private void BlockIPSecurityPortal(Tenant tenant) { if (tenant == null) { return; } var settings = IPRestrictionsSettings.LoadForTenant(tenant.TenantId); if (settings.Enable && SecurityContext.IsAuthenticated && !IPSecurity.IPSecurity.Verify(tenant)) { Auth.ProcessLogout(); ResponseRedirect("~/Auth.aspx?error=ipsecurity", HttpStatusCode.Forbidden); } }
public static bool Authenticate() { if (SecurityContext.IsAuthenticated) { return(true); } var authenticated = false; var tenant = CoreContext.TenantManager.GetCurrentTenant(false); if (tenant != null) { if (HttpContext.Current != null) { string cookie; if (AuthorizationHelper.ProcessBasicAuthorization(HttpContext.Current, out cookie)) { CookiesManager.SetCookies(CookiesType.AuthKey, cookie); authenticated = true; } } if (!authenticated) { var cookie = CookiesManager.GetCookies(CookiesType.AuthKey); if (!string.IsNullOrEmpty(cookie)) { authenticated = SecurityContext.AuthenticateMe(cookie); if (!authenticated) { Auth.ProcessLogout(); return(false); } } } var accessSettings = TenantAccessSettings.Load(); if (authenticated && SecurityContext.CurrentAccount.ID == ASC.Core.Users.Constants.OutsideUser.ID && !accessSettings.Anyone) { Auth.ProcessLogout(); authenticated = false; } } return(authenticated); }
private void ProcessEmailActivation(string email) { var user = CoreContext.UserManager.GetUserByEmail(email); if (user.ID.Equals(Constants.LostUser.ID)) { ShowError(Resource.ErrorConfirmURLError); } else if (user.ActivationStatus == EmployeeActivationStatus.Activated) { Response.Redirect(CommonLinkUtility.GetDefault()); } else { try { SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem); user.ActivationStatus = EmployeeActivationStatus.Activated; user = CoreContext.UserManager.SaveUserInfo(user); var first = Request["first"] ?? ""; if (first.ToLower() == "true" && !CoreContext.Configuration.Personal && user.IsAdmin()) { StudioNotifyService.Instance.SendAdminWellcome(user); } MessageService.Send(HttpContext.Current.Request, MessageInitiator.System, MessageAction.UserActivated, user.DisplayUserName(false)); } finally { Auth.ProcessLogout(); } var redirectUrl = String.Format("~/auth.aspx?confirmed-email={0}", email); Response.Redirect(redirectUrl, true); } }
private bool CheckValidationKey() { var key = Request["key"] ?? ""; var emplType = Request["emplType"] ?? ""; var validInterval = SetupInfo.ValidEamilKeyInterval; var authInterval = TimeSpan.FromHours(1); EmailValidationKeyProvider.ValidationResult checkKeyResult; switch (_type) { case ConfirmType.PortalContinue: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key); break; case ConfirmType.PhoneActivation: case ConfirmType.PhoneAuth: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval); break; case ConfirmType.Auth: { var first = Request["first"] ?? ""; var module = Request["module"]; checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module, key, authInterval); if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok) { var user = _email.Contains("@") ? CoreContext.UserManager.GetUserByEmail(_email) : CoreContext.UserManager.GetUsers(new Guid(_email)); if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID) { Auth.ProcessLogout(); } if (!SecurityContext.IsAuthenticated) { if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable) { Response.Redirect(SmsConfirmUrl(user), true); } var authCookie = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, authCookie); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess, user.DisplayUserName(false)); } AuthRedirect(user, first.ToLower() == "true", module, Request[FilesLinkUtility.FileUri]); } } break; case ConfirmType.DnsChange: { var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] }); checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval); } break; case ConfirmType.PortalOwnerChange: { Guid uid; try { uid = new Guid(Request["uid"]); } catch { uid = Guid.Empty; } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval); } break; case ConfirmType.EmpInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval); break; case ConfirmType.LinkInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval); break; case ConfirmType.PasswordChange: var userHash = !String.IsNullOrEmpty(Request["p"]) && Request["p"] == "1"; String hash = String.Empty; if (userHash) { hash = CoreContext.Authentication.GetUserPasswordHash(CoreContext.UserManager.GetUserByEmail(_email).ID); } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)), key, validInterval); break; default: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval); break; } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired) { ShowError(Resource.ErrorExpiredActivationLink); return(false); } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid) { ShowError(_type == ConfirmType.LinkInvite ? Resource.ErrorInvalidActivationLink : Resource.ErrorConfirmURLError); return(false); } if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex()) { ShowError(Resource.ErrorNotCorrectEmail); return(false); } return(true); }
private bool CheckValidationKey() { var key = Request["key"] ?? ""; var emplType = Request["emplType"] ?? ""; var social = Request["social"] ?? ""; var validInterval = SetupInfo.ValidEmailKeyInterval; var authInterval = SetupInfo.ValidAuthKeyInterval; EmailValidationKeyProvider.ValidationResult checkKeyResult; switch (_type) { case ConfirmType.PortalContinue: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key); break; case ConfirmType.PhoneActivation: case ConfirmType.PhoneAuth: case ConfirmType.TfaActivation: case ConfirmType.TfaAuth: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval); break; case ConfirmType.Auth: { var first = Request["first"] ?? ""; var module = Request["module"] ?? ""; var smsConfirm = Request["sms"] ?? ""; checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module + smsConfirm, key, authInterval); if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok) { var user = _email.Contains("@") ? CoreContext.UserManager.GetUserByEmail(_email) : CoreContext.UserManager.GetUsers(new Guid(_email)); if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID) { Auth.ProcessLogout(); } if (!SecurityContext.IsAuthenticated) { if (!CoreContext.UserManager.UserExists(user.ID) || user.Status != EmployeeStatus.Active) { ShowError(Auth.MessageKey.ErrorUserNotFound); return(false); } if (StudioSmsNotificationSettings.IsVisibleAndAvailableSettings && StudioSmsNotificationSettings.Enable && smsConfirm.ToLower() != "true") { //todo: think about 'first' & 'module' Response.Redirect(SmsConfirmUrl(user), true); } if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable) { //todo: think about 'first' & 'module' Response.Redirect(TfaConfirmUrl(user), true); } var messageAction = social == "true" ? MessageAction.LoginSuccessViaSocialAccount : MessageAction.LoginSuccess; CookiesManager.AuthenticateMeAndSetCookies(user.Tenant, user.ID, messageAction); } SetDefaultModule(module); AuthRedirect(first.ToLower() == "true"); } } break; case ConfirmType.DnsChange: { var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] }); checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval); } break; case ConfirmType.PortalOwnerChange: { Guid uid; try { uid = new Guid(Request["uid"]); } catch { uid = Guid.Empty; } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval); } break; case ConfirmType.EmpInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval); break; case ConfirmType.LinkInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval); break; case ConfirmType.EmailChange: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + SecurityContext.CurrentAccount.ID, key, validInterval); break; case ConfirmType.PasswordChange: var userInfo = CoreContext.UserManager.GetUserByEmail(_email); var auditEvent = AuditEventsRepository.GetByFilter(action: MessageAction.UserSentPasswordChangeInstructions, entry: EntryType.User, target: MessageTarget.Create(userInfo.ID).ToString(), limit: 1).FirstOrDefault(); var passwordStamp = CoreContext.Authentication.GetUserPasswordStamp(userInfo.ID); string hash; if (auditEvent != null) { var auditEventDate = TenantUtil.DateTimeToUtc(auditEvent.Date); hash = (auditEventDate.CompareTo(passwordStamp) > 0 ? auditEventDate : passwordStamp).ToString("s"); } else { hash = passwordStamp.ToString("s"); } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + hash, key, validInterval); break; default: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval); break; } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired) { ShowError(Auth.MessageKey.ErrorExpiredActivationLink); return(false); } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid) { ShowError(_type == ConfirmType.LinkInvite ? Auth.MessageKey.ErrorInvalidActivationLink : Auth.MessageKey.ErrorConfirmURLError); return(false); } if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex()) { ShowError(Auth.MessageKey.ErrorNotCorrectEmail); return(false); } return(true); }
private bool CheckValidationKey() { var key = Request["key"] ?? ""; var emplType = Request["emplType"] ?? ""; var social = Request["social"] ?? ""; var validInterval = SetupInfo.ValidEmailKeyInterval; var authInterval = SetupInfo.ValidAuthKeyInterval; EmailValidationKeyProvider.ValidationResult checkKeyResult; switch (_type) { case ConfirmType.PortalContinue: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key); break; case ConfirmType.PhoneActivation: case ConfirmType.PhoneAuth: case ConfirmType.TfaActivation: case ConfirmType.TfaAuth: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval); break; case ConfirmType.Auth: { var first = Request["first"] ?? ""; var module = Request["module"] ?? ""; var smsConfirm = Request["sms"] ?? ""; checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module + smsConfirm, key, authInterval); if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok) { var user = _email.Contains("@") ? CoreContext.UserManager.GetUserByEmail(_email) : CoreContext.UserManager.GetUsers(new Guid(_email)); if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID) { Auth.ProcessLogout(); } if (!SecurityContext.IsAuthenticated) { if (!CoreContext.UserManager.UserExists(user.ID) || user.Status != EmployeeStatus.Active) { ShowError(Resource.ErrorUserNotFound); return(false); } if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable && smsConfirm.ToLower() != "true") { //todo: think about 'first' & 'module' Response.Redirect(SmsConfirmUrl(user), true); } if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable) { //todo: think about 'first' & 'module' Response.Redirect(TfaConfirmUrl(user), true); } var authCookie = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, authCookie); var messageAction = social == "true" ? MessageAction.LoginSuccessViaSocialAccount : MessageAction.LoginSuccess; MessageService.Send(HttpContext.Current.Request, messageAction); } SetDefaultModule(module); AuthRedirect(first.ToLower() == "true"); } } break; case ConfirmType.DnsChange: { var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] }); checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval); } break; case ConfirmType.PortalOwnerChange: { Guid uid; try { uid = new Guid(Request["uid"]); } catch { uid = Guid.Empty; } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval); } break; case ConfirmType.EmpInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval); break; case ConfirmType.LinkInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval); break; case ConfirmType.EmailChange: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + SecurityContext.CurrentAccount.ID, key, validInterval); break; case ConfirmType.PasswordChange: var userHash = !String.IsNullOrEmpty(Request["p"]) && Request["p"] == "1"; var hash = String.Empty; if (userHash) { hash = CoreContext.Authentication.GetUserPasswordHash(CoreContext.UserManager.GetUserByEmail(_email).ID); } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)), key, validInterval); break; default: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval); break; } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired) { ShowError(Resource.ErrorExpiredActivationLink); return(false); } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid) { ShowError(_type == ConfirmType.LinkInvite ? Resource.ErrorInvalidActivationLink : Resource.ErrorConfirmURLError); return(false); } if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex()) { ShowError(Resource.ErrorNotCorrectEmail); return(false); } return(true); }