/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { DTO.CcnUsername = SamAccountName; Account_ADO accountAdo = new Account_ADO(); Account_DTO_Read dtoRead = new Account_DTO_Read(); dtoRead.CcnUsername = SamAccountName; var readUser = accountAdo.Read(Ado, dtoRead); if (readUser.hasData) { DTO.PrvCode = accountAdo.ReadAccounts(readUser)[0].PrvCode; int nUpdated = accountAdo.Update(Ado, DTO, SamAccountName); if (nUpdated == 0) { Log.Instance.Debug("Failed to update Account"); Response.error = Label.Get("error.update"); return(false); } } Response.data = JSONRPC.success; return(true); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { //Validation of parameters and user have been successful. We may now proceed to read from the database var adoAccount = new Account_ADO(); //Accounts are returned as an ADO result if (DTO.CcnUsername == null) { DTO.CcnUsername = SamAccountName; } ADO_readerOutput result = adoAccount.Read(Ado, DTO); //Merge the data with Active Directory data if (result.hasData) { ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); adAdo.MergeAdToUsers(ref result); if (!string.IsNullOrEmpty(DTO.CcnUsername)) { adAdo.MergeGroupsToUsers(Ado, ref result); } Response.data = result.data; return(true); } Log.Instance.Debug("No Account data found"); return(false); }
protected override bool Execute() { if (!ReCAPTCHA.Validate(DTO.Captcha)) { Response.error = Label.Get("error.authentication"); return(false); } ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail); if (adUser?.CcnEmail != null) { DTO.CcnEmail = adUser.CcnEmail; DTO.CcnDisplayname = adUser.CcnDisplayName; DTO.CcnUsername = adUser.CcnUsername; } else { Account_ADO aAdo = new Account_ADO(); var user = aAdo.Read(Ado, new Account_DTO_Read() { CcnUsername = DTO.CcnEmail }); if (!user.hasData) { Response.data = JSONRPC.success; return(true); } if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value)) { Response.data = JSONRPC.success; return(true); } DTO.CcnDisplayname = user.data[0].CcnDisplayName; DTO.CcnEmail = user.data[0].CcnEmail; DTO.CcnUsername = DTO.CcnEmail; } Login_BSO lBso = new Login_BSO(Ado); ADO_readerOutput output = lBso.ReadByToken2Fa(DTO.LgnToken2Fa, DTO.CcnUsername); if (!output.hasData) { return(false); } //create a 2fa, save it to the database, unlock the account and send the 2fa back to the client to be displayed as a QRCode string token = lBso.Update2FA(new Login_DTO_Create2FA() { LgnToken2Fa = DTO.LgnToken2Fa, CcnUsername = DTO.CcnUsername }); Response.data = token; return(true); }
/// <summary> /// Checks if the user is registered on the system /// </summary> /// <param name="ado"></param> /// <param name="ccnUsername"></param> /// <returns></returns> internal bool IsRegistered(ADO ado, string ccnUsername) { Account_ADO accountAdo = new Account_ADO(); Account_DTO_Read dto = new Account_DTO_Read(); dto.CcnUsername = ccnUsername; ADO_readerOutput output = accountAdo.Read(ado, dto); return(output.hasData); }
protected override bool Execute() { if (!ReCAPTCHA.Validate(DTO.Captcha)) { Response.error = Label.Get("error.authentication"); return(false); } Login_BSO lBso = new Login_BSO(Ado); Account_ADO aAdo = new Account_ADO(); ADO_readerOutput responseUser = aAdo.Read(Ado, DTO.CcnEmail); //If this is an AD user using their email as an identifier then we must get their details from AD if (!responseUser.hasData) { ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail); if (adResult == null) { Response.error = Label.Get("error.authentication"); return(false); } //Check if AD local access is allowed if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess") && adResult != null) { Response.error = Label.Get("error.authentication"); return(false); } DTO.CcnUsername = adResult.CcnUsername; } else { DTO.CcnUsername = responseUser.data[0].CcnUsername; } var response = lBso.Update2FA(DTO); if (response != null) { Response.data = response; return(true); } Response.error = Label.Get("error.authentication"); return(false); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { //Validation of parameters and user have been successful. We may now proceed to read from the database var adoGroupAccount = new GroupAccount_ADO(); //Power users or Administrators may not be group members if (IsPowerUser(DTO.CcnUsername) || IsAdministrator(DTO.CcnUsername)) { Log.Instance.Debug("Power users or Administrators may not be group members"); Response.error = Label.Get("error.create"); return(false); } //Check if the user exists var adoAccount = new Account_ADO(); var account = adoAccount.Read(Ado, DTO.CcnUsername); if (!account.hasData) { Log.Instance.Debug("User does not exist"); Response.error = Label.Get("error.create"); return(false); } //First we must check if the GroupAccount exists already (we can't have duplicates) if (adoGroupAccount.Exists(Ado, DTO.CcnUsername, DTO.GrpCode)) { //This GroupAccount exists already, we can't proceed Log.Instance.Debug("GroupAccount exists already - create request refused"); Response.error = Label.Get("error.duplicate"); return(false); } //Create the GroupAccount - and retrieve the newly created Id int newId = adoGroupAccount.Create(Ado, DTO, SamAccountName); if (newId == 0) { Log.Instance.Debug("Can't create Group Account"); Response.error = Label.Get("error.create"); return(false); } Response.data = JSONRPC.success; return(true); }
protected override bool Execute() { Login_BSO lBso = new Login_BSO(Ado); Account_ADO aAdo = new Account_ADO(); ADO_readerOutput response = aAdo.Read(Ado, DTO.CcnEmail); if (!response.hasData) { ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); //adAdo.MergeAdToUsers(ref result); var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail); ////Email address not in the login table, try to get the username from the email address via AD //PrincipalContext context = new PrincipalContext(ContextType.Domain); //user = UserPrincipal.FindByIdentity(context, DTO.CcnEmail).Name; if (adResult == null) { Response.error = Label.Get("error.authentication"); return(false); } DTO.CcnUsername = adResult.CcnUsername; } else { DTO.CcnUsername = response.data[0].CcnUsername; } Login_ADO lAdo = new Login_ADO(Ado); if (lAdo.ReadOpen2Fa(DTO.CcnUsername)) { Response.data = JSONRPC.success; return(true); } return(false); }
internal ADO_readerOutput ReadCurrentAccess(ADO Ado, string ccnUsername) { //Validation of parameters and user have been successful. We may now proceed to read from the database var adoAccount = new Account_ADO(); ADO_readerOutput result = adoAccount.Read(Ado, ccnUsername); if (result.hasData) { // Set the cache based on the data returned MemCacheD.Store_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", ccnUsername, result.data, new DateTime()); return(result); } Log.Instance.Debug("No Account data found"); return(result); }
internal bool IsModerator(ADO ado, string ccnUsername) { Account_ADO accountAdo = new Account_ADO(); Account_DTO_Read dto = new Account_DTO_Read(); dto.CcnUsername = ccnUsername; ADO_readerOutput output = accountAdo.Read(ado, dto); if (!output.hasData) { return(false); } else { dynamic account = output.data.First(); return(account.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_MODERATOR)); } }
protected override bool Execute() { ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail); if (adDto?.CcnUsername != null) { Response.error = Label.Get("error.authentication"); return(false); } Login_BSO lBso = new Login_BSO(Ado); Account_ADO aado = new Account_ADO(); var user = aado.Read(Ado, DTO.CcnEmail); if (!user.hasData) { Response.error = Label.Get("error.authentication"); return(false); } string token = Utility.GetRandomSHA256(user.data[0].CcnId.ToString()); if (lBso.Update1FaTokenForUser(user.data[0].CcnUsername, token) != null) { SendEmail(new Login_DTO_Create() { CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName }, token, "PxStat.Security.Login_API.Update1FA"); Response.data = JSONRPC.success; return(true); } Response.error = Label.Get("error.authentication"); return(false); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { Stopwatch sw = new Stopwatch(); sw.Start(); if (!ReCAPTCHA.Validate(DTO.Captcha)) { Response.error = Label.Get("error.authentication"); return(false); } ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail); //Check if local access is available for AD users if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess") && adUser != null) { Response.error = Label.Get("error.authentication"); return(false); } DTO.CcnUsername = DTO.CcnEmail; Login_BSO lBso = new Login_BSO(Ado); Account_ADO aAdo = new Account_ADO(); ADO_readerOutput response = aAdo.Read(Ado, DTO.CcnEmail); string user; if (!response.hasData) { //Email address not in the login table, try to get the username from the email address via AD var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail); Log.Instance.Debug("AD user found from email - time ms: " + sw.ElapsedMilliseconds); if (adResult == null) { Response.error = Label.Get("error.authentication"); return(false); } user = adResult.CcnUsername; //Now get the user details from the table response = aAdo.Read(Ado, user); if (!response.hasData) { Response.error = Label.Get("error.authentication"); return(false); } if (response.data[0].CcnLockedFlag) { Response.error = Label.Get("error.account.locked"); return(false); } } else { user = response.data[0].CcnUsername; } if (response.data[0].Lgn2Fa.Equals(DBNull.Value)) { Response.error = Label.Get("error.authentication"); return(false); } if (response.data[0].CcnLockedFlag) { Response.error = Label.Get("error.authentication"); return(false); } int ccnId = response.data[0].CcnId; string login2Fa = response.data[0].Lgn2Fa; if (!API.TwoFA.Validate2fa(DTO.Totp, login2Fa)) { Response.error = Label.Get("error.authentication"); return(false); } response = lBso.Validate1Fa(DTO.Lgn1Fa, user); if (!response.hasData) { //No validation available via the Login table, try Active Directory long lValidatePassword = sw.ElapsedMilliseconds; if (!ActiveDirectory.IsPasswordValid(user, DTO.Lgn1Fa)) { Response.error = Label.Get("error.authentication"); return(false); } Log.Instance.Debug("Elaspsed time ValidatePassword: "******"AD validation time ms: " + sw.ElapsedMilliseconds); //Get the remaining details from the database response = aAdo.Read(Ado, user); if (!response.hasData) { Response.error = Label.Get("error.authentication"); return(false); } } //If we have found an account, credentials are ok, but the account is locked, then we return an account locked error //could be AD too //IsUserAuthenticated needs to check if the user is locked too if (response.data[0].CcnLockedFlag) { Response.error = Label.Get("error.account.locked"); return(false); } string sessionToken = Utility.GetRandomSHA256(ccnId.ToString()); DateTime expiry = DateTime.Now.AddSeconds(Configuration_BSO.GetCustomConfig(ConfigType.global, "session.length")); if (!lBso.CreateSession(sessionToken, expiry, user)) { Response.error = Label.Get("error.create"); return(false); } Response.sessionCookie = new HttpCookie(API.Common.SessionCookieName) { Value = sessionToken }; Response.data = API.JSONRPC.success; long l = sw.ElapsedMilliseconds; return(true); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { bool success = false; ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail); if (adUser?.CcnEmail != null) { //Check if local access is available for AD users if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess")) { Response.error = Label.Get("error.authentication"); return(false); } DTO.CcnEmail = adUser.CcnEmail; DTO.CcnDisplayname = adUser.CcnDisplayName; DTO.CcnUsername = adUser.CcnUsername; } else { Account_ADO aAdo = new Account_ADO(); var user = aAdo.Read(Ado, new Account_DTO_Read() { CcnUsername = DTO.CcnEmail }); if (!user.hasData) { Response.data = JSONRPC.success; return(success); } if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value)) { Response.data = JSONRPC.success; return(true); } DTO.CcnDisplayname = user.data[0].CcnDisplayName; DTO.CcnEmail = user.data[0].CcnEmail; DTO.CcnUsername = DTO.CcnEmail; } Login_BSO lBso = new Login_BSO(Ado); string token = Utility.GetRandomSHA256(DTO.CcnUsername); lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, token); if (token != null) { SendEmail(new Login_DTO_Create() { CcnUsername = DTO.CcnUsername, CcnEmail = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnDisplayname = DTO.CcnDisplayname }, token, "PxStat.Security.Login_API.Update2FA"); Response.data = JSONRPC.success; success = true; } Response.data = JSONRPC.success; return(success); }
/// <summary> /// Execute /// </summary> /// <returns></returns> protected override bool Execute() { if (!ReCAPTCHA.Validate(DTO.Captcha)) { Response.error = Label.Get("error.authentication"); return(false); } if (DTO.CcnUsername == null) { DTO.CcnUsername = DTO.CcnEmail; } //Not allowed for AD users ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO(); ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO); if (adDto.CcnDisplayName != null) { Response.data = JSONRPC.success; return(true); } Account_ADO ccnAdo = new Account_ADO(); var user = ccnAdo.Read(Ado, new Account_DTO_Read() { CcnUsername = DTO.CcnEmail }); if (!user.hasData) { Response.data = JSONRPC.success; return(true); } if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value)) { Response.data = JSONRPC.success; return(true); } DTO.CcnEmail = user.data[0].CcnEmail; Login_BSO lBso = new Login_BSO(Ado); string loginToken = Utility.GetRandomSHA256(user.data[0].CcnId.ToString()); Login_DTO_Create ldto = new Login_DTO_Create() { CcnUsername = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName }; if (lBso.Update1FaTokenForUser(DTO.CcnEmail, loginToken) != null) { SendEmail(new Login_DTO_Create() { CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName }, loginToken, "PxStat.Security.Login_API.Update1FA"); Response.data = JSONRPC.success; return(true); } else { Response.error = Label.Get("error.create"); return(false); } }