/// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            DTO.CcnUsername = SamAccountName;
            Account_ADO accountAdo = new Account_ADO();

            Account_DTO_Read dtoRead = new Account_DTO_Read();

            dtoRead.CcnUsername = SamAccountName;

            var readUser = accountAdo.Read(Ado, dtoRead);

            if (readUser.hasData)
            {
                DTO.PrvCode = accountAdo.ReadAccounts(readUser)[0].PrvCode;
                int nUpdated = accountAdo.Update(Ado, DTO, SamAccountName);

                if (nUpdated == 0)
                {
                    Log.Instance.Debug("Failed to update Account");
                    Response.error = Label.Get("error.update");
                    return(false);
                }
            }
            Response.data = JSONRPC.success;
            return(true);
        }
예제 #2
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            //Validation of parameters and user have been successful. We may now proceed to read from the database
            var adoAccount = new Account_ADO();

            //Accounts are returned as an ADO result
            if (DTO.CcnUsername == null)
            {
                DTO.CcnUsername = SamAccountName;
            }
            ADO_readerOutput result = adoAccount.Read(Ado, DTO);

            //Merge the data with Active Directory data
            if (result.hasData)
            {
                ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
                adAdo.MergeAdToUsers(ref result);

                if (!string.IsNullOrEmpty(DTO.CcnUsername))
                {
                    adAdo.MergeGroupsToUsers(Ado, ref result);
                }

                Response.data = result.data;
                return(true);
            }

            Log.Instance.Debug("No Account data found");
            return(false);
        }
예제 #3
0
        protected override bool Execute()
        {
            if (!ReCAPTCHA.Validate(DTO.Captcha))
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }

            ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
            ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);

            dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);

            if (adUser?.CcnEmail != null)
            {
                DTO.CcnEmail       = adUser.CcnEmail;
                DTO.CcnDisplayname = adUser.CcnDisplayName;
                DTO.CcnUsername    = adUser.CcnUsername;
            }
            else
            {
                Account_ADO aAdo = new Account_ADO();
                var         user = aAdo.Read(Ado, new Account_DTO_Read()
                {
                    CcnUsername = DTO.CcnEmail
                });
                if (!user.hasData)
                {
                    Response.data = JSONRPC.success;
                    return(true);
                }

                if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
                {
                    Response.data = JSONRPC.success;
                    return(true);
                }

                DTO.CcnDisplayname = user.data[0].CcnDisplayName;
                DTO.CcnEmail       = user.data[0].CcnEmail;
                DTO.CcnUsername    = DTO.CcnEmail;
            }
            Login_BSO        lBso   = new Login_BSO(Ado);
            ADO_readerOutput output = lBso.ReadByToken2Fa(DTO.LgnToken2Fa, DTO.CcnUsername);

            if (!output.hasData)
            {
                return(false);
            }
            //create a 2fa, save it to the database, unlock the account and send the 2fa back to the client to be displayed as a QRCode

            string token = lBso.Update2FA(new Login_DTO_Create2FA()
            {
                LgnToken2Fa = DTO.LgnToken2Fa, CcnUsername = DTO.CcnUsername
            });

            Response.data = token;
            return(true);
        }
예제 #4
0
        /// <summary>
        /// Checks if the user is registered on the system
        /// </summary>
        /// <param name="ado"></param>
        /// <param name="ccnUsername"></param>
        /// <returns></returns>


        internal bool IsRegistered(ADO ado, string ccnUsername)
        {
            Account_ADO      accountAdo = new Account_ADO();
            Account_DTO_Read dto        = new Account_DTO_Read();

            dto.CcnUsername = ccnUsername;
            ADO_readerOutput output = accountAdo.Read(ado, dto);

            return(output.hasData);
        }
예제 #5
0
        protected override bool Execute()
        {
            if (!ReCAPTCHA.Validate(DTO.Captcha))
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }
            Login_BSO   lBso = new Login_BSO(Ado);
            Account_ADO aAdo = new Account_ADO();


            ADO_readerOutput responseUser = aAdo.Read(Ado, DTO.CcnEmail);

            //If this is an AD user using their email as an identifier then we must get their details from AD
            if (!responseUser.hasData)
            {
                ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();

                var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);


                if (adResult == null)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }
                //Check if AD local access is allowed
                if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess") && adResult != null)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }

                DTO.CcnUsername = adResult.CcnUsername;
            }
            else
            {
                DTO.CcnUsername = responseUser.data[0].CcnUsername;
            }


            var response = lBso.Update2FA(DTO);

            if (response != null)
            {
                Response.data = response;

                return(true);
            }
            Response.error = Label.Get("error.authentication");
            return(false);
        }
예제 #6
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            //Validation of parameters and user have been successful. We may now proceed to read from the database
            var adoGroupAccount = new GroupAccount_ADO();

            //Power users or Administrators may not be group members
            if (IsPowerUser(DTO.CcnUsername) || IsAdministrator(DTO.CcnUsername))
            {
                Log.Instance.Debug("Power users or Administrators may not be group members");
                Response.error = Label.Get("error.create");
                return(false);
            }



            //Check if the user exists

            var adoAccount = new Account_ADO();
            var account    = adoAccount.Read(Ado, DTO.CcnUsername);

            if (!account.hasData)
            {
                Log.Instance.Debug("User does not exist");
                Response.error = Label.Get("error.create");
                return(false);
            }


            //First we must check if the GroupAccount exists already (we can't have duplicates)
            if (adoGroupAccount.Exists(Ado, DTO.CcnUsername, DTO.GrpCode))
            {
                //This GroupAccount exists already, we can't proceed
                Log.Instance.Debug("GroupAccount exists already - create request refused");
                Response.error = Label.Get("error.duplicate");
                return(false);
            }

            //Create the GroupAccount - and retrieve the newly created Id
            int newId = adoGroupAccount.Create(Ado, DTO, SamAccountName);

            if (newId == 0)
            {
                Log.Instance.Debug("Can't create Group Account");
                Response.error = Label.Get("error.create");
                return(false);
            }

            Response.data = JSONRPC.success;
            return(true);
        }
예제 #7
0
        protected override bool Execute()
        {
            Login_BSO lBso = new Login_BSO(Ado);

            Account_ADO aAdo = new Account_ADO();

            ADO_readerOutput response = aAdo.Read(Ado, DTO.CcnEmail);



            if (!response.hasData)
            {
                ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
                //adAdo.MergeAdToUsers(ref result);

                var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);


                ////Email address not in the login table, try to get the username from the email address via AD
                //PrincipalContext context = new PrincipalContext(ContextType.Domain);
                //user = UserPrincipal.FindByIdentity(context, DTO.CcnEmail).Name;

                if (adResult == null)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }


                DTO.CcnUsername = adResult.CcnUsername;
            }
            else
            {
                DTO.CcnUsername = response.data[0].CcnUsername;
            }

            Login_ADO lAdo = new Login_ADO(Ado);

            if (lAdo.ReadOpen2Fa(DTO.CcnUsername))
            {
                Response.data = JSONRPC.success;
                return(true);
            }
            return(false);
        }
예제 #8
0
        internal ADO_readerOutput ReadCurrentAccess(ADO Ado, string ccnUsername)
        {
            //Validation of parameters and user have been successful. We may now proceed to read from the database
            var adoAccount = new Account_ADO();

            ADO_readerOutput result = adoAccount.Read(Ado, ccnUsername);

            if (result.hasData)
            {
                // Set the cache based on the data returned
                MemCacheD.Store_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", ccnUsername, result.data, new DateTime());

                return(result);
            }

            Log.Instance.Debug("No Account data found");
            return(result);
        }
예제 #9
0
        internal bool IsModerator(ADO ado, string ccnUsername)
        {
            Account_ADO      accountAdo = new Account_ADO();
            Account_DTO_Read dto        = new Account_DTO_Read();

            dto.CcnUsername = ccnUsername;
            ADO_readerOutput output = accountAdo.Read(ado, dto);


            if (!output.hasData)
            {
                return(false);
            }
            else
            {
                dynamic account = output.data.First();
                return(account.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_MODERATOR));
            }
        }
예제 #10
0
        protected override bool Execute()
        {
            ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();

            ActiveDirectory_DTO adDto = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);

            if (adDto?.CcnUsername != null)
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }

            Login_BSO lBso = new Login_BSO(Ado);

            Account_ADO aado = new Account_ADO();
            var         user = aado.Read(Ado, DTO.CcnEmail);

            if (!user.hasData)
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }
            string token = Utility.GetRandomSHA256(user.data[0].CcnId.ToString());

            if (lBso.Update1FaTokenForUser(user.data[0].CcnUsername, token) != null)
            {
                SendEmail(new Login_DTO_Create()
                {
                    CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
                }, token, "PxStat.Security.Login_API.Update1FA");
                Response.data = JSONRPC.success;
                return(true);
            }

            Response.error = Label.Get("error.authentication");
            return(false);
        }
예제 #11
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            Stopwatch sw = new Stopwatch();

            sw.Start();

            if (!ReCAPTCHA.Validate(DTO.Captcha))
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }
            ActiveDirectory_ADO adAdo  = new ActiveDirectory_ADO();
            dynamic             adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);

            //Check if local access is available for AD users
            if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess") && adUser != null)
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }

            DTO.CcnUsername = DTO.CcnEmail;
            Login_BSO lBso = new Login_BSO(Ado);

            Account_ADO aAdo = new Account_ADO();

            ADO_readerOutput response = aAdo.Read(Ado, DTO.CcnEmail);

            string user;

            if (!response.hasData)
            {
                //Email address not in the login table, try to get the username from the email address via AD


                var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
                Log.Instance.Debug("AD user found from email - time ms: " + sw.ElapsedMilliseconds);

                if (adResult == null)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }

                user = adResult.CcnUsername;

                //Now get the user details from the table

                response = aAdo.Read(Ado, user);
                if (!response.hasData)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }

                if (response.data[0].CcnLockedFlag)
                {
                    Response.error = Label.Get("error.account.locked");
                    return(false);
                }
            }
            else
            {
                user = response.data[0].CcnUsername;
            }


            if (response.data[0].Lgn2Fa.Equals(DBNull.Value))
            {
                Response.error = Label.Get("error.authentication");

                return(false);
            }

            if (response.data[0].CcnLockedFlag)
            {
                Response.error = Label.Get("error.authentication");

                return(false);
            }

            int    ccnId    = response.data[0].CcnId;
            string login2Fa = response.data[0].Lgn2Fa;

            if (!API.TwoFA.Validate2fa(DTO.Totp, login2Fa))
            {
                Response.error = Label.Get("error.authentication");

                return(false);
            }

            response = lBso.Validate1Fa(DTO.Lgn1Fa, user);

            if (!response.hasData)
            {
                //No validation available via the Login table, try Active Directory
                long lValidatePassword = sw.ElapsedMilliseconds;
                if (!ActiveDirectory.IsPasswordValid(user, DTO.Lgn1Fa))
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }
                Log.Instance.Debug("Elaspsed time ValidatePassword: "******"AD validation time ms: " + sw.ElapsedMilliseconds);
                //Get the remaining details from the database
                response = aAdo.Read(Ado, user);

                if (!response.hasData)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }
            }
            //If we have found an account, credentials are ok, but the account is locked, then we return an account locked error
            //could be AD too
            //IsUserAuthenticated needs to check if the user is locked too


            if (response.data[0].CcnLockedFlag)
            {
                Response.error = Label.Get("error.account.locked");
                return(false);
            }


            string sessionToken = Utility.GetRandomSHA256(ccnId.ToString());

            DateTime expiry = DateTime.Now.AddSeconds(Configuration_BSO.GetCustomConfig(ConfigType.global, "session.length"));

            if (!lBso.CreateSession(sessionToken, expiry, user))
            {
                Response.error = Label.Get("error.create");
                return(false);
            }

            Response.sessionCookie = new HttpCookie(API.Common.SessionCookieName)
            {
                Value = sessionToken
            };

            Response.data = API.JSONRPC.success;
            long l = sw.ElapsedMilliseconds;

            return(true);
        }
예제 #12
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            bool success = false;

            ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
            ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);

            dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);

            if (adUser?.CcnEmail != null)
            {
                //Check if local access is available for AD users
                if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess"))
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }
                DTO.CcnEmail       = adUser.CcnEmail;
                DTO.CcnDisplayname = adUser.CcnDisplayName;
                DTO.CcnUsername    = adUser.CcnUsername;
            }
            else
            {
                Account_ADO aAdo = new Account_ADO();
                var         user = aAdo.Read(Ado, new Account_DTO_Read()
                {
                    CcnUsername = DTO.CcnEmail
                });
                if (!user.hasData)
                {
                    Response.data = JSONRPC.success;
                    return(success);
                }

                if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
                {
                    Response.data = JSONRPC.success;
                    return(true);
                }

                DTO.CcnDisplayname = user.data[0].CcnDisplayName;
                DTO.CcnEmail       = user.data[0].CcnEmail;
                DTO.CcnUsername    = DTO.CcnEmail;
            }


            Login_BSO lBso = new Login_BSO(Ado);

            string token = Utility.GetRandomSHA256(DTO.CcnUsername);

            lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, token);

            if (token != null)
            {
                SendEmail(new Login_DTO_Create()
                {
                    CcnUsername = DTO.CcnUsername, CcnEmail = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnDisplayname = DTO.CcnDisplayname
                }, token, "PxStat.Security.Login_API.Update2FA");
                Response.data = JSONRPC.success;
                success       = true;
            }

            Response.data = JSONRPC.success;
            return(success);
        }
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            if (!ReCAPTCHA.Validate(DTO.Captcha))
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }

            if (DTO.CcnUsername == null)
            {
                DTO.CcnUsername = DTO.CcnEmail;
            }

            //Not allowed for AD users
            ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
            ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);



            if (adDto.CcnDisplayName != null)
            {
                Response.data = JSONRPC.success;
                return(true);
            }

            Account_ADO ccnAdo = new Account_ADO();
            var         user   = ccnAdo.Read(Ado, new Account_DTO_Read()
            {
                CcnUsername = DTO.CcnEmail
            });

            if (!user.hasData)
            {
                Response.data = JSONRPC.success;
                return(true);
            }
            if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
            {
                Response.data = JSONRPC.success;
                return(true);
            }

            DTO.CcnEmail = user.data[0].CcnEmail;

            Login_BSO lBso = new Login_BSO(Ado);

            string loginToken = Utility.GetRandomSHA256(user.data[0].CcnId.ToString());

            Login_DTO_Create ldto = new Login_DTO_Create()
            {
                CcnUsername = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
            };

            if (lBso.Update1FaTokenForUser(DTO.CcnEmail, loginToken) != null)
            {
                SendEmail(new Login_DTO_Create()
                {
                    CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
                }, loginToken, "PxStat.Security.Login_API.Update1FA");

                Response.data = JSONRPC.success;
                return(true);
            }
            else
            {
                Response.error = Label.Get("error.create");
                return(false);
            }
        }