Esempio n. 1
0
    protected void Page_Load(object sender, EventArgs e)
    {
        // get error level
        int errorLevel = 0;

        if (Request["error"] != null)
        {
            errorLevel = Int32.Parse(Request["error"].ToString());
        }

        if (errorLevel == 1)
        {
            // check to see if the user is an admin, if so allow them to view the error details
            Rock.CMS.User user = Rock.CMS.UserService.GetCurrentUser();

            GroupService service    = new GroupService();
            Group        adminGroup = service.GetByGuid(Rock.SystemGuid.Group.GROUP_ADMINISTRATORS);

            if (user != null && adminGroup.Members.Where(m => m.PersonId == user.PersonId).Count() > 0)
            {
                // is an admin
                lErrorInfo.Text = "<h4>Exception Log:</h4>";

                // get exception from Session
                if (Session["Exception"] != null)
                {
                    ProcessException(( Exception )Session["Exception"], " ");
                }
            }
        }

        // clear session object
        Session.Remove("Exception");
    }
Esempio n. 2
0
        /// <summary>
        /// Resets a user's password to a new, automatically generated password.
        /// </summary>
        /// <param name="username">The user to reset the password for.</param>
        /// <param name="answer">The password answer for the specified user.</param>
        /// <returns>
        /// The new password for the specified user.
        /// </returns>
        public override string ResetPassword(string username, string answer)
        {
            if (!EnablePasswordReset)
            {
                throw new NotSupportedException("Password Reset is not enabled");
            }

            UserService UserService = new CMS.UserService();

            Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);

            if (user != null)
            {
                if (string.IsNullOrEmpty(answer) && RequiresQuestionAndAnswer)
                {
                    UpdateFailureCount(user, FailureType.PasswordAnswer);
                    throw new ProviderException("Password answer required for password reset");
                }

                string newPassword = System.Web.Security.Membership.GeneratePassword(newPasswordLength, MinRequiredNonAlphanumericCharacters);

                ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true);

                OnValidatingPassword(args);

                if (args.Cancel)
                {
                    if (args.FailureInformation != null)
                    {
                        throw args.FailureInformation;
                    }
                    else
                    {
                        throw new MembershipPasswordException("Reset password canceled due to password validation failure");
                    }
                }

                if (user.IsLockedOut ?? false)
                {
                    throw new MembershipPasswordException("The supplied user is locked out");
                }

                if (RequiresQuestionAndAnswer && EncodePassword(answer) != user.PasswordAnswer)
                {
                    UpdateFailureCount(user, FailureType.PasswordAnswer);
                    throw new MembershipPasswordException("Incorrect password answer");
                }

                user.Password = EncodePassword(newPassword);
                user.LastPasswordChangedDate = DateTime.Now;
                UserService.Save(user, CurrentPersonId());

                return(newPassword);
            }
            else
            {
                throw new MembershipPasswordException("User does not exist");
            }
        }
Esempio n. 3
0
        /// <summary>
        /// Changes the password after first validating the existing password
        /// </summary>
        /// <param name="user">The user.</param>
        /// <param name="oldPassword">The old password.</param>
        /// <param name="newPassword">The new password.</param>
        /// <returns></returns>
        public bool ChangePassword( User user, string oldPassword, string newPassword )
        {
            if ( !Validate( user, oldPassword ) )
                return false;

            user.Password = EncodePassword( newPassword );
            user.LastPasswordChangedDate = DateTime.Now;

            return true;
        }
Esempio n. 4
0
        /// <summary>
        /// Gets the user.
        /// </summary>
        /// <param name="UserService">The user service.</param>
        /// <param name="user">The user.</param>
        /// <param name="userIsOnline">if set to <c>true</c> [user is online].</param>
        /// <returns></returns>
        private MembershipUser GetUser(UserService UserService, Rock.CMS.User user, bool userIsOnline)
        {
            MembershipUser membershipUser = GetUserFromModel(user);

            if (userIsOnline)
            {
                user.LastActivityDate = DateTime.Now;
                UserService.Save(user, CurrentPersonId(membershipUser));
            }

            return(membershipUser);
        }
Esempio n. 5
0
        /// <summary>
        /// Gets the user.
        /// </summary>
        /// <param name="UserService">The user service.</param>
        /// <param name="username">The username.</param>
        /// <param name="userIsOnline">if set to <c>true</c> [user is online].</param>
        /// <returns></returns>
        private MembershipUser GetUser(UserService UserService, string username, bool userIsOnline)
        {
            Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);

            if (user != null)
            {
                return(GetUser(UserService, user, userIsOnline));
            }
            else
            {
                return(null);
            }
        }
Esempio n. 6
0
        /// <summary>
        /// Updates information about a user in the data source.
        /// </summary>
        /// <param name="user">A <see cref="T:System.Web.Security.MembershipUser"/> object that represents the user to update and the updated information for the user.</param>
        public override void UpdateUser(MembershipUser user)
        {
            UserService UserService = new CMS.UserService();

            Rock.CMS.User userModel = UserService.GetByApplicationNameAndUsername(applicationName, user.UserName);

            if (userModel != null)
            {
                userModel.Email      = user.Email;
                userModel.Comment    = user.Comment;
                userModel.IsApproved = user.IsApproved;
                UserService.Save(userModel, CurrentPersonId());
            }
        }
Esempio n. 7
0
        /// <summary>
        /// Verifies that the specified user name and password exist in the data source.
        /// </summary>
        /// <param name="username">The name of the user to validate.</param>
        /// <param name="password">The password for the specified user.</param>
        /// <returns>
        /// true if the specified username and password are valid; otherwise, false.
        /// </returns>
        public override bool ValidateUser(string username, string password)
        {
            UserService UserService = new CMS.UserService();

            Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);

            if (user != null)
            {
                return(ValidateUser(UserService, user, password));
            }
            else
            {
                return(false);
            }
        }
Esempio n. 8
0
        private void UpdateFailureCount(Rock.CMS.User user, FailureType failureType)
        {
            DateTime FirstAttempt = (failureType == FailureType.Password ?
                                     user.FailedPasswordAttemptWindowStart :
                                     user.FailedPasswordAnswerAttemptWindowStart) ?? DateTime.MinValue;

            int attempts = (failureType == FailureType.Password ?
                            user.FailedPasswordAttemptCount :
                            user.FailedPasswordAnswerAttemptCount) ?? 0;

            TimeSpan window = new TimeSpan(0, passwordAttemptWindow, 0);

            if (DateTime.Now.CompareTo(FirstAttempt.Add(window)) < 0)
            {
                // Attempt is within window
                attempts++;
                if (attempts >= MaxInvalidPasswordAttempts)
                {
                    user.IsLockedOut       = true;
                    user.LastLockedOutDate = DateTime.Now;
                }

                if (failureType == FailureType.Password)
                {
                    user.FailedPasswordAttemptCount = attempts;
                }
                else
                {
                    user.FailedPasswordAnswerAttemptCount = attempts;
                }
            }
            else
            {
                // Attempt is outside window
                if (failureType == FailureType.Password)
                {
                    user.FailedPasswordAttemptCount       = 1;
                    user.FailedPasswordAttemptWindowStart = DateTime.Now;
                }
                else
                {
                    user.FailedPasswordAnswerAttemptCount       = 1;
                    user.FailedPasswordAnswerAttemptWindowStart = DateTime.Now;
                }
            }
        }
Esempio n. 9
0
        /// <summary>
        /// Clears a lock so that the membership user can be validated.
        /// </summary>
        /// <param name="userName">The membership user whose lock status you want to clear.</param>
        /// <returns>
        /// true if the membership user was successfully unlocked; otherwise, false.
        /// </returns>
        public override bool UnlockUser(string userName)
        {
            UserService UserService = new CMS.UserService();

            Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, userName);

            if (user != null)
            {
                user.IsLockedOut       = false;
                user.LastLockedOutDate = DateTime.Now;
                UserService.Save(user, CurrentPersonId());
                return(true);
            }
            else
            {
                return(false);
            }
        }
Esempio n. 10
0
        /// <summary>
        /// Gets the user from model.
        /// </summary>
        /// <param name="user">The user.</param>
        /// <returns></returns>
        private MembershipUser GetUserFromModel(Rock.CMS.User user)
        {
            DateTime now = DateTime.Now;

            return(new MembershipUser(
                       this.Name,
                       user.Username,
                       user.PersonId,
                       user.Email,
                       user.PasswordQuestion,
                       user.Comment,
                       user.IsApproved ?? true,
                       user.IsLockedOut ?? false,
                       user.CreationDate ?? now,
                       user.LastLoginDate ?? now,
                       user.LastActivityDate ?? now,
                       user.LastPasswordChangedDate ?? now,
                       user.LastLockedOutDate ?? now));
        }
Esempio n. 11
0
        /// <summary>
        /// Processes a request to update the password for a membership user.
        /// </summary>
        /// <param name="username">The user to update the password for.</param>
        /// <param name="oldPassword">The current password for the specified user.</param>
        /// <param name="newPassword">The new password for the specified user.</param>
        /// <returns>
        /// true if the password was updated successfully; otherwise, false.
        /// </returns>
        public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            UserService UserService = new UserService();

            Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);

            if (user != null)
            {
                if (!ValidateUser(UserService, user, oldPassword))
                {
                    return(false);
                }

                ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true);

                OnValidatingPassword(args);

                if (args.Cancel)
                {
                    if (args.FailureInformation != null)
                    {
                        throw args.FailureInformation;
                    }
                    else
                    {
                        throw new Exception("Change password canceled due to new password validation failure");
                    }
                }

                user.Password = EncodePassword(newPassword);
                user.LastPasswordChangedDate = DateTime.Now;
                UserService.Save(user, CurrentPersonId());

                return(true);
            }
            else
            {
                return(false);
            }
        }
Esempio n. 12
0
 /// <summary>
 /// Validates the user.
 /// </summary>
 /// <param name="UserService">The user service.</param>
 /// <param name="user">The user.</param>
 /// <param name="password">The password.</param>
 /// <returns></returns>
 private bool ValidateUser(UserService UserService, Rock.CMS.User user, string password)
 {
     if (EncodePassword(password) == user.Password)
     {
         if (user.IsApproved ?? false)
         {
             user.LastLoginDate = DateTime.Now;
             UserService.Save(user, CurrentPersonId());
             return(true);
         }
         else
         {
             return(false);
         }
     }
     else
     {
         UpdateFailureCount(user, FailureType.Password);
         UserService.Save(user, CurrentPersonId());
         return(false);
     }
 }
Esempio n. 13
0
        /// <summary>
        /// Gets user information from the data source based on the unique identifier for the membership user. Provides an option to update the last-activity date/time stamp for the user.
        /// </summary>
        /// <param name="providerUserKey">The unique identifier for the membership user to get information for.</param>
        /// <param name="userIsOnline">true to update the last-activity date/time stamp for the user; false to return user information without updating the last-activity date/time stamp for the user.</param>
        /// <returns>
        /// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the specified user's information from the data source.
        /// </returns>
        public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
        {
            if (providerUserKey != null && providerUserKey is int)
            {
                UserService UserService = new CMS.UserService();

                Rock.CMS.User user = UserService.Get(( int )providerUserKey);

                if (user != null)
                {
                    return(GetUser(UserService, user, userIsOnline));
                }
                else
                {
                    return(null);
                }
            }
            else
            {
                throw new ProviderException("Invalid providerUserKey");
            }
        }
Esempio n. 14
0
        /// <summary>
        /// Processes a request to update the password question and answer for a membership user.
        /// </summary>
        /// <param name="username">The user to change the password question and answer for.</param>
        /// <param name="password">The password for the specified user.</param>
        /// <param name="newPasswordQuestion">The new password question for the specified user.</param>
        /// <param name="newPasswordAnswer">The new password answer for the specified user.</param>
        /// <returns>
        /// true if the password question and answer are updated successfully; otherwise, false.
        /// </returns>
        public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
        {
            UserService UserService = new CMS.UserService();

            Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);

            if (user != null)
            {
                if (!ValidateUser(UserService, user, password))
                {
                    return(false);
                }

                user.PasswordQuestion = newPasswordQuestion;
                user.PasswordAnswer   = newPasswordAnswer;
                UserService.Save(user, CurrentPersonId());
                return(true);
            }
            else
            {
                return(false);
            }
        }
Esempio n. 15
0
        /// <summary>
        /// Removes a user from the membership data source.
        /// </summary>
        /// <param name="username">The name of the user to delete.</param>
        /// <param name="deleteAllRelatedData">true to delete data related to the user from the database; false to leave data related to the user in the database.</param>
        /// <returns>
        /// true if the user was successfully deleted; otherwise, false.
        /// </returns>
        public override bool DeleteUser(string username, bool deleteAllRelatedData)
        {
            UserService UserService = new CMS.UserService();

            Rock.CMS.User user = UserService.GetByApplicationNameAndUsername(applicationName, username);

            if (user != null)
            {
                try
                {
                    UserService.Delete(user, CurrentPersonId());
                    UserService.Save(user, CurrentPersonId());
                    return(true);
                }
                catch (SystemException ex)
                {
                    throw new ProviderException("Error occurred attempting to delete User", ex);
                }
            }
            else
            {
                return(false);
            }
        }
Esempio n. 16
0
 protected void btnResetPassword_Click( object sender, EventArgs e )
 {
     user = userService.GetByConfirmationCode( ConfirmationCode );
     ShowResetSuccess();
 }
Esempio n. 17
0
 /// <summary>
 /// Handles the Click event of the btnDelete control.
 /// </summary>
 /// <param name="sender">The source of the event.</param>
 /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
 protected void btnDelete_Click( object sender, EventArgs e )
 {
     user = userService.GetByConfirmationCode( ConfirmationCode );
     ShowDeleted();
 }
Esempio n. 18
0
        private XElement MenuXmlElement( int levelsDeep,  User user )
        {
            if ( levelsDeep >= 0 && this.DisplayInNav( user ) )
            {
                XElement pageElement = new XElement( "page",
                    new XAttribute( "id", this.Id ),
                    new XAttribute( "title", this.Title ?? this.Name ),
                    new XAttribute( "url", this.Url),
                    new XAttribute( "display-description", this.MenuDisplayDescription.ToString().ToLower() ),
                    new XAttribute( "display-icon", this.MenuDisplayIcon.ToString().ToLower() ),
                    new XAttribute( "display-child-pages", this.MenuDisplayChildPages.ToString().ToLower() ),
                    new XElement( "description", this.Description ?? "" ),
                    new XElement( "icon-url", this.IconUrl ?? "" ) );

                XElement childPagesElement = new XElement( "pages" );

                pageElement.Add( childPagesElement );

                if ( levelsDeep > 0 && this.MenuDisplayChildPages)
                foreach ( Page page in Pages )
                {
                    XElement childPageElement = page.MenuXmlElement( levelsDeep - 1, user );
                    if ( childPageElement != null )
                        childPagesElement.Add( childPageElement );
                }

                return pageElement;
            }
            else
                return null;
        }
Esempio n. 19
0
 /// <summary>
 /// Returns XML for a page menu.
 /// </summary>
 /// <param name="levelsDeep">The page levels deep.</param>
 /// <param name="user">The user.</param>
 /// <returns></returns>
 public XDocument MenuXml( int levelsDeep, User user )
 {
     XElement menuElement = MenuXmlElement( levelsDeep, user );
     return new XDocument( new XDeclaration( "1.0", "UTF-8", "yes" ), menuElement );
 }
Esempio n. 20
0
        private void UpdateFailureCount(User user)
        {
            int passwordAttemptWindow = 0;
            int maxInvalidPasswordAttempts = int.MaxValue;

            Rock.Web.Cache.GlobalAttributes globalAttributes = Rock.Web.Cache.GlobalAttributes.Read();
            if ( !Int32.TryParse( globalAttributes.AttributeValue( "PasswordAttemptWindow" ), out passwordAttemptWindow ) )
                passwordAttemptWindow = 0;
            if ( !Int32.TryParse( globalAttributes.AttributeValue( "MaxInvalidPasswordAttempts" ), out maxInvalidPasswordAttempts ) )
                maxInvalidPasswordAttempts = int.MaxValue;

            DateTime firstAttempt = user.FailedPasswordAttemptWindowStart ?? DateTime.MinValue;
            int attempts = user.FailedPasswordAttemptCount ?? 0;

            TimeSpan window = new TimeSpan( 0, passwordAttemptWindow, 0 );
            if ( DateTime.Now.CompareTo( firstAttempt.Add( window ) ) < 0 )
            {
                attempts++;
                if ( attempts >= maxInvalidPasswordAttempts )
                {
                    user.IsLockedOut = true;
                    user.LastLockedOutDate = DateTime.Now;
                }

                user.FailedPasswordAttemptCount = attempts;
            }
            else
            {
                user.FailedPasswordAttemptCount = 1;
                user.FailedPasswordAttemptWindowStart = DateTime.Now;
            }
        }
Esempio n. 21
0
 /// <summary>
 /// Return <c>true</c> if the user is authorized to perform the selected action on this object.
 /// </summary>
 /// <param name="action">The action.</param>
 /// <param name="user">The user.</param>
 /// <returns></returns>
 public virtual bool Authorized( string action, User user )
 {
     return Security.Authorization.Authorized( this, action, user );
 }
Esempio n. 22
0
 /// <summary>
 /// Handles the Click event of the btnCodeReset control.
 /// </summary>
 /// <param name="sender">The source of the event.</param>
 /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
 protected void btnCodeReset_Click( object sender, EventArgs e )
 {
     ConfirmationCode = tbConfirmationCode.Text;
     user = userService.GetByConfirmationCode( ConfirmationCode );
     ShowResetPassword();
 }
Esempio n. 23
0
        /// <summary>
        /// Adds a new membership user to the data source.
        /// </summary>
        /// <param name="username">The user name for the new user.</param>
        /// <param name="password">The password for the new user.</param>
        /// <param name="email">The e-mail address for the new user.</param>
        /// <param name="passwordQuestion">The password question for the new user.</param>
        /// <param name="passwordAnswer">The password answer for the new user</param>
        /// <param name="isApproved">Whether or not the new user is approved to be validated.</param>
        /// <param name="providerUserKey">The unique identifier from the membership data source for the user.</param>
        /// <param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"/> enumeration value indicating whether the user was created successfully.</param>
        /// <returns>
        /// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the information for the newly created user.
        /// </returns>
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(args);

            if (args.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            UserService UserService = new CMS.UserService();

            if ((RequiresUniqueEmail && (GetUserNameByEmail(UserService, email) != String.Empty)))
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }

            MembershipUser membershipUser = GetUser(UserService, username, false);

            if (membershipUser == null)
            {
                DateTime createDate = DateTime.Now;

                Rock.CMS.User user = new Rock.CMS.User();

                if (providerUserKey != null && providerUserKey is int)
                {
                    user.PersonId = ( int )providerUserKey;
                }
                else
                {
                    status = MembershipCreateStatus.InvalidProviderUserKey;
                    return(null);
                }

                user.ApplicationName                        = applicationName;
                user.Username                               = username;
                user.Password                               = EncodePassword(password);
                user.PasswordQuestion                       = passwordQuestion;
                user.PasswordAnswer                         = passwordAnswer;
                user.IsApproved                             = isApproved;
                user.Comment                                = string.Empty;
                user.CreationDate                           = createDate;
                user.LastPasswordChangedDate                = createDate;
                user.LastActivityDate                       = createDate;
                user.IsLockedOut                            = false;
                user.LastLockedOutDate                      = createDate;
                user.FailedPasswordAttemptCount             = 0;
                user.FailedPasswordAttemptWindowStart       = createDate;
                user.FailedPasswordAnswerAttemptCount       = 0;
                user.FailedPasswordAnswerAttemptWindowStart = createDate;
                user.AuthenticationType                     = (int)AuthenticationType.Database;

                try
                {
                    UserService.Add(user, CurrentPersonId());
                    UserService.Save(user, CurrentPersonId());
                    status = MembershipCreateStatus.Success;
                }
                catch
                {
                    status = MembershipCreateStatus.ProviderError;
                }

                return(GetUser(UserService, user, false));
            }
            else
            {
                status = MembershipCreateStatus.DuplicateUserName;
                return(null);
            }
        }
Esempio n. 24
0
 /// <summary>
 /// Unlocks the user.
 /// </summary>
 /// <param name="user">The user.</param>
 public void Unlock( User user )
 {
     user.IsLockedOut = false;
     this.Save( user, null );
 }
Esempio n. 25
0
 /// <summary>
 /// Validates the specified user.
 /// </summary>
 /// <param name="user">The user.</param>
 /// <param name="password">The password.</param>
 /// <returns></returns>
 public bool Validate( User user, string password )
 {
     if ( EncodePassword( password ) == user.Password )
     {
         if ( user.IsConfirmed ?? false )
             if ( !user.IsLockedOut.HasValue || !user.IsLockedOut.Value )
             {
                 user.LastLoginDate = DateTime.Now;
                 this.Save( user, null );
                 return true;
             }
         return false;
     }
     else
     {
         UpdateFailureCount( user );
         this.Save( user, null );
         return false;
     }
 }
Esempio n. 26
0
        /// <summary>
        /// Raises the <see cref="E:System.Web.UI.Control.Load"/> event.
        /// </summary>
        /// <param name="e">The <see cref="T:System.EventArgs"/> object that contains the event data.</param>
        protected override void OnLoad( EventArgs e )
        {
            base.OnLoad( e );

            pnlCode.Visible = false;
            pnlConfirmed.Visible = false;
            pnlResetPassword.Visible = false;
            pnlResetSuccess.Visible = false;
            pnlDelete.Visible = false;
            pnlDeleted.Visible = false;
            pnlInvalid.Visible = false;

            userService = new UserService();

            if (!Page.IsPostBack)
            {
                lDeleted.Text = AttributeValue( "DeletedCaption" );

                string invalidCaption = AttributeValue( "InvalidCaption" );
                if ( invalidCaption.Contains( "{0}" ) )
                    invalidCaption = string.Format( invalidCaption, ResolveUrl( "~/NewAccount" ) );
                lInvalid.Text = invalidCaption;

                ConfirmationCode = Request.QueryString["cc"];

                user = userService.GetByConfirmationCode( ConfirmationCode );
                string action = Request.QueryString["action"] ?? "";

                switch ( action.ToLower() )
                {
                    case "delete":
                        ShowDelete();
                        break;
                    case "reset":
                        ShowResetPassword();
                        break;
                    default:
                        ShowConfirmed();
                        break;
                }
            }
        }
Esempio n. 27
0
        private void LogError(Exception ex, int parentException, string status, System.Web.HttpContext context)
        {
            try
            {
                // get the current user
                Rock.CMS.User user = Rock.CMS.UserService.GetCurrentUser();

                // save the exception info to the db
                ExceptionLogService service      = new ExceptionLogService();
                ExceptionLog        exceptionLog = new ExceptionLog();;

                exceptionLog.ParentId      = parentException;
                exceptionLog.ExceptionDate = DateTime.Now;

                if (ex.InnerException != null)
                {
                    exceptionLog.HasInnerException = true;
                }

                exceptionLog.Description = ex.Message;
                exceptionLog.StackTrace  = ex.StackTrace;
                exceptionLog.Source      = ex.Source;
                exceptionLog.StatusCode  = status;

                if (context.Items["Rock:SiteId"] != null)
                {
                    exceptionLog.SiteId = Int32.Parse(context.Items["Rock:SiteId"].ToString());
                }

                if (context.Items["Rock:PageId"] != null)
                {
                    exceptionLog.PageId = Int32.Parse(context.Items["Rock:PageId"].ToString());
                }

                exceptionLog.ExceptionType = ex.GetType().Name;
                exceptionLog.PageUrl       = context.Request.RawUrl;

                exceptionLog.QueryString = context.Request.QueryString.ToString();

                // write cookies
                StringBuilder cookies = new StringBuilder();
                cookies.Append("<table class=\"cookies\">");

                foreach (string cookie in context.Request.Cookies)
                {
                    cookies.Append("<tr><td><b>" + cookie + "</b></td><td>" + context.Request.Cookies[cookie].Value + "</td></tr>");
                }

                cookies.Append("</table>");
                exceptionLog.Cookies = cookies.ToString();

                // write form items
                StringBuilder formItems = new StringBuilder();
                cookies.Append("<table class=\"formItems\">");

                foreach (string formItem in context.Request.Form)
                {
                    cookies.Append("<tr><td><b>" + formItem + "</b></td><td>" + context.Request.Form[formItem].ToString() + "</td></tr>");
                }

                cookies.Append("</table>");
                exceptionLog.Form = formItems.ToString();

                // write server vars
                StringBuilder serverVars = new StringBuilder();
                cookies.Append("<table class=\"server-variables\">");

                foreach (string serverVar in context.Request.ServerVariables)
                {
                    serverVars.Append("<tr><td><b>" + serverVar + "</b></td><td>" + context.Request.ServerVariables[serverVar].ToString() + "</td></tr>");
                }

                cookies.Append("</table>");
                exceptionLog.ServerVariables = serverVars.ToString();

                if (user != null)
                {
                    exceptionLog.PersonId = user.PersonId;
                }

                service.Add(exceptionLog, null);
                service.Save(exceptionLog, null);

                //  log inner exceptions
                if (ex.InnerException != null)
                {
                    LogError(ex.InnerException, exceptionLog.Id, status, context);
                }
            }
            catch (Exception exception)
            {
                // if you get an exception while logging an exception I guess you're hosed...
            }
        }
Esempio n. 28
0
 /// <summary>
 /// Handles the Click event of the btnCodeDelete control.
 /// </summary>
 /// <param name="sender">The source of the event.</param>
 /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
 protected void btnCodeDelete_Click( object sender, EventArgs e )
 {
     ConfirmationCode = tbConfirmationCode.Text;
     user = userService.GetByConfirmationCode( ConfirmationCode );
     ShowDelete();
 }
Esempio n. 29
0
 /// <summary>
 /// <c>true</c> or <c>false</c> value of whether the page can be displayed in a navigation menu 
 /// based on the <see cref="DisplayInNavWhen"/> property value and the security of the currently logged in user
 /// </summary>
 /// <param name="user">The current user.</param>
 /// <returns></returns>
 public bool DisplayInNav( User user )
 {
     switch ( this.DisplayInNavWhen )
     {
         case CMS.DisplayInNavWhen.Always:
             return true;
         case CMS.DisplayInNavWhen.WhenAllowed:
             return this.Authorized( "View", user );
         default:
             return false;
     }
 }
Esempio n. 30
0
        /// <summary>
        /// Evaluates whether a selected user is allowed to perform the selected action on the selected
        /// entity.
        /// </summary>
        /// <param name="entity"></param>
        /// <param name="action"></param>
        /// <param name="user"></param>
        /// <returns></returns>
        public static bool Authorized(ISecured entity, string action, Rock.CMS.User user)
        {
            //    return Authorized( entity, action, user != null ? user.Person.Guid.ToString() : string.Empty );
            //}

            ///// <summary>
            ///// Evaluates whether a selected user is allowed to perform the selected action on the selected
            ///// entity.
            ///// </summary>
            ///// <param name="entity">The entity.</param>
            ///// <param name="action">The action.</param>
            ///// <param name="userName">Name of the user.</param>
            ///// <returns></returns>
            //private static bool Authorized( ISecured entity, string action, string userName )
            //{
            // If there's no Authorizations object, create it
            if (Authorizations == null)
            {
                Load();
            }

            // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
            // one to find the first one specific to the selected user or a role that the selected user belongs
            // to.  If a match is found return whether the user is allowed (true) or denied (false) access
            if (Authorizations.Keys.Contains(entity.AuthEntity) &&
                Authorizations[entity.AuthEntity].Keys.Contains(entity.Id) &&
                Authorizations[entity.AuthEntity][entity.Id].Keys.Contains(action))
            {
                string userName = user != null?user.Person.Guid.ToString() : string.Empty;

                foreach (AuthRule authRule in Authorizations[entity.AuthEntity][entity.Id][action])
                {
                    // All Users
                    if (authRule.SpecialRole == SpecialRole.AllUsers)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    // All Authenticated Users
                    if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    // All Unauthenticated Users
                    if (authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    if (authRule.SpecialRole == SpecialRole.None && userName != string.Empty)
                    {
                        // See if person has been authorized to entity
                        if (authRule.PersonId.HasValue &&
                            user.PersonId.HasValue &&
                            authRule.PersonId.Value == user.PersonId.Value)
                        {
                            return(authRule.AllowOrDeny == "A");
                        }

                        // See if person is in role authorized
                        if (authRule.GroupId.HasValue)
                        {
                            Role role = Role.Read(authRule.GroupId.Value);
                            if (role != null && role.UserInRole(userName))
                            {
                                return(authRule.AllowOrDeny == "A");
                            }
                        }
                    }
                }
            }

            // If not match was found for the selected user on the current entity instance, check to see if the instance
            // has a parent authority defined and if so evaluate that entities authorization rules.  If there is no
            // parent authority return the defualt authorization
            if (entity.ParentAuthority != null)
            {
                return(Authorized(entity.ParentAuthority, action, user));
            }
            else
            {
                return(entity.DefaultAuthorization(action));
            }
        }
Esempio n. 31
0
 /// <summary>
 /// Returns XML for a page menu.  XML will be 1 level deep
 /// </summary>
 /// <param name="user">The user.</param>
 /// <returns></returns>
 public XDocument MenuXml( User user )
 {
     return MenuXml( 1, user );
 }
Esempio n. 32
0
        /// <summary>
        /// Creates a new user.
        /// </summary>
        /// <param name="person">The person.</param>
        /// <param name="authenticationType">Type of the authentication.</param>
        /// <param name="username">The username.</param>
        /// <param name="password">The password.</param>
        /// <param name="isConfirmed">if set to <c>true</c> [is confirmed].</param>
        /// <param name="currentPersonId">The current person id.</param>
        /// <returns></returns>
        public User Create( Rock.CRM.Person person,
            AuthenticationType authenticationType,
            string username,
            string password,
            bool isConfirmed,
            int? currentPersonId )
        {
            User user = this.GetByUserName( username );
            if ( user != null )
                throw new ArgumentOutOfRangeException( "username", "Username already exists" );

            DateTime createDate = DateTime.Now;

            user = new User();
            user.UserName = username;
            user.Password = EncodePassword( password );
            user.IsConfirmed = isConfirmed;
            user.CreationDate = createDate;
            user.LastPasswordChangedDate = createDate;
            if ( person != null )
                user.PersonId = person.Id;
            user.AuthenticationType = authenticationType;

            this.Add( user, currentPersonId );
            this.Save( user, currentPersonId );

            return user;
        }
Esempio n. 33
0
 /// <summary>
 /// Changes the password.
 /// </summary>
 /// <param name="user">The user.</param>
 /// <param name="password">The password.</param>
 public void ChangePassword( User user, string password )
 {
     user.Password = EncodePassword( password );
     user.LastPasswordChangedDate = DateTime.Now;
 }