protected override string DoIt() { VLogger log = VLogger.GetVLogger(this.GetType().FullName); log.Log(Level.SEVERE, "UserPassword Change Log=>" + Convert.ToString(p_AD_User_ID)); if (p_AD_User_ID == -1) { p_AD_User_ID = GetAD_User_ID(); } MUser user = MUser.Get(GetCtx(), p_AD_User_ID); MUser current = MUser.Get(GetCtx(), GetAD_User_ID()); if (!current.IsAdministrator() && p_AD_User_ID != GetAD_User_ID() && user.HasRole()) { throw new ArgumentException("@UserCannotUpdate@"); } // SuperUser and System passwords can only be updated by themselves if (user.IsSystemAdministrator() && p_AD_User_ID != GetAD_User_ID()) { throw new ArgumentException("@UserCannotUpdate@"); } log.Log(Level.SEVERE, "UserPassword Change Log Step Check for valid user=>" + Convert.ToString(p_AD_User_ID)); if (string.IsNullOrEmpty(p_CurrentPassword)) { if (string.IsNullOrEmpty(p_OldPassword)) { throw new ArgumentException("@OldPasswordMandatory@"); } else if (!p_OldPassword.Equals(user.GetPassword())) { if (!SecureEngine.Encrypt(p_OldPassword).Equals(user.GetPassword())) { throw new ArgumentException("@OldPasswordNoMatch@"); } } } else if (!p_CurrentPassword.Equals(current.GetPassword())) { throw new ArgumentException("@OldPasswordNoMatch@"); } log.Log(Level.SEVERE, "UserPassword Change Log Step Password Change=>" + Convert.ToString(p_AD_User_ID)); String originalPwd = p_NewPassword; String sql = "UPDATE AD_User SET Updated=SYSDATE, UpdatedBy=" + GetAD_User_ID(); if (!string.IsNullOrEmpty(p_NewPassword)) { MColumn column = MColumn.Get(GetCtx(), 417); // Password Column if (column.IsEncrypted()) { p_NewPassword = SecureEngine.Encrypt(p_NewPassword); } sql += ", Password="******", Email=" + GlobalVariable.TO_STRING(p_NewEMail); } if (!string.IsNullOrEmpty(p_NewEMailUser)) { sql += ", EmailUser="******", EmailUserPW=" + GlobalVariable.TO_STRING(p_NewEMailUserPW); } sql += " WHERE AD_User_ID=" + p_AD_User_ID; log.Log(Level.SEVERE, "UserPassword Change Log=>" + sql); int iRes = DB.ExecuteQuery(sql, null, Get_Trx()); if (iRes > 0) { bool error = false; //Check for yellowFin user password change if BI user is true.................. object ModuleId = DB.ExecuteScalar("select ad_moduleinfo_id from ad_moduleinfo where prefix='VA037_' and IsActive = 'Y'"); // is active check by vinay bhatt on 18 oct 2018 if (ModuleId != null && ModuleId != DBNull.Value) { if (user.IsVA037_BIUser()) { var Dll = Assembly.Load("VA037"); var BIUser = Dll.GetType("VA037.BIProcess.BIUsers"); var objBIUser = Activator.CreateInstance(BIUser); var ChangeBIPassword = BIUser.GetMethod("ChangeBIPassword"); bool value = (bool)ChangeBIPassword.Invoke(objBIUser, new object[] { GetCtx(), GetAD_Client_ID(), Convert.ToString(user.GetVA037_BIUserName()), originalPwd }); if (value) { //user.SetPassword(p_NewPassword); error = false; user.SetPassword(originalPwd); //return "OK"; } else { error = true; // return "@Error@"; } } else { error = false; user.SetPassword(originalPwd); // return "OK"; } } ModuleId = DB.ExecuteScalar("select ad_moduleinfo_id from ad_moduleinfo where prefix='VA039_' and IsActive = 'Y'"); // is active check by vinay bhatt if (ModuleId != null && ModuleId != DBNull.Value) { MUser obj = new MUser(GetCtx(), p_AD_User_ID, null); if (obj.IsVA039_IsJasperUser() == true) { var Dll = Assembly.Load("VA039"); var JasperUser = Dll.GetType("VA039.Classes.Users"); var objJasperUser = Activator.CreateInstance(JasperUser); var BICreateUser = JasperUser.GetMethod("ModifyUserPassword"); object[] args = new object[] { GetCtx(), originalPwd }; bool value = (bool)BICreateUser.Invoke(objJasperUser, args); if (value) { error = false; user.SetPassword(originalPwd); //return "@Error@"; } else { error = true; goto PasswordError; // return "OK"; } } } else { error = false; user.SetPassword(originalPwd); // return "OK"; } PasswordError: if (error) { return("@Error@"); } else { return("OK"); } } else { return("@Error@"); } }
} // prepare /** * Process * @return info * @throws Exception */ protected override String DoIt()// throws Exception { log.Info("AD_Column_ID=" + p_AD_Column_ID + ", IsEncrypted=" + p_IsEncrypted + ", ChangeSetting=" + p_ChangeSetting + ", MaxLength=" + p_MaxLength); MColumn column = new MColumn(GetCtx(), p_AD_Column_ID, Get_Trx()); if (column.Get_ID() == 0 || column.Get_ID() != p_AD_Column_ID) { throw new Exception("@NotFound@ @AD_Column_ID@ - " + p_AD_Column_ID); } // String columnName = column.GetColumnName(); int dt = column.GetAD_Reference_ID(); // Can it be enabled? if (column.IsKey() || column.IsParent() || column.IsStandardColumn() || column.IsVirtualColumn() || column.IsIdentifier() || column.IsTranslated() || DisplayType.IsLookup(dt) || DisplayType.IsLOB(dt) || "DocumentNo".Equals(column.GetColumnName(), StringComparison.OrdinalIgnoreCase) || "Value".Equals(column.GetColumnName(), StringComparison.OrdinalIgnoreCase) || "Name".Equals(column.GetColumnName(), StringComparison.OrdinalIgnoreCase)) { if (column.IsEncrypted()) { column.SetIsEncrypted(false); column.Save(Get_Trx()); } return(columnName + ": cannot be encrypted"); } // Start AddLog(0, null, null, "Encryption Class = " + SecureEngine.GetClassName()); bool error = false; // Test Value if (p_TestValue != null && p_TestValue.Length > 0) { String encString = SecureEngine.Encrypt(p_TestValue); AddLog(0, null, null, "Encrypted Test Value=" + encString); String clearString = SecureEngine.Decrypt(encString); if (p_TestValue.Equals(clearString)) { AddLog(0, null, null, "Decrypted=" + clearString + " (same as test value)"); } else { AddLog(0, null, null, "Decrypted=" + clearString + " (NOT the same as test value - check algorithm)"); error = true; } int encLength = encString.Length; AddLog(0, null, null, "Test Length=" + p_TestValue.Length + " -> " + encLength); if (encLength <= column.GetFieldLength()) { AddLog(0, null, null, "Encrypted Length (" + encLength + ") fits into field (" + column.GetFieldLength() + ")"); } else { AddLog(0, null, null, "Encrypted Length (" + encLength + ") does NOT fit into field (" + column.GetFieldLength() + ") - resize field"); error = true; } } // Length Test if (p_MaxLength != 0) { String testClear = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; while (testClear.Length < p_MaxLength) { testClear += testClear; } testClear = testClear.Substring(0, p_MaxLength); log.Config("Test=" + testClear + " (" + p_MaxLength + ")"); // String encString = SecureEngine.Encrypt(testClear); int encLength = encString.Length; AddLog(0, null, null, "Test Max Length=" + testClear.Length + " -> " + encLength); if (encLength <= column.GetFieldLength()) { AddLog(0, null, null, "Encrypted Max Length (" + encLength + ") fits into field (" + column.GetFieldLength() + ")"); } else { AddLog(0, null, null, "Encrypted Max Length (" + encLength + ") does NOT fit into field (" + column.GetFieldLength() + ") - resize field"); error = true; } } if (p_IsEncrypted != column.IsEncrypted()) { if (error || !p_ChangeSetting) { AddLog(0, null, null, "Encryption NOT changed - Encryption=" + column.IsEncrypted()); } else { column.SetIsEncrypted(p_IsEncrypted); if (column.Save(Get_Trx())) { AddLog(0, null, null, "Encryption CHANGED - Encryption=" + column.IsEncrypted()); } else { AddLog(0, null, null, "Save Error"); } } } if (p_IsEncrypted == column.IsEncrypted() && !error) // Done By Karan on 10-nov-2016, to encrypt/decrypt passwords according to settings. { //object colID = DB.ExecuteScalar("SELECT AD_Column_ID FROM AD_Column WHERE AD_Table_ID =(SELECT AD_Table_ID From AD_Table WHERE TableName='AD_User') AND ColumnName='Password'", null, Get_Trx()); // if (colID != null && colID != DBNull.Value && Convert.ToInt32(colID) == column.GetAD_Column_ID()) //{ string tableName = MTable.GetTableName(GetCtx(), column.GetAD_Table_ID()); DataSet ds = DB.ExecuteDataset("SELECT " + column.GetColumnName() + "," + tableName + "_ID FROM " + tableName, null, Get_Trx()); if (ds != null && ds.Tables[0].Rows.Count > 0) { if (p_IsEncrypted) { for (int i = 0; i < ds.Tables[0].Rows.Count; i++) { if (ds.Tables[0].Rows[i][column.GetColumnName()] != null && ds.Tables[0].Rows[i][column.GetColumnName()] != DBNull.Value && !SecureEngine.IsEncrypted(ds.Tables[0].Rows[i][column.GetColumnName()].ToString())) { //MUser user = new MUser(GetCtx(), Util.GetValueOfInt(ds.Tables[0].Rows[i][MTable.GetTableName(GetCtx(), column.GetAD_Table_ID()) + "_ID"]), Get_Trx()); //user.SetPassword(SecureEngine.Encrypt(ds.Tables[0].Rows[i][column.GetColumnName()].ToString())); int encLength = SecureEngine.Encrypt(ds.Tables[0].Rows[i][column.GetColumnName()].ToString()).Length; if (encLength <= column.GetFieldLength()) { //PO tab = MTable.GetPO(GetCtx(), tableName, // Util.GetValueOfInt(ds.Tables[0].Rows[i][tableName + "_ID"]), Get_Trx()); //tab.Set_Value(column.GetColumnName(), (SecureEngine.Encrypt(ds.Tables[0].Rows[i][column.GetColumnName()].ToString()))); //if (!tab.Save(Get_Trx())) //{ // Rollback(); // return "Encryption=" + false; //} string p_NewPassword = SecureEngine.Encrypt(ds.Tables[0].Rows[i][column.GetColumnName()].ToString()); String sql = "UPDATE " + tableName + " SET Updated=SYSDATE, UpdatedBy=" + GetAD_User_ID(); if (!string.IsNullOrEmpty(p_NewPassword)) { sql += ", " + column.GetColumnName() + "=" + GlobalVariable.TO_STRING(p_NewPassword); } sql += " WHERE " + tableName + "_ID=" + Util.GetValueOfInt(ds.Tables[0].Rows[i][tableName + "_ID"]); int iRes = DB.ExecuteQuery(sql, null, Get_Trx()); if (iRes <= 0) { Rollback(); return("Encryption=" + false); } } else { Rollback(); return("After Encryption some values may exceed the value of column length. Please exceed column Length."); } } } } else { for (int i = 0; i < ds.Tables[0].Rows.Count; i++) { if (ds.Tables[0].Rows[i][column.GetColumnName()] != null && ds.Tables[0].Rows[i][column.GetColumnName()] != DBNull.Value && SecureEngine.IsEncrypted(ds.Tables[0].Rows[i][column.GetColumnName()].ToString())) { // MUser user = new MUser(GetCtx(), Util.GetValueOfInt(ds.Tables[0].Rows[i][MTable.GetTableName(GetCtx(), column.GetAD_Table_ID())+"_ID"]), Get_Trx()); //PO tab = MTable.GetPO(GetCtx(), tableName, // Util.GetValueOfInt(ds.Tables[0].Rows[i][tableName + "_ID"]), Get_Trx()); //tab.Set_Value(column.GetColumnName(), (SecureEngine.Decrypt(ds.Tables[0].Rows[i][column.GetColumnName()].ToString()))); //if (!tab.Save(Get_Trx())) //{ // Rollback(); // return "Encryption=" + false; //} string p_NewPassword = SecureEngine.Decrypt(ds.Tables[0].Rows[i][column.GetColumnName()].ToString()); String sql = "UPDATE " + tableName + " SET Updated=SYSDATE, UpdatedBy=" + GetAD_User_ID(); if (!string.IsNullOrEmpty(p_NewPassword)) { sql += ", " + column.GetColumnName() + "=" + GlobalVariable.TO_STRING(p_NewPassword); } sql += " WHERE " + tableName + "_ID =" + Util.GetValueOfInt(ds.Tables[0].Rows[i][tableName + "_ID"]); int iRes = DB.ExecuteQuery(sql, null, Get_Trx()); if (iRes <= 0) { Rollback(); return("Encryption=" + false); } } } } } //} } return("Encryption=" + column.IsEncrypted()); }
protected override string DoIt() { if (p_AD_User_ID == -1) { p_AD_User_ID = GetAD_User_ID(); } MUser user = MUser.Get(GetCtx(), p_AD_User_ID); MUser current = MUser.Get(GetCtx(), GetAD_User_ID()); if (!current.IsAdministrator() && p_AD_User_ID != GetAD_User_ID() && user.HasRole()) { throw new ArgumentException("@UserCannotUpdate@"); } // SuperUser and System passwords can only be updated by themselves if (user.IsSystemAdministrator() && p_AD_User_ID != GetAD_User_ID()) { throw new ArgumentException("@UserCannotUpdate@"); } if (string.IsNullOrEmpty(p_CurrentPassword)) { if (string.IsNullOrEmpty(p_OldPassword)) { throw new ArgumentException("@OldPasswordMandatory@"); } else if (!p_OldPassword.Equals(user.GetPassword())) { if (!SecureEngineUtility.SecureEngine.Encrypt(p_OldPassword).Equals(user.GetPassword())) { throw new ArgumentException("@OldPasswordNoMatch@"); } } } else if (!p_CurrentPassword.Equals(current.GetPassword())) { throw new ArgumentException("@OldPasswordNoMatch@"); } String originalPwd = p_NewPassword; String sql = "UPDATE AD_User SET Updated=SYSDATE, UpdatedBy=" + GetAD_User_ID(); if (!string.IsNullOrEmpty(p_NewPassword)) { MColumn column = MColumn.Get(GetCtx(), 417); // Password Column if (column.IsEncrypted()) { p_NewPassword = SecureEngineUtility.SecureEngine.Encrypt(p_NewPassword); } sql += ", Password="******", Email=" + GlobalVariable.TO_STRING(p_NewEMail); } if (!string.IsNullOrEmpty(p_NewEMailUser)) { sql += ", EmailUser="******", EmailUserPW=" + GlobalVariable.TO_STRING(p_NewEMailUserPW); } sql += " WHERE AD_User_ID=" + p_AD_User_ID; int iRes = DB.ExecuteQuery(sql, null, Get_Trx()); if (iRes > 0) { //user.SetPassword(p_NewPassword); user.SetPassword(originalPwd); return("OK"); } else { return("@Error@"); } }
} // prepare /** * Process * @return info * @throws Exception */ protected override String DoIt()// throws Exception { log.Info("AD_Column_ID=" + p_AD_Column_ID + ", IsEncrypted=" + p_IsEncrypted + ", ChangeSetting=" + p_ChangeSetting + ", MaxLength=" + p_MaxLength); MColumn column = new MColumn(GetCtx(), p_AD_Column_ID, null); if (column.Get_ID() == 0 || column.Get_ID() != p_AD_Column_ID) { throw new Exception("@NotFound@ @AD_Column_ID@ - " + p_AD_Column_ID); } // String columnName = column.GetColumnName(); int dt = column.GetAD_Reference_ID(); // Can it be enabled? if (column.IsKey() || column.IsParent() || column.IsStandardColumn() || column.IsVirtualColumn() || column.IsIdentifier() || column.IsTranslated() || DisplayType.IsLookup(dt) || DisplayType.IsLOB(dt) || "DocumentNo".Equals(column.GetColumnName(), StringComparison.OrdinalIgnoreCase) || "Value".Equals(column.GetColumnName(), StringComparison.OrdinalIgnoreCase) || "Name".Equals(column.GetColumnName(), StringComparison.OrdinalIgnoreCase)) { if (column.IsEncrypted()) { column.SetIsEncrypted(false); column.Save(); } return(columnName + ": cannot be encrypted"); } // Start AddLog(0, null, null, "Encryption Class = " + SecureEngineUtility.SecureEngine.GetClassName()); bool error = false; // Test Value if (p_TestValue != null && p_TestValue.Length > 0) { String encString = SecureEngineUtility.SecureEngine.Encrypt(p_TestValue); AddLog(0, null, null, "Encrypted Test Value=" + encString); String clearString = SecureEngineUtility.SecureEngine.Decrypt(encString); if (p_TestValue.Equals(clearString)) { AddLog(0, null, null, "Decrypted=" + clearString + " (same as test value)"); } else { AddLog(0, null, null, "Decrypted=" + clearString + " (NOT the same as test value - check algorithm)"); error = true; } int encLength = encString.Length; AddLog(0, null, null, "Test Length=" + p_TestValue.Length + " -> " + encLength); if (encLength <= column.GetFieldLength()) { AddLog(0, null, null, "Encrypted Length (" + encLength + ") fits into field (" + column.GetFieldLength() + ")"); } else { AddLog(0, null, null, "Encrypted Length (" + encLength + ") does NOT fit into field (" + column.GetFieldLength() + ") - resize field"); error = true; } } // Length Test if (p_MaxLength != 0) { String testClear = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; while (testClear.Length < p_MaxLength) { testClear += testClear; } testClear = testClear.Substring(0, p_MaxLength); log.Config("Test=" + testClear + " (" + p_MaxLength + ")"); // String encString = SecureEngineUtility.SecureEngine.Encrypt(testClear); int encLength = encString.Length; AddLog(0, null, null, "Test Max Length=" + testClear.Length + " -> " + encLength); if (encLength <= column.GetFieldLength()) { AddLog(0, null, null, "Encrypted Max Length (" + encLength + ") fits into field (" + column.GetFieldLength() + ")"); } else { AddLog(0, null, null, "Encrypted Max Length (" + encLength + ") does NOT fit into field (" + column.GetFieldLength() + ") - resize field"); error = true; } } if (p_IsEncrypted != column.IsEncrypted()) { if (error || !p_ChangeSetting) { AddLog(0, null, null, "Encryption NOT changed - Encryption=" + column.IsEncrypted()); } else { column.SetIsEncrypted(p_IsEncrypted); if (column.Save()) { AddLog(0, null, null, "Encryption CHANGED - Encryption=" + column.IsEncrypted()); } else { AddLog(0, null, null, "Save Error"); } } } return("Encryption=" + column.IsEncrypted()); }
protected override string DoIt() { VLogger log = VLogger.GetVLogger(this.GetType().FullName); log.Log(Level.SEVERE, "UserPassword Change Log=>" + Convert.ToString(p_AD_User_ID)); if (p_AD_User_ID == -1) { p_AD_User_ID = GetAD_User_ID(); } MUser user = MUser.Get(GetCtx(), p_AD_User_ID); MUser current = MUser.Get(GetCtx(), GetAD_User_ID()); if (!current.IsAdministrator() && p_AD_User_ID != GetAD_User_ID() && user.HasRole()) { throw new ArgumentException("@UserCannotUpdate@"); } // SuperUser and System passwords can only be updated by themselves if (user.IsSystemAdministrator() && p_AD_User_ID != GetAD_User_ID() && GetAD_User_ID() != 100) { throw new ArgumentException("@UserCannotUpdate@"); } log.Log(Level.SEVERE, "UserPassword Change Log Step Check for valid user=>" + Convert.ToString(p_AD_User_ID)); if (string.IsNullOrEmpty(p_CurrentPassword)) { if (string.IsNullOrEmpty(p_OldPassword)) { throw new ArgumentException("@OldPasswordMandatory@"); } else if (!p_OldPassword.Equals(user.GetPassword())) { if (!SecureEngine.Encrypt(p_OldPassword).Equals(user.GetPassword())) { throw new ArgumentException("@OldPasswordNoMatch@"); } } } else if (!p_CurrentPassword.Equals(current.GetPassword())) { throw new ArgumentException("@OldPasswordNoMatch@"); } string validatePwd = Common.Common.ValidatePassword(null, p_NewPassword, p_NewPassword); if (validatePwd.Length > 0) { throw new ArgumentException(Msg.GetMsg(GetCtx(), validatePwd)); } log.Log(Level.SEVERE, "UserPassword Change Log Step Password Change=>" + Convert.ToString(p_AD_User_ID)); String originalPwd = p_NewPassword; String sql = "UPDATE AD_User SET Updated=SYSDATE,FailedloginCount=0, UpdatedBy=" + GetAD_User_ID(); if (user.GetAD_User_ID() == current.GetAD_User_ID()) { Common.Common.UpdatePasswordAndValidity(p_NewPassword, p_AD_User_ID, GetAD_User_ID(), -1, GetCtx()); } else { sql += ", PasswordExpireOn = null"; } if (!string.IsNullOrEmpty(p_NewPassword)) { MColumn column = MColumn.Get(GetCtx(), 417); // Password Column if (column.IsEncrypted()) { p_NewPassword = SecureEngine.Encrypt(p_NewPassword); } sql += ", Password="******", Email=" + GlobalVariable.TO_STRING(p_NewEMail); } if (!string.IsNullOrEmpty(p_NewEMailUser)) { sql += ", EmailUser="******", EmailUserPW=" + GlobalVariable.TO_STRING(p_NewEMailUserPW); } sql += " WHERE AD_User_ID=" + p_AD_User_ID; log.Log(Level.SEVERE, "UserPassword Change Log=>" + sql); int iRes = DB.ExecuteQuery(sql, null, Get_Trx()); if (iRes > 0) { return("@OK@"); } else { return("@Error@"); } }