private void BlockIPSecurityPortal(Tenant tenant)
{
if (tenant == null)
{
return;
}
var settings = IPRestrictionsSettings.LoadForTenant(tenant.TenantId);
if (settings.Enable && SecurityContext.IsAuthenticated && !IPSecurity.IPSecurity.Verify(tenant))
{
Auth.ProcessLogout();
ResponseRedirect("~/Auth.aspx?error=ipsecurity", HttpStatusCode.Forbidden);
}
}
public static bool Authenticate()
{
if (SecurityContext.IsAuthenticated)
{
return(true);
}
var authenticated = false;
var tenant = CoreContext.TenantManager.GetCurrentTenant(false);
if (tenant != null)
{
if (HttpContext.Current != null)
{
string cookie;
if (AuthorizationHelper.ProcessBasicAuthorization(HttpContext.Current, out cookie))
{
CookiesManager.SetCookies(CookiesType.AuthKey, cookie);
authenticated = true;
}
}
if (!authenticated)
{
var cookie = CookiesManager.GetCookies(CookiesType.AuthKey);
if (!string.IsNullOrEmpty(cookie))
{
authenticated = SecurityContext.AuthenticateMe(cookie);
if (!authenticated)
{
Auth.ProcessLogout();
return(false);
}
}
}
var accessSettings = TenantAccessSettings.Load();
if (authenticated && SecurityContext.CurrentAccount.ID == ASC.Core.Users.Constants.OutsideUser.ID && !accessSettings.Anyone)
{
Auth.ProcessLogout();
authenticated = false;
}
}
return(authenticated);
}
private void ProcessEmailActivation(string email)
{
var user = CoreContext.UserManager.GetUserByEmail(email);
if (user.ID.Equals(Constants.LostUser.ID))
{
ShowError(Resource.ErrorConfirmURLError);
}
else if (user.ActivationStatus == EmployeeActivationStatus.Activated)
{
Response.Redirect(CommonLinkUtility.GetDefault());
}
else
{
try
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
user.ActivationStatus = EmployeeActivationStatus.Activated;
user = CoreContext.UserManager.SaveUserInfo(user);
var first = Request["first"] ?? "";
if (first.ToLower() == "true" && !CoreContext.Configuration.Personal && user.IsAdmin())
{
StudioNotifyService.Instance.SendAdminWellcome(user);
}
MessageService.Send(HttpContext.Current.Request, MessageInitiator.System, MessageAction.UserActivated, user.DisplayUserName(false));
}
finally
{
Auth.ProcessLogout();
}
var redirectUrl = String.Format("~/auth.aspx?confirmed-email={0}", email);
Response.Redirect(redirectUrl, true);
}
}
private bool CheckValidationKey()
{
var key = Request["key"] ?? "";
var emplType = Request["emplType"] ?? "";
var validInterval = SetupInfo.ValidEamilKeyInterval;
var authInterval = TimeSpan.FromHours(1);
EmailValidationKeyProvider.ValidationResult checkKeyResult;
switch (_type)
{
case ConfirmType.PortalContinue:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key);
break;
case ConfirmType.PhoneActivation:
case ConfirmType.PhoneAuth:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval);
break;
case ConfirmType.Auth:
{
var first = Request["first"] ?? "";
var module = Request["module"];
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module, key, authInterval);
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok)
{
var user = _email.Contains("@")
? CoreContext.UserManager.GetUserByEmail(_email)
: CoreContext.UserManager.GetUsers(new Guid(_email));
if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID)
{
Auth.ProcessLogout();
}
if (!SecurityContext.IsAuthenticated)
{
if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable)
{
Response.Redirect(SmsConfirmUrl(user), true);
}
var authCookie = SecurityContext.AuthenticateMe(user.ID);
CookiesManager.SetCookies(CookiesType.AuthKey, authCookie);
MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess, user.DisplayUserName(false));
}
AuthRedirect(user, first.ToLower() == "true", module, Request[FilesLinkUtility.FileUri]);
}
}
break;
case ConfirmType.DnsChange:
{
var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] });
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval);
}
break;
case ConfirmType.PortalOwnerChange:
{
Guid uid;
try
{
uid = new Guid(Request["uid"]);
}
catch
{
uid = Guid.Empty;
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval);
}
break;
case ConfirmType.EmpInvite:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval);
break;
case ConfirmType.LinkInvite:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval);
break;
case ConfirmType.PasswordChange:
var userHash = !String.IsNullOrEmpty(Request["p"]) && Request["p"] == "1";
String hash = String.Empty;
if (userHash)
{
hash = CoreContext.Authentication.GetUserPasswordHash(CoreContext.UserManager.GetUserByEmail(_email).ID);
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)), key, validInterval);
break;
default:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval);
break;
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired)
{
ShowError(Resource.ErrorExpiredActivationLink);
return(false);
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid)
{
ShowError(_type == ConfirmType.LinkInvite
? Resource.ErrorInvalidActivationLink
: Resource.ErrorConfirmURLError);
return(false);
}
if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex())
{
ShowError(Resource.ErrorNotCorrectEmail);
return(false);
}
return(true);
}
private bool CheckValidationKey()
{
var key = Request["key"] ?? "";
var emplType = Request["emplType"] ?? "";
var social = Request["social"] ?? "";
var validInterval = SetupInfo.ValidEmailKeyInterval;
var authInterval = SetupInfo.ValidAuthKeyInterval;
EmailValidationKeyProvider.ValidationResult checkKeyResult;
switch (_type)
{
case ConfirmType.PortalContinue:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key);
break;
case ConfirmType.PhoneActivation:
case ConfirmType.PhoneAuth:
case ConfirmType.TfaActivation:
case ConfirmType.TfaAuth:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval);
break;
case ConfirmType.Auth:
{
var first = Request["first"] ?? "";
var module = Request["module"] ?? "";
var smsConfirm = Request["sms"] ?? "";
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module + smsConfirm, key, authInterval);
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok)
{
var user = _email.Contains("@")
? CoreContext.UserManager.GetUserByEmail(_email)
: CoreContext.UserManager.GetUsers(new Guid(_email));
if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID)
{
Auth.ProcessLogout();
}
if (!SecurityContext.IsAuthenticated)
{
if (!CoreContext.UserManager.UserExists(user.ID) || user.Status != EmployeeStatus.Active)
{
ShowError(Auth.MessageKey.ErrorUserNotFound);
return(false);
}
if (StudioSmsNotificationSettings.IsVisibleAndAvailableSettings && StudioSmsNotificationSettings.Enable && smsConfirm.ToLower() != "true")
{
//todo: think about 'first' & 'module'
Response.Redirect(SmsConfirmUrl(user), true);
}
if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable)
{
//todo: think about 'first' & 'module'
Response.Redirect(TfaConfirmUrl(user), true);
}
var messageAction = social == "true" ? MessageAction.LoginSuccessViaSocialAccount : MessageAction.LoginSuccess;
CookiesManager.AuthenticateMeAndSetCookies(user.Tenant, user.ID, messageAction);
}
SetDefaultModule(module);
AuthRedirect(first.ToLower() == "true");
}
}
break;
case ConfirmType.DnsChange:
{
var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] });
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval);
}
break;
case ConfirmType.PortalOwnerChange:
{
Guid uid;
try
{
uid = new Guid(Request["uid"]);
}
catch
{
uid = Guid.Empty;
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval);
}
break;
case ConfirmType.EmpInvite:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval);
break;
case ConfirmType.LinkInvite:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval);
break;
case ConfirmType.EmailChange:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + SecurityContext.CurrentAccount.ID, key, validInterval);
break;
case ConfirmType.PasswordChange:
var userInfo = CoreContext.UserManager.GetUserByEmail(_email);
var auditEvent = AuditEventsRepository.GetByFilter(action: MessageAction.UserSentPasswordChangeInstructions, entry: EntryType.User, target: MessageTarget.Create(userInfo.ID).ToString(), limit: 1).FirstOrDefault();
var passwordStamp = CoreContext.Authentication.GetUserPasswordStamp(userInfo.ID);
string hash;
if (auditEvent != null)
{
var auditEventDate = TenantUtil.DateTimeToUtc(auditEvent.Date);
hash = (auditEventDate.CompareTo(passwordStamp) > 0 ? auditEventDate : passwordStamp).ToString("s");
}
else
{
hash = passwordStamp.ToString("s");
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + hash, key, validInterval);
break;
default:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval);
break;
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired)
{
ShowError(Auth.MessageKey.ErrorExpiredActivationLink);
return(false);
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid)
{
ShowError(_type == ConfirmType.LinkInvite
? Auth.MessageKey.ErrorInvalidActivationLink
: Auth.MessageKey.ErrorConfirmURLError);
return(false);
}
if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex())
{
ShowError(Auth.MessageKey.ErrorNotCorrectEmail);
return(false);
}
return(true);
}
private bool CheckValidationKey()
{
var key = Request["key"] ?? "";
var emplType = Request["emplType"] ?? "";
var social = Request["social"] ?? "";
var validInterval = SetupInfo.ValidEmailKeyInterval;
var authInterval = SetupInfo.ValidAuthKeyInterval;
EmailValidationKeyProvider.ValidationResult checkKeyResult;
switch (_type)
{
case ConfirmType.PortalContinue:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key);
break;
case ConfirmType.PhoneActivation:
case ConfirmType.PhoneAuth:
case ConfirmType.TfaActivation:
case ConfirmType.TfaAuth:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval);
break;
case ConfirmType.Auth:
{
var first = Request["first"] ?? "";
var module = Request["module"] ?? "";
var smsConfirm = Request["sms"] ?? "";
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module + smsConfirm, key, authInterval);
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok)
{
var user = _email.Contains("@")
? CoreContext.UserManager.GetUserByEmail(_email)
: CoreContext.UserManager.GetUsers(new Guid(_email));
if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID)
{
Auth.ProcessLogout();
}
if (!SecurityContext.IsAuthenticated)
{
if (!CoreContext.UserManager.UserExists(user.ID) || user.Status != EmployeeStatus.Active)
{
ShowError(Resource.ErrorUserNotFound);
return(false);
}
if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable && smsConfirm.ToLower() != "true")
{
//todo: think about 'first' & 'module'
Response.Redirect(SmsConfirmUrl(user), true);
}
if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable)
{
//todo: think about 'first' & 'module'
Response.Redirect(TfaConfirmUrl(user), true);
}
var authCookie = SecurityContext.AuthenticateMe(user.ID);
CookiesManager.SetCookies(CookiesType.AuthKey, authCookie);
var messageAction = social == "true" ? MessageAction.LoginSuccessViaSocialAccount : MessageAction.LoginSuccess;
MessageService.Send(HttpContext.Current.Request, messageAction);
}
SetDefaultModule(module);
AuthRedirect(first.ToLower() == "true");
}
}
break;
case ConfirmType.DnsChange:
{
var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] });
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval);
}
break;
case ConfirmType.PortalOwnerChange:
{
Guid uid;
try
{
uid = new Guid(Request["uid"]);
}
catch
{
uid = Guid.Empty;
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval);
}
break;
case ConfirmType.EmpInvite:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval);
break;
case ConfirmType.LinkInvite:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval);
break;
case ConfirmType.EmailChange:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + SecurityContext.CurrentAccount.ID, key, validInterval);
break;
case ConfirmType.PasswordChange:
var userHash = !String.IsNullOrEmpty(Request["p"]) && Request["p"] == "1";
var hash = String.Empty;
if (userHash)
{
hash = CoreContext.Authentication.GetUserPasswordHash(CoreContext.UserManager.GetUserByEmail(_email).ID);
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)), key, validInterval);
break;
default:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval);
break;
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired)
{
ShowError(Resource.ErrorExpiredActivationLink);
return(false);
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid)
{
ShowError(_type == ConfirmType.LinkInvite
? Resource.ErrorInvalidActivationLink
: Resource.ErrorConfirmURLError);
return(false);
}
if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex())
{
ShowError(Resource.ErrorNotCorrectEmail);
return(false);
}
return(true);
}