protected void btnSubmit_Click(object sender, EventArgs e)
{
if (!chkldap.Checked)
{
if (txtUserPwd.Text != txtUserPwdConfirm.Text)
{
EndUserMessage = "Passwords Did Not Match";
return;
}
if (string.IsNullOrEmpty(txtUserPwd.Text))
{
EndUserMessage = "Passwords Cannot Be Empty";
return;
}
}
else
{
//Create a local random db pass, should never actually be possible to use.
txtUserPwd.Text = new Guid().ToString();
txtUserPwdConfirm.Text = txtUserPwd.Text;
}
var user = new CloneDeployUser
{
Name = txtUserName.Text,
Membership = ddluserMembership.Text,
Salt = Helpers.Utility.CreateSalt(64),
Email = txtEmail.Text,
Token = txtToken.Text,
NotifyLockout = chkLockout.Checked ? 1 : 0,
NotifyError = chkError.Checked ? 1 : 0,
NotifyComplete = chkComplete.Checked ? 1 : 0,
NotifyImageApproved = chkApproved.Checked ? 1 : 0,
IsLdapUser = chkldap.Checked ? 1: 0,
UserGroupId = -1
};
user.Password = Helpers.Utility.CreatePasswordHash(txtUserPwd.Text, user.Salt);
var result = BLL.User.AddUser(user);
if (!result.IsValid)
{
EndUserMessage = result.Message;
}
else
{
EndUserMessage = "Successfully Created User";
Response.Redirect("~/views/users/edit.aspx?userid=" + user.Id);
}
}
public static Models.ValidationResult UpdateUser(CloneDeployUser user)
{
using (var uow = new DAL.UnitOfWork())
{
var validationResult = ValidateUser(user, false);
if (validationResult.IsValid)
{
uow.UserRepository.Update(user, user.Id);
validationResult.IsValid = uow.Save();
}
return(validationResult);
}
}
public static Models.ValidationResult AddUser(CloneDeployUser user)
{
using (var uow = new DAL.UnitOfWork())
{
var validationResult = ValidateUser(user, true);
if (validationResult.IsValid)
{
uow.UserRepository.Insert(user);
validationResult.IsValid = uow.Save();
}
return(validationResult);
}
}
public static void AddNewGroupMember(CloneDeployUserGroup userGroup, CloneDeployUser user)
{
user.Membership = userGroup.Membership;
user.UserGroupId = userGroup.Id;
BLL.User.UpdateUser(user);
var rights = BLL.UserGroupRight.Get(userGroup.Id);
var groupManagement = BLL.UserGroupGroupManagement.Get(userGroup.Id);
var imageManagement = BLL.UserGroupImageManagement.Get(userGroup.Id);
var userRights =
rights.Select(right => new Models.UserRight {
UserId = user.Id, Right = right.Right
}).ToList();
BLL.UserRight.DeleteUserRights(user.Id);
BLL.UserRight.AddUserRights(userRights);
var userGroupManagement =
groupManagement.Select(g => new Models.UserGroupManagement {
GroupId = g.GroupId, UserId = user.Id
})
.ToList();
BLL.UserGroupManagement.DeleteUserGroupManagements(user.Id);
BLL.UserGroupManagement.AddUserGroupManagements(userGroupManagement);
var userImageManagement =
imageManagement.Select(g => new Models.UserImageManagement {
ImageId = g.ImageId, UserId = user.Id
})
.ToList();
BLL.UserImageManagement.DeleteUserImageManagements(user.Id);
BLL.UserImageManagement.AddUserImageManagements(userImageManagement);
}
public Authorize(CloneDeployUser user, string requiredRight)
{
_cloneDeployUser = user;
_currentUserRights = BLL.UserRight.Get(_cloneDeployUser.Id).Select(right => right.Right).ToList();
_requiredRight = requiredRight;
}
public Models.ValidationResult GlobalLogin(string userName, string password, string loginType)
{
var validationResult = new Models.ValidationResult
{
Message = "Login Was Not Successful",
IsValid = false
};
//Check if user exists in Clone Deploy
var user = BLL.User.GetUser(userName);
if (user == null)
{
//Check For a first time LDAP User Group Login
if (Settings.LdapEnabled == "1")
{
foreach (var ldapGroup in BLL.UserGroup.GetLdapGroups())
{
if (new BLL.Ldap().Authenticate(userName, password, ldapGroup.GroupLdapName))
{
//user is a valid ldap user via ldap group that has not yet logged in.
//Add the user and allow login.
var cdUser = new CloneDeployUser
{
Name = userName,
Salt = Helpers.Utility.CreateSalt(64),
Token = Utility.GenerateKey(),
IsLdapUser = 1
};
//Create a local random db pass, should never actually be possible to use.
cdUser.Password = Helpers.Utility.CreatePasswordHash(new System.Guid().ToString(), cdUser.Salt);
if (BLL.User.AddUser(cdUser).IsValid)
{
//add user to group
var newUser = BLL.User.GetUser(userName);
BLL.UserGroup.AddNewGroupMember(ldapGroup, newUser);
}
validationResult.Message = "Success";
validationResult.IsValid = true;
break;
}
}
}
return(validationResult);
}
if (BLL.UserLockout.AccountIsLocked(user.Id))
{
BLL.UserLockout.ProcessBadLogin(user.Id);
validationResult.Message = "Account Is Locked";
return(validationResult);
}
//Check against AD
if (user.IsLdapUser == 1 && Settings.LdapEnabled == "1")
{
//Check if user is authenticated against an ldap group
if (user.UserGroupId != -1)
{
//user is part of a group, is the group an ldap group?
var userGroup = BLL.UserGroup.GetUserGroup(user.UserGroupId);
if (userGroup != null)
{
if (userGroup.IsLdapGroup == 1)
{
//the group is an ldap group
//make sure user is still in that ldap group
if (new BLL.Ldap().Authenticate(userName, password, userGroup.GroupLdapName))
{
validationResult.IsValid = true;
}
else
{
//user is either not in that group anymore, not in the directory, or bad password
validationResult.IsValid = false;
if (new BLL.Ldap().Authenticate(userName, password))
{
//password was good but user is no longer in the group
//delete the user
BLL.User.DeleteUser(user.Id);
}
}
}
else
{
//the group is not an ldap group
//still need to check creds against directory
if (new BLL.Ldap().Authenticate(userName, password))
{
validationResult.IsValid = true;
}
}
}
else
{
//group didn't exist for some reason
//still need to check creds against directory
if (new BLL.Ldap().Authenticate(userName, password))
{
validationResult.IsValid = true;
}
}
}
else
{
//user is not part of a group, check creds against directory
if (new BLL.Ldap().Authenticate(userName, password))
{
validationResult.IsValid = true;
}
}
}
else if (user.IsLdapUser == 1 && Settings.LdapEnabled != "1")
{
//prevent ldap user from logging in with local pass if ldap auth gets turned off
validationResult.IsValid = false;
}
//Check against local DB
else
{
var hash = Helpers.Utility.CreatePasswordHash(password, user.Salt);
if (user.Password == hash)
{
validationResult.IsValid = true;
}
}
if (validationResult.IsValid)
{
BLL.UserLockout.DeleteUserLockouts(user.Id);
validationResult.Message = "Success";
return(validationResult);
}
else
{
BLL.UserLockout.ProcessBadLogin(user.Id);
return(validationResult);
}
}
