/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { if (Request.sessionCookie == null) { Response.error = Label.Get("error.authentication"); return(false); } ADO_readerOutput user = null; using (Login_BSO lBso = new Login_BSO()) { user = lBso.ReadBySession(Request.sessionCookie.Value); if (user.hasData) { if (user.data[0].CcnEmail == null) { DTO.CcnUsername = user.data[0].CcnUsername; ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); if (adDto.CcnDisplayName != null) { user.data[0].CcnEmail = adDto.CcnEmail; } } Response.data = user.data; return(true); } else { Response.error = Label.Get("error.authentication"); return(false); } } }
protected override bool Execute() { if (!ReCAPTCHA.Validate(DTO.Captcha)) { Response.error = Label.Get("error.authentication"); return(false); } ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail); if (adUser?.CcnEmail != null) { DTO.CcnEmail = adUser.CcnEmail; DTO.CcnDisplayname = adUser.CcnDisplayName; DTO.CcnUsername = adUser.CcnUsername; } else { Account_ADO aAdo = new Account_ADO(); var user = aAdo.Read(Ado, new Account_DTO_Read() { CcnUsername = DTO.CcnEmail }); if (!user.hasData) { Response.data = JSONRPC.success; return(true); } if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value)) { Response.data = JSONRPC.success; return(true); } DTO.CcnDisplayname = user.data[0].CcnDisplayName; DTO.CcnEmail = user.data[0].CcnEmail; DTO.CcnUsername = DTO.CcnEmail; } Login_BSO lBso = new Login_BSO(Ado); ADO_readerOutput output = lBso.ReadByToken2Fa(DTO.LgnToken2Fa, DTO.CcnUsername); if (!output.hasData) { return(false); } //create a 2fa, save it to the database, unlock the account and send the 2fa back to the client to be displayed as a QRCode string token = lBso.Update2FA(new Login_DTO_Create2FA() { LgnToken2Fa = DTO.LgnToken2Fa, CcnUsername = DTO.CcnUsername }); Response.data = token; return(true); }
/// <summary> /// Finds a single AD user in Active Directory /// </summary> /// <param name="Ado"></param> /// <param name="accountDto"></param> /// <returns></returns> //internal ActiveDirectory_DTO GetUser(ADO Ado, Account_DTO_Create accountDto) internal ActiveDirectory_DTO GetUser <T>(ADO Ado, T accountDto) { List <ActiveDirectory_DTO> result = Read(Ado, accountDto); ActiveDirectory_DTO adDTO = new ActiveDirectory_DTO(); if (result.Count != default(int)) { adDTO = result.FirstOrDefault(); } return(adDTO); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { //A power user may not create an Administrator if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR)) { Log.Instance.Debug("A power user may not create an Administrator"); Response.error = Label.Get("error.privilege"); return(false); } //We need to check if the requested user is in Active Directory, otherwise we refuse the request. ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); if (adDto.CcnUsername == null) { Log.Instance.Debug("AD user not found"); Response.error = Label.Get("error.create"); return(false); } //Validation of parameters and user have been successful. We may now proceed to read from the database var adoAccount = new Account_ADO(); //First we must check if the Account exists already (we can't have duplicates) if (adoAccount.Exists(Ado, DTO.CcnUsername)) { //This Account exists already, we can't proceed Log.Instance.Debug("Account exists already"); Response.error = Label.Get("error.duplicate"); return(false); } //Create the Account - and retrieve the newly created Id int newId = adoAccount.Create(Ado, DTO, SamAccountName); if (newId == 0) { Log.Instance.Debug("adoAccount.Create - can't crete Account"); Response.error = Label.Get("error.create"); return(false); } Response.data = JSONRPC.success; return(true); }
protected override bool Execute() { if (Request.sessionCookie == null) { Response.error = Label.Get("error.authentication"); return(false); } Login_BSO lBso = new Login_BSO(Ado); var userResponse = lBso.ReadBySession(Request.sessionCookie.Value); if (userResponse.hasData) { string user = userResponse.data[0].CcnUsername; //This should not be allowed for an AD user DTO.CcnUsername = user; ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); if (adDto.CcnDisplayName != null) { Response.data = JSONRPC.success; return(true); } string token = Utility.GetRandomSHA256(userResponse.data[0].CcnId.ToString()); if (lBso.Update1FaTokenForUser(userResponse.data[0].CcnUsername, token) != null) { SendEmail(new Login_DTO_Create() { CcnUsername = userResponse.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = userResponse.data[0].CcnEmail, CcnDisplayname = userResponse.data[0].CcnDisplayName }, token, "PxStat.Security.Login_API.Update1FA"); Response.data = JSONRPC.success; return(true); } return(false); } Response.error = Label.Get("error.authentication"); return(false); }
/// <summary> /// Returns the entire Active Directory list if no CcnUsername parameter is supplied /// Otherwise return the AD entry for the specified user /// </summary> /// <param name="ado"></param> /// <param name="parameters"></param> /// <returns></returns> internal static List <ActiveDirectory_DTO> Read(ADO ado, dynamic parameters) { List <ActiveDirectory_DTO> readList = new List <ActiveDirectory_DTO>(); // Get Active Directory IDictionary <string, dynamic> adDirectory; if (!string.IsNullOrEmpty(parameters.CcnUsername)) // we are searching for one user { dynamic readAD; readAD = ActiveDirectory.Search(parameters.CcnUsername); if (readAD == null) { return(readList); } ActiveDirectory_DTO dto = new ActiveDirectory_DTO(); dto.CcnUsername = readAD.SamAccountName; dto.CcnEmail = readAD.EmailAddress; dto.CcnName = readAD.GivenName + " " + readAD.Surname; readList.Add(dto); return(readList); } // List all users adDirectory = ActiveDirectory.List(); foreach (KeyValuePair <string, dynamic> pair in adDirectory) { ActiveDirectory_DTO dto = new ActiveDirectory_DTO(parameters); dto.CcnUsername = pair.Value.SamAccountName; dto.CcnEmail = pair.Value.EmailAddress; dto.CcnName = pair.Value.GivenName + " " + pair.Value.Surname; readList.Add(dto); } return(readList); }
protected override bool Execute() { ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail); if (adDto?.CcnUsername != null) { Response.error = Label.Get("error.authentication"); return(false); } Login_BSO lBso = new Login_BSO(Ado); Account_ADO aado = new Account_ADO(); var user = aado.Read(Ado, DTO.CcnEmail); if (!user.hasData) { Response.error = Label.Get("error.authentication"); return(false); } string token = Utility.GetRandomSHA256(user.data[0].CcnId.ToString()); if (lBso.Update1FaTokenForUser(user.data[0].CcnUsername, token) != null) { SendEmail(new Login_DTO_Create() { CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName }, token, "PxStat.Security.Login_API.Update1FA"); Response.data = JSONRPC.success; return(true); } Response.error = Label.Get("error.authentication"); return(false); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { bool success = false; ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail); if (adUser?.CcnEmail != null) { //Check if local access is available for AD users if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess")) { Response.error = Label.Get("error.authentication"); return(false); } DTO.CcnEmail = adUser.CcnEmail; DTO.CcnDisplayname = adUser.CcnDisplayName; DTO.CcnUsername = adUser.CcnUsername; } else { Account_ADO aAdo = new Account_ADO(); var user = aAdo.Read(Ado, new Account_DTO_Read() { CcnUsername = DTO.CcnEmail }); if (!user.hasData) { Response.data = JSONRPC.success; return(success); } if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value)) { Response.data = JSONRPC.success; return(true); } DTO.CcnDisplayname = user.data[0].CcnDisplayName; DTO.CcnEmail = user.data[0].CcnEmail; DTO.CcnUsername = DTO.CcnEmail; } Login_BSO lBso = new Login_BSO(Ado); string token = Utility.GetRandomSHA256(DTO.CcnUsername); lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, token); if (token != null) { SendEmail(new Login_DTO_Create() { CcnUsername = DTO.CcnUsername, CcnEmail = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnDisplayname = DTO.CcnDisplayname }, token, "PxStat.Security.Login_API.Update2FA"); Response.data = JSONRPC.success; success = true; } Response.data = JSONRPC.success; return(success); }
protected override bool Execute() { //Validate against ReCAPTCHA if (!ReCAPTCHA.Validate(DTO.Captcha)) { Response.error = Label.Get("error.authentication"); return(false); } //get the user from the token while checking the token is still valid // generate a new token and new timeout //update TD_LOGIN with the hashed password, the new token and the new timeout bool success = false; Login_BSO lBso = new Login_BSO(Ado); var userdata = lBso.ReadByToken1Fa(DTO.LgnToken1Fa, DTO.CcnUsername); if (!userdata.hasData) { Response.error = Label.Get("error.authentication"); return(false); } string newToken = Utility.GetRandomSHA256(userdata.data[0].CcnId.ToString()); DTO.CcnEmail = userdata.data[0].CcnEmail; DTO.CcnUsername = userdata.data[0].CcnUsername; //Not allowed for AD users ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); if (adDto.CcnDisplayName != null) { Response.error = Label.Get("error.authentication"); return(false); } if (lBso.Update1FA(DTO, newToken)) { DTO.LgnToken1Fa = newToken; lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, newToken); if (sendMail) { SendEmail(new Login_DTO_Create() { CcnUsername = DTO.CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = userdata.data[0].CcnDisplayName }, newToken, "PxStat.Security.Login_API.Create2FA"); } Response.data = JSONRPC.success; success = true; } else { Response.error = Label.Get("error.create"); success = false; } return(success); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { Login_BSO lBso = new Login_BSO(Ado); ADO_readerOutput user; string displayName = null; string email = null; string ccnUsername = null; if (SamAccountName != null) { ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, new Account_DTO_Create() { CcnUsername = SamAccountName }); displayName = adDto.CcnDisplayName; email = adDto.CcnEmail; ccnUsername = adDto.CcnUsername; } //Check if local access is available for AD users if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess") && ccnUsername != null) { Response.error = Label.Get("error.authentication"); return(false); } if (ccnUsername == null) { if (Request.sessionCookie == null) { Response.error = Label.Get("error.authentication"); return(false); } user = lBso.ReadBySession(Request.sessionCookie.Value); if (user.hasData) { if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value)) { Response.data = JSONRPC.success; return(true); } displayName = user.data[0].CcnDisplayName; email = user.data[0].CcnEmail; ccnUsername = user.data[0].CcnUsername; } } if (ccnUsername == null) { Response.error = Label.Get("error.authentication"); return(false); } string token = Utility.GetRandomSHA256(ccnUsername); lBso.UpdateInvitationToken2Fa(ccnUsername, token); if (token != null) { SendEmail(new Login_DTO_Create() { CcnUsername = ccnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = email, CcnDisplayname = displayName }, token, "PxStat.Security.Login_API.Update2FA"); Response.data = JSONRPC.success; return(true); } Response.error = Label.Get("error.create"); return(false); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { //A power user may not create an Administrator if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR)) { Log.Instance.Debug("A power user may not create an Administrator"); Response.error = Label.Get("error.privilege"); return(false); } //We need to check if the requested user is in Active Directory, otherwise we refuse the request. ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); if (adDto.CcnUsername == null) { Log.Instance.Debug("AD user not found"); Response.error = Label.Get("error.create"); return(false); } //Validation of parameters and user have been successful. We may now proceed to read from the database var adoAccount = new Account_ADO(); //First we must check if the Account exists already (we can't have duplicates) if (adoAccount.Exists(Ado, DTO.CcnUsername)) { //This Account exists already, we can't proceed Log.Instance.Debug("Account exists already"); Response.error = Label.Get("error.duplicate"); return(false); } //Create the Account - and retrieve the newly created Id int newId = adoAccount.Create(Ado, DTO, SamAccountName, true); if (newId == 0) { Log.Instance.Debug("adoAccount.Create - can't create Account"); Response.error = Label.Get("error.create"); return(false); } string token = Utility.GetRandomSHA256(newId.ToString()); Login_BSO lBso = new Login_BSO(Ado); lBso.CreateLogin(new Login_DTO_Create() { CcnUsername = DTO.CcnUsername }, SamAccountName, null); //Check if local access is available for AD users if (Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess")) { lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, token); SendEmail(new Login_DTO_Create() { CcnDisplayname = adDto.CcnDisplayName, CcnEmail = adDto.CcnEmail, CcnUsername = DTO.CcnUsername, LngIsoCode = DTO.LngIsoCode }, token, "PxStat.Security.Login_API.Create2FA"); } Response.data = JSONRPC.success; return(true); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { //A power user may not create an Administrator if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR)) { Log.Instance.Debug("A power user may not create an Administrator"); Response.error = Label.Get("error.privilege"); return(false); } //We need to check if the requested user is NOT in Active Directory, otherwise we refuse the request. ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); if (adDto.CcnUsername != null) { Log.Instance.Debug("Account exists already"); Response.error = Label.Get("error.create"); return(false); } //Validation of parameters and user have been successful. We may now proceed to read from the database var adoAccount = new Account_ADO(); //First we must check if the Account exists already (we can't have duplicates) if (adoAccount.Exists(Ado, DTO.CcnEmail)) { //This Account exists already, we can't proceed Log.Instance.Debug("Account exists already"); Response.error = Label.Get("error.duplicate"); return(false); } //Next check if the email exists if (adoAccount.ExistsByEmail(Ado, DTO.CcnEmail)) { //This Account exists already, we can't proceed Log.Instance.Debug("Account exists already"); Response.error = Label.Get("error.duplicate"); return(false); } //make sure this email isn't an AD email - they should not become local users var aduser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail); if (aduser != null) { //This Account exists in AD, we can't proceed Log.Instance.Debug("Account exists in AD"); Response.error = Label.Get("error.create"); return(false); } //Create the Account - and retrieve the newly created Id int newId = adoAccount.Create(Ado, new Account_DTO_Create() { CcnUsername = DTO.CcnUsername, CcnNotificationFlag = DTO.CcnNotificationFlag, LngIsoCode = DTO.LngIsoCode, PrvCode = DTO.PrvCode, CcnDisplayName = DTO.CcnDisplayName, CcnEmail = DTO.CcnEmail }, SamAccountName, false); if (newId == 0) { Log.Instance.Debug("adoAccount.Create - can't create Account"); Response.error = Label.Get("error.create"); return(false); } Login_DTO_Create lDto = new Login_DTO_Create() { CcnUsername = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = DTO.CcnDisplayName }; Login_BSO lBso = new Login_BSO(Ado); string token = Utility.GetRandomSHA256(newId.ToString()); if (lBso.CreateLogin(lDto, SamAccountName, token)) { SendEmail(lDto, token, "PxStat.Security.Login_API.Create1FA"); } else { Response.error = Label.Get("error.create"); return(false); } Response.data = JSONRPC.success; return(true); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { if (!ReCAPTCHA.Validate(DTO.Captcha)) { Response.error = Label.Get("error.authentication"); return(false); } if (DTO.CcnUsername == null) { DTO.CcnUsername = DTO.CcnEmail; } //Not allowed for AD users ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); if (adDto.CcnDisplayName != null) { Response.data = JSONRPC.success; return(true); } Account_ADO ccnAdo = new Account_ADO(); var user = ccnAdo.Read(Ado, new Account_DTO_Read() { CcnUsername = DTO.CcnEmail }); if (!user.hasData) { Response.data = JSONRPC.success; return(true); } if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value)) { Response.data = JSONRPC.success; return(true); } DTO.CcnEmail = user.data[0].CcnEmail; Login_BSO lBso = new Login_BSO(Ado); string loginToken = Utility.GetRandomSHA256(user.data[0].CcnId.ToString()); Login_DTO_Create ldto = new Login_DTO_Create() { CcnUsername = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName }; if (lBso.Update1FaTokenForUser(DTO.CcnEmail, loginToken) != null) { SendEmail(new Login_DTO_Create() { CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName }, loginToken, "PxStat.Security.Login_API.Update1FA"); Response.data = JSONRPC.success; return(true); } else { Response.error = Label.Get("error.create"); return(false); } }