private static void RequestCode(HttpContext context) { var token = GetToken(context.Request["code"]); if (token == null) { Global.Logger.Error("BoxApp: token is null"); throw new SecurityException("Access token is null"); } var boxUserId = context.Request["userId"]; if (SecurityContext.IsAuthenticated) { if (!CurrentUser(boxUserId)) { Global.Logger.Debug("BoxApp: logout for " + boxUserId); CookiesManager.ClearCookies(CookiesType.AuthKey); SecurityContext.Logout(); } } if (!SecurityContext.IsAuthenticated) { bool isNew; var userInfo = GetUserInfo(token, out isNew); if (userInfo == null) { Global.Logger.Error("BoxApp: UserInfo is null"); throw new Exception("Profile is null"); } var cookiesKey = SecurityContext.AuthenticateMe(userInfo.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccessViaSocialAccount); if (isNew) { UserHelpTourHelper.IsNewUser = true; PersonalSettings.IsNewUser = true; PersonalSettings.IsNotActivated = true; } if (!string.IsNullOrEmpty(boxUserId) && !CurrentUser(boxUserId)) { AddLinker(boxUserId); } } Token.SaveToken(token); var fileId = context.Request["id"]; context.Response.Redirect(FilesLinkUtility.GetFileWebEditorUrl(ThirdPartySelector.BuildAppFileId(AppAttr, fileId)), true); }
public static string SaveMobilePhone(UserInfo user, string mobilePhone) { mobilePhone = GetPhoneValueDigits(mobilePhone); if (user == null || Equals(user, Constants.LostUser)) { throw new Exception(Resource.ErrorUserNotFound); } if (string.IsNullOrEmpty(mobilePhone)) { throw new Exception(Resource.ActivateMobilePhoneEmptyPhoneNumber); } if (!string.IsNullOrEmpty(user.MobilePhone) && user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.Activated) { throw new Exception(Resource.MobilePhoneMustErase); } user.MobilePhone = mobilePhone; user.MobilePhoneActivationStatus = MobilePhoneActivationStatus.NotActivated; if (SecurityContext.IsAuthenticated) { CoreContext.UserManager.SaveUserInfo(user); } else { try { SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem); CoreContext.UserManager.SaveUserInfo(user); } finally { SecurityContext.Logout(); } } if (StudioSmsNotificationSettings.Enable) { PutAuthCode(user, false); } else { if (!SecurityContext.IsAuthenticated) { var cookiesKey = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); } if (user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated) { user.MobilePhoneActivationStatus = MobilePhoneActivationStatus.Activated; CoreContext.UserManager.SaveUserInfo(user); } } return(mobilePhone); }
public bool ValidateAuthCode(UserInfo user, int tenantId, string code, bool checkBackup = true) { if (!TfaAppAuthSettings.IsVisibleSettings || !SettingsManager.Load <TfaAppAuthSettings>().EnableSetting) { return(false); } if (user == null || Equals(user, Constants.LostUser)) { throw new Exception(Resource.ErrorUserNotFound); } code = (code ?? "").Trim(); if (string.IsNullOrEmpty(code)) { throw new Exception(Resource.ActivateTfaAppEmptyCode); } int.TryParse(Cache.Get <string>("tfa/" + user.ID), out var counter); if (++counter > SetupInfo.LoginThreshold) { throw new BruteForceCredentialException(Resource.TfaTooMuchError); } Cache.Insert("tfa/" + user.ID, counter.ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1))); if (!Tfa.ValidateTwoFactorPIN(GenerateAccessToken(user), code)) { if (checkBackup && TfaAppUserSettings.BackupCodesForUser(SettingsManager, user.ID).Any(x => x.Code == code && !x.IsUsed)) { TfaAppUserSettings.DisableCodeForUser(SettingsManager, user.ID, code); } else { throw new ArgumentException(Resource.TfaAppAuthMessageError); } } Cache.Insert("tfa/" + user.ID, (--counter).ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1))); if (!SecurityContext.IsAuthenticated) { var cookiesKey = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); } if (!TfaAppUserSettings.EnableForUser(SettingsManager, user.ID)) { GenerateBackupCodes(user); return(true); } return(false); }
private bool CheckBasicAuth(HttpContext context) { string authCookie; if (AuthorizationHelper.ProcessBasicAuthorization(context, out authCookie)) { CookiesManager.SetCookies(CookiesType.AuthKey, authCookie); return(true); } return(false); }
private static void OutsideAuth() { var cookie = SecurityContext.AuthenticateMe(Constants.OutsideUser.ID); if (HttpContext.Current != null) { CookiesManager.SetCookies(CookiesType.AuthKey, cookie); } else { SecurityContext.AuthenticateMe(cookie); } }
protected void Page_Load(object sender, EventArgs e) { cmd = Request.Form["subCmd"]; loginOkUrl = Request.QueryString["url"]; AJM_WeiXinUserInfo user = new AJM_WeiXinUserInfo(); string loginId = txt_LoginID.Value; string password = txt_Password.Value; if (!IsPostBack) { BindSelSchool(); } //通过页面验证,执行登录操作 if (cmd == "Login") { CookiesManager.RemoveCookies("userInfo"); if (loginHandle(loginId, password, selSchool.Value)) { //若选择记住密码,则记录用户信息cookies CookiesManager.SetCookies(loginId, password, UserSchoolInfo.SchoolNo); if (!string.IsNullOrEmpty(loginOkUrl)) { Response.Redirect(loginOkUrl); } else { Response.Redirect("MainFunctionPage.aspx"); } } } else { if (Request.Cookies["userInfo"] != null)//存在记录的cookies信息 { loginId = CookiesManager.GetCookiesValue(CookiesManager.LoginID); password = CookiesManager.GetCookiesValue(CookiesManager.Password); string schoolId = CookiesManager.GetCookiesValue(CookiesManager.SchoolId); if (loginHandle(loginId, password, schoolId)) { if (!string.IsNullOrEmpty(loginOkUrl)) { Response.Redirect(loginOkUrl); } else { Response.Redirect("MainFunctionPage.aspx"); } } } } }
protected void Page_Load(object sender, EventArgs e) { TenantName = CoreContext.TenantManager.GetCurrentTenant().Name; Page.Title = TenantName; if (Request.QueryString["stop"] == "true") { WarmUpController.Instance.Terminate(); } if (Request.QueryString["restart"] == "true") { WarmUpController.Instance.Restart(); } if (!CoreContext.Configuration.Standalone || WarmUpController.Instance.CheckCompleted()) { Response.Redirect(CommonLinkUtility.GetDefault(), true); if (!WarmUpSettings.GetCompleted()) { WarmUpSettings.SetCompleted(true); } } if (!SecurityContext.IsAuthenticated) { var owner = CoreContext.TenantManager.GetCurrentTenant(); var cookie = SecurityContext.AuthenticateMe(owner.OwnerId); CookiesManager.SetCookies(CookiesType.AuthKey, cookie); } Master.DisabledSidePanel = true; //top panel Master.TopStudioPanel.DisableProductNavigation = true; Master.TopStudioPanel.DisableUserInfo = true; Master.TopStudioPanel.DisableSearch = true; Master.TopStudioPanel.DisableSettings = true; Master.TopStudioPanel.DisableTariff = true; var loader = (LoaderPage)LoadControl(LoaderPage.Location); loader.Static = true; loaderHolder.Controls.Add(loader); AjaxPro.Utility.RegisterTypeForAjax(GetType()); Page.RegisterStyle("~/usercontrols/common/startup/css/startup.less") .RegisterBodyScripts("~/usercontrols/common/startup/js/startup.js") .RegisterInlineScript(string.Format("ProgressStartUpManager.init({0});", WarmUpController.Instance.GetSerializedProgress())); }
public static void SetUserPassword(Guid userID, string password) { CheckPasswordPolicy(password); var cookie = SecurityContext.SetUserPassword(userID, password); StudioNotifyService.Instance.UserPasswordChanged(userID, password); if (cookie != null) { CookiesManager.SetCookies(CookiesType.AuthKey, cookie); } }
public object SaveData(string email, string pwd, string header) { try { var currentUser = CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID); if (!currentUser.IsOwner()) { return(new { Status = 0, Message = Resources.Resource.EmailAndPasswordNotOwner }); } if (!UserManagerWrapper.ValidateEmail(email)) { return(new { Status = 0, Message = Resources.Resource.EmailAndPasswordIncorrectEmail }); } UserManagerWrapper.SetUserPassword(currentUser.ID, pwd); if (currentUser.Email != email) { currentUser.Email = email; currentUser.ActivationStatus = EmployeeActivationStatus.NotActivated; } CoreContext.UserManager.SaveUserInfo(currentUser); if (currentUser.ActivationStatus == EmployeeActivationStatus.NotActivated) { StudioNotifyService.Instance.SendEmailActivationInstructions(currentUser, email); } var newCookie = SecurityContext.AuthenticateMe(email, CoreContext.Authentication.GetUserPasswordHash(currentUser.ID)); CookiesManager.SetCookies(CookiesType.AuthKey, newCookie); var wizardSettings = SettingsManager.Instance.LoadSettings <WizardSettings>(TenantProvider.CurrentTenantID); wizardSettings.Completed = true; SettingsManager.Instance.SaveSettings(wizardSettings, TenantProvider.CurrentTenantID); var currentTenant = CoreContext.TenantManager.GetCurrentTenant(); currentTenant.Name = header; CoreContext.TenantManager.SaveTenant(currentTenant); SendInstallInfo(currentUser); return(new { Status = 1, Message = Resources.Resource.EmailAndPasswordSaved }); } catch (Exception ex) { return(new { Status = 0, Message = ex.Message }); } }
protected void Page_Load(object sender, EventArgs e) { UserSchoolInfo = null; if (!IsPostBack) { BindSelSchool(); if (Request.QueryString["WXID"] != null) { BindStuData(Request.QueryString["WXID"]); } } if (Request.QueryString["WXID"] == null) { divcontent.Style.Add("display", "block"); divstuInfo.Style.Add("display", "none"); divSuccess.Style.Add("display", "none"); return; } cmd = Request.Form["subCmd"]; //通过页面验证,执行登录操作 if (cmd == "Login") { WeiXinUsers user = new WeiXinUsers(); UserInfo users = new UserInfo(); string schoolId = selSchool.Items[selSchool.SelectedIndex].Value; if (schoolId == "-1") { spanWarmInfo.Visible = true; spanWarmInfo.InnerText = "请选择学校"; } users.LoginId = txt_LoginID.Value; users.Password = txt_Password.Value; if (loginHandle(users, schoolId)) { user.WeixinID = Request.QueryString["WXID"]; user.CardNo = txt_LoginID.Value; user.SchoolInfo = new AMS_School { Id = Convert.ToInt32(schoolId) }; spanWarmInfo.Visible = true; spanWarmInfo.InnerText = WeiXinProxy.BindUserInfo(user); AMS_School school = AMS_SchoolProxy.GetSchoolById(int.Parse(schoolId)); CookiesManager.SetCookies(user.CardNo, txt_Password.Value, schoolId); } } }
private void AddUser(SamlResponse samlResponse, UserInfo userInfo) { try { _log.DebugFormat("Adding or updating user in database, userId={0}", userInfo.ID); SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem); if (!string.IsNullOrEmpty(userInfo.MobilePhone)) { userInfo.MobilePhone = SmsManager.GetPhoneValueDigits(userInfo.MobilePhone); } if (string.IsNullOrEmpty(userInfo.UserName)) { if (string.IsNullOrWhiteSpace(userInfo.FirstName)) { userInfo.FirstName = Resource.FirstName; } if (string.IsNullOrWhiteSpace(userInfo.LastName)) { userInfo.LastName = Resource.LastName; } if (TenantStatisticsProvider.GetUsersCount() < TenantExtra.GetTenantQuota().ActiveUsers) { userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false); } else { userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false, true); } } else { CoreContext.UserManager.SaveUserInfo(userInfo); } var photoUrl = samlResponse.GetRemotePhotoUrl(); if (!string.IsNullOrEmpty(photoUrl)) { var photoLoader = new UserPhotoLoader(); photoLoader.SaveOrUpdatePhoto(photoUrl, userInfo.ID); } } finally { SecurityContext.Logout(); } var cookiesKey = SecurityContext.AuthenticateMe(userInfo.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); }
public static void ValidateSmsCode(UserInfo user, string code) { if (!StudioSmsNotificationSettings.IsVisibleSettings || !StudioSmsNotificationSettings.Enable) { return; } if (user == null || Equals(user, Constants.LostUser)) { throw new Exception(Resource.ErrorUserNotFound); } code = (code ?? "").Trim(); if (string.IsNullOrEmpty(code)) { throw new Exception(Resource.ActivateMobilePhoneEmptyCode); } int counter; int.TryParse(CodeCache.Get <String>("loginsec/" + user.ID), out counter); if (++counter % 5 == 0) { Thread.Sleep(TimeSpan.FromSeconds(10)); } CodeCache.Insert("loginsec/" + user.ID, counter.ToString(), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1))); if (!SmsKeyStorage.ValidateKey(user.MobilePhone, code)) { throw new ArgumentException(Resource.SmsAuthenticationMessageError); } if (!SecurityContext.IsAuthenticated) { var cookiesKey = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); } if (user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated) { user.MobilePhoneActivationStatus = MobilePhoneActivationStatus.Activated; CoreContext.UserManager.SaveUserInfo(user); } }
public static void ValidateSmsCode(UserInfo user, string code) { if (!StudioSmsNotificationSettings.IsVisibleSettings || !StudioSmsNotificationSettings.Enable) { return; } if (user == null || Equals(user, Constants.LostUser)) { throw new Exception(Resource.ErrorUserNotFound); } var valid = SmsKeyStorage.ValidateKey(user.MobilePhone, code); switch (valid) { case SmsKeyStorage.Result.Empty: throw new Exception(Resource.ActivateMobilePhoneEmptyCode); case SmsKeyStorage.Result.TooMuch: throw new Authorize.BruteForceCredentialException(Resource.SmsTooMuchError); case SmsKeyStorage.Result.Timeout: throw new TimeoutException(Resource.SmsAuthenticationTimeout); case SmsKeyStorage.Result.Invalide: throw new ArgumentException(Resource.SmsAuthenticationMessageError); } if (valid != SmsKeyStorage.Result.Ok) { throw new Exception("Error: " + valid); } if (!SecurityContext.IsAuthenticated) { var cookiesKey = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); } if (user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated) { user.MobilePhoneActivationStatus = MobilePhoneActivationStatus.Activated; CoreContext.UserManager.SaveUserInfo(user); } }
protected override void OnPreInit(EventArgs e) { base.OnPreInit(e); if (!SecurityContext.IsAuthenticated) { if (CoreContext.Configuration.Personal) { if (CoreContext.Configuration.Standalone) { var admin = CoreContext.UserManager.GetUserByUserName("administrator"); var cookie = SecurityContext.AuthenticateMe(admin.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookie); Response.Redirect(CommonLinkUtility.GetDefault(), true); } if (Request["campaign"] == "personal") { Session["campaign"] = "personal"; } CheckSocialMedia(); SetLanguage(abTesting: true); } return; } if (IsLogout) { var loginName = CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID).DisplayUserName(false); ProcessLogout(); MessageService.Send(HttpContext.Current.Request, loginName, MessageAction.Logout); // slo redirect if (SsoImporter.SloIsEnable && HttpContext.Current != null) { HttpContext.Current.Response.Redirect(SsoImporter.SloEndPoint, true); } Response.Redirect("~/auth.aspx", true); } else { Response.Redirect(CommonLinkUtility.GetDefault(), true); } }
public static bool Authenticate() { if (SecurityContext.IsAuthenticated) { return(true); } var authenticated = false; var tenant = CoreContext.TenantManager.GetCurrentTenant(false); if (tenant != null) { if (HttpContext.Current != null) { string cookie; if (AuthorizationHelper.ProcessBasicAuthorization(HttpContext.Current, out cookie)) { CookiesManager.SetCookies(CookiesType.AuthKey, cookie); authenticated = true; } } if (!authenticated) { var cookie = CookiesManager.GetCookies(CookiesType.AuthKey); if (!string.IsNullOrEmpty(cookie)) { authenticated = SecurityContext.AuthenticateMe(cookie); if (!authenticated) { Auth.ProcessLogout(); return(false); } } } var accessSettings = TenantAccessSettings.Load(); if (authenticated && SecurityContext.CurrentAccount.ID == ASC.Core.Users.Constants.OutsideUser.ID && !accessSettings.Anyone) { Auth.ProcessLogout(); authenticated = false; } } return(authenticated); }
private static void UserAuth(UserInfo user, HttpContext context) { if (SecurityContext.IsAuthenticated) { return; } if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable) { context.Session["refererURL"] = context.Request.Url.AbsoluteUri; context.Response.Redirect(Confirm.SmsConfirmUrl(user), true); return; } var cookiesKey = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess); }
private void ActivateUser(UserInfo user, string newPwd) { try { //Set status to activated user.ActivationStatus = EmployeeActivationStatus.Activated; SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem); CoreContext.UserManager.SaveUserInfo(user); if (!string.IsNullOrEmpty(newPwd)) { //set password if it's specified SecurityContext.SetUserPassword(user.ID, newPwd); } } catch (Exception ex) { ShowError(ex.Message); } finally { SecurityContext.Logout(); //Logout from core system } //Login user try { var cookiesKey = SecurityContext.AuthenticateMe(user.ID.ToString(), CoreContext.Authentication.GetUserPasswordHash(user.ID)); CookiesManager.SetCookies(CookiesType.UserID, user.ID.ToString()); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); } catch (Exception exception) { ShowError(exception.Message); return; } UserOnlineManager.Instance.RegistryOnlineUser(SecurityContext.CurrentAccount.ID); WebItemManager.Instance.ItemGlobalHandlers.Login(SecurityContext.CurrentAccount.ID); }
public AuthenticationTokenData AuthenticateMe([FromBody] AuthModel auth) { var tenant = TenantManager.GetCurrentTenant(); var user = GetUser(tenant.TenantId, auth); try { var token = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, token); var expires = TenantCookieSettingsHelper.GetExpiresTime(tenant.TenantId); return(new AuthenticationTokenData { Token = token, Expires = expires }); } catch { throw new Exception("User authentication failed"); } }
private void ActivateUser(UserInfo user, string newPwd) { try { //Set status to activated user.ActivationStatus = EmployeeActivationStatus.Activated; SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem); CoreContext.UserManager.SaveUserInfo(user); if (!string.IsNullOrEmpty(newPwd)) { //set password if it's specified SecurityContext.SetUserPassword(user.ID, newPwd); } } catch (Exception ex) { ShowError(ex.Message); } finally { SecurityContext.Logout(); //Logout from core system } //Login user try { var cookiesKey = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); if (newPwd != null) { MessageService.Send(HttpContext.Current.Request, MessageAction.UserUpdatedPassword); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess, user.DisplayUserName(false)); } } catch (Exception exception) { ShowError(exception.Message); } }
protected void Page_Load(object sender, EventArgs e) { if (!CoreContext.Configuration.Standalone || WarmUp.Instance.Completed) { Response.Redirect(CommonLinkUtility.GetDefault(), true); } if (!SecurityContext.IsAuthenticated) { var owner = CoreContext.TenantManager.GetCurrentTenant(); var cookie = SecurityContext.AuthenticateMe(owner.OwnerId); CookiesManager.SetCookies(CookiesType.AuthKey, cookie); } Master.DisabledSidePanel = true; //top panel Master.TopStudioPanel.DisableProductNavigation = true; Master.TopStudioPanel.DisableUserInfo = true; Master.TopStudioPanel.DisableSearch = true; Master.TopStudioPanel.DisableSettings = true; Master.TopStudioPanel.DisableTariff = true; loaderHolder.Controls.Add(LoadControl(LoaderPage.Location)); AjaxPro.Utility.RegisterTypeForAjax(GetType()); Page.RegisterStyleControl(VirtualPathUtility.ToAbsolute("~/usercontrols/common/startup/css/startup.less")); Page.RegisterBodyScripts(ResolveUrl("~/usercontrols/common/startup/js/startup.js")); Page.RegisterInlineScript(string.Format("ProgressStartUpManager.init({0});", WarmUp.Instance.Progress.ProgressPercent)); if (Request.QueryString["sync"] == "true") { WarmUp.Instance.StartSync(); } }
public object SaveData(string email, string pwd, string lng, bool populateDemoData, string promocode) { try { var tenant = CoreContext.TenantManager.GetCurrentTenant(); var settings = SettingsManager.Instance.LoadSettings <WizardSettings>(tenant.TenantId); if (settings.Completed) { return(new { Status = 0, Message = "Wizard passed." }); } if (tenant.OwnerId == Guid.Empty) { Thread.Sleep(TimeSpan.FromSeconds(6)); // wait cache interval tenant = CoreContext.TenantManager.GetTenant(tenant.TenantId); if (tenant.OwnerId == Guid.Empty) { LogManager.GetLogger("ASC.Web.FirstTime").Error(tenant.TenantId + ": owner id is empty."); } } var currentUser = CoreContext.UserManager.GetUsers(CoreContext.TenantManager.GetCurrentTenant().OwnerId); if (!currentUser.IsOwner()) { return(new { Status = 0, Message = Resources.Resource.EmailAndPasswordNotOwner }); } if (!UserManagerWrapper.ValidateEmail(email)) { return(new { Status = 0, Message = Resources.Resource.EmailAndPasswordIncorrectEmail }); } SecurityContext.AuthenticateMe(currentUser.ID); UserManagerWrapper.SetUserPassword(currentUser.ID, pwd); email = email.Trim(); if (currentUser.Email != email) { currentUser.Email = email; currentUser.ActivationStatus = EmployeeActivationStatus.NotActivated; } CoreContext.UserManager.SaveUserInfo(currentUser); var cookie = SecurityContext.AuthenticateMe(currentUser.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookie); if (!string.IsNullOrWhiteSpace(promocode)) { try { CoreContext.PaymentManager.ActivateKey(promocode); } catch (Exception err) { LogManager.GetLogger("ASC.Web.FirstTime").ErrorFormat("Incorrect Promo: {0}\r\n{1}", promocode, err); return(new { Status = 0, Message = Resources.Resource.EmailAndPasswordIncorrectPromocode }); } } settings.Completed = true; SettingsManager.Instance.SaveSettings(settings, tenant.TenantId); TrySetLanguage(tenant, lng); FirstTimeTenantSettings.SetDefaultTenantSettings(); FirstTimeTenantSettings.SendInstallInfo(currentUser); if (populateDemoData) { FirstTimeTenantSettings.SetTenantData(lng); } return(new { Status = 1, Message = Resources.Resource.EmailAndPasswordSaved }); } catch (Exception ex) { return(new { Status = 0, Message = ex.Message }); } }
private bool CheckValidationKey() { var key = Request["key"] ?? ""; var emplType = Request["emplType"] ?? ""; var validInterval = SetupInfo.ValidEamilKeyInterval; var authInterval = TimeSpan.FromHours(1); EmailValidationKeyProvider.ValidationResult checkKeyResult; switch (_type) { case ConfirmType.PortalContinue: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key); break; case ConfirmType.PhoneActivation: case ConfirmType.PhoneAuth: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval); break; case ConfirmType.Auth: { var first = Request["first"] ?? ""; var module = Request["module"]; checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module, key, authInterval); if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok) { var user = _email.Contains("@") ? CoreContext.UserManager.GetUserByEmail(_email) : CoreContext.UserManager.GetUsers(new Guid(_email)); if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID) { Auth.ProcessLogout(); } if (!SecurityContext.IsAuthenticated) { if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable) { Response.Redirect(SmsConfirmUrl(user), true); } var authCookie = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, authCookie); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess, user.DisplayUserName(false)); } AuthRedirect(user, first.ToLower() == "true", module, Request[FilesLinkUtility.FileUri]); } } break; case ConfirmType.DnsChange: { var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] }); checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval); } break; case ConfirmType.PortalOwnerChange: { Guid uid; try { uid = new Guid(Request["uid"]); } catch { uid = Guid.Empty; } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval); } break; case ConfirmType.EmpInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval); break; case ConfirmType.LinkInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval); break; case ConfirmType.PasswordChange: var userHash = !String.IsNullOrEmpty(Request["p"]) && Request["p"] == "1"; String hash = String.Empty; if (userHash) { hash = CoreContext.Authentication.GetUserPasswordHash(CoreContext.UserManager.GetUserByEmail(_email).ID); } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)), key, validInterval); break; default: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval); break; } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired) { ShowError(Resource.ErrorExpiredActivationLink); return(false); } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid) { ShowError(_type == ConfirmType.LinkInvite ? Resource.ErrorInvalidActivationLink : Resource.ErrorConfirmURLError); return(false); } if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex()) { ShowError(Resource.ErrorNotCorrectEmail); return(false); } return(true); }
private bool AuthProcess(LoginProfile thirdPartyProfile, bool withAccountLink) { var authMethod = AuthMethod.Login; var tfaLoginUrl = string.Empty; var loginCounter = 0; try { if (thirdPartyProfile != null) { if (string.IsNullOrEmpty(thirdPartyProfile.AuthorizationError)) { HashId = thirdPartyProfile.HashId; Login = thirdPartyProfile.EMail; } else { // ignore cancellation if (thirdPartyProfile.AuthorizationError != "Canceled at provider") { ErrorMessage = thirdPartyProfile.AuthorizationError; } } } else { if (!string.IsNullOrEmpty(Request["__EVENTARGUMENT"]) && Request["__EVENTTARGET"] == "signInLogin" && withAccountLink) { HashId = ASC.Common.Utils.Signature.Read <string>(Request["__EVENTARGUMENT"]); } } if (!string.IsNullOrEmpty(Request["login"])) { Login = Request["login"].Trim(); } else if (string.IsNullOrEmpty(HashId)) { IsLoginInvalid = true; throw new InvalidCredentialException("login"); } if (!string.IsNullOrEmpty(Request["pwd"])) { Password = Request["pwd"]; } else if (string.IsNullOrEmpty(HashId)) { IsPasswordInvalid = true; throw new InvalidCredentialException("password"); } if (string.IsNullOrEmpty(HashId)) { int.TryParse(cache.Get <String>("loginsec/" + Login), out loginCounter); if (++loginCounter > 5) { throw new BruteForceCredentialException(); } cache.Insert("loginsec/" + Login, loginCounter.ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1))); } var userInfo = GetUser(out authMethod); if (!CoreContext.UserManager.UserExists(userInfo.ID) || userInfo.Status != EmployeeStatus.Active) { IsLoginInvalid = true; IsPasswordInvalid = true; throw new InvalidCredentialException(); } var tenant = CoreContext.TenantManager.GetCurrentTenant(); var settings = IPRestrictionsSettings.Load(); if (settings.Enable && userInfo.ID != tenant.OwnerId && !IPSecurity.IPSecurity.Verify(tenant)) { throw new IPSecurityException(); } if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable) { tfaLoginUrl = Studio.Confirm.SmsConfirmUrl(userInfo); } else if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable) { tfaLoginUrl = Studio.Confirm.TfaConfirmUrl(userInfo); } else { var session = EnableSession && string.IsNullOrEmpty(Request["remember"]); var cookiesKey = SecurityContext.AuthenticateMe(userInfo.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey, session); MessageService.Send(HttpContext.Current.Request, authMethod == AuthMethod.ThirdParty ? MessageAction.LoginSuccessViaSocialAccount : MessageAction.LoginSuccess ); } } catch (InvalidCredentialException ex) { Auth.ProcessLogout(); var isBruteForce = (ex is BruteForceCredentialException); ErrorMessage = isBruteForce ? Resource.LoginWithBruteForce : authMethod == AuthMethod.ThirdParty ? Resource.LoginWithAccountNotFound : Resource.InvalidUsernameOrPassword; var loginName = !string.IsNullOrWhiteSpace(Login) ? Login : authMethod == AuthMethod.ThirdParty && !string.IsNullOrWhiteSpace(HashId) ? HashId : AuditResource.EmailNotSpecified; var messageAction = isBruteForce ? MessageAction.LoginFailBruteForce : authMethod == AuthMethod.ThirdParty ? MessageAction.LoginFailSocialAccountNotFound : MessageAction.LoginFailInvalidCombination; MessageService.Send(HttpContext.Current.Request, loginName, messageAction); if (authMethod == AuthMethod.ThirdParty && thirdPartyProfile != null) { Response.Redirect("~/auth.aspx?m=" + HttpUtility.UrlEncode(_errorMessage), true); } return(false); } catch (SecurityException) { Auth.ProcessLogout(); ErrorMessage = Resource.ErrorDisabledProfile; MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFailDisabledProfile); return(false); } catch (IPSecurityException) { Auth.ProcessLogout(); ErrorMessage = Resource.ErrorIpSecurity; MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFailIpSecurity); return(false); } catch (Exception ex) { Auth.ProcessLogout(); ErrorMessage = ex.Message; MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFail); return(false); } if (loginCounter > 0) { cache.Insert("loginsec/" + Login, (--loginCounter).ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1))); } if (!string.IsNullOrEmpty(tfaLoginUrl)) { Response.Redirect(tfaLoginUrl, true); } return(true); }
protected override void OnPreInit(EventArgs e) { base.OnPreInit(e); if (!SecurityContext.IsAuthenticated) { if (CoreContext.Configuration.Personal) { if (Request["campaign"] == "personal") { Session["campaign"] = "personal"; } CheckSocialMedia(); SetLanguage(abTesting: true); } var token = Request["asc_auth_key"]; if (SecurityContext.AuthenticateMe(token)) { CookiesManager.SetCookies(CookiesType.AuthKey, token); var refererURL = Request["refererURL"]; if (string.IsNullOrEmpty(refererURL)) { refererURL = "~/auth.aspx"; } Response.Redirect(refererURL, true); } return; } if (IsLogout) { var user = CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID); var loginName = user.DisplayUserName(false); ProcessLogout(); MessageService.Send(HttpContext.Current.Request, loginName, MessageAction.Logout); if (!string.IsNullOrEmpty(user.SsoNameId)) { var settings = SsoSettingsV2.Load(); if (settings.EnableSso && !string.IsNullOrEmpty(settings.IdpSettings.SloUrl)) { var logoutSsoUserData = Signature.Create(new LogoutSsoUserData { NameId = user.SsoNameId, SessionId = user.SsoSessionId }); HttpContext.Current.Response.Redirect(SetupInfo.SsoSamlLogoutUrl + "?data=" + HttpUtility.UrlEncode(logoutSsoUserData), true); } } Response.Redirect("~/auth.aspx", true); } else { Response.Redirect(CommonLinkUtility.GetDefault(), true); } }
protected void Page_Load(object sender, EventArgs e) { Page.RegisterBodyScripts("~/js/third-party/xregexp.js", "~/UserControls/Management/ConfirmInviteActivation/js/confirm_invite_activation.js") .RegisterStyle("~/UserControls/Management/ConfirmInviteActivation/css/confirm_invite_activation.less"); var uid = Guid.Empty; try { uid = new Guid(Request["uid"]); } catch { } var email = GetEmailAddress(); if (_type != ConfirmType.Activation && AccountLinkControl.IsNotEmpty && !CoreContext.Configuration.Personal) { var thrd = (AccountLinkControl)LoadControl(AccountLinkControl.Location); thrd.InviteView = true; thrd.ClientCallback = "loginJoinCallback"; thrdParty.Visible = true; thrdParty.Controls.Add(thrd); } Page.Title = HeaderStringHelper.GetPageTitle(Resource.Authorization); UserInfo user; try { SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem); user = CoreContext.UserManager.GetUserByEmail(email); var usr = CoreContext.UserManager.GetUsers(uid); if (usr.ID.Equals(Constants.LostUser.ID) || usr.ID.Equals(ASC.Core.Configuration.Constants.Guest.ID)) { usr = CoreContext.UserManager.GetUsers(CoreContext.TenantManager.GetCurrentTenant().OwnerId); } var photoData = UserPhotoManager.GetUserPhotoData(usr.ID, UserPhotoManager.MediumFotoSize); _userAvatar = photoData == null?usr.GetMediumPhotoURL() : "data:image/png;base64," + Convert.ToBase64String(photoData); _userName = usr.DisplayUserName(true); _userPost = (usr.Title ?? "").HtmlEncode(); } finally { SecurityContext.Logout(); } if (_type == ConfirmType.LinkInvite || _type == ConfirmType.EmpInvite) { if (TenantStatisticsProvider.GetUsersCount() >= TenantExtra.GetTenantQuota().ActiveUsers&& _employeeType == EmployeeType.User) { ShowError(UserControlsCommonResource.TariffUserLimitReason); return; } if (!user.ID.Equals(Constants.LostUser.ID)) { ShowError(CustomNamingPeople.Substitute <Resource>("ErrorEmailAlreadyExists")); return; } } else if (_type == ConfirmType.Activation) { if (user.IsActive) { Response.Redirect(CommonLinkUtility.GetDefault()); return; } if (user.ID.Equals(Constants.LostUser.ID) || user.Status == EmployeeStatus.Terminated) { ShowError(string.Format(Resource.ErrorUserNotFoundByEmail, email)); return; } } var tenant = CoreContext.TenantManager.GetCurrentTenant(); if (tenant != null) { var settings = IPRestrictionsSettings.Load(); if (settings.Enable && !IPSecurity.IPSecurity.Verify(tenant)) { ShowError(Resource.ErrorAccessRestricted); return; } } if (!IsPostBack) { return; } var firstName = GetFirstName(); var lastName = GetLastName(); var passwordHash = (Request["passwordHash"] ?? "").Trim(); var analytics = (Request["analytics"] ?? "").Trim() == "True"; var mustChangePassword = false; LoginProfile thirdPartyProfile; //thirdPartyLogin confirmInvite if (Request["__EVENTTARGET"] == "thirdPartyLogin") { var valueRequest = Request["__EVENTARGUMENT"]; thirdPartyProfile = new LoginProfile(valueRequest); if (!string.IsNullOrEmpty(thirdPartyProfile.AuthorizationError)) { // ignore cancellation if (thirdPartyProfile.AuthorizationError != "Canceled at provider") { ShowError(HttpUtility.HtmlEncode(thirdPartyProfile.AuthorizationError)); } return; } if (string.IsNullOrEmpty(thirdPartyProfile.EMail)) { ShowError(HttpUtility.HtmlEncode(Resource.ErrorNotCorrectEmail)); return; } } if (Request["__EVENTTARGET"] == "confirmInvite") { if (String.IsNullOrEmpty(email)) { _errorMessage = Resource.ErrorEmptyUserEmail; return; } if (!email.TestEmailRegex()) { _errorMessage = Resource.ErrorNotCorrectEmail; return; } if (String.IsNullOrEmpty(firstName)) { _errorMessage = Resource.ErrorEmptyUserFirstName; return; } if (String.IsNullOrEmpty(lastName)) { _errorMessage = Resource.ErrorEmptyUserLastName; return; } if (String.IsNullOrEmpty(passwordHash)) { _errorMessage = Resource.ErrorPasswordEmpty; return; } } var userID = Guid.Empty; try { SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem); if (_type == ConfirmType.EmpInvite || _type == ConfirmType.LinkInvite) { if (TenantStatisticsProvider.GetUsersCount() >= TenantExtra.GetTenantQuota().ActiveUsers&& _employeeType == EmployeeType.User) { ShowError(UserControlsCommonResource.TariffUserLimitReason); return; } UserInfo newUser; if (Request["__EVENTTARGET"] == "confirmInvite") { var fromInviteLink = _type == ConfirmType.LinkInvite; newUser = CreateNewUser(firstName, lastName, email, passwordHash, _employeeType, fromInviteLink); var messageAction = _employeeType == EmployeeType.User ? MessageAction.UserCreatedViaInvite : MessageAction.GuestCreatedViaInvite; MessageService.Send(HttpContext.Current.Request, MessageInitiator.System, messageAction, MessageTarget.Create(newUser.ID), newUser.DisplayUserName(false)); userID = newUser.ID; var settings = TenantAnalyticsSettings.LoadForCurrentUser(); settings.Analytics = analytics; settings.SaveForCurrentUser(); } if (Request["__EVENTTARGET"] == "thirdPartyLogin") { if (String.IsNullOrEmpty(passwordHash)) { passwordHash = UserManagerWrapper.GeneratePassword(); mustChangePassword = true; } var valueRequest = Request["__EVENTARGUMENT"]; thirdPartyProfile = new LoginProfile(valueRequest); newUser = CreateNewUser(GetFirstName(thirdPartyProfile), GetLastName(thirdPartyProfile), GetEmailAddress(thirdPartyProfile), passwordHash, _employeeType, false); var messageAction = _employeeType == EmployeeType.User ? MessageAction.UserCreatedViaInvite : MessageAction.GuestCreatedViaInvite; MessageService.Send(HttpContext.Current.Request, MessageInitiator.System, messageAction, MessageTarget.Create(newUser.ID), newUser.DisplayUserName(false)); userID = newUser.ID; if (!String.IsNullOrEmpty(thirdPartyProfile.Avatar)) { SaveContactImage(userID, thirdPartyProfile.Avatar); } var linker = new AccountLinker("webstudio"); linker.AddLink(userID.ToString(), thirdPartyProfile); } } else if (_type == ConfirmType.Activation) { if (!UserFormatter.IsValidUserName(firstName, lastName)) { throw new Exception(Resource.ErrorIncorrectUserName); } SecurityContext.SetUserPasswordHash(user.ID, passwordHash); user.ActivationStatus = EmployeeActivationStatus.Activated; user.FirstName = firstName; user.LastName = lastName; CoreContext.UserManager.SaveUserInfo(user); userID = user.ID; //notify if (user.IsVisitor()) { StudioNotifyService.Instance.GuestInfoAddedAfterInvite(user); MessageService.Send(HttpContext.Current.Request, MessageInitiator.System, MessageAction.GuestActivated, MessageTarget.Create(user.ID), user.DisplayUserName(false)); } else { StudioNotifyService.Instance.UserInfoAddedAfterInvite(user); MessageService.Send(HttpContext.Current.Request, MessageInitiator.System, MessageAction.UserActivated, MessageTarget.Create(user.ID), user.DisplayUserName(false)); } } } catch (SecurityContext.PasswordException) { _errorMessage = HttpUtility.HtmlEncode(Resource.ErrorPasswordRechange); return; } catch (Exception exception) { _errorMessage = HttpUtility.HtmlEncode(exception.Message); return; } finally { SecurityContext.Logout(); } user = CoreContext.UserManager.GetUsers(userID); try { var cookiesKey = SecurityContext.AuthenticateMe(user.Email, passwordHash); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess); StudioNotifyService.Instance.UserHasJoin(); if (mustChangePassword) { StudioNotifyService.Instance.UserPasswordChange(user); } } catch (Exception exception) { (Page as Confirm).ErrorMessage = HttpUtility.HtmlEncode(exception.Message); return; } UserHelpTourHelper.IsNewUser = true; if (CoreContext.Configuration.Personal) { PersonalSettings.IsNewUser = true; } Response.Redirect(CommonLinkUtility.GetDefault()); }
protected void Page_Load(object sender, EventArgs e) { LoginMessage = Request["m"]; Page.RegisterStyle("~/UserControls/Common/AuthorizeDocs/css/authorizedocs.less", "~/UserControls/Common/AuthorizeDocs/css/slick.less") .RegisterBodyScripts("~/UserControls/Common/AuthorizeDocs/js/authorizedocs.js", "~/UserControls/Common/Authorize/js/authorize.js", "~/js/third-party/slick.min.js"); if (CoreContext.Configuration.CustomMode) { Page.RegisterStyle("~/UserControls/Common/AuthorizeDocs/css/custom-mode.less"); } Page.Title = CoreContext.Configuration.CustomMode ? CustomModeResource.TitlePageNewCustomMode : Resource.AuthDocsTitlePage; Page.MetaDescription = CoreContext.Configuration.CustomMode ? CustomModeResource.AuthDocsMetaDescriptionCustomMode.HtmlEncode() : Resource.AuthDocsMetaDescription.HtmlEncode(); Page.MetaKeywords = CoreContext.Configuration.CustomMode ? CustomModeResource.AuthDocsMetaKeywordsCustomMode : Resource.AuthDocsMetaKeywords; HelpLink = GetHelpLink(); PersonalFooterHolder.Controls.Add(LoadControl(CoreContext.Configuration.CustomMode ? PersonalFooter.PersonalFooter.LocationCustomMode : PersonalFooter.PersonalFooter.Location)); if (AccountLinkControl.IsNotEmpty) { HolderLoginWithThirdParty.Controls.Add(LoadControl(LoginWithThirdParty.Location)); LoginSocialNetworks.Controls.Add(LoadControl(LoginWithThirdParty.Location)); } pwdReminderHolder.Controls.Add(LoadControl(PwdTool.Location)); if (IsPostBack) { var loginCounter = 0; ShowRecaptcha = false; try { Login = Request["login"].Trim(); var password = Request["pwd"]; if (string.IsNullOrEmpty(Login) || string.IsNullOrEmpty(password)) { if (AccountLinkControl.IsNotEmpty && (Request.Url.GetProfile() != null || Request["__EVENTTARGET"] == "thirdPartyLogin")) { return; } throw new InvalidCredentialException(Resource.InvalidUsernameOrPassword); } if (!SetupInfo.IsSecretEmail(Login)) { int.TryParse(cache.Get <string>("loginsec/" + Login), out loginCounter); loginCounter++; if (!RecaptchaEnable) { if (loginCounter > SetupInfo.LoginThreshold) { throw new Authorize.BruteForceCredentialException(); } } else { if (loginCounter > SetupInfo.LoginThreshold - 1) { ShowRecaptcha = true; } if (loginCounter > SetupInfo.LoginThreshold) { var ip = Request.Headers["X-Forwarded-For"] ?? Request.UserHostAddress; var recaptchaResponse = Request["g-recaptcha-response"]; if (String.IsNullOrEmpty(recaptchaResponse) || !Authorize.ValidateRecaptcha(recaptchaResponse, ip)) { throw new Authorize.RecaptchaException(); } } } cache.Insert("loginsec/" + Login, loginCounter.ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1))); } var session = string.IsNullOrEmpty(Request["remember"]); var cookiesKey = SecurityContext.AuthenticateMe(Login, password); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey, session); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess); cache.Insert("loginsec/" + Login, (--loginCounter).ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1))); } catch (InvalidCredentialException ex) { Auth.ProcessLogout(); MessageAction messageAction; if (ex is Authorize.BruteForceCredentialException) { LoginMessage = Resource.LoginWithBruteForce; messageAction = MessageAction.LoginFailBruteForce; } else if (ex is Authorize.RecaptchaException) { LoginMessage = Resource.RecaptchaInvalid; messageAction = MessageAction.LoginFailRecaptcha; } else { LoginMessage = Resource.InvalidUsernameOrPassword; messageAction = MessageAction.LoginFailInvalidCombination; } var loginName = string.IsNullOrWhiteSpace(Login) ? AuditResource.EmailNotSpecified : Login; MessageService.Send(HttpContext.Current.Request, loginName, messageAction); return; } catch (System.Security.SecurityException) { Auth.ProcessLogout(); LoginMessage = Resource.ErrorDisabledProfile; MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFailDisabledProfile); return; } catch (Exception ex) { Auth.ProcessLogout(); LoginMessage = ex.Message; MessageService.Send(HttpContext.Current.Request, Login, MessageAction.LoginFail); return; } if (loginCounter > 0) { cache.Insert("loginsec/" + Login, (--loginCounter).ToString(CultureInfo.InvariantCulture), DateTime.UtcNow.Add(TimeSpan.FromMinutes(1))); } var refererURL = (string)Session["refererURL"]; if (string.IsNullOrEmpty(refererURL)) { Response.Redirect(CommonLinkUtility.GetDefault()); } else { Session["refererURL"] = null; Response.Redirect(refererURL); } } else { var confirmedEmail = (Request.QueryString["confirmed-email"] ?? "").Trim(); if (String.IsNullOrEmpty(confirmedEmail) || !confirmedEmail.TestEmailRegex()) { return; } Login = confirmedEmail; LoginMessage = Resource.MessageEmailConfirmed + " " + Resource.MessageAuthorize; LoginMessageType = 1; } }
protected void Page_Load(object sender, EventArgs e) { Page.RegisterStyleControl(VirtualPathUtility.ToAbsolute("~/usercontrols/common/authorize/css/authorize.less")); Login = ""; Password = ""; HashId = ""; //Account link control AccountLinkControl accountLink = null; if (SetupInfo.ThirdPartyAuthEnabled && AccountLinkControl.IsNotEmpty) { accountLink = (AccountLinkControl)LoadControl(AccountLinkControl.Location); accountLink.Visible = true; accountLink.ClientCallback = "authCallback"; accountLink.SettingsView = false; signInPlaceholder.Controls.Add(accountLink); } //top panel var master = Page.Master as BaseTemplate; if (master != null) { master.TopStudioPanel.DisableProductNavigation = true; master.TopStudioPanel.DisableSearch = true; master.TopStudioPanel.DisableVideo = true; } Page.Title = HeaderStringHelper.GetPageTitle(Resource.Authorization); pwdReminderHolder.Controls.Add(LoadControl(PwdTool.Location)); var msg = Request["m"]; if (!string.IsNullOrEmpty(msg)) { ErrorMessage = msg; } if (IsPostBack && !SecurityContext.IsAuthenticated) { var tryByHash = false; var smsLoginUrl = string.Empty; try { if (!string.IsNullOrEmpty(Request["__EVENTARGUMENT"]) && Request["__EVENTTARGET"] == "signInLogin" && accountLink != null) { HashId = Request["__EVENTARGUMENT"]; } if (!string.IsNullOrEmpty(Request["login"])) { Login = Request["login"].Trim(); } else if (string.IsNullOrEmpty(HashId)) { throw new InvalidCredentialException("login"); } if (!string.IsNullOrEmpty(Request["pwd"])) { Password = Request["pwd"]; } else if (string.IsNullOrEmpty(HashId)) { throw new InvalidCredentialException("password"); } var counter = (int)(cache.Get("loginsec/" + Login) ?? 0); if (++counter % 5 == 0) { Thread.Sleep(TimeSpan.FromSeconds(10)); } cache.Insert("loginsec/" + Login, counter, DateTime.UtcNow.Add(TimeSpan.FromMinutes(1))); smsLoginUrl = SmsLoginUrl(accountLink); if (string.IsNullOrEmpty(smsLoginUrl)) { if (string.IsNullOrEmpty(HashId)) { var cookiesKey = SecurityContext.AuthenticateMe(Login, Password); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); } else { Guid userId; tryByHash = TryByHashId(accountLink, HashId, out userId); var cookiesKey = SecurityContext.AuthenticateMe(userId); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); } } } catch (InvalidCredentialException) { Auth.ProcessLogout(); ErrorMessage = tryByHash ? Resource.LoginWithAccountNotFound : Resource.InvalidUsernameOrPassword; return; } catch (System.Security.SecurityException) { Auth.ProcessLogout(); ErrorMessage = Resource.ErrorDisabledProfile; return; } catch (Exception ex) { Auth.ProcessLogout(); ErrorMessage = ex.Message; return; } if (!string.IsNullOrEmpty(smsLoginUrl)) { Response.Redirect(smsLoginUrl); } var refererURL = (string)Session["refererURL"]; if (string.IsNullOrEmpty(refererURL)) { Response.Redirect("~/"); } else { Session["refererURL"] = null; Response.Redirect(refererURL); } } ProcessConfirmedEmailCondition(); }
private static void RequestCode(HttpContext context) { var state = context.Request["state"]; Global.Logger.Debug("GoogleDriveApp: state - " + state); if (string.IsNullOrEmpty(state)) { Global.Logger.Error("GoogleDriveApp: empty state"); throw new Exception("Empty state"); } var token = GetToken(context.Request["code"]); if (token == null) { Global.Logger.Error("GoogleDriveApp: token is null"); throw new SecurityException("Access token is null"); } var stateJson = JObject.Parse(state); var googleUserId = stateJson.Value <string>("userId"); if (SecurityContext.IsAuthenticated) { if (!CurrentUser(googleUserId)) { Global.Logger.Debug("GoogleDriveApp: logout for " + googleUserId); CookiesManager.ClearCookies(CookiesType.AuthKey); SecurityContext.Logout(); } } if (!SecurityContext.IsAuthenticated) { bool isNew; var userInfo = GetUserInfo(token, out isNew); if (userInfo == null) { Global.Logger.Error("GoogleDriveApp: UserInfo is null"); throw new Exception("Profile is null"); } var cookiesKey = SecurityContext.AuthenticateMe(userInfo.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccessViaSocialAccount); if (isNew) { UserHelpTourHelper.IsNewUser = true; PersonalSettings.IsNewUser = true; PersonalSettings.IsNotActivated = true; } if (!string.IsNullOrEmpty(googleUserId) && !CurrentUser(googleUserId)) { AddLinker(googleUserId); } } Token.SaveToken(token); var action = stateJson.Value <string>("action"); switch (action) { case "create": var folderId = stateJson.Value <string>("folderId"); context.Response.Redirect(App.Location + "?" + FilesLinkUtility.FolderId + "=" + HttpUtility.UrlEncode(folderId), true); return; case "open": var idsArray = stateJson.Value <JArray>("ids") ?? stateJson.Value <JArray>("exportIds"); if (idsArray == null) { Global.Logger.Error("GoogleDriveApp: ids is empty"); throw new Exception("File id is null"); } var fileId = idsArray.ToObject <List <string> >().FirstOrDefault(); var driveFile = GetDriveFile(fileId, token); if (driveFile == null) { Global.Logger.Error("GoogleDriveApp: file is null"); throw new Exception("File not found"); } var jsonFile = JObject.Parse(driveFile); var ext = GetCorrectExt(jsonFile); if (FileUtility.ExtsMustConvert.Contains(ext) || GoogleLoginProvider.GoogleDriveExt.Contains(ext)) { Global.Logger.Debug("GoogleDriveApp: file must be converted"); if (FilesSettings.ConvertNotify) { context.Response.Redirect(App.Location + "?" + FilesLinkUtility.FileId + "=" + HttpUtility.UrlEncode(fileId), true); return; } fileId = CreateConvertedFile(driveFile, token); } context.Response.Redirect(FilesLinkUtility.GetFileWebEditorUrl(ThirdPartySelector.BuildAppFileId(AppAttr, fileId)), true); return; } Global.Logger.Error("GoogleDriveApp: Action not identified"); throw new Exception("Action not identified"); }
public object SaveData(string email, string pwd, string lng, string promocode, string amiid, bool analytics) { try { var tenant = CoreContext.TenantManager.GetCurrentTenant(); var settings = WizardSettings.Load(); if (settings.Completed) { throw new Exception("Wizard passed."); } if (IsAmi && IncorrectAmiId(amiid)) { throw new Exception(Resource.EmailAndPasswordIncorrectAmiId); } if (tenant.OwnerId == Guid.Empty) { Thread.Sleep(TimeSpan.FromSeconds(6)); // wait cache interval tenant = CoreContext.TenantManager.GetTenant(tenant.TenantId); if (tenant.OwnerId == Guid.Empty) { LogManager.GetLogger("ASC.Web.FirstTime").Error(tenant.TenantId + ": owner id is empty."); } } var currentUser = CoreContext.UserManager.GetUsers(CoreContext.TenantManager.GetCurrentTenant().OwnerId); var cookie = SecurityContext.AuthenticateMe(currentUser.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookie); if (!UserManagerWrapper.ValidateEmail(email)) { throw new Exception(Resource.EmailAndPasswordIncorrectEmail); } UserManagerWrapper.CheckPasswordPolicy(pwd); SecurityContext.SetUserPassword(currentUser.ID, pwd); email = email.Trim(); if (currentUser.Email != email) { currentUser.Email = email; currentUser.ActivationStatus = EmployeeActivationStatus.NotActivated; } CoreContext.UserManager.SaveUserInfo(currentUser); if (!string.IsNullOrWhiteSpace(promocode)) { try { CoreContext.PaymentManager.ActivateKey(promocode); } catch (Exception err) { LogManager.GetLogger("ASC.Web.FirstTime").Error("Incorrect Promo: " + promocode, err); throw new Exception(Resource.EmailAndPasswordIncorrectPromocode); } } if (RequestLicense) { TariffSettings.LicenseAccept = true; MessageService.Send(HttpContext.Current.Request, MessageAction.LicenseKeyUploaded); LicenseReader.RefreshLicense(); } if (TenantExtra.Opensource) { settings.Analytics = analytics; } settings.Completed = true; settings.Save(); TrySetLanguage(tenant, lng); StudioNotifyService.Instance.SendCongratulations(currentUser); FirstTimeTenantSettings.SendInstallInfo(currentUser); return(new { Status = 1, Message = Resource.EmailAndPasswordSaved }); } catch (BillingNotFoundException) { return(new { Status = 0, Message = UserControlsCommonResource.LicenseKeyNotFound }); } catch (BillingNotConfiguredException) { return(new { Status = 0, Message = UserControlsCommonResource.LicenseKeyNotCorrect }); } catch (BillingException) { return(new { Status = 0, Message = UserControlsCommonResource.LicenseException }); } catch (Exception ex) { LogManager.GetLogger("ASC.Web.FirstTime").Error(ex); return(new { Status = 0, Message = ex.Message }); } }
protected void Page_Load(object sender, EventArgs e) { var accountLink = (AccountLinkControl)LoadControl(AccountLinkControl.Location); accountLink.ClientCallback = "loginJoinCallback"; accountLink.SettingsView = false; ThirdPartyList.Controls.Add(accountLink); var loginProfile = Request.Url.GetProfile(); if (loginProfile == null && !IsPostBack || SecurityContext.IsAuthenticated) { return; } string cookiesKey; try { if (loginProfile == null) { if (string.IsNullOrEmpty(Request["__EVENTARGUMENT"]) || Request["__EVENTTARGET"] != "thirdPartyLogin") { return; } loginProfile = new LoginProfile(Request["__EVENTARGUMENT"]); } var userInfo = GetUserByThirdParty(loginProfile); if (!CoreContext.UserManager.UserExists(userInfo.ID)) { return; } cookiesKey = SecurityContext.AuthenticateMe(userInfo.ID); CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccessViaSocialAccount); } catch (System.Security.SecurityException) { LoginMessage = Resource.InvalidUsernameOrPassword; MessageService.Send(HttpContext.Current.Request, loginProfile != null ? loginProfile.EMail : AuditResource.EmailNotSpecified, MessageAction.LoginFailDisabledProfile); return; } catch (Exception exception) { LoginMessage = exception.Message; MessageService.Send(HttpContext.Current.Request, AuditResource.EmailNotSpecified, MessageAction.LoginFail); return; } var refererURL = (string)Session["refererURL"]; if (String.IsNullOrEmpty(refererURL)) { refererURL = CommonLinkUtility.GetDefault(); } if (Request.DesktopApp()) { refererURL += (refererURL.Contains("?") ? "&" : "?") + "token=" + HttpUtility.HtmlEncode(cookiesKey); } Session["refererURL"] = null; Response.Redirect(refererURL); }