예제 #1
0
        /// <summary>
        /// Asynchronously send an email code to <paramref name="emailAddress"/> of the user
        /// indicated by the <paramref name="username"/>.
        /// </summary>
        /// <param name="username">The username of the user to send the email to (string)</param>
        /// <param name="emailAddress">The email address to send the email to (string)</param>
        /// <returns>Task (bool) whether the function executed without exception</returns>
        public async Task <bool> SendEmailVerificationAsync(string username, string emailAddress)
        {
            var message     = new MimeMessage();
            var bodyBuilder = new BodyBuilder();

            // From the system email address to the emailAddress.
            message.From.Add(new MailboxAddress(Constants.SystemEmailAddress));
            message.To.Add(new MailboxAddress($"{emailAddress}"));

            message.Subject = Constants.EmailVerificationSubject;

            // Generate a code the length of what's defined in the constant file.
            Random generator = new Random();
            string emailCode = generator.Next((int)Math.Pow(10, Constants.EmailCodeLength - 1),
                                              (int)Math.Pow(10, Constants.EmailCodeLength)).ToString();

            // Timestamp the email code was generated at.
            long emailCodeTimestamp = TimeUtilityService.CurrentUnixTime();

            // Store the code and timestamp in the data store.
            await _userManagementService.StoreEmailCodeAsync(username, emailCode.ToString(), emailCodeTimestamp).ConfigureAwait(false);

            // Html body for the email code.
            bodyBuilder.HtmlBody = @"<td valign=""top"" align=""center"" bgcolor=""#0d1121"" style=""padding:35px 70px 30px;"" class=""em_padd""><table align=""center"" width=""100%"" border=""0"" cellspacing=""0"" cellpadding=""0"">" +
                                   @"<tr>" +
                                   @"</tr>" +
                                   @"<tr>" +
                                   @"<td height = ""15"" style = ""font-size:0px; line-height:0px; height:15px;"" > &nbsp;</td>" +
                                   @"</tr>" +
                                   @"<tr>" +
                                   $@"<td align = ""center"" valign = ""top"" style = ""font-family:'Open Sans', Arial, sans-serif; font-size:18px; line-height:22px; color:#fbeb59; letter-spacing:2px; padding-bottom:12px;"">YOUR EMAIL VERIFICATION CODE IS: {emailCode}</td>" +
                                   @"</tr>" +
                                   @"<tr>";

            message.Body = bodyBuilder.ToMessageBody();

            // Create the SMTP client with the default certificate validation callback to prevent man in the middle attacks.
            //var client = new SmtpClient
            //{
            //    ServerCertificateValidationCallback = (s, c, h, e) => MailService.DefaultServerCertificateValidationCallback(s, c, h, e)
            //};
            var client = new SmtpClient();

            // Connect over google SMTP, provide credentials, and asynchronously send and disconnect the client.
            await client.ConnectAsync(Constants.GoogleSMTP, Constants.GoogleSMTPPort, SecureSocketOptions.SslOnConnect).ConfigureAwait(false);

            await client.AuthenticateAsync(Constants.SystemEmailAddress, Constants.SystemEmailPassword).ConfigureAwait(false);

            await client.SendAsync(message).ConfigureAwait(false);

            await client.DisconnectAsync(true).ConfigureAwait(false);

            client.Dispose();

            return(true);
        }
예제 #2
0
        /// <summary>
        /// Submits a ticket to the system
        /// </summary>
        /// <param name="category">The category of the ticket</param>
        /// <param name="description">The description inside the ticket</param>
        /// <returns>Whether the ticket was saved or not</returns>
        public async Task <bool> SubmitTicketAsync(Constants.TicketCategories category, string description)
        {
            TicketRecord ticketRecord = new TicketRecord(TimeUtilityService.CurrentUnixTime(),
                                                         category.ToString(),
                                                         Constants.TicketStatuses.Unresolved.ToString(),
                                                         Constants.TicketFlagColors.None.ToString(),
                                                         description);
            await ticketDAO.CreateAsync(ticketRecord);

            return(true);
        }
예제 #3
0
        /// <summary>
        /// Increment the registration failures of the anonymous user defined by the <paramref name="ipAddress"/>.
        /// </summary>
        /// <param name="ipAddress">The ip address to increment the registration failures of (string)</param>
        /// <param name="maxTimeBeforeFailureReset">The time before their failures reset (TimeSpan)</param>
        /// <param name="maxNumberOfTries">The max number of registration tries before they get locked (int)</param>
        /// <returns>Task (bool) whether the funciton executed without exception</returns>
        public async Task <bool> IncrementRegistrationFailuresAsync(string ipAddress, TimeSpan maxTimeBeforeFailureReset, int maxNumberOfTries)
        {
            IPAddressObject ip = await GetIPAddressInfoAsync(ipAddress).ConfigureAwait(false);

            IPAddressRecord record;

            // Need to check if the maxtime + lastTime is less than now.
            // if it is then reset the failure
            long lastRegFailTimestamp = ip.LastRegFailTimestamp;
            long maxSeconds           = TimeUtilityService.TimespanToSeconds(maxTimeBeforeFailureReset);
            long currentUnix          = TimeUtilityService.CurrentUnixTime();

            bool reset = false;

            // If the time has passed their max time before reset, reset their failures. Don't reset
            // if they have no last registration fail timestamp.
            if (lastRegFailTimestamp + maxSeconds < currentUnix && lastRegFailTimestamp != Constants.NoValueLong)
            {
                reset  = true;
                record = new IPAddressRecord(ipAddress, registrationFailures: 0);

                await UpdateIPAsync(record).ConfigureAwait(false);
            }

            // Increment the user's login Failure count.
            int updatedRegistrationFailures = reset ? 1 : ip.RegistrationFailures + 1;

            // Lock the ip if they have reached the max number of tries.
            // Update the last reg fail time.
            if (updatedRegistrationFailures >= maxNumberOfTries)
            {
                record = new IPAddressRecord(ipAddress, timestampLocked: currentUnix, registrationFailures: updatedRegistrationFailures, lastRegFailTimestamp: currentUnix);

                // Asynchronously notify the system admin if an ip address was locked during registration.
                await SystemUtilityService.NotifySystemAdminAsync($"{ipAddress} was locked at {currentUnix}", Constants.SystemAdminEmailAddress).ConfigureAwait(false);
            }
            else
            {
                record = new IPAddressRecord(ipAddress, registrationFailures: updatedRegistrationFailures, lastRegFailTimestamp: currentUnix);
            }

            return(await UpdateIPAsync(record).ConfigureAwait(false));
        }
예제 #4
0
        /// <summary>
        /// Asynchronously create a user in the data store.
        /// </summary>
        /// <param name="isTemp">Used to specify whether the user is temporary.</param>
        /// <param name="record">The unmasked record conveying the data to create</param>
        /// <param name="adminName">The username of the admin performing this operation (default = system)</param>
        /// <param name="adminIp">The ip address of the admin performing this operation (default = localhost)</param>
        /// <returns>Task (bool) whether the function completed without exception</returns>
        public async Task <bool> CreateUserAsync(bool isTemp, UserRecord record, string adminName = Constants.SystemIdentifier, string adminIp = Constants.LocalHost)
        {
            // Check that the user of function is an admin and throw an exception if they are not.
            if (!adminName.Equals(Constants.SystemIdentifier))
            {
                UserObject admin = await GetUserInfoAsync(adminName).ConfigureAwait(false);

                if (admin.UserType != Constants.AdminUserType)
                {
                    throw new ArgumentException(Constants.MustBeAdmin);
                }
            }

            // Record must be unmasked.
            if (record.IsMasked())
            {
                throw new ArgumentException(Constants.CreateUserRecordMasked);
            }

            // Check for user existence and throw an exception if the user already exists.
            if (await CheckUserExistenceAsync(record.GetData()[Constants.UserDAOusernameColumn] as string).ConfigureAwait(false))
            {
                throw new ArgumentException(Constants.UsernameExistsLogMessage);
            }

            // If the user being created is temporary, update the timestamp to be the current unix time, otherwise
            // the timestamp has no value.
            long tempTimestamp = isTemp ? TimeUtilityService.CurrentUnixTime() : Constants.NoValueLong;

            record.GetData()[Constants.UserDAOtempTimestampColumn] = tempTimestamp;

            // Mask all the sensitive information.
            UserRecord resultRecord = await _maskingService.MaskAsync(record, true).ConfigureAwait(false) as UserRecord;

            // Insert the masked user into the datastore.
            await _userDAO.CreateAsync(resultRecord).ConfigureAwait(false);

            // Log the action.
            await LogAsync(DateTime.UtcNow.ToString(Constants.LoggingFormatString), Constants.SingleUserCreateOperation,
                           adminName, adminIp).ConfigureAwait(false);

            return(true);
        }
예제 #5
0
        /// <summary>
        /// Asynchronously increment the login failures of a user and disables that user if he has
        /// reached the <paramref name="maxNumberOfTries"/> parameter and his last login failure time
        /// hs not exceeded the <paramref name="maxTimeBeforeFailureReset"/> parameter.
        /// </summary>
        /// <param name="username">Username of the user to increment</param>
        /// <param name="maxTimeBeforeFailureReset">TimeSpan object to represent how long the before the login failure resets.</param>
        /// <param name="maxNumberOfTries">The max number of tries a user can login before he is disabled.</param>
        /// <returns>Returns true if the operation is successfull and false if it failed.</returns>
        public async Task <bool> IncrementLoginFailuresAsync(string username, TimeSpan maxTimeBeforeFailureReset, int maxNumberOfTries)
        {
            UserObject user = await GetUserInfoAsync(username).ConfigureAwait(false);

            UserRecord record;

            // Need to check if the maxtime + lastTime is less than now.
            // if it is then reset the failure
            long lastLoginFailTimestamp = user.LastLoginFailTimestamp;
            long maxSeconds             = TimeUtilityService.TimespanToSeconds(maxTimeBeforeFailureReset);
            long currentUnix            = TimeUtilityService.CurrentUnixTime();

            bool reset = false;

            // If the time has passed their max time before reset, reset their failures. Don't reset if
            // they have no last login fail timestamp.
            if (lastLoginFailTimestamp + maxSeconds < currentUnix && lastLoginFailTimestamp != Constants.NoValueLong)
            {
                reset  = true;
                record = new UserRecord(username, loginFailures: 0);

                await UpdateUserAsync(record).ConfigureAwait(false);
            }

            // Increment the user's login failure count.
            int updatedLoginFailures = reset ? 1 : user.LogInFailures + 1;

            // Disable the user if they have reached the max number of tries.
            // Update the last login fail time.
            if (updatedLoginFailures >= maxNumberOfTries)
            {
                record = new UserRecord(username, loginFailures: updatedLoginFailures, disabled: Constants.DisabledStatus, lastLoginFailTimestamp: currentUnix);
            }
            else
            {
                record = new UserRecord(username, loginFailures: updatedLoginFailures, lastLoginFailTimestamp: currentUnix);
            }

            await UpdateUserAsync(record).ConfigureAwait(false);

            return(true);
        }
예제 #6
0
        /// <summary>
        /// Checks whether the current token is expired or not.
        /// </summary>
        /// <param name="jwt">The token to check.</param>
        /// <returns>Whether the current token is past it's 20 minute lifetime.</returns>
        public bool TokenIsExpired(string jwt)
        {
            Dictionary <string, string> payload = _authorizationService.DecryptJWT(jwt);

            // Check if the expiration key exists first
            if (!payload.ContainsKey(Constants.EXPIRATION_FIELD))
            {
                throw new ArgumentException("Expiration time is not specified!");
            }

            long expTime;
            bool isNumeric = long.TryParse(payload[Constants.EXPIRATION_FIELD], out expTime);

            // Make sure we are dealing with a number first
            if (!isNumeric)
            {
                throw new ArgumentException("Expiration time is not a number!");
            }

            return(TimeUtilityService.CurrentUnixTime() > expTime);
        }