protected override void AfterSave()
{
base.AfterSave();
if (IsCreate || IsUpdate)
{
if (Authorization.HasPermission(PermissionKeys.Tenants))
{
return;
}
var user = (UserDefinition)Authorization.UserDefinition;
if (Row.Enabled == 1)
{
var tenantFld = TenantRow.Fields;
var tenant = Connection.First <TenantRow>(tenantFld.TenantId == user.TenantId);
tenant.SubscriptionId = Row.SubscriptionId;
Connection.UpdateById(tenant);
var offerRole = Connection.ById <OffersRow>(Row.OfferId).RoleId;
var userRoleFld = UserRoleRow.Fields;
var userRoles = Connection.First <UserRoleRow>(userRoleFld.UserId == user.UserId);
userRoles.RoleId = offerRole;
Connection.UpdateById(userRoles);
UserRetrieveService.RemoveCachedUser(user.UserId, user.Username);
}
}
}
public ActionResult getUser()
{
UserRetrieveService request = new UserRetrieveService();
UserDefinition test = (UserDefinition)request.ByUsername(Thread.CurrentPrincipal.Identity.Name);
return(Json(test, JsonRequestBehavior.AllowGet));
}
public Result <ServiceResponse> EditTenant(EditTenantRequest request)
{
return(this.UseConnection("Default", connection =>
{
request.CheckNotNull();
var perminsion = Dependency.Resolve <IPermissionService>();
var grantor = new TransientGrantingPermissionService(perminsion);
grantor.GrantAll();
try
{
var user = (UserDefinition)Serenity.Authorization.UserDefinition;
var tenant = new TenantRow();
tenant.TenantId = user.TenantId;
if (request.TenantName.IsEmptyOrNull())
{
throw new ArgumentNullException("name");
}
tenant.TenantName = request.TenantName;
tenant.TenantWebSite = request.TenantWebSite;
if (!request.TenantImage.IsNullOrEmpty())
{
tenant.TenantImage = request.TenantImage;
}
tenant.OverrideUsersEmailSignature = request.OverrideUsersEmailSignature;
tenant.TenantEmailSignature = request.TenantEmailSignature;
var saveRequest = new SaveRequest <TenantRow>()
{
Entity = tenant
};
var uow = new UnitOfWork(connection);
new TenantRepository().Update(uow, saveRequest);
uow.Commit();
UserRetrieveService.RemoveCachedUser(user.UserId, user.Username);
}
finally
{
grantor.UndoGrant();
}
return new ServiceResponse();
}));
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
{
var username = filterContext.RouteData.Values["username"];
var user = new UserRetrieveService().ByUsername(filterContext.HttpContext.User.Identity.Name);
if (user == null &&
!"Account".Equals(filterContext.RouteData.Values["controller"]) &&
!"Register".Equals(filterContext.RouteData.Values["action"]))
{
filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { controller = "Account", action = "Register" }));
}
}
}
public Result <ServiceResponse> EditUserProfile(EditUserProfileRequest request)
{
// new TransientGrantingPermissionService(new PermissionService()).Grant("Administration:User:Modify");
return(this.UseConnection("Default", connection =>
{
request.CheckNotNull();
var user = (UserDefinition)Serenity.Authorization.UserDefinition;
if (request.DisplayName.IsEmptyOrNull())
{
throw new ArgumentNullException("name");
}
if (request.Email.IsEmptyOrNull())
{
throw new ArgumentNullException("email");
}
var saveRequest = new SaveRequest <UserRow>();
saveRequest.Entity = new UserRow();
saveRequest.EntityId = user.UserId;
saveRequest.Entity.UserId = user.UserId;
saveRequest.Entity.DisplayName = request.DisplayName;
saveRequest.Entity.Email = request.Email;
saveRequest.Entity.Info = request.Info;
if (!request.UserImage.IsNullOrEmpty())
{
saveRequest.Entity.UserImage = request.UserImage;
}
saveRequest.Entity.EmailSignature = request.EmailSignature;
saveRequest.Entity.WebSite = request.WebSite;
saveRequest.Entity.PhoneNumber = request.PhoneNumber;
var uow = new UnitOfWork(connection);
new UserRepository().Update(uow, saveRequest);
uow.Commit();
UserRetrieveService.RemoveCachedUser(user.UserId, user.Username);
return new ServiceResponse();
}));
}
public Result <SaveResponse> updateuser(SaveRequest <MyRow> para1)
{
var str = para1;
return(this.InTransaction("Default", (uow) =>
{
UserRetrieveService RequestUser = new UserRetrieveService();
var thisUser = RequestUser.ByUsername(this.User.Identity.Name);
var saveFileResponse = new UserRepository().Update(uow, new SaveRequest <MyRow>
{
Entity = new MyRow
{
UserId = str.Entity.UserId,
AdminLv = "1"
}
});
return saveFileResponse;
}));
}
public Result <ServiceResponse> Login(LoginRequest request,
[FromServices] IUserPasswordValidator passwordValidator,
[FromServices] IUserRetrieveService userRetriever,
[FromServices] IEmailSender emailSender = null)
{
return(this.ExecuteMethod(() =>
{
if (request is null)
{
throw new ArgumentNullException(nameof(request));
}
if (string.IsNullOrEmpty(request.Username))
{
throw new ArgumentNullException("username");
}
if (passwordValidator is null)
{
throw new ArgumentNullException(nameof(passwordValidator));
}
if (userRetriever is null)
{
throw new ArgumentNullException(nameof(userRetriever));
}
var username = request.Username;
var result = passwordValidator.Validate(ref username, request.Password);
if (result == PasswordValidationResult.Valid)
{
var principal = UserRetrieveService.CreatePrincipal(userRetriever, username, authType: "Password");
HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal)
.GetAwaiter().GetResult();
return new ServiceResponse();
}
throw new ValidationError("AuthenticationError", Texts.Validation.AuthenticationError.ToString(Localizer));
}));
}
public Result <ServiceResponse> SignUp(SignUpRequest request)
{
return(this.UseConnection("Default", connection =>
{
request.CheckNotNull();
Check.NotNullOrWhiteSpace(request.Email, "email");
Check.NotNullOrEmpty(request.Password, "password");
UserRepository.ValidatePassword(request.Email, request.Password, true);
Check.NotNullOrWhiteSpace(request.DisplayName, "displayName");
if (connection.Exists <UserRow>(
UserRow.Fields.Username == request.Email |
UserRow.Fields.Email == request.Email))
{
throw new ValidationError("EmailInUse", Texts.Validation.CantFindUserWithEmail);
}
using (var uow = new UnitOfWork(connection))
{
string salt = null;
var hash = UserRepository.GenerateHash(request.Password, ref salt);
var displayName = request.DisplayName.TrimToEmpty();
var email = request.Email;
var username = request.Email;
var fld = UserRow.Fields;
var userId = (int)connection.InsertAndGetID(new UserRow
{
Username = username,
Source = "sign",
DisplayName = displayName,
Email = email,
PasswordHash = hash,
PasswordSalt = salt,
IsActive = 0,
InsertDate = DateTime.Now,
InsertUserId = 1,
LastDirectoryUpdate = DateTime.Now
});
byte[] bytes;
using (var ms = new MemoryStream())
using (var bw = new BinaryWriter(ms))
{
bw.Write(DateTime.UtcNow.AddHours(3).ToBinary());
bw.Write(userId);
bw.Flush();
bytes = ms.ToArray();
}
var token = Convert.ToBase64String(MachineKey.Protect(bytes, "Activate"));
var externalUrl = Config.Get <EnvironmentSettings>().SiteExternalUrl ??
Request.Url.GetLeftPart(UriPartial.Authority) + VirtualPathUtility.ToAbsolute("~/");
var activateLink = UriHelper.Combine(externalUrl, "Account/Activate?t=");
activateLink = activateLink + Uri.EscapeDataString(token);
var emailModel = new ActivateEmailModel();
emailModel.Username = username;
emailModel.DisplayName = displayName;
emailModel.ActivateLink = activateLink;
var emailSubject = Texts.Forms.Membership.SignUp.ActivateEmailSubject.ToString();
var emailBody = TemplateHelper.RenderTemplate(
MVC.Views.Membership.Account.SignUp.AccountActivateEmail, emailModel);
var message = new MailMessage();
message.To.Add(email);
message.Subject = emailSubject;
message.Body = emailBody;
message.IsBodyHtml = true;
var client = new SmtpClient();
if (client.DeliveryMethod == SmtpDeliveryMethod.SpecifiedPickupDirectory &&
string.IsNullOrEmpty(client.PickupDirectoryLocation))
{
var pickupPath = Server.MapPath("~/App_Data");
pickupPath = Path.Combine(pickupPath, "Mail");
Directory.CreateDirectory(pickupPath);
client.PickupDirectoryLocation = pickupPath;
}
uow.Commit();
UserRetrieveService.RemoveCachedUser(userId, username);
client.Send(message);
return new ServiceResponse();
}
}));
}
public Result <ServiceResponse> SignUp(SignUpRequest request)
{
return(this.UseConnection("Default", connection =>
{
request.CheckNotNull();
Check.NotNullOrWhiteSpace(request.Email, "email");
Check.NotNullOrEmpty(request.Password, "password");
UserRepository.ValidatePassword(request.Email, request.Password, true);
Check.NotNullOrWhiteSpace(request.DisplayName, "displayName");
if (connection.Exists <UserRow>(
UserRow.Fields.Username == request.Email |
UserRow.Fields.Email == request.Email))
{
throw new ValidationError("EmailInUse", Texts.Validation.EmailInUse);
}
using (var uow = new UnitOfWork(connection))
{
string salt = null;
var hash = UserRepository.GenerateHash(request.Password, ref salt);
var displayName = request.DisplayName.TrimToEmpty();
var email = request.Email;
var username = request.Email;
var fld = UserRow.Fields;
var userId = (int)connection.InsertAndGetID(new UserRow
{
Username = username,
Source = "sign",
DisplayName = displayName,
Email = email,
PasswordHash = hash,
PasswordSalt = salt,
IsActive = 0,
InsertDate = DateTime.Now,
InsertUserId = 1,
LastDirectoryUpdate = DateTime.Now
});
byte[] bytes;
using (var ms = new MemoryStream())
using (var bw = new BinaryWriter(ms))
{
bw.Write(DateTime.UtcNow.AddHours(3).ToBinary());
bw.Write(userId);
bw.Flush();
bytes = ms.ToArray();
}
var token = Convert.ToBase64String(HttpContext.RequestServices
.GetDataProtector("Activate").Protect(bytes));
var externalUrl = Config.Get <EnvironmentSettings>().SiteExternalUrl ??
Request.GetBaseUri().ToString();
var activateLink = UriHelper.Combine(externalUrl, "Account/Activate?t=");
activateLink = activateLink + Uri.EscapeDataString(token);
var emailModel = new ActivateEmailModel();
emailModel.Username = username;
emailModel.DisplayName = displayName;
emailModel.ActivateLink = activateLink;
var emailSubject = Texts.Forms.Membership.SignUp.ActivateEmailSubject.ToString();
var emailBody = TemplateHelper.RenderViewToString(HttpContext.RequestServices,
MVC.Views.Membership.Account.SignUp.AccountActivateEmail, emailModel);
Common.EmailHelper.Send(emailSubject, emailBody, email);
uow.Commit();
UserRetrieveService.RemoveCachedUser(userId, username);
return new ServiceResponse();
}
}));
}
public Result <ServiceResponse> SignUp(SignUpRequest request)
{
return(this.UseConnection("Default", connection =>
{
request.CheckNotNull();
Check.NotNullOrWhiteSpace(request.Email, "email");
Check.NotNullOrEmpty(request.Password, "password");
UserRepository.ValidatePassword(request.Email, request.Password, true);
Check.NotNullOrWhiteSpace(request.DisplayName, "displayName");
if (connection.Exists <UserRow>(
UserRow.Fields.Username == request.Email |
UserRow.Fields.Email == request.Email))
{
throw new ValidationError("EmailInUse", Texts.Validation.EmailInUse);
}
using (var uow = new UnitOfWork(connection))
{
string salt = null;
var hash = UserRepository.GenerateHash(request.Password, ref salt);
var displayName = request.DisplayName.TrimToEmpty();
var email = request.Email;
var username = request.Email;
var fld = UserRow.Fields;
var userModel = new UserRow
{
Username = username,
Source = "sign",
DisplayName = displayName,
Email = email,
PasswordHash = hash,
PasswordSalt = salt,
IsActive = 0,
InsertDate = DateTime.Now,
InsertUserId = 1,
LastDirectoryUpdate = DateTime.Now
};
var userId = (int)connection.InsertAndGetID(userModel);
userModel.UserId = userId;
var tenant = new TenantRow
{
TenantName = request.TenantName,
CurrencyId = 1,
SubscriptionRequired = true
};
tenant.TenantId = Int32.Parse(connection.InsertAndGetID(tenant).ToString());
var offer = connection.ById <OffersRow>(request.OfferId);
//Insert First subscription directly after you know the TenantId
var subscriptionId = (int)connection.InsertAndGetID(new SubscriptionsRow
{
// TODO Get local string
Name = string.Format("{0} - {1}", offer.Name, request.TenantName),
OfferId = offer.OfferId,
TenantId = Int32.Parse(tenant.TenantId.ToString()),
SubscriptionEndDate = DateTime.Now.AddMonths(12),
Enabled = 1,
IsActive = 1,
InsertUserId = userId,
InsertDate = DateTime.Now,
ActivatedOn = DateTime.Now,
FreeDaysFromOffer = offer.MaximumSubscriptionTime ?? 0
});
tenant.SubscriptionId = subscriptionId;
//Update Tenant SubscriptionId .. Is it Needet?
connection.UpdateById(tenant, ExpectedRows.One);
var userRoleId = (int)connection.InsertAndGetID(new UserRoleRow
{
UserId = userId,
RoleId = offer.RoleId
});
userModel.TenantId = tenant.TenantId ?? 2;
connection.UpdateById(userModel, ExpectedRows.One);
byte[] bytes;
using (var ms = new MemoryStream())
using (var bw = new BinaryWriter(ms))
{
bw.Write(DateTime.UtcNow.AddHours(3).ToBinary());
bw.Write(userId);
bw.Flush();
bytes = ms.ToArray();
}
var token = Convert.ToBase64String(HttpContext.RequestServices
.GetDataProtector("Activate").Protect(bytes));
var externalUrl = Config.Get <EnvironmentSettings>().SiteExternalUrl ??
Request.GetBaseUri().ToString();
var activateLink = UriHelper.Combine(externalUrl, "Account/Activate?t=");
activateLink = activateLink + Uri.EscapeDataString(token);
var emailModel = new ActivateEmailModel();
emailModel.Username = username;
emailModel.DisplayName = displayName;
emailModel.ActivateLink = activateLink;
var emailSubject = Texts.Forms.Membership.SignUp.ActivateEmailSubject.ToString();
var emailBody = TemplateHelper.RenderViewToString(HttpContext.RequestServices,
MVC.Views.Membership.Account.SignUp.AccountActivateEmail, emailModel);
Common.EmailHelper.Send(emailSubject, emailBody, email);
uow.Commit();
UserRetrieveService.RemoveCachedUser(userId, username);
return new ServiceResponse();
}
}));
}
private bool ValidateExistingUser(ref string username, string password, UserDefinition user)
{
username = user.Username;
if (user.IsActive != 1)
{
if (Log.IsInfoEnabled)
{
Log.Error(String.Format("Inactive user login attempt: {0}", username), this.GetType());
}
return(false);
}
// prevent more than 50 invalid login attempts in 30 minutes
var throttler = new Throttler("ValidateUser:"******"site" || user.Source == "sign" || directoryService == null)
{
if (validatePassword())
{
throttler.Reset();
return(true);
}
return(false);
}
if (user.Source != "ldap")
{
throw new ArgumentOutOfRangeException("userSource");
}
if (!string.IsNullOrEmpty(user.PasswordHash) &&
user.LastDirectoryUpdate != null &&
user.LastDirectoryUpdate.Value.AddHours(1) >= DateTime.Now)
{
if (validatePassword())
{
throttler.Reset();
return(true);
}
return(false);
}
DirectoryEntry entry;
try
{
entry = directoryService.Validate(username, password);
if (entry == null)
{
return(false);
}
throttler.Reset();
}
catch (Exception ex)
{
Log.Error("Error on directory access", ex, this.GetType());
// couldn't access directory. allow user to login with cached password
if (!user.PasswordHash.IsTrimmedEmpty())
{
if (validatePassword())
{
throttler.Reset();
return(true);
}
return(false);
}
throw;
}
try
{
string salt = user.PasswordSalt.TrimToNull();
var hash = UserRepository.GenerateHash(password, ref salt);
var displayName = entry.FirstName + " " + entry.LastName;
var email = entry.Email.TrimToNull() ?? user.Email ?? (username + "@yourdefaultdomain.com");
using (var connection = SqlConnections.NewFor <UserRow>())
using (var uow = new UnitOfWork(connection))
{
var fld = UserRow.Fields;
new SqlUpdate(fld.TableName)
.Set(fld.DisplayName, displayName)
.Set(fld.PasswordHash, hash)
.Set(fld.PasswordSalt, salt)
.Set(fld.Email, email)
.Set(fld.LastDirectoryUpdate, DateTime.Now)
.WhereEqual(fld.UserId, user.UserId)
.Execute(connection, ExpectedRows.One);
uow.Commit();
UserRetrieveService.RemoveCachedUser(user.UserId, username);
}
return(true);
}
catch (Exception ex)
{
Log.Error("Error while updating directory user", ex, this.GetType());
return(true);
}
}
private bool ValidateFirstTimeUser(ref string username, string password)
{
var throttler = new Throttler("ValidateUser:"******"Error on directory first time authentication", ex, this.GetType());
return(false);
}
try
{
string salt = null;
var hash = UserRepository.GenerateHash(password, ref salt);
var displayName = entry.FirstName + " " + entry.LastName;
var email = entry.Email.TrimToNull() ?? (username + "@yourdefaultdomain.com");
username = entry.Username.TrimToNull() ?? username;
using (var connection = SqlConnections.NewFor <UserRow>())
using (var uow = new UnitOfWork(connection))
{
var userId = (int)connection.InsertAndGetID(new UserRow
{
Username = username,
Source = "ldap",
DisplayName = displayName,
Email = email,
PasswordHash = hash,
PasswordSalt = salt,
IsActive = 1,
InsertDate = DateTime.Now,
InsertUserId = 1,
LastDirectoryUpdate = DateTime.Now
});
uow.Commit();
UserRetrieveService.RemoveCachedUser(userId, username);
}
return(true);
}
catch (Exception ex)
{
Log.Error("Error while importing directory user", ex, this.GetType());
return(false);
}
}
