private void _handleLoginOperation(Login login, Action<BplContextNode> onSuccess) { Log.Info("Login: Start"); if (login.LoginName.IsEmpty() || login.Password.IsEmpty()) { Log.Warn("Login: Attempt to perform login with empty {0}", login.LoginName.IsEmpty() ? "login name" : "password"); onSuccess(new LoginResult { Status = LoginStatus.InvalidLogin }); } else { //TK: We need to create dummy contact to generate correct loinName; var loginContact = new LoginContact(login.LoginName); AuthServices.Login(loginContact, login.Password, (status, loginName) => _processLogin(loginName, status, r => onSuccess(new Value<LoginResult> { result = r }))); } }
private static string _getName(LoginContact contact) { if (contact != null && contact.LoginName.NotEmpty()) { return CryptServices.HashLogin(contact.LoginName); } return null; }
internal static void CreateUser(BplIdentity id, LoginContact contact, string password, Action<RegistrationResult, string> onFinished) { //cleanup role var loginName = _getName(contact); if (loginName.IsEmpty() || password.IsEmpty()) { onFinished(RegistrationResult.InvalidInformation, null); } else { try { //register in AD using (var context = new PrincipalContext(ContextType.Domain, ADServer, ADUserContainer, ADUsername, ADPassword)) { var result = RegistrationResult.Success; try { var up = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, loginName); if (up != null) { result = up.Enabled == true ? RegistrationResult.ClientAlreadyRegistered : RegistrationResult.ClientBlocked; } else { up = new UserPrincipal(context); up.SamAccountName = loginName; //TK: Consider duplication on up.UserPrincipalName up.Name = (string)id.LocalId; //TODO: Consider not only for drivers. Local ID can be not unique. if (contact.LoginKind == LoginKind.Email) { up.EmailAddress = contact.LoginValue; } else { //this is phone number up.VoiceTelephoneNumber = contact.LoginValue; } up.Save(); object pgid = null; var gpOscar = GroupPrincipal.FindByIdentity(context, IdentityType.SamAccountName, _usersGroup); if (gpOscar != null) { var grp = (DirectoryEntry)gpOscar.GetUnderlyingObject(); grp.Invoke("GetInfoEx", new object[] { new object[] { "primaryGroupToken" }, 0 }); pgid = grp.Invoke("Get", new object[] { "primaryGroupToken" }); grp.Properties["member"].Add(up.DistinguishedName); grp.CommitChanges(); grp.Close(); } else { throw new ApplicationException("Unable to get and assign valid group {0}".Substitute(_usersGroup)); } //this is how we are doing impersonation using (var entry = new DirectoryEntry("LDAP://{0}/{1}".Substitute(ADServer, up.DistinguishedName), ADUsername, ADPassword)) { //TK: consider using reg code -> entry.Properties["uid"].Value = request.RegistrationCode; if (pgid != null) { entry.Properties["primaryGroupID"].Value = pgid; } entry.Invoke("SetPassword", new object[] { password }); entry.CommitChanges(); using (var gContext = new PrincipalContext(ContextType.Domain, ADServer, ADGlobalContainer, ADUsername, ADPassword)) { var gpUsers = GroupPrincipal.FindByIdentity(gContext, "Domain Users"); if (gpUsers != null) { var grp = (DirectoryEntry)gpUsers.GetUnderlyingObject(); grp.Properties["member"].Remove(up.DistinguishedName); grp.CommitChanges(); grp.Close(); } else { throw new ApplicationException("Unable to remove user from domain default group."); } } } up.Enabled = true; up.Save(); result = up.Enabled == true ? RegistrationResult.Success : RegistrationResult.Failure; up.Dispose(); up = null; Log.Info("User {0} registered in AD", loginName); } onFinished(result, loginName); } catch (Exception e) { //check and cleanup user if it is using (var up = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, loginName)) { if (up != null && up.Enabled != true) { up.Delete(); } } onFinished(RegistrationResult.Failure, null); Log.Exception(e, "Unable to register user in active directory"); } } } catch (Exception dx) { onFinished(RegistrationResult.Failure, null); Log.Exception(dx, "Unable to connect to active directory"); } } }
internal static void Login(LoginContact loginContact, string password, Action<LoginStatus, string> onFinished) { if (loginContact == null || loginContact.LoginName.IsEmpty() || password.IsEmpty()) { onFinished(LoginStatus.InvalidLogin, null); } else { using (var context = new PrincipalContext(ContextType.Domain, ADServer, ADUserContainer, ADUsername, ADPassword)) { var loginName = _getName(loginContact); onFinished(context.ValidateCredentials(loginName, password) ? LoginStatus.Success : LoginStatus.InvalidLogin, loginName); } } }
private void _validateContact(LoginContact contact, Uri callbackUri, string pin, string token, Action<bool> onResult) { if (contact == null) { Log.Warn("Unable to validate empty contact"); onResult(false); } else { var message = new SendContactMessage { Contact = contact.CreateContact() }; if (contact.LoginKind == LoginKind.Email) { var builder = new UriBuilder(callbackUri); builder.Query = builder.Query.Append("&pin={0}&token={1}".Substitute(pin, token)); //TODO: Localize this; message.Message = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Please follow {0}.".Substitute(builder.Uri.AbsoluteUri); } else if (message.Contact.Type == ContactTypes.MobilePhone) { //TODO: Localize this; message.Message = "Validation code: ".Append(pin); } else { Log.Warn("Driver registration: Unable to validate contact information since contact is neither email nor mobile phone."); onResult(false); } if (message.Message.NotEmpty()) { Services.Invoke(message, o => onResult(o), e => { Log.Error("Driver registration: Unable to send a message due to {0}", e.Error); onResult(false); }); } } }