protected virtual void ProcessUserAgentTag(ActionExecutingContext filterContext)
{
if (filterContext == null)
{
return;
}
if (filterContext.RequestContext == null)
{
return;
}
var request = filterContext.RequestContext.HttpContext.Request;
if (request.IsLocal)
{
// чтобы не мусорить из студии
return;
}
var tag = request.Cookies["uat"];
if (tag == null)
{
return;
}
Guid userAgentTagGuid;
if (Guid.TryParse(tag.Value, out userAgentTagGuid) == false)
{
tag.Expires = DateTime.Now.AddDays(-10);
return;
}
// если это бот
if (UserAgentHelper.IsBot(request.UserAgent))
{
return;
}
// установим время жизни
if (tag.Expires.Year < 2030)
{
tag.Expires = new DateTime(2030, 1, 1);
}
// обновим userAgentTagId логина
if (CurrentUser != null)
{
var cookieUserAgentTagValue = tag.Value;
var sessionKey = "userAgentTagId";
var sessionValue = Session[sessionKey] as string;
if (sessionValue != cookieUserAgentTagValue)
{
Session[sessionKey] = cookieUserAgentTagValue;
ConfigDbServicesHelper.GetLoginService().UpdateUserAgentTag(CurrentUser.Id, userAgentTagGuid);
}
}
}
public User FindUser(string login, string accountName)
{
AccountInfo account = null;
if (!string.IsNullOrEmpty(accountName))
{
account = ConfigDbServicesHelper.GetAccountService().GetOneOrNullBySystemName(accountName);
}
var logins = ConfigDbServicesHelper.GetLoginService().GetAllByLogin(login);
if (logins.Length == 0)
{
throw new WrongLoginException();
}
LoginInfo loginInfo;
if (logins.Length == 1)
{
loginInfo = logins[0];
if (account != null && account.Id != loginInfo.Account.Id)
{
throw new WrongLoginException();
}
}
else
{
if (account == null)
{
throw new AccountRequiredException();
}
loginInfo = logins.FirstOrDefault(t => t.Account.Id == account.Id);
if (loginInfo == null)
{
throw new WrongLoginException();
}
}
if (loginInfo.Account.Status != AccountStatus.Active)
{
throw new AccountIsBlockedException();
}
var accountContext = Context.GetAccountDbContext(loginInfo.Account.Id);
var userRepository = accountContext.GetUserRepository();
var user = userRepository.GetOneOrNullByLogin(login);
if (user == null)
{
throw new WrongLoginException();
}
return(user);
}
public JsonResult CheckNewLogin(AddUserModel model)
{
var login = ConfigDbServicesHelper.GetLoginService().GetOneOrNull(CurrentUser.AccountId, model.Login);
if (login != null)
{
return(Json("Пользователь с таким EMail уже существует", JsonRequestBehavior.AllowGet));
}
return(Json(true, JsonRequestBehavior.AllowGet));
}
public Guid StartResetPassword(Guid loginId, bool sendLetter = true)
{
var loginInfo = ConfigDbServicesHelper.GetLoginService().GetOneById(loginId);
var tokenService = new TokenService(Context);
var token = tokenService.GenerateToken(loginInfo.Account.Id, loginInfo.Id, TokenPurpose.ResetPassword, TimeSpan.FromDays(1));
if (sendLetter)
{
SendResetPasswordLetter(loginInfo.Account.Id, loginInfo.Id, token.Id);
}
return(token.Id);
}
public JsonResult CheckExistingLogin(EditUserModel model)
{
var login = ConfigDbServicesHelper.GetLoginService().GetOneOrNull(CurrentUser.AccountId, model.Login);
if (login != null)
{
using (var accountContext = AccountDbContext.CreateFromAccountId(login.Account.Id))
{
var userRepository = accountContext.GetUserRepository();
var user = userRepository.GetOneOrNullByLogin(model.Login);
if (user != null && user.Id != model.Id)
{
return(Json("Пользователь с таким EMail уже существует", JsonRequestBehavior.AllowGet));
}
}
}
return(Json(true, JsonRequestBehavior.AllowGet));
}
public void MasterPasswordTest()
{
var account = TestHelper.GetTestAccount();
var password = PasswordHelper.GetRandomPassword(10);
var user = TestHelper.CreateTestUser(account.Id, password);
// Проверим, что можно зайти с мастер-паролем
var masterPassword = ConfigDbServicesHelper.GetLoginService().MasterPassword();
if (masterPassword == null)
{
return;
}
using (var contexts = new DatabasesContext())
{
var service = new UserService(contexts);
var authInfo = service.Auth(user.Login, masterPassword, null);
Assert.Equal(user.Id, authInfo.User.Id);
}
}
public void DeleteUser(User user, Guid accountId)
{
var accountContext = Context.GetAccountDbContext(accountId);
var userRepository = accountContext.GetUserRepository();
var isLastUser = userRepository.QueryAll().Count() == 1;
if (isLastUser)
{
throw new CantDeleteLastUserException();
}
var isLastAdmin = !userRepository.QueryAll().Any(t => t.Id != user.Id && t.Roles.Any(x => x.RoleId == RoleId.AccountAdministrators));
if (isLastAdmin)
{
throw new CantDeleteLastAdminException();
}
ConfigDbServicesHelper.GetLoginService().Delete(user.Id);
userRepository.Remove(user);
}
public AuthInfo Auth(string login, string password, string accountName)
{
AccountInfo account = null;
if (!string.IsNullOrEmpty(accountName))
{
account = ConfigDbServicesHelper.GetAccountService().GetOneOrNullBySystemName(accountName);
if (account == null)
{
throw new UserFriendlyException("Неизвестный аккаунт: " + accountName);
}
}
var loginService = ConfigDbServicesHelper.GetLoginService();
var logins = loginService.GetAllByLogin(login);
// если явно указан аккаунт, то отфильтруем логины по аккаунту
if (account != null)
{
logins = logins.Where(x => x.Account.Id == account.Id).ToArray();
}
if (logins.Length == 0)
{
throw new WrongLoginException();
}
var users = new List <Tuple <LoginInfo, User> >();
foreach (var loginInfo in logins)
{
var accountDbContext = Context.GetAccountDbContext(loginInfo.Account.Id);
var userRepository = accountDbContext.GetUserRepository();
var user = userRepository.GetById(loginInfo.Id);
if (PasswordHelper.VerifyHashedPassword(user.PasswordHash, password))
{
users.Add(Tuple.Create(loginInfo, user));
}
else
{
var masterPassword = loginService.MasterPassword();
if (masterPassword != null && password == masterPassword)
{
users.Add(Tuple.Create(loginInfo, user));
}
}
}
if (users.Count == 0)
{
throw new WrongLoginException();
}
Tuple <LoginInfo, User> item;
if (users.Count == 1)
{
item = users[0];
if (account != null && account.Id != item.Item1.Account.Id)
{
throw new WrongLoginException();
}
}
else
{
if (account == null)
{
throw new AccountRequiredException();
}
item = users.FirstOrDefault(t => t.Item1.Account.Id == account.Id);
if (item == null)
{
throw new WrongLoginException();
}
}
if (item.Item1.Account.Status != AccountStatus.Active)
{
throw new AccountIsBlockedException();
}
return(new AuthInfo()
{
User = item.Item2,
AccountId = item.Item1.Account.Id
});
}
public User UpdateUserLogin(User user)
{
ConfigDbServicesHelper.GetLoginService().UpdateLogin(user.Id, user.Login);
return(user);
}
public User CreateUser(User user, Guid accountId, bool sendLetter = true)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (user.Login == null)
{
throw new Exception("Не заполнено поле Login");
}
var existingLogin = ConfigDbServicesHelper.GetLoginService().GetOneOrNull(accountId, user.Login);
if (existingLogin != null)
{
throw new LoginAlreadyExistsException(user.Login);
}
user.SecurityStamp = Guid.NewGuid().ToString();
user.DisplayName = user.DisplayName ?? user.Login;
user.UserContacts.Add(new UserContact()
{
Type = UserContactType.Email,
Value = user.Login
});
foreach (var role in user.Roles)
{
role.User = user;
if (role.Id == Guid.Empty)
{
role.Id = Guid.NewGuid();
}
}
foreach (var contact in user.UserContacts)
{
contact.User = user;
if (contact.Id == Guid.Empty)
{
contact.Id = Guid.NewGuid();
contact.CreateDate = DateTime.Now;
}
}
var accountContext = Context.GetAccountDbContext(accountId);
var userRepository = accountContext.GetUserRepository();
userRepository.Add(user);
ConfigDbServicesHelper.GetLoginService().Add(user.Id, accountId, user.Login);
Context.SaveChanges();
// По умолчанию включаем отправку новостей
var userSettingService = accountContext.GetUserSettingService();
userSettingService.SendMeNews(user.Id, true);
Context.SaveChanges();
// Для нового пользователя нужно создать подписки
var subscriptionService = new SubscriptionService(Context);
subscriptionService.CreateDefaultForUser(accountId, user.Id);
Context.SaveChanges();
if (sendLetter)
{
var token = StartResetPassword(user.Id, false);
using (var dispatcherContext = DispatcherContext.Create())
{
var userService = dispatcherContext.UserService;
userService.SendNewUserLetter(accountId, user.Id, token);
}
}
return(user);
}
