public void CreateUser(UsersObject newUser)
{
CPDatabase database = null;
ADGroup ldapGroup = null;
ADUser ldapUser = null;
CloudPanelTransaction newUserTransaction = new CloudPanelTransaction();
try
{
// Insert into database
database = new CPDatabase();
// Make sure the user doesn't already exist
var foundUser = (from u in database.Users
where u.UserPrincipalName == newUser.UserPrincipalName
select u).FirstOrDefault();
if (foundUser != null)
ThrowEvent(AlertID.FAILED, "User already exists " + newUser.UserPrincipalName);
else
{
// Get the company's OU where we need to save the user
var companyDistinguishedName = (from c in database.Companies
where !c.IsReseller
where c.CompanyCode == newUser.CompanyCode
select c.DistinguishedName).First();
// Check if they are using a custom user's OU
if (!string.IsNullOrEmpty(StaticSettings.UsersOU))
companyDistinguishedName = string.Format("OU={0},{1}", StaticSettings.UsersOU, companyDistinguishedName);
ldapUser = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
UsersObject createdUser = ldapUser.NewUser(newUser, companyDistinguishedName, StaticSettings.AllowCustomNameAttribute);
newUserTransaction.NewUser(createdUser.UserPrincipalName);
// Add the users to the groups
ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapGroup.AddMember("AllUsers@" + newUser.CompanyCode, createdUser.UserPrincipalName, "upn");
if (newUser.IsCompanyAdmin)
ldapGroup.AddMember("Admins@" + newUser.CompanyCode, createdUser.UserPrincipalName, "upn");
// Insert into database
User sqlUser = new User();
sqlUser.UserGuid = createdUser.UserGuid;
sqlUser.CompanyCode = createdUser.CompanyCode;
sqlUser.sAMAccountName = createdUser.sAMAccountName;
sqlUser.UserPrincipalName = createdUser.UserPrincipalName;
sqlUser.DistinguishedName = createdUser.DistinguishedName;
sqlUser.DisplayName = createdUser.DisplayName;
sqlUser.Firstname = createdUser.Firstname;
sqlUser.Middlename = createdUser.Middlename;
sqlUser.Lastname = createdUser.Lastname;
sqlUser.Email = string.Empty;
sqlUser.Department = createdUser.Department;
sqlUser.IsResellerAdmin = createdUser.IsResellerAdmin;
sqlUser.IsCompanyAdmin = createdUser.IsCompanyAdmin;
sqlUser.MailboxPlan = 0;
sqlUser.TSPlan = 0;
sqlUser.LyncPlan = 0;
sqlUser.Created = DateTime.Now;
sqlUser.AdditionalMB = 0;
sqlUser.ActiveSyncPlan = 0;
database.Users.Add(sqlUser);
// Insert permissions into database
if (createdUser.IsCompanyAdmin)
{
UserPermission newPermissions = new UserPermission();
newPermissions.UserID = sqlUser.ID;
newPermissions.EnableExchange = createdUser.EnableExchangePerm;
newPermissions.DisableExchange = createdUser.DisableExchangePerm;
newPermissions.AddDomain = createdUser.AddDomainPerm;
newPermissions.DeleteDomain = createdUser.DeleteDomainPerm;
newPermissions.EnableAcceptedDomain = createdUser.EnableAcceptedDomainPerm;
newPermissions.DisableAcceptedDomain = createdUser.DisableAcceptedDomainPerm;
database.UserPermissions.Add(newPermissions);
}
database.SaveChanges();
}
}
catch (Exception ex)
{
ThrowEvent(AlertID.FAILED, ex.Message);
// Rollback on error
newUserTransaction.RollBack();
}
finally
{
if (ldapUser != null)
ldapUser.Dispose();
if (ldapGroup != null)
ldapGroup.Dispose();
if (database != null)
database.Dispose();
}
}
public UsersObject Authenticate(string username, string password, string ipAddress, bool isLocalRequest)
{
ADUser ldap = null;
CPDatabase database = null;
try
{
// Check if IP address is blocked from brute force
if (IsBlockedFromBruteForce(ipAddress) && !isLocalRequest)
{
ThrowEvent(AlertID.FAILED, "Your IP has been blocked");
return null;
}
else
{
database = new CPDatabase();
// Find the user in SQL first
var user = (from d in database.Users
where d.UserPrincipalName == username
select d).FirstOrDefault();
ldap = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
// Authenticate the user
UsersObject userObject = ldap.Authenticate(username, password);
if (userObject == null)
{
// Audit the login
AuditLogin(username, ipAddress, false);
ThrowEvent(AlertID.FAILED, username + " failed to login.");
return null;
}
else
{
// Audit the login
AuditLogin(username, ipAddress, true);
// Now check the groups
string[] cpGroups = StaticSettings.SuperAdmins.ToLower().Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
// User could be null if it is a domain admin which won't be in the database.
if (user != null)
{
userObject.CompanyCode = user.CompanyCode;
userObject.ResellerCode = GetResellerCode(user.CompanyCode);
if (user.IsCompanyAdmin != null && (bool)user.IsCompanyAdmin)
{
userObject.IsCompanyAdmin = true;
}
if (user.IsResellerAdmin != null && (bool)user.IsResellerAdmin)
{
userObject.IsResellerAdmin = true;
}
}
// Now check if they are a super admin
foreach (string g in cpGroups)
{
var isFound = userObject.Groups.Where(a => a.ToLower().StartsWith("cn=" + g)).Count();
if (isFound > 0)
{
userObject.IsSuperAdmin = true;
break;
}
}
return userObject;
}
}
}
catch (Exception ex)
{
this.logger.Error("Error logging in user " + username, ex);
ThrowEvent(AlertID.FAILED, ex.Message);
return null;
}
finally
{
if (database != null)
database.Dispose();
if (ldap != null)
ldap.Dispose();
}
}
public void UpdateUser(UsersObject updateUser, bool isSuperOrResellerAdmin)
{
CPDatabase database = null;
ADGroup ldapGroup = null;
ADUser ldapUser = null;
try
{
database = new CPDatabase();
// Get the user from the database
var foundUser = (from u in database.Users
where u.UserPrincipalName == updateUser.UserPrincipalName
select u).FirstOrDefault();
if (foundUser == null)
ThrowEvent(AlertID.FAILED, "Unknown user " + updateUser.UserPrincipalName);
else
{
this.logger.Debug("Found user " + foundUser.UserPrincipalName + " in the database. Continuing...");
// Update the user values
foundUser.Firstname = updateUser.Firstname;
foundUser.Middlename = updateUser.Middlename;
foundUser.Lastname = updateUser.Lastname;
foundUser.DisplayName = updateUser.DisplayName;
foundUser.Department = updateUser.Department;
// Update user in Active Directory
ldapUser = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapUser.UpdateUser(updateUser, StaticSettings.AllowCustomNameAttribute);
// Only update these values if super admin or reseller admin is modifying the user
if (isSuperOrResellerAdmin)
{
this.logger.Debug("Super admin or reseller is updating user so we can check comapny admin permissions and reseller permissions");
foundUser.IsCompanyAdmin = updateUser.IsCompanyAdmin;
foundUser.IsResellerAdmin = updateUser.IsResellerAdmin;
// Get permissions from database
var userPermissions = (from p in database.UserPermissions
where p.UserID == foundUser.ID
select p).FirstOrDefault();
// If the user is no longer a company admin then remove permissions from the database
if (userPermissions != null && !updateUser.IsCompanyAdmin)
{
this.logger.Debug("User " + updateUser.UserPrincipalName + " is no longer a comapny admin. Need to remove rights from database and security group");
database.UserPermissions.Remove(userPermissions);
// Remove from Admins@ security group
ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapGroup.RemoveMember("Admins@" + updateUser.CompanyCode, updateUser.UserPrincipalName, "upn");
}
else if (userPermissions != null && updateUser.IsCompanyAdmin)
{
this.logger.Debug("User " + updateUser.UserPrincipalName + " is a company admin. Need to update company admin rights in database.");
// If user permissions was found and the user is company admin then update the values
userPermissions.EnableExchange = updateUser.EnableExchangePerm;
userPermissions.DisableExchange = updateUser.DisableExchangePerm;
userPermissions.AddDomain = updateUser.AddDomainPerm;
userPermissions.DeleteDomain = updateUser.DeleteDomainPerm;
userPermissions.EnableAcceptedDomain = updateUser.EnableAcceptedDomainPerm;
userPermissions.DisableAcceptedDomain = updateUser.DisableAcceptedDomainPerm;
}
else if (userPermissions == null && updateUser.IsCompanyAdmin)
{
this.logger.Debug("User " + updateUser.UserPrincipalName + " does not have any existing company admin rights. We need to add them to the database.");
// No existing permissions were found and we need to add to database
userPermissions = new UserPermission();
userPermissions.UserID = foundUser.ID;
userPermissions.EnableExchange = updateUser.EnableExchangePerm;
userPermissions.DisableExchange = updateUser.DisableExchangePerm;
userPermissions.AddDomain = updateUser.AddDomainPerm;
userPermissions.DeleteDomain = updateUser.DeleteDomainPerm;
userPermissions.EnableAcceptedDomain = updateUser.EnableAcceptedDomainPerm;
userPermissions.DisableAcceptedDomain = updateUser.DisableAcceptedDomainPerm;
database.UserPermissions.Add(userPermissions);
// Add to Admins@ security group
ldapGroup = new ADGroup(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapGroup.AddMember("Admins@" + updateUser.CompanyCode, updateUser.UserPrincipalName, "upn");
}
}
else
this.logger.Debug("User making changes to " + updateUser.UserPrincipalName + " is not a super admin or reseller admin. We cannot update company admin or reseller admin permissions unless the user making changes is a super or reseller admin.");
// Update database
database.SaveChanges();
}
}
catch (Exception ex)
{
this.logger.Debug("Error updating user " + updateUser.UserPrincipalName, ex);
ThrowEvent(AlertID.FAILED, ex.Message);
}
finally
{
if (ldapUser != null)
ldapUser.Dispose();
if (ldapGroup != null)
ldapGroup.Dispose();
if (database != null)
database.Dispose();
}
}
public void ResetPassword(string userPrincipalName, string newPassword, string companyCode)
{
ADUser user = null;
CPDatabase database = null;
try
{
database = new CPDatabase();
var sqlUser = (from u in database.Users
where u.UserPrincipalName == userPrincipalName
select u).First();
if (sqlUser.CompanyCode.Equals(companyCode, StringComparison.CurrentCultureIgnoreCase))
{
user = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
user.ResetPassword(userPrincipalName, newPassword);
}
}
catch (Exception ex)
{
this.logger.Error("Error resetting password for " + userPrincipalName, ex);
ThrowEvent(AlertID.FAILED, ex.Message);
}
finally
{
if (user != null)
user.Dispose();
}
}
public byte[] GetPhoto(string userPrincipalName)
{
ADUser user = null;
try
{
user = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
byte[] data = user.GetPhoto(userPrincipalName);
return data;
}
catch (Exception ex)
{
return null;
}
finally
{
if (user != null)
user.Dispose();
}
}
public void DeleteUser(string userPrincipalName)
{
CPDatabase database = null;
ADUser ldapUser = null;
try
{
ldapUser = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
ldapUser.DeleteUser(userPrincipalName);
// Delete from database
database = new CPDatabase();
database.DeleteUser(userPrincipalName);
}
catch (Exception ex)
{
ThrowEvent(AlertID.FAILED, ex.Message);
}
finally
{
if (ldapUser != null)
ldapUser.Dispose();
if (database != null)
database.Dispose();
}
}
private void Delete_UserFromAD(string userPrincipalName)
{
ADUser user = null;
try
{
user = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
user.DeleteUser(userPrincipalName);
}
catch (Exception ex)
{
this.logger.Error("Failed to roll back action... Deleting user from Active Directory " + userPrincipalName, ex);
}
finally
{
if (user != null)
user.Dispose();
}
}