public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
{
if (!incomingPrincipal.Identity.IsAuthenticated)
{
return(base.Authenticate(resourceName, incomingPrincipal));
}
int?id = new Users().GetUserByIdFromUserName(incomingPrincipal.Identity.Name);
if ((id ?? 0) > 0)
{
var sec = new LoginSecurity();
var authUser = new Users().GetUserById(id ?? 0);
UserSettingData userSettings = new Users().GetUserSettings(authUser.Users[0].UserId);
if (userSettings.UserSettings.Rows.Count > 0)
{
System.Text.StringBuilder userInfos = new System.Text.StringBuilder();
userInfos.Append(authUser.Users[0].UserName + ",");
userInfos.Append(authUser.Users[0].UserId + ",");
userInfos.Append(authUser.Users[0].FirstName + ",");
userInfos.Append(authUser.Users[0].LastName + ",");
userInfos.Append(authUser.Users[0].Email + ",");
userInfos.Append(userSettings.UserSettings[0].IsAdmin + ",");
userInfos.Append(userSettings.UserSettings[0].GlobalSurveyAccess);
userInfos.Append("|");
int[] userRights = new Users().GetUserSecurityRights(authUser.Users[0].UserId);
for (int i = 0; i < userRights.Length; i++)
{
userInfos.Append(userRights[i].ToString());
if (i + 1 < userRights.Length)
{
userInfos.Append(",");
}
}
((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(new Claim(Votations.NSurvey.Constants.Constants.MyCustomClaimType, userInfos.ToString()));
//FormsAuthentication.SetAuthCookie(userInfos.ToString(), false);
//NSurveyContext.Current.User = UserFactory.Create().CreatePrincipal(userInfos.ToString());
var x = UserFactory.Create().CreatePrincipal((ClaimsIdentity)incomingPrincipal.Identity);
//((PageBase)Page).SelectedFolderId = null;
// ((Wap)this.Master).RebuildTree();
UINavigator.NavigateToFirstAccess(x, -1);
}
}
return(incomingPrincipal);
}
private void ApplyChangesButton_Click(object sender, System.EventArgs e)
{
if (ValidateFieldOptions())
{
if (new Users().IsAdministrator(UserId) && !IsAdminCheckBox.Checked && new Users().GetAdminCount() == 1)
{
MessageLabel.Visible = true;
((PageBase)Page).ShowErrorMessage(MessageLabel,((PageBase)Page).GetPageResource("CannotDeleteLastAdminMessage"));
return;
}
if (_userProvider is INSurveyUserProvider)
{
NSurveyUserData userData = new NSurveyUserData();
NSurveyUserData.UsersRow updatedUser = userData.Users.NewUsersRow();
updatedUser.UserId = UserId;
updatedUser.UserName = UserNameTextBox.Text;
// if no password was specified the old one will be kept
if (PasswordTextBox.Text.Length > 0)
{
if (!Regex.IsMatch(PasswordTextBox.Text, @"(?=^.{8,12}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()_+}{":;'?/>.<,])(?!.*\s).*$"))
{
MessageLabel.Visible = true;
((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("PasswordRequiredMessage"));
return;
}
else
{
var sec = new LoginSecurity();
updatedUser.PasswordSalt = sec.CreateSaltKey(5);
updatedUser.Password = sec.CreatePasswordHash(PasswordTextBox.Text, updatedUser.PasswordSalt);
}
}
else
{
updatedUser.Password = null;
updatedUser.PasswordSalt = null;
}
updatedUser.Email = EmailTextBox.Text;
updatedUser.FirstName = FirstNameTextBox.Text;
updatedUser.LastName = LastNameTextBox.Text;
userData.Users.Rows.Add(updatedUser);
((INSurveyUserProvider)_userProvider).UpdateUser(userData);
}
UserSettingData userSettings = new UserSettingData();
UserSettingData.UserSettingsRow newUserSettings = userSettings.UserSettings.NewUserSettingsRow();
newUserSettings.UserId = UserId;
newUserSettings.IsAdmin = IsAdminCheckBox.Checked;
newUserSettings.GlobalSurveyAccess = HasSurveyAccessCheckBox.Checked;
userSettings.UserSettings.Rows.Add(newUserSettings);
new User().UpdateUserSettings(userSettings);
// Notifiy containers that data has changed
OnOptionChanged();
BindSurveyDropDownLists();
MessageLabel.Visible = true;
((PageBase)Page).ShowNormalMessage(MessageLabel,((PageBase)Page).GetPageResource("UserUpdatedMessage"));
}
}
private void ImportUsersButton_Click(object sender, System.EventArgs e)
{
Regex re = new Regex(@"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" +
@"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" +
@".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$");
string[] users = ImportUsersTextBox.Text.Split('\n');
int importCount = 0;
var sec = new LoginSecurity();
for (int i = 0; i < users.Length; i++)
{
string[] user = users[i].Split(',');
if (user.Length > 4 && user[0].Trim().Length > 0 && user[1].Trim().Length > 0)
{
// Check if user already exists in the db
if (new Users().GetUserByIdFromUserName(user[0]) == -1)
{
NSurveyUserData userData = new NSurveyUserData();
NSurveyUserData.UsersRow newUser = userData.Users.NewUsersRow();
newUser.UserName = user[0].Trim();
string password = user[1].Trim();
newUser.PasswordSalt =sec.CreateSaltKey(5);
newUser.Password = sec.CreatePasswordHash(password, newUser.PasswordSalt);
newUser.Email = user[4].Length > 0 && re.IsMatch(user[4].Trim()) ?
user[4].Trim() : null;
newUser.FirstName = user[3].Length > 0 ? user[3].Trim() : null;
newUser.LastName = user[2].Length > 0 ? user[2].Trim() : null;
userData.Users.Rows.Add(newUser);
((INSurveyUserProvider)_userProvider).AddUser(userData);
if (userData.Users[0].UserId > 0) importCount++;
AddUserSettings(userData.Users[0].UserId);
AddUserRoles(userData.Users[0].UserId);
if (!HasSurveyAccessCheckBox.Checked)
{
AddUserSurveys(userData.Users[0].UserId);
}
}
}
}
MessageLabel.Visible = true;
if(importCount>0)
((PageBase)Page).ShowNormalMessage(MessageLabel,((PageBase)Page).GetPageResource("UserImportedMessage"));
else
((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("NoUserImportedMessage"));
ImportUsersTextBox.Text = string.Empty;
UserRolesListBox.Items.Clear();
UserSurveysListBox.Items.Clear();
BindSurveyDropDownLists();
}
private void CreateUserButton_Click(object sender, System.EventArgs e)
{
if (ValidateFieldOptions())
{
NSurveyUserData userData = new NSurveyUserData();
NSurveyUserData.UsersRow newUser = userData.Users.NewUsersRow();
if (_userProvider is INSurveyUserProvider)
{
//if (PasswordTextBox.Text.Length == 0)
if (!Regex.IsMatch(PasswordTextBox.Text, @"(?=^.{8,12}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()_+}{":;'?/>.<,])(?!.*\s).*$"))
{
MessageLabel.Visible = true;
((PageBase)Page).ShowErrorMessage(MessageLabel,((PageBase)Page).GetPageResource("PasswordRequiredMessage"));
return;
}
newUser.UserName = UserNameTextBox.Text;
var sec = new LoginSecurity();
newUser.PasswordSalt = sec.CreateSaltKey(5);
newUser.Password = sec.CreatePasswordHash(PasswordTextBox.Text,newUser.PasswordSalt);
newUser.Email = EmailTextBox.Text;
newUser.FirstName = FirstNameTextBox.Text;
newUser.LastName = LastNameTextBox.Text;
userData.Users.Rows.Add(newUser);
((INSurveyUserProvider)_userProvider).AddUser(userData);
}
if (userData.Users.Rows.Count > 0)
{
UserSettingData userSettings = new UserSettingData();
UserSettingData.UserSettingsRow newUserSettings = userSettings.UserSettings.NewUserSettingsRow();
newUserSettings.UserId = userData.Users[0].UserId;
newUserSettings.IsAdmin = IsAdminCheckBox.Checked;
newUserSettings.GlobalSurveyAccess = HasSurveyAccessCheckBox.Checked;
userSettings.UserSettings.Rows.Add(newUserSettings);
new User().AddUserSettings(userSettings);
}
UINavigator.NavigateToUserManager(((PageBase)Page).getSurveyId(),((PageBase)Page).MenuIndex);
}
}
private void ValidateCredentialsButton_Click(object sender, System.EventArgs e)
{
string enteredPwd = PasswordTextBox.Text.Trim();
string enteredUname = LoginTextBox.Text.Trim();
if (enteredUname.Length > 0 && enteredPwd.Length > 0)
{
string encryptedPwd;
int? id = new Users().GetUserByIdFromUserName(LoginTextBox.Text);
if ((id ?? 0) > 0)
{
var sec = new LoginSecurity();
var user = new Users().GetUserById(id ?? 0);
string pwd = user.Users[0].Password;
string salt = user.Users[0].IsPasswordSaltNull() ? null : user.Users[0].PasswordSalt;
if (string.IsNullOrEmpty(salt))// Unhashed old style .Create salted password and update
{
encryptedPwd = new User().EncryptUserPassword(enteredPwd);
salt = sec.CreateSaltKey(5);
}
else
{
salt = user.Users[0].PasswordSalt;
encryptedPwd = sec.CreatePasswordHash(enteredPwd, salt);
}
if (user.Users[0].Password == encryptedPwd)
{
var authUser = user;
UserSettingData userSettings = new Users().GetUserSettings(authUser.Users[0].UserId);
if (userSettings.UserSettings.Rows.Count > 0)
{
System.Text.StringBuilder userInfos = new System.Text.StringBuilder();
userInfos.Append(authUser.Users[0].UserName + ",");
userInfos.Append(authUser.Users[0].UserId + ",");
userInfos.Append(authUser.Users[0].FirstName + ",");
userInfos.Append(authUser.Users[0].LastName + ",");
userInfos.Append(authUser.Users[0].Email + ",");
userInfos.Append(userSettings.UserSettings[0].IsAdmin + ",");
userInfos.Append(userSettings.UserSettings[0].GlobalSurveyAccess);
userInfos.Append("|");
int[] userRights = new Users().GetUserSecurityRights(authUser.Users[0].UserId);
for (int i = 0; i < userRights.Length; i++)
{
userInfos.Append(userRights[i].ToString());
if (i + 1 < userRights.Length)
{
userInfos.Append(",");
}
}
if (authUser.Users[0].IsPasswordSaltNull())
{
authUser.Users[0].PasswordSalt = salt;
authUser.Users[0].Password = sec.CreatePasswordHash(enteredPwd, salt);
((INSurveyUserProvider)_userProvider).UpdateUser(authUser);
}
FormsAuthentication.SetAuthCookie(userInfos.ToString(), false);
var x = UserFactory.Create().CreatePrincipal(userInfos.ToString());
// ((Wap)this.Master).isTreeStale = true;
((PageBase)Page).SelectedFolderId = null;
// ((Wap)this.Master).RebuildTree();
UINavigator.NavigateToFirstAccess(x, -1);
}
}
}
}
MessageLabel.Visible = true;
((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("InvalidLoginPasswordMessage"));
}