private Boolean warnOrDelete(
User user,
DateTime date,
Action <String> upload,
RemovalReason reason
)
{
var sent = user.Control.RemovalWarningSent;
var shouldWarn1 = date.PassedWarn1() && sent < 1;
var shouldWarn2 = date.PassedWarn2() && sent < 2;
var shouldRemove = date.PassedRemoval() && sent >= 2;
if (shouldRemove)
{
delete(user, date, upload, reason);
return(true);
}
if (shouldWarn1 || shouldWarn2)
{
return(warn(user, date, reason));
}
return(false);
}
private void notifyWipe(User user, DateTime dateTime, RemovalReason removalReason)
{
var dic = new Dictionary <String, String>
{
{ "Url", getUrl() },
{ "Date", dateTime.ToShortDateString() },
{ "UserEmail", user.Email },
};
var format = Format.WipeNotice(user, removalReason);
var fileContent = format.Layout.Format(dic);
var sender = new Sender()
.To(user.Email)
.Subject(format.Subject)
.Body(fileContent);
try
{
sender.Send();
}
catch (MailError e)
{
throw Error.FailOnEmailSend.Throw(e);
}
}
private Boolean warn(User user, DateTime date, RemovalReason reason)
{
inTransaction(
"SaveWarning",
() => repos.Control.WarnRemoval(user, date, reason)
);
return(true);
}
public static void RemovePrincipal(SecurityIdentifier userSid, RemovalReason reason)
{
// TODO: Only do this if the principal is a member of the group?
if ((LocalAdminGroup != null) && (userSid != null))
{
SecurityIdentifier[] localAdminSids = GetLocalGroupMembers(null, LocalAdminGroup.SamAccountName);
foreach (SecurityIdentifier sid in localAdminSids)
{
if (sid == userSid)
/* if (string.Compare(sid.Value, principalSID, true) == 0) */
{
string accountName = GetAccountNameFromSID(userSid.Value);
int result = RemoveLocalGroupMembers(null, LocalAdminGroup.SamAccountName, userSid);
if (result == 0)
{
PrincipalList.RemoveSID(userSid);
Settings.SIDs = PrincipalList.GetSIDs().Select(p => p.Value).ToArray <string>();
string reasonString = Properties.Resources.RemovalReasonUnknown;
switch (reason)
{
case RemovalReason.ServiceStopped:
reasonString = Properties.Resources.RemovalReasonServiceStopped;
break;
case RemovalReason.Timeout:
reasonString = Properties.Resources.RemovalReasonTimeout;
break;
case RemovalReason.UserLogoff:
reasonString = Properties.Resources.RemovalReasonUserLogoff;
break;
case RemovalReason.UserRequest:
reasonString = Properties.Resources.RemovalReasonUserRequest;
break;
}
// TODO: i18n.
string message = string.Format("Principal {0} ({1}) removed from the Administrators group. Reason: {2}.", userSid, accountName, reasonString);
ApplicationLog.WriteInformationEvent(message, EventID.UserRemovedFromAdminsSuccess);
}
else
{
// TODO: i18n.
ApplicationLog.WriteWarningEvent(string.Format("Removing principal {0} ({1}) from the Administrators group returned error code {1}.", userSid, accountName, result), EventID.UserRemovedFromAdminsFailure);
}
}
}
}
}
/// <summary>
/// Removes a user from the local Administrators group.
/// </summary>
/// <param name="reason">
/// The reason that the rights are being removed.
/// </param>
public void RemoveUserFromAdministratorsGroup(RemovalReason reason)
{
WindowsIdentity userIdentity = null;
if (ServiceSecurityContext.Current != null)
{
userIdentity = ServiceSecurityContext.Current.WindowsIdentity;
}
if (userIdentity != null)
{
LocalAdministratorGroup.RemoveUser(userIdentity.User, reason);
}
}
/// <summary>
/// Removes the given security identifier (SID) from the local Administrators group.
/// </summary>
/// <param name="userSid">
/// The security identifier (SID) to be removed from the local Administrators group.
/// </param>
/// <param name="reason">
/// The reason for the removal.
/// </param>
public static void RemoveUser(SecurityIdentifier userSid, RemovalReason reason)
{
// TODO: Only do this if the user is a member of the group?
if ((LocalAdminGroup != null) && (userSid != null))
{
SecurityIdentifier[] localAdminSids = GetLocalGroupMembers(LocalAdminGroup.SamAccountName);
foreach (SecurityIdentifier sid in localAdminSids)
{
if (sid == userSid)
{
string accountName = GetAccountNameFromSID(userSid);
int result = RemoveLocalGroupMembers(LocalAdminGroup.SamAccountName, userSid);
if (result == 0)
{
EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath);
encryptedSettings.RemoveUser(userSid);
string reasonString = Properties.Resources.RemovalReasonUnknown;
switch (reason)
{
case RemovalReason.ServiceStopped:
reasonString = Properties.Resources.RemovalReasonServiceStopped;
break;
case RemovalReason.Timeout:
reasonString = Properties.Resources.RemovalReasonTimeout;
break;
case RemovalReason.UserLogoff:
reasonString = Properties.Resources.RemovalReasonUserLogoff;
break;
case RemovalReason.UserRequest:
reasonString = Properties.Resources.RemovalReasonUserRequest;
break;
}
string message = string.Format(Properties.Resources.UserRemoved, userSid, accountName, reasonString);
ApplicationLog.WriteEvent(message, EventID.UserRemovedFromAdminsSuccess, System.Diagnostics.EventLogEntryType.Information);
}
else
{
ApplicationLog.WriteEvent(string.Format(Properties.Resources.RemovingUserReturnedError, userSid, accountName, result), EventID.UserRemovedFromAdminsFailure, System.Diagnostics.EventLogEntryType.Warning);
}
}
}
}
}
private void delete(User user,
DateTime date,
Action <String> upload,
RemovalReason reason
)
{
inTransaction(
"MarkUserDeletion",
() => repos.Control.MarkDeletion(user)
);
inTransaction(
"DeleteUser",
() => repos.Wipe.Execute(user, date, upload, reason)
);
}
public void Execute(User user, DateTime date, Action <String> upload, RemovalReason reason)
{
var accounts = repos.Account.Where(a => a.User.ID == user.ID);
var s3 = reason == RemovalReason.PersonAsked
? null
: extractToFile(user, accounts, upload);
var wipe = new Wipe
{
Email = user.Email,
When = DateTime.UtcNow,
Why = reason,
S3 = s3,
Password = user.Password,
TFA = user.TFASecret,
};
SaveOrUpdate(wipe);
notifyWipe(user, date, reason);
wipeAll(repos.Ticket, t => t.User, u => u.ID == user.ID);
wipeAll(repos.Security, s => s.User, u => u.ID == user.ID);
wipeAll(repos.Acceptance, a => a.User, u => u.ID == user.ID);
foreach (var account in accounts)
{
wipeAll(repos.Summary, m => m.Account, a => a.ID == account.ID);
wipeAll(repos.Move, m => m.In, a => a.ID == account.ID);
wipeAll(repos.Move, m => m.Out, a => a.ID == account.ID);
wipeAll(repos.Schedule, m => m.In, a => a.ID == account.ID);
wipeAll(repos.Schedule, m => m.Out, a => a.ID == account.ID);
}
wipeAll(repos.Account, a => a.User, u => u.ID == user.ID);
wipeAll(repos.Category, c => c.User, u => u.ID == user.ID);
repos.User.Delete(user);
repos.Config.Delete(user.Config);
repos.Control.Delete(user.Control);
}
public void WarnRemoval(User user, DateTime dateTime, RemovalReason removalReason)
{
var wipeDate = dateTime.AddDays(90).ToUniversalTime().Date;
var now = DateTime.UtcNow.Date;
var diff = wipeDate - now;
var count = (Int32)diff.TotalDays;
var dic = new Dictionary <String, String>
{
{ "Url", getUrl() },
{ "Date", dateTime.ToShortDateString() },
{ "Count", count.ToString() },
};
var format = Format.UserRemoval(user, removalReason);
var fileContent = format.Layout.Format(dic);
var sender = new Sender()
.To(user.Email)
.Subject(format.Subject)
.Body(fileContent);
try
{
sender.Send();
}
catch (MailError e)
{
throw Error.FailOnEmailSend.Throw(e);
}
var control = user.Control;
control.RemovalWarningSent++;
SaveOrUpdate(control);
}
public void WhenAWipeNoticeIsFormattedBecauseOf(RemovalReason reason)
{
format = Format.WipeNotice(user, reason);
}
public void WhenAUserRemovalIsFormattedBecauseOf(RemovalReason reason)
{
format = Format.UserRemoval(user, reason);
}
public static Format WipeNotice(User user, RemovalReason removalReason)
{
return(new(user, EmailType.WipeNotice, removalReason));
}
public static Format UserRemoval(User user, RemovalReason removalReason)
{
return(new(user, EmailType.RemovalReason, removalReason));
}
