public string SetNewPassword(string AUserID, string AToken, string ANewPassword)
{
TVerificationResultCollection VerificationResult;
bool Result = TMaintenanceWebConnector.SetNewPassword(AUserID, AToken, ANewPassword, out VerificationResult);
return("{" + "\"AVerificationResult\": " + THttpBinarySerializer.SerializeObject(VerificationResult) + "," + "\"result\": " + THttpBinarySerializer.SerializeObject(Result) + "}");
}
public string GetNavigationMenu()
{
Dictionary <string, object> result = new Dictionary <string, object>();
if (UserInfo.GetUserInfo() == null)
{
result.Add("resultcode", "error");
result.Add("error", "invalid user");
return(JsonConvert.SerializeObject(result));
}
result.Add("resultcode", "success");
result.Add("navigation", new TUINavigation().LoadNavigationUI());
string assistant = String.Empty;
if (assistant == String.Empty)
{
assistant = TSettingsWebConnector.GetSetupAssistant();
}
if (assistant == String.Empty)
{
assistant = TMaintenanceWebConnector.GetSelfServiceAssistant();
}
if (assistant == String.Empty)
{
assistant = TGLSetupWebConnector.GetLedgerSetupAssistant();
}
result.Add("assistant", assistant);
return(JsonConvert.SerializeObject(result));
}
/// <summary>
/// add a new user
/// </summary>
public bool AddUser(string AUserID, string APassword = "")
{
return(TMaintenanceWebConnector.CreateUser(AUserID,
APassword,
string.Empty,
string.Empty,
TMaintenanceWebConnector.DEMOMODULEPERMISSIONS));
}
public string SetNewPassword(string AUserID, string AToken, string ANewPassword)
{
// make sure we are logged out. especially SYSADMIN could be logged in when a new user is created.
Logout();
TVerificationResultCollection VerificationResult;
bool Result = TMaintenanceWebConnector.SetNewPassword(AUserID, AToken, ANewPassword, out VerificationResult);
return("{" + "\"AVerificationResult\": " + THttpBinarySerializer.SerializeObject(VerificationResult) + "," + "\"result\": " + THttpBinarySerializer.SerializeObject(Result) + "}");
}
public bool SetInitialSysadminEmail(string AEmailAddress, string AFirstName, string ALastName, string ALanguageCode, string AAuthToken)
{
string requiredToken = TAppSettingsManager.GetValue("AuthTokenForInitialisation");
if ((AAuthToken != requiredToken) || (requiredToken == String.Empty))
{
return(false);
}
if (TMaintenanceWebConnector.SetInitialSysadminEmail(AEmailAddress, AFirstName, ALastName, ALanguageCode))
{
return(RequestNewPassword(AEmailAddress));
}
return(false);
}
public bool SignUpSelfServiceConfirm(string AUserID, string AToken)
{
try
{
TServerAdminWebConnector.LoginServerAdmin("SELFSERVICE");
bool Result = TMaintenanceWebConnector.SignUpSelfServiceConfirm(AUserID, AToken);
Logout();
return(Result);
}
catch (Exception Exc)
{
TLogging.Log("An Exception occured during SignUpSelfServiceConfirm:" + Environment.NewLine +
Exc.ToString());
throw;
}
}
public string IsUserLoggedIn()
{
Dictionary <string, object> result = new Dictionary <string, object>();
object loggedIn = TSession.GetVariable("LoggedIn");
if ((null != loggedIn) && ((bool)loggedIn == true))
{
result.Add("resultcode", "success");
}
else
{
result.Add("selfsignupEnabled", TMaintenanceWebConnector.SignUpSelfServiceEnabled()?"true":"false");
result.Add("resultcode", "error");
}
return(JsonConvert.SerializeObject(result));
}
public string SignUpSelfService(string AEmailAddress, string AFirstName, string ALastName, string APassword, string ALanguageCode, out TVerificationResultCollection AVerification)
{
AVerification = new TVerificationResultCollection();
try
{
TServerAdminWebConnector.LoginServerAdmin("SELFSERVICE");
bool Result = TMaintenanceWebConnector.SignUpSelfService(AEmailAddress, AFirstName, ALastName, APassword, ALanguageCode, out AVerification);
Logout();
return("{" + "\"AVerification\": " + THttpBinarySerializer.SerializeObject(AVerification) + "," + "\"result\": " + THttpBinarySerializer.SerializeObject(Result) + "}");
}
catch (Exception Exc)
{
TLogging.Log("An Exception occured during SignUpSelfService:" + Environment.NewLine +
Exc.ToString());
throw;
}
}
public bool RequestNewPassword(string AEmailAddress)
{
return(TMaintenanceWebConnector.RequestNewPassword(AEmailAddress));
}
public bool SetInitialSysadminEmail(string AEmailAddress, string AFirstName, string ALastName, string ALanguageCode, string AAuthToken)
{
bool result = true;
string requiredToken = TAppSettingsManager.GetValue("AuthTokenForInitialisation");
if ((AAuthToken != requiredToken) || (requiredToken == String.Empty))
{
return(false);
}
string UserEmailAddress = String.Empty;
string UserID = String.Empty;
UserInfo.SetUserInfo(new TPetraPrincipal("SYSADMIN"));
if (TMaintenanceWebConnector.SetInitialSysadminEmail(AEmailAddress, AFirstName, ALastName, ALanguageCode))
{
// create unprivileged user as well
if (AEmailAddress.Contains("+sysadmin@"))
{
string InitialModulePermissions;
Int64 SiteKey;
string InitialPassword;
string FirstName;
string LastName;
string LanguageCode;
result = TSettingsWebConnector.GetDefaultsForFirstSetup(
ALanguageCode,
out UserID,
out FirstName,
out LastName,
out LanguageCode,
out UserEmailAddress,
out InitialModulePermissions,
out InitialPassword,
out SiteKey);
if (result)
{
TVerificationResultCollection VerificationResult;
result = TSettingsWebConnector.RunFirstSetup(
UserID,
FirstName,
LastName,
LanguageCode,
UserEmailAddress,
InitialModulePermissions.Split(',').ToList(),
"",
SiteKey,
false,
out VerificationResult);
}
}
if (result)
{
return(TMaintenanceWebConnector.SendWelcomeEmail(AEmailAddress, UserEmailAddress, UserID, AFirstName, ALastName, ALanguageCode));
}
}
return(false);
}
/// <summary>
/// Set the password
/// </summary>
/// <remarks>Gets called from TServerManager.SetPassword() Method, which is used to
/// set the initial password for SYSADMIN.</remarks>
public bool SetPassword(string AUserID, string APassword)
{
TVerificationResultCollection VerificationResult;
return(TMaintenanceWebConnector.SetUserPassword(AUserID, APassword, true, true, string.Empty, string.Empty, out VerificationResult));
}
public static TPetraPrincipal PerformUserAuthentication(String AUserID, String APassword,
string AClientComputerName, string AClientIPAddress, out Boolean ASystemEnabled,
TDBTransaction ATransaction)
{
SUserRow UserDR;
DateTime LoginDateTime;
TPetraPrincipal PetraPrincipal = null;
string UserAuthenticationMethod = TAppSettingsManager.GetValue("UserAuthenticationMethod", "OpenPetraDBSUser", false);
IUserAuthentication AuthenticationAssembly;
string AuthAssemblyErrorMessage;
Int32 AProcessID = -1;
ASystemEnabled = true;
string EmailAddress = AUserID;
if (EmailAddress.Contains("@"))
{
// try to find unique User for this e-mail address
string sql = "SELECT s_user_id_c FROM PUB_s_user WHERE UPPER(s_email_address_c) = ?";
OdbcParameter[] parameters = new OdbcParameter[1];
parameters[0] = new OdbcParameter("EmailAddress", OdbcType.VarChar);
parameters[0].Value = EmailAddress.ToUpper();
DataTable result = ATransaction.DataBaseObj.SelectDT(sql, "user", ATransaction, parameters);
if (result.Rows.Count == 1)
{
AUserID = result.Rows[0][0].ToString();
}
else
{
TLogging.Log("Login with E-Mail address failed for " + EmailAddress + ". " +
"We found " + result.Rows.Count.ToString() + " matching rows for this address.");
}
}
try
{
UserDR = LoadUser(AUserID, out PetraPrincipal, ATransaction);
}
catch (EUserNotExistantException)
{
TPetraIdentity PetraIdentity = new TPetraIdentity(
"SYSADMIN", "", "", "", "",
DateTime.MinValue, DateTime.MinValue, DateTime.MinValue,
0, -1, -1, false, false, false);
UserInfo.GUserInfo = new TPetraPrincipal(PetraIdentity, null);
// Logging
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_ATTEMPT_FOR_NONEXISTING_USER,
String.Format(Catalog.GetString(
"User with User ID '{0}' attempted to log in, but there is no user account for this user! "),
AUserID) + String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
// Only now throw the Exception!
throw;
}
UserInfo.GUserInfo = PetraPrincipal;
if ((AUserID == "SYSADMIN") && TSession.HasVariable("ServerAdminToken"))
{
// Login via server admin console authenticated by file token
APassword = String.Empty;
}
//
// (1) Check user-supplied password
//
else if (UserAuthenticationMethod == "OpenPetraDBSUser")
{
if (!TPasswordHelper.EqualsAntiTimingAttack(
Convert.FromBase64String(
CreateHashOfPassword(APassword, UserDR.PasswordSalt, UserDR.PwdSchemeVersion)),
Convert.FromBase64String(UserDR.PasswordHash)))
{
// The password that the user supplied is wrong!!! --> Save failed user login attempt!
// If the number of permitted failed logins in a row gets exceeded then also lock the user account!
SaveFailedLogin(AUserID, UserDR, AClientComputerName, AClientIPAddress, ATransaction);
if (UserDR.AccountLocked &&
(Convert.ToBoolean(UserDR[SUserTable.GetAccountLockedDBName(), DataRowVersion.Original]) != UserDR.AccountLocked))
{
// User Account just got locked!
throw new EUserAccountGotLockedException(StrInvalidUserIDPassword);
}
else
{
throw new EPasswordWrongException(StrInvalidUserIDPassword);
}
}
}
else
{
AuthenticationAssembly = LoadAuthAssembly(UserAuthenticationMethod);
if (!AuthenticationAssembly.AuthenticateUser(EmailAddress, APassword, out AuthAssemblyErrorMessage))
{
// The password that the user supplied is wrong!!! --> Save failed user login attempt!
// If the number of permitted failed logins in a row gets exceeded then also lock the user account!
SaveFailedLogin(AUserID, UserDR, AClientComputerName, AClientIPAddress, ATransaction);
if (UserDR.AccountLocked &&
(Convert.ToBoolean(UserDR[SUserTable.GetAccountLockedDBName(), DataRowVersion.Original]) != UserDR.AccountLocked))
{
// User Account just got locked!
throw new EUserAccountGotLockedException(StrInvalidUserIDPassword);
}
else
{
throw new EPasswordWrongException(AuthAssemblyErrorMessage);
}
}
}
//
// (2) Check if the User Account is Locked or if the user is 'Retired'. If either is true then deny the login!!!
//
// IMPORTANT: We perform these checks only AFTER the check for the correctness of the password so that every
// log-in attempt that gets rejected on grounds of a wrong password takes the same amount of time (to help prevent
// an attack vector called 'timing attack')
if (PetraPrincipal.PetraIdentity.AccountLocked || PetraPrincipal.PetraIdentity.Retired)
{
if (PetraPrincipal.PetraIdentity.AccountLocked)
{
// Logging
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_ATTEMPT_FOR_LOCKED_USER,
Catalog.GetString("User attempted to log in, but the user account was locked! ") +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
// Only now throw the Exception!
throw new EUserAccountLockedException(StrInvalidUserIDPassword);
}
else
{
// Logging
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_ATTEMPT_FOR_RETIRED_USER,
Catalog.GetString("User attempted to log in, but the user is retired! ") +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
// Only now throw the Exception!
throw new EUserRetiredException(StrInvalidUserIDPassword);
}
}
//
// (3) Check SystemLoginStatus (whether the general use of the OpenPetra application is enabled/disabled) in the
// SystemStatus table (this table always holds only a single record)
//
SSystemStatusTable SystemStatusDT;
SystemStatusDT = SSystemStatusAccess.LoadAll(ATransaction);
if (SystemStatusDT[0].SystemLoginStatus)
{
ASystemEnabled = true;
}
else
{
ASystemEnabled = false;
// TODO: Check for Security Group membership might need reviewal when security model of OpenPetra might get reviewed...
if (PetraPrincipal.IsInGroup("SYSADMIN"))
{
PetraPrincipal.LoginMessage =
String.Format(StrSystemDisabled1,
SystemStatusDT[0].SystemDisabledReason) + Environment.NewLine + Environment.NewLine +
StrSystemDisabled2Admin;
}
else
{
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_ATTEMPT_WHEN_SYSTEM_WAS_DISABLED,
Catalog.GetString("User wanted to log in, but the System was disabled. ") +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
TLoginLog.RecordUserLogout(AUserID, AProcessID, ATransaction);
throw new ESystemDisabledException(String.Format(StrSystemDisabled1,
SystemStatusDT[0].SystemDisabledReason) + Environment.NewLine + Environment.NewLine +
String.Format(StrSystemDisabled2, StringHelper.DateToLocalizedString(SystemStatusDT[0].SystemAvailableDate.Value),
SystemStatusDT[0].SystemAvailableDate.Value.AddSeconds(SystemStatusDT[0].SystemAvailableTime).ToShortTimeString()));
}
}
//
// (4) Save successful login!
//
LoginDateTime = DateTime.Now;
UserDR.LastLoginDate = LoginDateTime;
UserDR.LastLoginTime = Conversions.DateTimeToInt32Time(LoginDateTime);
UserDR.FailedLogins = 0; // this needs resetting!
// Upgrade the user's password hashing scheme if it is older than the current password hashing scheme
if (APassword != String.Empty && UserDR.PwdSchemeVersion < TPasswordHelper.CurrentPasswordSchemeNumber)
{
TMaintenanceWebConnector.SetNewPasswordHashAndSaltForUser(UserDR, APassword,
AClientComputerName, AClientIPAddress, ATransaction);
}
SaveUser(AUserID, (SUserTable)UserDR.Table, ATransaction);
PetraPrincipal.PetraIdentity.CurrentLogin = LoginDateTime;
//PetraPrincipal.PetraIdentity.FailedLogins = 0;
// TODO: Check for Security Group membership might need reviewal when security model of OpenPetra might get reviewed...
if (PetraPrincipal.IsInGroup("SYSADMIN"))
{
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_SUCCESSFUL_SYSADMIN,
Catalog.GetString("User login - SYSADMIN privileges. ") +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
}
else
{
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_SUCCESSFUL,
Catalog.GetString("User login. ") +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
}
PetraPrincipal.ProcessID = AProcessID;
AProcessID = 0;
//
// (5) Check if a password change is requested for this user
//
if (UserDR.PasswordNeedsChange)
{
// The user needs to change their password before they can use OpenPetra
PetraPrincipal.LoginMessage = SharedConstants.LOGINMUSTCHANGEPASSWORD;
}
return(PetraPrincipal);
}
/// <summary>
/// Lock the SYSADMIN user
/// </summary>
/// <remarks>Gets called from TServerManager.LockSysadmin() Method, which is used to
/// lock the SYSADMIN user while the instance is not assigned to a customer yet.</remarks>
public bool LockSysadmin()
{
return(TMaintenanceWebConnector.LockSysadmin());
}
public static bool PerformUserAuthentication(String AUserID, String APassword,
string AClientComputerName, string AClientIPAddress, out Boolean ASystemEnabled,
TDBTransaction ATransaction)
{
SUserRow UserDR;
DateTime LoginDateTime;
TPetraPrincipal PetraPrincipal = null;
string UserAuthenticationMethod = TAppSettingsManager.GetValue("UserAuthenticationMethod", "OpenPetraDBSUser", false);
IUserAuthentication AuthenticationAssembly;
string AuthAssemblyErrorMessage;
Int32 AProcessID = -1;
ASystemEnabled = true;
CheckDatabaseVersion(ATransaction.DataBaseObj);
string EmailAddress = AUserID;
try
{
UserDR = LoadUser(AUserID, out PetraPrincipal, ATransaction);
}
catch (EUserNotExistantException)
{
// pass ATransaction
UserInfo.SetUserInfo(new TPetraPrincipal("SYSADMIN"));
// Logging
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_ATTEMPT_FOR_NONEXISTING_USER,
String.Format(Catalog.GetString(
"User with User ID '{0}' attempted to log in, but there is no user account for this user! "),
AUserID) + String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
// Only now throw the Exception!
throw;
}
// pass ATransaction
UserInfo.SetUserInfo(PetraPrincipal);
if (AUserID == "SELFSERVICE")
{
APassword = String.Empty;
}
else if ((AUserID == "SYSADMIN") && TSession.HasVariable("ServerAdminToken"))
{
// Login via server admin console authenticated by file token
APassword = String.Empty;
}
//
// (1) Check user-supplied password
//
else if (UserAuthenticationMethod == "OpenPetraDBSUser")
{
if (!TPasswordHelper.EqualsAntiTimingAttack(
Convert.FromBase64String(
CreateHashOfPassword(APassword, UserDR.PasswordSalt, UserDR.PwdSchemeVersion)),
Convert.FromBase64String(UserDR.PasswordHash)))
{
// The password that the user supplied is wrong!!! --> Save failed user login attempt!
// If the number of permitted failed logins in a row gets exceeded then also lock the user account!
SaveFailedLogin(AUserID, UserDR, AClientComputerName, AClientIPAddress, ATransaction);
if (UserDR.AccountLocked &&
(Convert.ToBoolean(UserDR[SUserTable.GetAccountLockedDBName(), DataRowVersion.Original]) != UserDR.AccountLocked))
{
// User Account just got locked!
throw new EUserAccountGotLockedException(StrInvalidUserIDPassword);
}
else
{
throw new EPasswordWrongException(StrInvalidUserIDPassword);
}
}
}
else
{
AuthenticationAssembly = LoadAuthAssembly(UserAuthenticationMethod);
if (!AuthenticationAssembly.AuthenticateUser(EmailAddress, APassword, out AuthAssemblyErrorMessage))
{
// The password that the user supplied is wrong!!! --> Save failed user login attempt!
// If the number of permitted failed logins in a row gets exceeded then also lock the user account!
SaveFailedLogin(AUserID, UserDR, AClientComputerName, AClientIPAddress, ATransaction);
if (UserDR.AccountLocked &&
(Convert.ToBoolean(UserDR[SUserTable.GetAccountLockedDBName(), DataRowVersion.Original]) != UserDR.AccountLocked))
{
// User Account just got locked!
throw new EUserAccountGotLockedException(StrInvalidUserIDPassword);
}
else
{
throw new EPasswordWrongException(AuthAssemblyErrorMessage);
}
}
}
//
// (2) Check if the User Account is Locked or if the user is 'Retired'. If either is true then deny the login!!!
//
// IMPORTANT: We perform these checks only AFTER the check for the correctness of the password so that every
// log-in attempt that gets rejected on grounds of a wrong password takes the same amount of time (to help prevent
// an attack vector called 'timing attack')
if (UserDR.AccountLocked || UserDR.Retired)
{
if ((AUserID == "SYSADMIN") && TSession.HasVariable("ServerAdminToken"))
{
// this is ok. we need to be able to activate the sysadmin account on SetInitialSysadminEmail
}
else if (UserDR.AccountLocked)
{
// Logging
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_ATTEMPT_FOR_LOCKED_USER,
Catalog.GetString("User attempted to log in, but the user account was locked! ") +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
// Only now throw the Exception!
throw new EUserAccountLockedException(StrInvalidUserIDPassword);
}
else
{
// Logging
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_ATTEMPT_FOR_RETIRED_USER,
Catalog.GetString("User attempted to log in, but the user is retired! ") +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
// Only now throw the Exception!
throw new EUserRetiredException(StrInvalidUserIDPassword);
}
}
//
// (3) Check SystemLoginStatus (whether the general use of the OpenPetra application is enabled/disabled) in the
// SystemStatus table (this table always holds only a single record)
//
SSystemStatusTable SystemStatusDT;
SystemStatusDT = SSystemStatusAccess.LoadAll(ATransaction);
if (SystemStatusDT[0].SystemLoginStatus)
{
ASystemEnabled = true;
}
else
{
ASystemEnabled = false;
// TODO: Check for Security Group membership might need reviewal when security model of OpenPetra might get reviewed...
if (PetraPrincipal.IsInGroup("SYSADMIN"))
{
PetraPrincipal.LoginMessage =
String.Format(StrSystemDisabled1,
SystemStatusDT[0].SystemDisabledReason) + Environment.NewLine + Environment.NewLine +
StrSystemDisabled2Admin;
}
else
{
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_ATTEMPT_WHEN_SYSTEM_WAS_DISABLED,
Catalog.GetString("User wanted to log in, but the System was disabled. ") +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
TLoginLog.RecordUserLogout(AUserID, AProcessID, ATransaction);
throw new ESystemDisabledException(String.Format(StrSystemDisabled1,
SystemStatusDT[0].SystemDisabledReason) + Environment.NewLine + Environment.NewLine +
String.Format(StrSystemDisabled2, StringHelper.DateToLocalizedString(SystemStatusDT[0].SystemAvailableDate.Value),
SystemStatusDT[0].SystemAvailableDate.Value.AddSeconds(SystemStatusDT[0].SystemAvailableTime).ToShortTimeString()));
}
}
//
// (3b) Check if the license is valid
//
string LicenseCheckUrl = TAppSettingsManager.GetValue("LicenseCheck.Url", String.Empty, false);
string LicenseUser = TAppSettingsManager.GetValue("Server.DBName");
if ((AUserID == "SYSADMIN") && TSession.HasVariable("ServerAdminToken"))
{
// don't check for the license, since this is called when upgrading the server as well.
LicenseCheckUrl = String.Empty;
}
if ((LicenseCheckUrl != String.Empty) && (LicenseUser != "openpetra"))
{
string url = LicenseCheckUrl + LicenseUser;
string result = THTTPUtils.ReadWebsite(url);
bool valid = result.Contains("\"valid\":true");
bool gratis = result.Contains("\"gratis\":true");
if (!valid && !gratis)
{
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_ATTEMPT_WHEN_SYSTEM_WAS_DISABLED,
Catalog.GetString("User wanted to log in, but the license is expired. ") +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
TLoginLog.RecordUserLogout(AUserID, AProcessID, ATransaction);
throw new ELicenseExpiredException("LICENSE_EXPIRED");
}
}
//
// (4) Save successful login!
//
LoginDateTime = DateTime.Now;
UserDR.LastLoginDate = LoginDateTime;
UserDR.LastLoginTime = Conversions.DateTimeToInt32Time(LoginDateTime);
UserDR.FailedLogins = 0; // this needs resetting!
// Upgrade the user's password hashing scheme if it is older than the current password hashing scheme
if (APassword != String.Empty && UserDR.PwdSchemeVersion < TPasswordHelper.CurrentPasswordSchemeNumber)
{
TMaintenanceWebConnector.SetNewPasswordHashAndSaltForUser(UserDR, APassword,
AClientComputerName, AClientIPAddress, ATransaction);
}
SaveUser(AUserID, (SUserTable)UserDR.Table, ATransaction);
// TODO: Check for Security Group membership might need reviewal when security model of OpenPetra might get reviewed...
if (PetraPrincipal.IsInGroup("SYSADMIN"))
{
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_SUCCESSFUL_SYSADMIN,
Catalog.GetString("User login - SYSADMIN privileges. ") +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
}
else
{
TLoginLog.AddLoginLogEntry(AUserID, TLoginLog.LOGIN_STATUS_TYPE_LOGIN_SUCCESSFUL,
Catalog.GetString("User login. ") +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
out AProcessID, ATransaction);
}
PetraPrincipal.ProcessID = AProcessID;
AProcessID = 0;
//
// (5) Check if a password change is requested for this user
//
if (UserDR.PasswordNeedsChange)
{
// The user needs to change their password before they can use OpenPetra
PetraPrincipal.LoginMessage = SharedConstants.LOGINMUSTCHANGEPASSWORD;
}
return(true);
}
public static bool RunFirstSetup(
string AUserID,
string AFirstName,
string ALastName,
string ALanguageCode,
string AEmailAddress,
List <string> AInitialModulePermissions,
string AInitialPassword,
Int64 ASiteKey,
bool AEnableSelfSignup,
out TVerificationResultCollection AVerificationResult)
{
bool result = true;
AVerificationResult = new TVerificationResultCollection();
TVerificationResult VerificationResult = null;
TVerificationResultCollection VerificationResultCollection = new TVerificationResultCollection();
if (AInitialPassword != String.Empty)
{
// check if password is valid, it meets the criteria
if (!TSharedSysManValidation.CheckPasswordQuality(AInitialPassword, out VerificationResult))
{
AVerificationResult.Add(VerificationResult);
return(false);
}
}
result = TMaintenanceWebConnector.SaveUserAndModulePermissions(
AUserID, AFirstName, ALastName, AEmailAddress, ALanguageCode,
false, false, false, AInitialModulePermissions, 0,
out VerificationResultCollection);
if (result != false)
{
TDBTransaction t = new TDBTransaction();
TDataBase db = DBAccess.Connect("RunFirstSetup");
bool SubmitOK = false;
db.WriteTransaction(ref t,
ref SubmitOK,
delegate
{
if (AInitialPassword != String.Empty)
{
result = TMaintenanceWebConnector.SetUserPassword(AUserID, AInitialPassword, false, false,
String.Empty, String.Empty, out VerificationResultCollection);
}
else
{
// TODO send welcoming Email, with link for setting the password
}
if (result)
{
TSystemDefaults defaults = new TSystemDefaults(db);
defaults.SetSystemDefault(SharedConstants.SYSDEFAULT_SITEKEY, ASiteKey.ToString(), db);
defaults.SetSystemDefault(SharedConstants.SYSDEFAULT_SELFSIGNUPENABLED, AEnableSelfSignup.ToString(), db);
GLSetupTDS GLMainDS = new GLSetupTDS();
SubmitOK = TGLSetupWebConnector.CreateSite(ref GLMainDS, "Default Site", ASiteKey, t);
if (SubmitOK)
{
GLSetupTDSAccess.SubmitChanges(GLMainDS, db, t);
}
}
});
db.CloseDBConnection();
}
if (!result)
{
if (VerificationResultCollection.HasCriticalErrors)
{
AVerificationResult = VerificationResultCollection;
}
else
{
AVerificationResult.Add(VerificationResult);
}
}
return(result);
}
