/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoAccount = new Account_ADO();
//Accounts are returned as an ADO result
if (DTO.CcnUsername == null)
{
DTO.CcnUsername = SamAccountName;
}
ADO_readerOutput result = adoAccount.Read(Ado, DTO);
//Merge the data with Active Directory data
if (result.hasData)
{
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
adAdo.MergeAdToUsers(ref result);
if (!string.IsNullOrEmpty(DTO.CcnUsername))
{
adAdo.MergeGroupsToUsers(Ado, ref result);
}
Response.data = result.data;
return(true);
}
Log.Instance.Debug("No Account data found");
return(false);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
DTO.CcnUsername = SamAccountName;
Account_ADO accountAdo = new Account_ADO();
Account_DTO_Read dtoRead = new Account_DTO_Read();
dtoRead.CcnUsername = SamAccountName;
var readUser = accountAdo.Read(Ado, dtoRead);
if (readUser.hasData)
{
DTO.PrvCode = accountAdo.ReadAccounts(readUser)[0].PrvCode;
int nUpdated = accountAdo.Update(Ado, DTO, SamAccountName);
if (nUpdated == 0)
{
Log.Instance.Debug("Failed to update Account");
Response.error = Label.Get("error.update");
return(false);
}
}
Response.data = JSONRPC.success;
return(true);
}
protected override bool Execute()
{
if (!ReCAPTCHA.Validate(DTO.Captcha))
{
Response.error = Label.Get("error.authentication");
return(false);
}
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
if (adUser?.CcnEmail != null)
{
DTO.CcnEmail = adUser.CcnEmail;
DTO.CcnDisplayname = adUser.CcnDisplayName;
DTO.CcnUsername = adUser.CcnUsername;
}
else
{
Account_ADO aAdo = new Account_ADO();
var user = aAdo.Read(Ado, new Account_DTO_Read()
{
CcnUsername = DTO.CcnEmail
});
if (!user.hasData)
{
Response.data = JSONRPC.success;
return(true);
}
if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
{
Response.data = JSONRPC.success;
return(true);
}
DTO.CcnDisplayname = user.data[0].CcnDisplayName;
DTO.CcnEmail = user.data[0].CcnEmail;
DTO.CcnUsername = DTO.CcnEmail;
}
Login_BSO lBso = new Login_BSO(Ado);
ADO_readerOutput output = lBso.ReadByToken2Fa(DTO.LgnToken2Fa, DTO.CcnUsername);
if (!output.hasData)
{
return(false);
}
//create a 2fa, save it to the database, unlock the account and send the 2fa back to the client to be displayed as a QRCode
string token = lBso.Update2FA(new Login_DTO_Create2FA()
{
LgnToken2Fa = DTO.LgnToken2Fa, CcnUsername = DTO.CcnUsername
});
Response.data = token;
return(true);
}
/// <summary>
/// Checks if the user is registered on the system
/// </summary>
/// <param name="ado"></param>
/// <param name="ccnUsername"></param>
/// <returns></returns>
internal bool IsRegistered(ADO ado, string ccnUsername)
{
Account_ADO accountAdo = new Account_ADO();
Account_DTO_Read dto = new Account_DTO_Read();
dto.CcnUsername = ccnUsername;
ADO_readerOutput output = accountAdo.Read(ado, dto);
return(output.hasData);
}
protected override bool Execute()
{
if (!ReCAPTCHA.Validate(DTO.Captcha))
{
Response.error = Label.Get("error.authentication");
return(false);
}
Login_BSO lBso = new Login_BSO(Ado);
Account_ADO aAdo = new Account_ADO();
ADO_readerOutput responseUser = aAdo.Read(Ado, DTO.CcnEmail);
//If this is an AD user using their email as an identifier then we must get their details from AD
if (!responseUser.hasData)
{
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
if (adResult == null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
//Check if AD local access is allowed
if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess") && adResult != null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
DTO.CcnUsername = adResult.CcnUsername;
}
else
{
DTO.CcnUsername = responseUser.data[0].CcnUsername;
}
var response = lBso.Update2FA(DTO);
if (response != null)
{
Response.data = response;
return(true);
}
Response.error = Label.Get("error.authentication");
return(false);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoGroupAccount = new GroupAccount_ADO();
//Power users or Administrators may not be group members
if (IsPowerUser(DTO.CcnUsername) || IsAdministrator(DTO.CcnUsername))
{
Log.Instance.Debug("Power users or Administrators may not be group members");
Response.error = Label.Get("error.create");
return(false);
}
//Check if the user exists
var adoAccount = new Account_ADO();
var account = adoAccount.Read(Ado, DTO.CcnUsername);
if (!account.hasData)
{
Log.Instance.Debug("User does not exist");
Response.error = Label.Get("error.create");
return(false);
}
//First we must check if the GroupAccount exists already (we can't have duplicates)
if (adoGroupAccount.Exists(Ado, DTO.CcnUsername, DTO.GrpCode))
{
//This GroupAccount exists already, we can't proceed
Log.Instance.Debug("GroupAccount exists already - create request refused");
Response.error = Label.Get("error.duplicate");
return(false);
}
//Create the GroupAccount - and retrieve the newly created Id
int newId = adoGroupAccount.Create(Ado, DTO, SamAccountName);
if (newId == 0)
{
Log.Instance.Debug("Can't create Group Account");
Response.error = Label.Get("error.create");
return(false);
}
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
if (DTO.CcnUsername == null)
{
DTO.CcnUsername = SamAccountName;
}
Account_ADO adoAccount = new Account_ADO();
ADO_readerOutput result = adoAccount.ReadReleaseApprovers(Ado, DTO);
Response.data = result.hasData;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not create an Administrator
if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not create an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//We need to check if the requested user is in Active Directory, otherwise we refuse the request.
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
if (adDto.CcnUsername == null)
{
Log.Instance.Debug("AD user not found");
Response.error = Label.Get("error.create");
return(false);
}
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoAccount = new Account_ADO();
//First we must check if the Account exists already (we can't have duplicates)
if (adoAccount.Exists(Ado, DTO.CcnUsername))
{
//This Account exists already, we can't proceed
Log.Instance.Debug("Account exists already");
Response.error = Label.Get("error.duplicate");
return(false);
}
//Create the Account - and retrieve the newly created Id
int newId = adoAccount.Create(Ado, DTO, SamAccountName);
if (newId == 0)
{
Log.Instance.Debug("adoAccount.Create - can't crete Account");
Response.error = Label.Get("error.create");
return(false);
}
Response.data = JSONRPC.success;
return(true);
}
protected override bool Execute()
{
Login_BSO lBso = new Login_BSO(Ado);
Account_ADO aAdo = new Account_ADO();
ADO_readerOutput response = aAdo.Read(Ado, DTO.CcnEmail);
if (!response.hasData)
{
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
//adAdo.MergeAdToUsers(ref result);
var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
////Email address not in the login table, try to get the username from the email address via AD
//PrincipalContext context = new PrincipalContext(ContextType.Domain);
//user = UserPrincipal.FindByIdentity(context, DTO.CcnEmail).Name;
if (adResult == null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
DTO.CcnUsername = adResult.CcnUsername;
}
else
{
DTO.CcnUsername = response.data[0].CcnUsername;
}
Login_ADO lAdo = new Login_ADO(Ado);
if (lAdo.ReadOpen2Fa(DTO.CcnUsername))
{
Response.data = JSONRPC.success;
return(true);
}
return(false);
}
/// <summary>
/// Get all users of a given privilege
/// </summary>
/// <param name="prvCode"></param>
/// <returns></returns>
internal ADO_readerOutput getUsersOfPrivilege(string prvCode)
{
ado = new ADO("defaultConnection");
try
{
Account_ADO aAdo = new Account_ADO();
var result = aAdo.ReadMinimumPrivilege(ado, prvCode);
return(result);
}
catch (Exception ex)
{
throw ex;
}
finally
{
ado.Dispose();
}
}
internal ADO_readerOutput ReadCurrentAccess(ADO Ado, string ccnUsername)
{
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoAccount = new Account_ADO();
ADO_readerOutput result = adoAccount.Read(Ado, ccnUsername);
if (result.hasData)
{
// Set the cache based on the data returned
MemCacheD.Store_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", ccnUsername, result.data, new DateTime());
return(result);
}
Log.Instance.Debug("No Account data found");
return(result);
}
/// <summary>
/// Get a list of users connected to this release with a number of filter options
/// </summary>
/// <param name="rlsCode"></param>
/// <param name="isApprover"></param>
/// <param name="prvCode"></param>
/// <returns></returns>
internal ADO_readerOutput getReleaseUsers(int rlsCode, bool?isApprover, string prvCode = null)
{
ado = new ADO("defaultConnection");
try
{
Account_ADO aAdo = new Account_ADO();
var result = aAdo.ReadReleaseUsers(ado, rlsCode, isApprover, prvCode);
return(result);
}
catch (Exception ex)
{
throw ex;
}
finally
{
ado.Dispose();
}
}
internal bool IsModerator(ADO ado, string ccnUsername)
{
Account_ADO accountAdo = new Account_ADO();
Account_DTO_Read dto = new Account_DTO_Read();
dto.CcnUsername = ccnUsername;
ADO_readerOutput output = accountAdo.Read(ado, dto);
if (!output.hasData)
{
return(false);
}
else
{
dynamic account = output.data.First();
return(account.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_MODERATOR));
}
}
protected override bool Execute()
{
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
if (adDto?.CcnUsername != null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
Login_BSO lBso = new Login_BSO(Ado);
Account_ADO aado = new Account_ADO();
var user = aado.Read(Ado, DTO.CcnEmail);
if (!user.hasData)
{
Response.error = Label.Get("error.authentication");
return(false);
}
string token = Utility.GetRandomSHA256(user.data[0].CcnId.ToString());
if (lBso.Update1FaTokenForUser(user.data[0].CcnUsername, token) != null)
{
SendEmail(new Login_DTO_Create()
{
CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
}, token, "PxStat.Security.Login_API.Update1FA");
Response.data = JSONRPC.success;
return(true);
}
Response.error = Label.Get("error.authentication");
return(false);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
Stopwatch sw = new Stopwatch();
sw.Start();
if (!ReCAPTCHA.Validate(DTO.Captcha))
{
Response.error = Label.Get("error.authentication");
return(false);
}
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
//Check if local access is available for AD users
if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess") && adUser != null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
DTO.CcnUsername = DTO.CcnEmail;
Login_BSO lBso = new Login_BSO(Ado);
Account_ADO aAdo = new Account_ADO();
ADO_readerOutput response = aAdo.Read(Ado, DTO.CcnEmail);
string user;
if (!response.hasData)
{
//Email address not in the login table, try to get the username from the email address via AD
var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
Log.Instance.Debug("AD user found from email - time ms: " + sw.ElapsedMilliseconds);
if (adResult == null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
user = adResult.CcnUsername;
//Now get the user details from the table
response = aAdo.Read(Ado, user);
if (!response.hasData)
{
Response.error = Label.Get("error.authentication");
return(false);
}
if (response.data[0].CcnLockedFlag)
{
Response.error = Label.Get("error.account.locked");
return(false);
}
}
else
{
user = response.data[0].CcnUsername;
}
if (response.data[0].Lgn2Fa.Equals(DBNull.Value))
{
Response.error = Label.Get("error.authentication");
return(false);
}
if (response.data[0].CcnLockedFlag)
{
Response.error = Label.Get("error.authentication");
return(false);
}
int ccnId = response.data[0].CcnId;
string login2Fa = response.data[0].Lgn2Fa;
if (!API.TwoFA.Validate2fa(DTO.Totp, login2Fa))
{
Response.error = Label.Get("error.authentication");
return(false);
}
response = lBso.Validate1Fa(DTO.Lgn1Fa, user);
if (!response.hasData)
{
//No validation available via the Login table, try Active Directory
long lValidatePassword = sw.ElapsedMilliseconds;
if (!ActiveDirectory.IsPasswordValid(user, DTO.Lgn1Fa))
{
Response.error = Label.Get("error.authentication");
return(false);
}
Log.Instance.Debug("Elaspsed time ValidatePassword: "******"AD validation time ms: " + sw.ElapsedMilliseconds);
//Get the remaining details from the database
response = aAdo.Read(Ado, user);
if (!response.hasData)
{
Response.error = Label.Get("error.authentication");
return(false);
}
}
//If we have found an account, credentials are ok, but the account is locked, then we return an account locked error
//could be AD too
//IsUserAuthenticated needs to check if the user is locked too
if (response.data[0].CcnLockedFlag)
{
Response.error = Label.Get("error.account.locked");
return(false);
}
string sessionToken = Utility.GetRandomSHA256(ccnId.ToString());
DateTime expiry = DateTime.Now.AddSeconds(Configuration_BSO.GetCustomConfig(ConfigType.global, "session.length"));
if (!lBso.CreateSession(sessionToken, expiry, user))
{
Response.error = Label.Get("error.create");
return(false);
}
Response.sessionCookie = new HttpCookie(API.Common.SessionCookieName)
{
Value = sessionToken
};
Response.data = API.JSONRPC.success;
long l = sw.ElapsedMilliseconds;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not update a user to become an Administrator
if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not update a user to become an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//A power user may not downgrade an administrator
if (IsPowerUser() && IsAdministrator(DTO.CcnUsername) && !DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not downgrade an administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
Account_ADO adoAccount = new Account_ADO();
//There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused.
if (IsAdministrator(DTO.CcnUsername))
{
if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this update.");
Response.error = Label.Get("error.update");
return(false);
}
}
//Update and retrieve the number of updated rows
int nUpdated = adoAccount.Update(Ado, DTO, SamAccountName);
if (nUpdated == 0)
{
Log.Instance.Debug("Failed to update Account");
Response.error = Label.Get("error.update");
return(false);
}
//An administrator or power user may not be a member of a group. Therefore we will remove any group memberships for the updated user
// We run the check based on the proposed PrvCode, not on the existing privilege
if (DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR) || DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_POWER_USER))
{
List <GroupAccount_DTO> groupAccountList = getGroupMembership(DTO.CcnUsername);
foreach (GroupAccount_DTO groupAccount in groupAccountList)
{
GroupAccount_ADO gaAdo = new GroupAccount_ADO();
GroupAccount_DTO_Delete gaDto = new GroupAccount_DTO_Delete();
gaDto.CcnUsername = groupAccount.CcnUsername;
gaDto.GrpCode = groupAccount.GrpCode;
int deleted = gaAdo.Delete(Ado, gaDto, SamAccountName);
if (deleted == 0)
{
Log.Instance.Debug("Failed to delete account group membership");
Response.error = Label.Get("error.update");
return(false);
}
}
}
//If this user is cached then we must remove it because the data is now out of date
MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername);
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
bool success = false;
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
if (adUser?.CcnEmail != null)
{
//Check if local access is available for AD users
if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess"))
{
Response.error = Label.Get("error.authentication");
return(false);
}
DTO.CcnEmail = adUser.CcnEmail;
DTO.CcnDisplayname = adUser.CcnDisplayName;
DTO.CcnUsername = adUser.CcnUsername;
}
else
{
Account_ADO aAdo = new Account_ADO();
var user = aAdo.Read(Ado, new Account_DTO_Read()
{
CcnUsername = DTO.CcnEmail
});
if (!user.hasData)
{
Response.data = JSONRPC.success;
return(success);
}
if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
{
Response.data = JSONRPC.success;
return(true);
}
DTO.CcnDisplayname = user.data[0].CcnDisplayName;
DTO.CcnEmail = user.data[0].CcnEmail;
DTO.CcnUsername = DTO.CcnEmail;
}
Login_BSO lBso = new Login_BSO(Ado);
string token = Utility.GetRandomSHA256(DTO.CcnUsername);
lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, token);
if (token != null)
{
SendEmail(new Login_DTO_Create()
{
CcnUsername = DTO.CcnUsername, CcnEmail = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnDisplayname = DTO.CcnDisplayname
}, token, "PxStat.Security.Login_API.Update2FA");
Response.data = JSONRPC.success;
success = true;
}
Response.data = JSONRPC.success;
return(success);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not delete an Administrator
if (IsPowerUser() && IsAdministrator(DTO.CcnUsername))
{
Log.Instance.Debug("A power user may not delete an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//You can't delete yourself
if (DTO.CcnUsername.Equals(SamAccountName))
{
Log.Instance.Debug("A user may not delete themselves");
Response.error = Label.Get("error.delete");
return(false);
}
var adoAccount = new Account_ADO();
//There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused.
if (IsAdministrator(DTO.CcnUsername))
{
if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this delete.");
Response.error = Label.Get("error.delete");
return(false);
}
}
//We also need to delete user membership of any groups
GroupAccount_ADO gaAdo = new GroupAccount_ADO();
GroupAccount_DTO_Read gaDto = new GroupAccount_DTO_Read();
gaDto.CcnUsername = DTO.CcnUsername;
ADO_readerOutput groupAccountList = gaAdo.Read(Ado, gaDto);
if (groupAccountList.hasData)
{
foreach (dynamic res in groupAccountList.data)
{
GroupAccount_DTO_Delete dtoDelete = new GroupAccount_DTO_Delete();
dtoDelete.CcnUsername = DTO.CcnUsername;
dtoDelete.GrpCode = res.GrpCode;
gaAdo.Delete(Ado, dtoDelete, SamAccountName);
}
}
//attempting to delete. The number of entities deleted are passed to the entitiesDeleted variable (this is 1 for a successful delete)
int nDeleted = adoAccount.Delete(Ado, DTO, SamAccountName);
if (nDeleted == 0)
{
Log.Instance.Debug("adoAccount.Delete - can't delete Account");
Response.error = Label.Get("error.delete");
return(false);
}
//If this user is cached then we must remove the cache entry as well
MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername);
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not create an Administrator
if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not create an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//We need to check if the requested user is in Active Directory, otherwise we refuse the request.
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
if (adDto.CcnUsername == null)
{
Log.Instance.Debug("AD user not found");
Response.error = Label.Get("error.create");
return(false);
}
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoAccount = new Account_ADO();
//First we must check if the Account exists already (we can't have duplicates)
if (adoAccount.Exists(Ado, DTO.CcnUsername))
{
//This Account exists already, we can't proceed
Log.Instance.Debug("Account exists already");
Response.error = Label.Get("error.duplicate");
return(false);
}
//Create the Account - and retrieve the newly created Id
int newId = adoAccount.Create(Ado, DTO, SamAccountName, true);
if (newId == 0)
{
Log.Instance.Debug("adoAccount.Create - can't create Account");
Response.error = Label.Get("error.create");
return(false);
}
string token = Utility.GetRandomSHA256(newId.ToString());
Login_BSO lBso = new Login_BSO(Ado);
lBso.CreateLogin(new Login_DTO_Create()
{
CcnUsername = DTO.CcnUsername
}, SamAccountName, null);
//Check if local access is available for AD users
if (Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess"))
{
lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, token);
SendEmail(new Login_DTO_Create()
{
CcnDisplayname = adDto.CcnDisplayName, CcnEmail = adDto.CcnEmail, CcnUsername = DTO.CcnUsername, LngIsoCode = DTO.LngIsoCode
}, token, "PxStat.Security.Login_API.Create2FA");
}
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not create an Administrator
if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not create an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//We need to check if the requested user is NOT in Active Directory, otherwise we refuse the request.
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
if (adDto.CcnUsername != null)
{
Log.Instance.Debug("Account exists already");
Response.error = Label.Get("error.create");
return(false);
}
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoAccount = new Account_ADO();
//First we must check if the Account exists already (we can't have duplicates)
if (adoAccount.Exists(Ado, DTO.CcnEmail))
{
//This Account exists already, we can't proceed
Log.Instance.Debug("Account exists already");
Response.error = Label.Get("error.duplicate");
return(false);
}
//Next check if the email exists
if (adoAccount.ExistsByEmail(Ado, DTO.CcnEmail))
{
//This Account exists already, we can't proceed
Log.Instance.Debug("Account exists already");
Response.error = Label.Get("error.duplicate");
return(false);
}
//make sure this email isn't an AD email - they should not become local users
var aduser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
if (aduser != null)
{
//This Account exists in AD, we can't proceed
Log.Instance.Debug("Account exists in AD");
Response.error = Label.Get("error.create");
return(false);
}
//Create the Account - and retrieve the newly created Id
int newId = adoAccount.Create(Ado, new Account_DTO_Create()
{
CcnUsername = DTO.CcnUsername, CcnNotificationFlag = DTO.CcnNotificationFlag, LngIsoCode = DTO.LngIsoCode, PrvCode = DTO.PrvCode, CcnDisplayName = DTO.CcnDisplayName, CcnEmail = DTO.CcnEmail
}, SamAccountName, false);
if (newId == 0)
{
Log.Instance.Debug("adoAccount.Create - can't create Account");
Response.error = Label.Get("error.create");
return(false);
}
Login_DTO_Create lDto = new Login_DTO_Create()
{
CcnUsername = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = DTO.CcnDisplayName
};
Login_BSO lBso = new Login_BSO(Ado);
string token = Utility.GetRandomSHA256(newId.ToString());
if (lBso.CreateLogin(lDto, SamAccountName, token))
{
SendEmail(lDto, token, "PxStat.Security.Login_API.Create1FA");
}
else
{
Response.error = Label.Get("error.create");
return(false);
}
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
if (!ReCAPTCHA.Validate(DTO.Captcha))
{
Response.error = Label.Get("error.authentication");
return(false);
}
if (DTO.CcnUsername == null)
{
DTO.CcnUsername = DTO.CcnEmail;
}
//Not allowed for AD users
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
if (adDto.CcnDisplayName != null)
{
Response.data = JSONRPC.success;
return(true);
}
Account_ADO ccnAdo = new Account_ADO();
var user = ccnAdo.Read(Ado, new Account_DTO_Read()
{
CcnUsername = DTO.CcnEmail
});
if (!user.hasData)
{
Response.data = JSONRPC.success;
return(true);
}
if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
{
Response.data = JSONRPC.success;
return(true);
}
DTO.CcnEmail = user.data[0].CcnEmail;
Login_BSO lBso = new Login_BSO(Ado);
string loginToken = Utility.GetRandomSHA256(user.data[0].CcnId.ToString());
Login_DTO_Create ldto = new Login_DTO_Create()
{
CcnUsername = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
};
if (lBso.Update1FaTokenForUser(DTO.CcnEmail, loginToken) != null)
{
SendEmail(new Login_DTO_Create()
{
CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
}, loginToken, "PxStat.Security.Login_API.Update1FA");
Response.data = JSONRPC.success;
return(true);
}
else
{
Response.error = Label.Get("error.create");
return(false);
}
}