberModel.PasswordHash = PasswordHasher.GetClientPassword(memberModel.Password);
}
}
user = UserManager.GetUsersByPasswordHash(
TenantManager.GetCurrentTenant().TenantId,
memberModel.UserName,
memberModel.PasswordHash);
if (user == null || !UserManager.UserExists(user))
{
throw new Exception("user not found");
}
Cache.Insert("loginsec/" + memberModel.UserName, (--counter).ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1)));
}
else
{
viaEmail = false;
action = MessageAction.LoginFailViaApiSocialAccount;
LoginProfile thirdPartyProfile;
if (!string.IsNullOrEmpty(memberModel.SerializedProfile))
{
thirdPartyProfile = new LoginProfile(Signature, InstanceCrypto, memberModel.SerializedProfile);
}
else
{
thirdPartyProfile = ProviderManager.GetLoginProfile(memberModel.Provider, memberModel.AccessToken);
}
memberModel.UserName = thirdPartyProfile.EMail;
user = GetUserByThirdParty(thirdPartyProfile);
}
}
catch (BruteForceCredentialException)
{
MessageService.Send(!string.IsNullOrEmpty(memberModel.UserName) ? memberModel.UserName : AuditResource.EmailNotSpecified, MessageAction.LoginFailBruteForce);
throw new AuthenticationException("Login Fail. Too many attempts");
}
catch
{
MessageService.Send(!string.IsNullOrEmpty(memberModel.UserName) ? memberModel.UserName : AuditResource.EmailNotSpecified, action);
throw new AuthenticationException("User authentication failed");
}
return(user);
}
