public AuthorizationServices(int userId, string requiredRight)
{
_userServices = new UserServices();
_cloneDeployUser = _userServices.GetUser(userId);
_currentUserRights = _userServices.GetUserRights(userId).Select(right => right.Right).ToList();
_requiredRight = requiredRight;
}
public ActionResultDTO UpdateUser(CloneDeployUserEntity user)
{
var u = GetUser(user.Id);
if (u == null)
{
return new ActionResultDTO {
ErrorMessage = "User Not Found", Id = 0
}
}
;
var validationResult = ValidateUser(user, false);
var actionResult = new ActionResultDTO();
if (validationResult.Success)
{
_uow.UserRepository.Update(user, user.Id);
_uow.Save();
actionResult.Success = true;
actionResult.Id = user.Id;
}
else
{
actionResult.ErrorMessage = validationResult.ErrorMessage;
}
return(actionResult);
}
public ActionResultDTO ChangePassword(CloneDeployUserEntity user)
{
user.Id = _userId;
var result = _userServices.UpdateUser(user);
if (result == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound));
}
return(result);
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
if (!chkldap.Checked)
{
if (txtUserPwd.Text != txtUserPwdConfirm.Text)
{
EndUserMessage = "Passwords Did Not Match";
return;
}
if (string.IsNullOrEmpty(txtUserPwd.Text))
{
EndUserMessage = "Passwords Cannot Be Empty";
return;
}
}
else
{
//Create a local random db pass, should never actually be possible to use.
txtUserPwd.Text = new Guid().ToString();
txtUserPwdConfirm.Text = txtUserPwd.Text;
}
var user = new CloneDeployUserEntity
{
Name = txtUserName.Text,
Membership = ddluserMembership.Text,
Salt = Utility.CreateSalt(64),
Email = txtEmail.Text,
Token = txtToken.Text,
NotifyLockout = chkLockout.Checked ? 1 : 0,
NotifyError = chkError.Checked ? 1 : 0,
NotifyComplete = chkComplete.Checked ? 1 : 0,
NotifyImageApproved = chkApproved.Checked ? 1 : 0,
NotifyServerStatusChange = chkSecServer.Checked ? 1: 0,
IsLdapUser = chkldap.Checked ? 1 : 0,
UserGroupId = -1
};
user.Password = Utility.CreatePasswordHash(txtUserPwd.Text, user.Salt);
var result = Call.CloneDeployUserApi.Post(user);
if (!result.Success)
{
EndUserMessage = result.ErrorMessage;
}
else
{
EndUserMessage = "Successfully Created User";
Response.Redirect("~/views/users/edit.aspx?userid=" + result.Id);
}
}
public ActionResultDTO Put(int id, CloneDeployUserEntity tObject)
{
Request.Method = Method.PUT;
Request.AddJsonBody(tObject);
Request.Resource = string.Format("api/{0}/Put/{1}", Resource, id);
var response = _apiRequest.Execute <ActionResultDTO>(Request);
if (response.Id == 0)
{
response.Success = false;
}
return(response);
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
Call = new APICall();
var currentUser = Session["CloneDeployUser"];
if (currentUser == null)
{
HttpContext.Current.Session.Abandon();
FormsAuthentication.SignOut();
Response.Redirect("~/?session=expired", true);
}
CloneDeployCurrentUser = (CloneDeployUserEntity)currentUser;
}
private ValidationResultDTO ValidateUser(CloneDeployUserEntity user, bool isNewUser)
{
var validationResult = new ValidationResultDTO {
Success = true
};
if (string.IsNullOrEmpty(user.Name) || !user.Name.All(c => char.IsLetterOrDigit(c) || c == '_'))
{
validationResult.Success = false;
validationResult.ErrorMessage = "User Name Is Not Valid";
return(validationResult);
}
if (isNewUser)
{
if (string.IsNullOrEmpty(user.Password))
{
validationResult.Success = false;
validationResult.ErrorMessage = "Password Is Not Valid";
return(validationResult);
}
if (_uow.UserRepository.Exists(h => h.Name == user.Name))
{
validationResult.Success = false;
validationResult.ErrorMessage = "This User Already Exists";
return(validationResult);
}
}
else
{
var originalUser = _uow.UserRepository.GetById(user.Id);
if (originalUser.Name != user.Name)
{
if (_uow.UserRepository.Exists(h => h.Name == user.Name))
{
validationResult.Success = false;
validationResult.ErrorMessage = "This User Already Exists";
return(validationResult);
}
}
}
return(validationResult);
}
public ActionResultDTO AddUser(CloneDeployUserEntity user)
{
var validationResult = ValidateUser(user, true);
var actionResult = new ActionResultDTO();
if (validationResult.Success)
{
_uow.UserRepository.Insert(user);
_uow.Save();
actionResult.Success = true;
actionResult.Id = user.Id;
}
else
{
actionResult.ErrorMessage = validationResult.ErrorMessage;
}
return(actionResult);
}
public ActionResultDTO Post(CloneDeployUserEntity user)
{
return(_userServices.AddUser(user));
}
public ValidationResultDTO GlobalLogin(string userName, string password, string loginType)
{
var validationResult = new ValidationResultDTO
{
ErrorMessage = "Incorrect Username Or Password",
Success = false
};
var auditLog = new AuditLogEntity();
var auditLogService = new AuditLogServices();
auditLog.ObjectId = -1;
auditLog.ObjectName = userName;
auditLog.Ip = IpServices.GetIPAddress();
auditLog.UserId = -1;
auditLog.ObjectType = "User";
auditLog.AuditType = AuditEntry.Type.FailedLogin;
//Check if user exists in Clone Deploy
var user = _userServices.GetUser(userName);
if (user == null)
{
//Check For a first time LDAP User Group Login
if (SettingServices.GetSettingValue(SettingStrings.LdapEnabled) == "1")
{
foreach (var ldapGroup in _userGroupServices.GetLdapGroups())
{
if (new LdapServices().Authenticate(userName, password, ldapGroup.GroupLdapName))
{
//user is a valid ldap user via ldap group that has not yet logged in.
//Add the user and allow login.
var cdUser = new CloneDeployUserEntity
{
Name = userName,
Salt = Utility.CreateSalt(64),
Token = Utility.GenerateKey(),
IsLdapUser = 1
};
//Create a local random db pass, should never actually be possible to use.
cdUser.Password = Utility.CreatePasswordHash(Utility.GenerateKey(), cdUser.Salt);
if (_userServices.AddUser(cdUser).Success)
{
//add user to group
var newUser = _userServices.GetUser(userName);
_userGroupServices.AddNewGroupMember(ldapGroup.Id, newUser.Id);
auditLog.UserId = newUser.Id;
auditLog.ObjectId = newUser.Id;
validationResult.Success = true;
auditLog.AuditType = AuditEntry.Type.SuccessfulLogin;
break;
}
}
}
}
auditLogService.AddAuditLog(auditLog);
return(validationResult);
}
if (_userLockoutServices.AccountIsLocked(user.Id))
{
_userLockoutServices.ProcessBadLogin(user.Id);
validationResult.ErrorMessage = "Account Is Locked";
auditLog.UserId = user.Id;
auditLog.ObjectId = user.Id;
auditLogService.AddAuditLog(auditLog);
return(validationResult);
}
//Check against AD
if (user.IsLdapUser == 1 && SettingServices.GetSettingValue(SettingStrings.LdapEnabled) == "1")
{
//Check if user is authenticated against an ldap group
if (user.UserGroupId != -1)
{
//user is part of a group, is the group an ldap group?
var userGroup = _userGroupServices.GetUserGroup(user.UserGroupId);
if (userGroup != null)
{
if (userGroup.IsLdapGroup == 1)
{
//the group is an ldap group
//make sure user is still in that ldap group
if (new LdapServices().Authenticate(userName, password, userGroup.GroupLdapName))
{
validationResult.Success = true;
}
else
{
//user is either not in that group anymore, not in the directory, or bad password
validationResult.Success = false;
if (new LdapServices().Authenticate(userName, password))
{
//password was good but user is no longer in the group
//delete the user
_userServices.DeleteUser(user.Id);
}
}
}
else
{
//the group is not an ldap group
//still need to check creds against directory
if (new LdapServices().Authenticate(userName, password))
{
validationResult.Success = true;
}
}
}
else
{
//group didn't exist for some reason
//still need to check creds against directory
if (new LdapServices().Authenticate(userName, password))
{
validationResult.Success = true;
}
}
}
else
{
//user is not part of a group, check creds against directory
if (new LdapServices().Authenticate(userName, password))
{
validationResult.Success = true;
}
}
}
else if (user.IsLdapUser == 1 && SettingServices.GetSettingValue(SettingStrings.LdapEnabled) != "1")
{
//prevent ldap user from logging in with local pass if ldap auth gets turned off
validationResult.Success = false;
}
//Check against local DB
else
{
var hash = Utility.CreatePasswordHash(password, user.Salt);
if (user.Password == hash)
{
validationResult.Success = true;
}
}
if (validationResult.Success)
{
auditLog.AuditType = AuditEntry.Type.SuccessfulLogin;
auditLog.UserId = user.Id;
auditLog.ObjectId = user.Id;
auditLogService.AddAuditLog(auditLog);
_userLockoutServices.DeleteUserLockouts(user.Id);
return(validationResult);
}
auditLog.AuditType = AuditEntry.Type.FailedLogin;
auditLog.UserId = user.Id;
auditLog.ObjectId = user.Id;
auditLogService.AddAuditLog(auditLog);
_userLockoutServices.ProcessBadLogin(user.Id);
return(validationResult);
}
