protected override void AfterSave() { base.AfterSave(); if (IsCreate || IsUpdate) { if (Authorization.HasPermission(PermissionKeys.Tenants)) { return; } var user = (UserDefinition)Authorization.UserDefinition; if (Row.Enabled == 1) { var tenantFld = TenantRow.Fields; var tenant = Connection.First <TenantRow>(tenantFld.TenantId == user.TenantId); tenant.SubscriptionId = Row.SubscriptionId; Connection.UpdateById(tenant); var offerRole = Connection.ById <OffersRow>(Row.OfferId).RoleId; var userRoleFld = UserRoleRow.Fields; var userRoles = Connection.First <UserRoleRow>(userRoleFld.UserId == user.UserId); userRoles.RoleId = offerRole; Connection.UpdateById(userRoles); UserRetrieveService.RemoveCachedUser(user.UserId, user.Username); } } }
public ActionResult getUser() { UserRetrieveService request = new UserRetrieveService(); UserDefinition test = (UserDefinition)request.ByUsername(Thread.CurrentPrincipal.Identity.Name); return(Json(test, JsonRequestBehavior.AllowGet)); }
public Result <ServiceResponse> EditTenant(EditTenantRequest request) { return(this.UseConnection("Default", connection => { request.CheckNotNull(); var perminsion = Dependency.Resolve <IPermissionService>(); var grantor = new TransientGrantingPermissionService(perminsion); grantor.GrantAll(); try { var user = (UserDefinition)Serenity.Authorization.UserDefinition; var tenant = new TenantRow(); tenant.TenantId = user.TenantId; if (request.TenantName.IsEmptyOrNull()) { throw new ArgumentNullException("name"); } tenant.TenantName = request.TenantName; tenant.TenantWebSite = request.TenantWebSite; if (!request.TenantImage.IsNullOrEmpty()) { tenant.TenantImage = request.TenantImage; } tenant.OverrideUsersEmailSignature = request.OverrideUsersEmailSignature; tenant.TenantEmailSignature = request.TenantEmailSignature; var saveRequest = new SaveRequest <TenantRow>() { Entity = tenant }; var uow = new UnitOfWork(connection); new TenantRepository().Update(uow, saveRequest); uow.Commit(); UserRetrieveService.RemoveCachedUser(user.UserId, user.Username); } finally { grantor.UndoGrant(); } return new ServiceResponse(); })); }
public void OnActionExecuting(ActionExecutingContext filterContext) { if (filterContext.HttpContext.User.Identity.IsAuthenticated) { var username = filterContext.RouteData.Values["username"]; var user = new UserRetrieveService().ByUsername(filterContext.HttpContext.User.Identity.Name); if (user == null && !"Account".Equals(filterContext.RouteData.Values["controller"]) && !"Register".Equals(filterContext.RouteData.Values["action"])) { filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { controller = "Account", action = "Register" })); } } }
public Result <ServiceResponse> EditUserProfile(EditUserProfileRequest request) { // new TransientGrantingPermissionService(new PermissionService()).Grant("Administration:User:Modify"); return(this.UseConnection("Default", connection => { request.CheckNotNull(); var user = (UserDefinition)Serenity.Authorization.UserDefinition; if (request.DisplayName.IsEmptyOrNull()) { throw new ArgumentNullException("name"); } if (request.Email.IsEmptyOrNull()) { throw new ArgumentNullException("email"); } var saveRequest = new SaveRequest <UserRow>(); saveRequest.Entity = new UserRow(); saveRequest.EntityId = user.UserId; saveRequest.Entity.UserId = user.UserId; saveRequest.Entity.DisplayName = request.DisplayName; saveRequest.Entity.Email = request.Email; saveRequest.Entity.Info = request.Info; if (!request.UserImage.IsNullOrEmpty()) { saveRequest.Entity.UserImage = request.UserImage; } saveRequest.Entity.EmailSignature = request.EmailSignature; saveRequest.Entity.WebSite = request.WebSite; saveRequest.Entity.PhoneNumber = request.PhoneNumber; var uow = new UnitOfWork(connection); new UserRepository().Update(uow, saveRequest); uow.Commit(); UserRetrieveService.RemoveCachedUser(user.UserId, user.Username); return new ServiceResponse(); })); }
public Result <SaveResponse> updateuser(SaveRequest <MyRow> para1) { var str = para1; return(this.InTransaction("Default", (uow) => { UserRetrieveService RequestUser = new UserRetrieveService(); var thisUser = RequestUser.ByUsername(this.User.Identity.Name); var saveFileResponse = new UserRepository().Update(uow, new SaveRequest <MyRow> { Entity = new MyRow { UserId = str.Entity.UserId, AdminLv = "1" } }); return saveFileResponse; })); }
public Result <ServiceResponse> Login(LoginRequest request, [FromServices] IUserPasswordValidator passwordValidator, [FromServices] IUserRetrieveService userRetriever, [FromServices] IEmailSender emailSender = null) { return(this.ExecuteMethod(() => { if (request is null) { throw new ArgumentNullException(nameof(request)); } if (string.IsNullOrEmpty(request.Username)) { throw new ArgumentNullException("username"); } if (passwordValidator is null) { throw new ArgumentNullException(nameof(passwordValidator)); } if (userRetriever is null) { throw new ArgumentNullException(nameof(userRetriever)); } var username = request.Username; var result = passwordValidator.Validate(ref username, request.Password); if (result == PasswordValidationResult.Valid) { var principal = UserRetrieveService.CreatePrincipal(userRetriever, username, authType: "Password"); HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal) .GetAwaiter().GetResult(); return new ServiceResponse(); } throw new ValidationError("AuthenticationError", Texts.Validation.AuthenticationError.ToString(Localizer)); })); }
public Result <ServiceResponse> SignUp(SignUpRequest request) { return(this.UseConnection("Default", connection => { request.CheckNotNull(); Check.NotNullOrWhiteSpace(request.Email, "email"); Check.NotNullOrEmpty(request.Password, "password"); UserRepository.ValidatePassword(request.Email, request.Password, true); Check.NotNullOrWhiteSpace(request.DisplayName, "displayName"); if (connection.Exists <UserRow>( UserRow.Fields.Username == request.Email | UserRow.Fields.Email == request.Email)) { throw new ValidationError("EmailInUse", Texts.Validation.CantFindUserWithEmail); } using (var uow = new UnitOfWork(connection)) { string salt = null; var hash = UserRepository.GenerateHash(request.Password, ref salt); var displayName = request.DisplayName.TrimToEmpty(); var email = request.Email; var username = request.Email; var fld = UserRow.Fields; var userId = (int)connection.InsertAndGetID(new UserRow { Username = username, Source = "sign", DisplayName = displayName, Email = email, PasswordHash = hash, PasswordSalt = salt, IsActive = 0, InsertDate = DateTime.Now, InsertUserId = 1, LastDirectoryUpdate = DateTime.Now }); byte[] bytes; using (var ms = new MemoryStream()) using (var bw = new BinaryWriter(ms)) { bw.Write(DateTime.UtcNow.AddHours(3).ToBinary()); bw.Write(userId); bw.Flush(); bytes = ms.ToArray(); } var token = Convert.ToBase64String(MachineKey.Protect(bytes, "Activate")); var externalUrl = Config.Get <EnvironmentSettings>().SiteExternalUrl ?? Request.Url.GetLeftPart(UriPartial.Authority) + VirtualPathUtility.ToAbsolute("~/"); var activateLink = UriHelper.Combine(externalUrl, "Account/Activate?t="); activateLink = activateLink + Uri.EscapeDataString(token); var emailModel = new ActivateEmailModel(); emailModel.Username = username; emailModel.DisplayName = displayName; emailModel.ActivateLink = activateLink; var emailSubject = Texts.Forms.Membership.SignUp.ActivateEmailSubject.ToString(); var emailBody = TemplateHelper.RenderTemplate( MVC.Views.Membership.Account.SignUp.AccountActivateEmail, emailModel); var message = new MailMessage(); message.To.Add(email); message.Subject = emailSubject; message.Body = emailBody; message.IsBodyHtml = true; var client = new SmtpClient(); if (client.DeliveryMethod == SmtpDeliveryMethod.SpecifiedPickupDirectory && string.IsNullOrEmpty(client.PickupDirectoryLocation)) { var pickupPath = Server.MapPath("~/App_Data"); pickupPath = Path.Combine(pickupPath, "Mail"); Directory.CreateDirectory(pickupPath); client.PickupDirectoryLocation = pickupPath; } uow.Commit(); UserRetrieveService.RemoveCachedUser(userId, username); client.Send(message); return new ServiceResponse(); } })); }
public Result <ServiceResponse> SignUp(SignUpRequest request) { return(this.UseConnection("Default", connection => { request.CheckNotNull(); Check.NotNullOrWhiteSpace(request.Email, "email"); Check.NotNullOrEmpty(request.Password, "password"); UserRepository.ValidatePassword(request.Email, request.Password, true); Check.NotNullOrWhiteSpace(request.DisplayName, "displayName"); if (connection.Exists <UserRow>( UserRow.Fields.Username == request.Email | UserRow.Fields.Email == request.Email)) { throw new ValidationError("EmailInUse", Texts.Validation.EmailInUse); } using (var uow = new UnitOfWork(connection)) { string salt = null; var hash = UserRepository.GenerateHash(request.Password, ref salt); var displayName = request.DisplayName.TrimToEmpty(); var email = request.Email; var username = request.Email; var fld = UserRow.Fields; var userId = (int)connection.InsertAndGetID(new UserRow { Username = username, Source = "sign", DisplayName = displayName, Email = email, PasswordHash = hash, PasswordSalt = salt, IsActive = 0, InsertDate = DateTime.Now, InsertUserId = 1, LastDirectoryUpdate = DateTime.Now }); byte[] bytes; using (var ms = new MemoryStream()) using (var bw = new BinaryWriter(ms)) { bw.Write(DateTime.UtcNow.AddHours(3).ToBinary()); bw.Write(userId); bw.Flush(); bytes = ms.ToArray(); } var token = Convert.ToBase64String(HttpContext.RequestServices .GetDataProtector("Activate").Protect(bytes)); var externalUrl = Config.Get <EnvironmentSettings>().SiteExternalUrl ?? Request.GetBaseUri().ToString(); var activateLink = UriHelper.Combine(externalUrl, "Account/Activate?t="); activateLink = activateLink + Uri.EscapeDataString(token); var emailModel = new ActivateEmailModel(); emailModel.Username = username; emailModel.DisplayName = displayName; emailModel.ActivateLink = activateLink; var emailSubject = Texts.Forms.Membership.SignUp.ActivateEmailSubject.ToString(); var emailBody = TemplateHelper.RenderViewToString(HttpContext.RequestServices, MVC.Views.Membership.Account.SignUp.AccountActivateEmail, emailModel); Common.EmailHelper.Send(emailSubject, emailBody, email); uow.Commit(); UserRetrieveService.RemoveCachedUser(userId, username); return new ServiceResponse(); } })); }
public Result <ServiceResponse> SignUp(SignUpRequest request) { return(this.UseConnection("Default", connection => { request.CheckNotNull(); Check.NotNullOrWhiteSpace(request.Email, "email"); Check.NotNullOrEmpty(request.Password, "password"); UserRepository.ValidatePassword(request.Email, request.Password, true); Check.NotNullOrWhiteSpace(request.DisplayName, "displayName"); if (connection.Exists <UserRow>( UserRow.Fields.Username == request.Email | UserRow.Fields.Email == request.Email)) { throw new ValidationError("EmailInUse", Texts.Validation.EmailInUse); } using (var uow = new UnitOfWork(connection)) { string salt = null; var hash = UserRepository.GenerateHash(request.Password, ref salt); var displayName = request.DisplayName.TrimToEmpty(); var email = request.Email; var username = request.Email; var fld = UserRow.Fields; var userModel = new UserRow { Username = username, Source = "sign", DisplayName = displayName, Email = email, PasswordHash = hash, PasswordSalt = salt, IsActive = 0, InsertDate = DateTime.Now, InsertUserId = 1, LastDirectoryUpdate = DateTime.Now }; var userId = (int)connection.InsertAndGetID(userModel); userModel.UserId = userId; var tenant = new TenantRow { TenantName = request.TenantName, CurrencyId = 1, SubscriptionRequired = true }; tenant.TenantId = Int32.Parse(connection.InsertAndGetID(tenant).ToString()); var offer = connection.ById <OffersRow>(request.OfferId); //Insert First subscription directly after you know the TenantId var subscriptionId = (int)connection.InsertAndGetID(new SubscriptionsRow { // TODO Get local string Name = string.Format("{0} - {1}", offer.Name, request.TenantName), OfferId = offer.OfferId, TenantId = Int32.Parse(tenant.TenantId.ToString()), SubscriptionEndDate = DateTime.Now.AddMonths(12), Enabled = 1, IsActive = 1, InsertUserId = userId, InsertDate = DateTime.Now, ActivatedOn = DateTime.Now, FreeDaysFromOffer = offer.MaximumSubscriptionTime ?? 0 }); tenant.SubscriptionId = subscriptionId; //Update Tenant SubscriptionId .. Is it Needet? connection.UpdateById(tenant, ExpectedRows.One); var userRoleId = (int)connection.InsertAndGetID(new UserRoleRow { UserId = userId, RoleId = offer.RoleId }); userModel.TenantId = tenant.TenantId ?? 2; connection.UpdateById(userModel, ExpectedRows.One); byte[] bytes; using (var ms = new MemoryStream()) using (var bw = new BinaryWriter(ms)) { bw.Write(DateTime.UtcNow.AddHours(3).ToBinary()); bw.Write(userId); bw.Flush(); bytes = ms.ToArray(); } var token = Convert.ToBase64String(HttpContext.RequestServices .GetDataProtector("Activate").Protect(bytes)); var externalUrl = Config.Get <EnvironmentSettings>().SiteExternalUrl ?? Request.GetBaseUri().ToString(); var activateLink = UriHelper.Combine(externalUrl, "Account/Activate?t="); activateLink = activateLink + Uri.EscapeDataString(token); var emailModel = new ActivateEmailModel(); emailModel.Username = username; emailModel.DisplayName = displayName; emailModel.ActivateLink = activateLink; var emailSubject = Texts.Forms.Membership.SignUp.ActivateEmailSubject.ToString(); var emailBody = TemplateHelper.RenderViewToString(HttpContext.RequestServices, MVC.Views.Membership.Account.SignUp.AccountActivateEmail, emailModel); Common.EmailHelper.Send(emailSubject, emailBody, email); uow.Commit(); UserRetrieveService.RemoveCachedUser(userId, username); return new ServiceResponse(); } })); }
private bool ValidateExistingUser(ref string username, string password, UserDefinition user) { username = user.Username; if (user.IsActive != 1) { if (Log.IsInfoEnabled) { Log.Error(String.Format("Inactive user login attempt: {0}", username), this.GetType()); } return(false); } // prevent more than 50 invalid login attempts in 30 minutes var throttler = new Throttler("ValidateUser:"******"site" || user.Source == "sign" || directoryService == null) { if (validatePassword()) { throttler.Reset(); return(true); } return(false); } if (user.Source != "ldap") { throw new ArgumentOutOfRangeException("userSource"); } if (!string.IsNullOrEmpty(user.PasswordHash) && user.LastDirectoryUpdate != null && user.LastDirectoryUpdate.Value.AddHours(1) >= DateTime.Now) { if (validatePassword()) { throttler.Reset(); return(true); } return(false); } DirectoryEntry entry; try { entry = directoryService.Validate(username, password); if (entry == null) { return(false); } throttler.Reset(); } catch (Exception ex) { Log.Error("Error on directory access", ex, this.GetType()); // couldn't access directory. allow user to login with cached password if (!user.PasswordHash.IsTrimmedEmpty()) { if (validatePassword()) { throttler.Reset(); return(true); } return(false); } throw; } try { string salt = user.PasswordSalt.TrimToNull(); var hash = UserRepository.GenerateHash(password, ref salt); var displayName = entry.FirstName + " " + entry.LastName; var email = entry.Email.TrimToNull() ?? user.Email ?? (username + "@yourdefaultdomain.com"); using (var connection = SqlConnections.NewFor <UserRow>()) using (var uow = new UnitOfWork(connection)) { var fld = UserRow.Fields; new SqlUpdate(fld.TableName) .Set(fld.DisplayName, displayName) .Set(fld.PasswordHash, hash) .Set(fld.PasswordSalt, salt) .Set(fld.Email, email) .Set(fld.LastDirectoryUpdate, DateTime.Now) .WhereEqual(fld.UserId, user.UserId) .Execute(connection, ExpectedRows.One); uow.Commit(); UserRetrieveService.RemoveCachedUser(user.UserId, username); } return(true); } catch (Exception ex) { Log.Error("Error while updating directory user", ex, this.GetType()); return(true); } }
private bool ValidateFirstTimeUser(ref string username, string password) { var throttler = new Throttler("ValidateUser:"******"Error on directory first time authentication", ex, this.GetType()); return(false); } try { string salt = null; var hash = UserRepository.GenerateHash(password, ref salt); var displayName = entry.FirstName + " " + entry.LastName; var email = entry.Email.TrimToNull() ?? (username + "@yourdefaultdomain.com"); username = entry.Username.TrimToNull() ?? username; using (var connection = SqlConnections.NewFor <UserRow>()) using (var uow = new UnitOfWork(connection)) { var userId = (int)connection.InsertAndGetID(new UserRow { Username = username, Source = "ldap", DisplayName = displayName, Email = email, PasswordHash = hash, PasswordSalt = salt, IsActive = 1, InsertDate = DateTime.Now, InsertUserId = 1, LastDirectoryUpdate = DateTime.Now }); uow.Commit(); UserRetrieveService.RemoveCachedUser(userId, username); } return(true); } catch (Exception ex) { Log.Error("Error while importing directory user", ex, this.GetType()); return(false); } }