public LoginSessionServiceImpl(LoginSessionMaker loginSessionMaker, LoginSessionRepository loginSessionRepo, AuthenticationRepository authenticationRepo, Helper.TransactionManager transactionManager)
{
_loginSessionMaker = loginSessionMaker;
_loginSessionRepo = loginSessionRepo;
_authenticationRepo = authenticationRepo;
_transactionManager = transactionManager;
}
protected void Page_Load(object sender, EventArgs e)
{
// Load all active sessions
LoginSessionRepository loginRepository = new LoginSessionRepository();
string userSessionID = Settings.getSessionIDFromCookies(Settings.logonCookieName, Request);
LoginSession currentUser = loginRepository.Get(userSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]);
List <LoginSession> AllSessions = loginRepository.GetActive();
if (!string.IsNullOrEmpty(Request.QueryString["expiresession"]))
{
string hashToExpire = Sanitizers.SanitizeSearchString(Request.QueryString["expiresession"]);
if (!string.IsNullOrEmpty(hashToExpire))
{
loginRepository.Delete(hashToExpire);
}
}
// Some of the following code won't work if the currentUser object is null. Ideally this shouldn't
// happen because the template should catch this before this page loads, but it's better to be safe
if (currentUser != null)
{
// Display them in a table
List <LoginSession> AllSessionsSorted = AllSessions.OrderBy(c => c.Username).ToList <LoginSession>();
foreach (LoginSession session in AllSessionsSorted)
{
// Determine if this session is the current user
bool isCurrentUser = currentUser.Thumbprint == session.Thumbprint;
tsblSessions.Rows.Add(AddTableRow_Sessions(session, isCurrentUser, true));
}
}
}
protected void btnPostMessage_Click(object sender, EventArgs e)
{
string newMessageContent = txtNewMessageContent.Text.Trim();
int expireHours = Parsers.ParseInt(drpMessageExpiry.SelectedValue);
DateTime messageExpires = DateTime.Now.AddHours(expireHours);
bool isImportant = chkIsHighPriority.Checked;
string icon = drpIcon.SelectedValue;
if (icon.Length <= 0)
{
icon = "default.png";
}
if (newMessageContent.Length > 0)
{
// Get the current logged in user
LoginSessionRepository loginRepository = new LoginSessionRepository();
string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request);
LoginSession currentUser = loginRepository.LoadIfValid(foundUserSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]);
if (currentUser != null)
{
ShopMessageRepository messageRepo = new ShopMessageRepository();
ShopMessage msg = messageRepo.Add(currentUser.Username, newMessageContent, DateTime.Now, messageExpires, isImportant, icon);
tblActiveMessages.Rows.Add(addMessageTableRow(msg));
}
}
}
protected void btnActivate_OnClick(object sender, EventArgs e)
{
// Get the current user
LoginSessionRepository loginRepository = new LoginSessionRepository();
string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request);
LoginSession currentUser = null;
if (!string.IsNullOrEmpty(foundUserSessionID))
{
// A cookie exists, lets see if it corresponds to a valid session ID
currentUser = loginRepository.LoadIfValid(foundUserSessionID,
Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]);
}
if (currentUser != null)
{
// Parse the number
int count = Parsers.ParseInt(drpBatchCount.SelectedValue);
if (count > 0)
{
GuestAccountController guestrepo = new GuestAccountController();
string batchID = guestrepo.RequisitionBatch(currentUser, txtReason.Text, count);
// Wait a few seconds
System.Threading.Thread.Sleep(1000 * 3);
// Redirect to the batch info page
redirectToInfoPage(batchID);
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
LoginSessionRepository loginRepository = new LoginSessionRepository();
string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request);
LoginSession currentUser = null;
if (!string.IsNullOrEmpty(foundUserSessionID))
{
// A cookie exists, lets see if it corresponds to a valid session ID
currentUser = loginRepository.LoadIfValid(foundUserSessionID,
Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]);
}
if (currentUser != null)
{
if (!currentUser.CanViewLogs)
{
redirectToIndex();
}
}
if (!IsPostBack)
{
LogRepository logRepository = new LogRepository();
List <LoggedActivation> activationLog = logRepository.GetRecentEntries(500);
tblLog.Rows.Clear();
tblLog.Rows.Add(addTableHeadings());
foreach (LoggedActivation entry in activationLog)
{
tblLog.Rows.Add(addLogEntry(entry));
}
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{// Do a sanity check on the username and password
string username = Authentication.ParseUsername(txtUsername.Text);
string password = txtPassword.Text;
if (
(username.Length > 3) &&
(password.Length > 3)
)
{
// Validate username and password
if (Authentication.ValidateADCredentials(Settings.Domain, username, password))
{
// Check the user's permissions
UserPermissionResponse permissions = Authentication.GetUserPermissions(Settings.Domain, username);
// Check if the user is a member of a required group
if (permissions.CanUserUseSystem)
{
// Attempt to create a session for the user
LoginSessionRepository loginSessionRepo = new LoginSessionRepository();
string newSessionID = loginSessionRepo.CreateSession(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"], permissions.IsAdministrator);
if (newSessionID != string.Empty)
{
// Create a cookie with the user's shiny new session ID
createCookie(newSessionID);
// Wait a few seconds
System.Threading.Thread.Sleep(1000 * 3);
// Redirect to the front page
tblAlreadyLoggedIn.Visible = true;
tblLoginform.Visible = false;
lblUsername.Text = username;
redirectToIndex();
}
else
{
displayError(
"<b style=\"color: red\">Access denied:</b> There was an error creating your login session.<br><br> Please create a ticket in our <a href=\"https://helpdesk.lskysd.ca\">Help Desk system</a>.");
}
}
else
{
displayError(
"<b style=\"color: red\">Access denied:</b> Your account is not authorized for access to this site.<br><br> To request access to this site, please create a ticket in our <a href=\"https://helpdesk.lskysd.ca\">Help Desk system</a>.");
}
}
else
{
displayError("<b style=\"color: red\">Access denied:</b> Invalid username or password entered");
}
}
else
{
displayError("<b style=\"color: red\">Access denied:</b> Invalid username or password entered");
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
// Do a sanity check on the username and password
string username = txtUsername.Text;
string password = txtPassword.Text;
if (
(username.Length > 3) &&
(password.Length > 3)
)
{
// Validate username and password
if (Settings.validateADCredentials("lskysd", username, password))
{
// Check if the password is complex enough
if (isPasswordStrongEnough(password))
{
// Attempt to create a session for the user
LoginSessionRepository loginSessionRepository = new LoginSessionRepository();
string newSessionID = loginSessionRepository.Create(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]);
if (newSessionID != string.Empty)
{
// Create a cookie with the user's shiny new session ID
createCookie(newSessionID);
// Redirect to the front page
Logging.logLoginAttempt(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"], "SUCCESS", "Successful login");
tblAlreadyLoggedIn.Visible = true;
tblLoginform.Visible = false;
lblUsername.Text = username;
redirectToIndex();
}
else
{
displayError("<b style=\"color: red\">Access denied:</b> Your credentials worked, but your account is not authorized for access to this site.<br><br> To request access to this site, please create a ticket in our <a href=\"https://helpdesk.lskysd.ca\">Help Desk system</a>.");
Logging.logLoginAttempt(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"], "FAILURE", "Not authorized for access");
}
}
else
{
displayError("<b style=\"color: red\">Access denied:</b> Your password is not complex enough. Please change your password to something more complex and try again.");
Logging.logLoginAttempt(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"], "FAILURE", "Password not complex enough");
}
}
else
{
displayError("<b style=\"color: red\">Access denied:</b> Invalid username or password entered");
Logging.logLoginAttempt(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"], "FAILURE", "Invalid username or password");
}
}
else
{
displayError("<b style=\"color: red\">Access denied:</b> Invalid username or password entered");
// Don't bother logging this
}
}
protected void Page_Load(object sender, EventArgs e)
{
lblMaxBatchSize.Text = Settings.MaxBatchSize.ToString();
LoginSessionRepository loginRepository = new LoginSessionRepository();
string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request);
LoginSession currentUser = null;
if (!string.IsNullOrEmpty(foundUserSessionID))
{
// A cookie exists, lets see if it corresponds to a valid session ID
currentUser = loginRepository.LoadIfValid(foundUserSessionID,
Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]);
}
if (currentUser != null)
{
if (!currentUser.CanViewLogs)
{
redirectToIndex();
}
}
if (!IsPostBack)
{
tblControls.Visible = true;
tblIndexInstructions.Visible = true;
GuestAccountController guestRepo = new GuestAccountController();
int availableAccounts = guestRepo.GetAvailableGuestAccounts().Count();
lblAvailableGuestAccounts.Text = availableAccounts.ToString();
int maxBatchSize = Settings.MaxBatchSize;
if (availableAccounts < maxBatchSize)
{
maxBatchSize = availableAccounts;
}
drpBatchCount.Items.Clear();
for (int x = 2; x <= Settings.MaxBatchSize; x++)
{
drpBatchCount.Items.Add(new ListItem()
{
Text = x.ToString(),
Value = x.ToString()
});
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
// If "Logout" or "Logoff" are in the querystring, log the current session off
if ((Request.QueryString.AllKeys.Contains("logoff")) || (Request.QueryString.AllKeys.Contains("logout")))
{
LoginSessionRepository loginRepository = new LoginSessionRepository();
string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request);
if (!string.IsNullOrEmpty(foundUserSessionID))
{
loginRepository.Expire(foundUserSessionID);
RedirectToLogin();
}
}
}
protected void Page_Init(object sender, EventArgs e)
{
LoginSessionRepository loginRepository = new LoginSessionRepository();
string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request);
LoginSession currentUser = null;
if (!string.IsNullOrEmpty(foundUserSessionID))
{
// A cookie exists, lets see if it corresponds to a valid session ID
currentUser = loginRepository.LoadIfValid(foundUserSessionID,
Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]);
}
// If there is no logged in user, redirect to login page
if (currentUser == null)
{
string CurrentURL = Request.Url.AbsoluteUri;
string LoginURL = Request.Url.GetLeftPart(UriPartial.Authority) +
HttpContext.Current.Request.ApplicationPath + Settings.LoginURL;
// If the application is running in the root, we dont need to include the application path
if (HttpContext.Current.Request.ApplicationPath == "/")
{
LoginURL = Request.Url.GetLeftPart(UriPartial.Authority) + Settings.LoginURL;
}
if (!
(CurrentURL.ToLower().Equals(LoginURL.ToLower()))
)
{
RedirectToLogin();
}
Response.Write("<!-- Not logged in -->");
}
else
{
Response.Write("<!-- Logged in: " + currentUser.Username + " -->");
lblUsername.Text = currentUser.Username;
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!Request.IsSecureConnection)
{
tblLoginform.Visible = false;
displayError("<p>This login form will only work over an SSL encrypted connection.</p><p>Your web server should be configured to only serve this site over SSL.</p>");
}
// Check to see if a user is already logged in and display an appropriate message
string userSessionID = Authentication.GetSessionIDFromCookies(Settings.CookieName, Request);
LoginSessionRepository loginSessionRepo = new LoginSessionRepository();
LoginSession currentUser = loginSessionRepo.LoadIfValid(userSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]);
if (currentUser != null)
{
tblAlreadyLoggedIn.Visible = true;
tblLoginform.Visible = false;
lblUsername.Text = currentUser.Username;
}
Page.SetFocus(txtUsername);
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
// Check to see if a user is already logged in and display an appropriate message
LoginSession currentUser = null;
string userSessionID = Settings.getSessionIDFromCookies(Settings.logonCookieName, Request);
// Load the current user to get a listof allowed schools
if (!string.IsNullOrEmpty(userSessionID))
{
LoginSessionRepository loginSessionRepository = new LoginSessionRepository();
currentUser = loginSessionRepository.Get(userSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]);
}
if (currentUser != null)
{
tblAlreadyLoggedIn.Visible = true;
tblLoginform.Visible = false;
lblUsername.Text = currentUser.Username;
}
}
}
protected void btnActivate_OnClick(object sender, EventArgs e)
{
// Get the current user
LoginSessionRepository loginRepository = new LoginSessionRepository();
string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request);
LoginSession currentUser = null;
if (!string.IsNullOrEmpty(foundUserSessionID))
{
// A cookie exists, lets see if it corresponds to a valid session ID
currentUser = loginRepository.LoadIfValid(foundUserSessionID,
Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]);
}
if (currentUser != null)
{
// Check to make sure that they've enterd a reason
GuestAccountController guestrepo = new GuestAccountController();
GuestAccount activatedAccount = guestrepo.RequisitionAccount(currentUser, txtReason.Text.Trim());
if (activatedAccount != null)
{
lblUsername.Text = activatedAccount.sAMAccountName;
lblPassword.Text = activatedAccount.Password;
lblExpires.Text = DateTime.Today.AddDays(1).AddMinutes(-1).ToString();
lblAccountActiveTime.Text = DateTime.Now.AddMinutes(15).ToShortTimeString();
tblControls.Visible = false;
tblIndexInstructions.Visible = false;
tblNewAccountInfo.Visible = true;
tblNewAccountInstructions.Visible = true;
tblActiveAccounts.Visible = false;
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
lblAllowedRequisitionsPerDay.Text = Settings.AllowedRequisitionsPerDay.ToString();
lblAllowedRequisitionsPerDay2.Text = Settings.AllowedRequisitionsPerDay.ToString();
if (!IsPostBack)
{
tblControls.Visible = true;
tblIndexInstructions.Visible = true;
tblNewAccountInfo.Visible = false;
tblNewAccountInstructions.Visible = false;
}
// Get the current user
LoginSessionRepository loginRepository = new LoginSessionRepository();
string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request);
LoginSession currentUser = null;
if (!string.IsNullOrEmpty(foundUserSessionID))
{
// A cookie exists, lets see if it corresponds to a valid session ID
currentUser = loginRepository.LoadIfValid(foundUserSessionID,
Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]);
}
if (currentUser != null)
{
if (currentUser.CanUseBatches)
{
tblCellBatch.Visible = true;
}
else
{
tblCellBatch.Visible = false;
}
if (currentUser.CanViewLogs)
{
tblCellLog.Visible = true;
}
else
{
tblCellLog.Visible = false;
}
// Find any guest accounts that the logged in user has already requisitions
GuestAccountController guestRepo = new GuestAccountController();
List <GuestAccount> alreadyProvisionedGuestAccounts = guestRepo.GetActiveAccountsRequisitionedBy(currentUser);
if (alreadyProvisionedGuestAccounts.Count > 0)
{
lblCount.Text = "<div class=\"already_active_text\">You have already activated " + alreadyProvisionedGuestAccounts.Count + " of a maximum of " + Settings.AllowedRequisitionsPerDay + " guest account(s) today</div>";
}
if ((alreadyProvisionedGuestAccounts.Count >= Settings.AllowedRequisitionsPerDay) && (!currentUser.CanBypassLimits))
{
tblControls.Visible = false;
tblNewAccountInfo.Visible = false;
tblNewAccountInstructions.Visible = false;
tblTooMany.Visible = true;
}
if (alreadyProvisionedGuestAccounts.Count > 0)
{
tblActiveAccounts.Visible = true;
tblActiveAccounts.Rows.Clear();
tblActiveAccounts.Rows.Add(alreadyActiveHeadings());
LogRepository logRepo = new LogRepository();
List <LoggedActivation> provisionedAccounts = logRepo.GetActivationsToday(currentUser);
// Make a list of active usernames that we can compare to
List <string> activeUsernames = alreadyProvisionedGuestAccounts.Select(g => g.sAMAccountName).ToList();
List <string> alreadyDisplayed = new List <string>();
foreach (LoggedActivation guest in provisionedAccounts.OrderByDescending(g => g.Date))
{
if (activeUsernames.Contains(guest.GuestAccountName))
{
if (!alreadyDisplayed.Contains(guest.GuestAccountName))
{
alreadyDisplayed.Add(guest.GuestAccountName);
tblActiveAccounts.Rows.Add(alreadyActiveRow(guest));
}
}
}
}
}
}
