/// <summary> /// Creates a new principal based on the provided username /// </summary> public INSurveyPrincipal CreatePrincipal(string userName) { if (this.SingleUserMode) { return new NSurveyFormPrincipal(new NSurveyFormIdentity("nsurvey_admin", 0, null, null, null, true, true, false), null); } if ((userName == null) || (userName.Length == 0)) { return new NSurveyFormPrincipal(new NSurveyFormIdentity("anonymous", -1, null, null, null, false, false, false), null); } //Scenario 1: AD user exists in the database : UserInfo and rights can be retrieved from the database ( import or creation of valid users...) int? id = new Users().GetUserByIdFromUserName(userName); if ((id ?? 0) > 0) { var user = new Users().GetUserById(id ?? 0); var authUser = user; UserSettingData userSettings = new Users().GetUserSettings(authUser.Users[0].UserId); if (userSettings.UserSettings.Rows.Count > 0) { List<string> userRightsStr = new List<string>(); int[] userRights = new Users().GetUserSecurityRights(authUser.Users[0].UserId); for (int i = 0; i < userRights.Length; i++) { userRightsStr.Add(userRights[i].ToString()); } return new NSurveyFormPrincipal(new NSurveyFormIdentity(authUser.Users[0].UserName, authUser.Users[0].UserId, authUser.Users[0].FirstName, authUser.Users[0].LastName, authUser.Users[0].Email, userSettings.UserSettings[0].IsAdmin, userSettings.UserSettings[0].GlobalSurveyAccess,true), userRightsStr.ToArray()); } } //TODO : Scenario 2: User doesn't exists in the database //Extract as much data from AD ( normally everything to even email should be possible... (and create user in the database for statistics?) //Determine rights based on it's group memberships or it's own rights if present in the database return new NSurveyFormPrincipal(new NSurveyFormIdentity("anonymous", -1, null, null, null, false, false, false), null); }
/// <summary> /// Get the current DB data and fill /// the fields with them /// </summary> public void BindFields() { if (UserId < 0) { ViewState["UserName"] = string.Empty; UserNameTextBox.Text = string.Empty; FirstNameTextBox.Text = string.Empty; LastNameTextBox.Text = string.Empty; EmailTextBox.Text = string.Empty; NSurveyUserPlaceHolder.Visible = true; IsAdminCheckBox.Checked = false; HasSurveyAccessCheckBox.Checked = false; SurveysListBox.Enabled = false; UserSurveysListBox.Enabled = false; return; } // Check if we can edit extended properties if (_userProvider is INSurveyUserProvider) { NSurveyUserPlaceHolder.Visible = true; // Retrieve the user data NSurveyUserData userData = new Users().GetUserById(UserId); NSurveyUserData.UsersRow user = userData.Users[0]; ViewState["UserName"] = user.UserName; UserNameTextBox.Text = user.UserName; FirstNameTextBox.Text = user.FirstName; LastNameTextBox.Text = user.LastName; EmailTextBox.Text = user.Email; // attempt to repopulate the PWTB //PasswordTextBox.Text = user.Password; } else { NSurveyUserPlaceHolder.Visible = false; } UserSettingData userSettings = new Users().GetUserSettings(UserId); if (userSettings.UserSettings.Rows.Count > 0) { IsAdminCheckBox.Checked = userSettings.UserSettings[0].IsAdmin; HasSurveyAccessCheckBox.Checked = userSettings.UserSettings[0].GlobalSurveyAccess; } else { IsAdminCheckBox.Checked = false; HasSurveyAccessCheckBox.Checked = false; } SurveysListBox.Enabled = !HasSurveyAccessCheckBox.Checked; UserSurveysListBox.Enabled = !HasSurveyAccessCheckBox.Checked; BindSurveyDropDownLists(); }
/// <summary> /// Validate all fields to make sure /// no errors has occured /// </summary> private bool ValidateFieldOptions() { if (!(_userProvider is INSurveyUserProvider)) { return true; } if (UserNameTextBox.Text.Length == 0) { MessageLabel.Visible = true; ((PageBase)Page).ShowErrorMessage(MessageLabel,((PageBase)Page).GetPageResource("UserNameRequiredMessage")); RePopulatePasswordBox(); return false; } int userNameId = new Users().GetUserByIdFromUserName(UserNameTextBox.Text); if (userNameId != -1 && userNameId != UserId) { MessageLabel.Visible = true; ((PageBase)Page).ShowNormalMessage(MessageLabel,((PageBase)Page).GetPageResource("UserNameTakenMessage")); RePopulatePasswordBox(); return false; } Regex re = new Regex(@"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" + @"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" + @".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"); if (EmailTextBox.Text.Length > 0 && !re.IsMatch(EmailTextBox.Text)) { MessageLabel.Visible = true; ((PageBase)Page).ShowErrorMessage(MessageLabel,((PageBase)Page).GetPageResource("InvalidEmailMessage")); RePopulatePasswordBox(); return false; } return true; }
private void ValidateCredentialsButton_Click(object sender, System.EventArgs e) { string enteredPwd = PasswordTextBox.Text.Trim(); string enteredUname = LoginTextBox.Text.Trim(); if (enteredUname.Length > 0 && enteredPwd.Length > 0) { string encryptedPwd; int? id = new Users().GetUserByIdFromUserName(LoginTextBox.Text); if ((id ?? 0) > 0) { var sec = new LoginSecurity(); var user = new Users().GetUserById(id ?? 0); string pwd = user.Users[0].Password; string salt = user.Users[0].IsPasswordSaltNull() ? null : user.Users[0].PasswordSalt; if (string.IsNullOrEmpty(salt))// Unhashed old style .Create salted password and update { encryptedPwd = new User().EncryptUserPassword(enteredPwd); salt = sec.CreateSaltKey(5); } else { salt = user.Users[0].PasswordSalt; encryptedPwd = sec.CreatePasswordHash(enteredPwd, salt); } if (user.Users[0].Password == encryptedPwd) { var authUser = user; UserSettingData userSettings = new Users().GetUserSettings(authUser.Users[0].UserId); if (userSettings.UserSettings.Rows.Count > 0) { System.Text.StringBuilder userInfos = new System.Text.StringBuilder(); userInfos.Append(authUser.Users[0].UserName + ","); userInfos.Append(authUser.Users[0].UserId + ","); userInfos.Append(authUser.Users[0].FirstName + ","); userInfos.Append(authUser.Users[0].LastName + ","); userInfos.Append(authUser.Users[0].Email + ","); userInfos.Append(userSettings.UserSettings[0].IsAdmin + ","); userInfos.Append(userSettings.UserSettings[0].GlobalSurveyAccess); userInfos.Append("|"); int[] userRights = new Users().GetUserSecurityRights(authUser.Users[0].UserId); for (int i = 0; i < userRights.Length; i++) { userInfos.Append(userRights[i].ToString()); if (i + 1 < userRights.Length) { userInfos.Append(","); } } if (authUser.Users[0].IsPasswordSaltNull()) { authUser.Users[0].PasswordSalt = salt; authUser.Users[0].Password = sec.CreatePasswordHash(enteredPwd, salt); ((INSurveyUserProvider)_userProvider).UpdateUser(authUser); } FormsAuthentication.SetAuthCookie(userInfos.ToString(), false); var x = UserFactory.Create().CreatePrincipal(userInfos.ToString()); // ((Wap)this.Master).isTreeStale = true; ((PageBase)Page).SelectedFolderId = null; // ((Wap)this.Master).RebuildTree(); UINavigator.NavigateToFirstAccess(x, -1); } } } } MessageLabel.Visible = true; ((PageBase)Page).ShowErrorMessage(MessageLabel, ((PageBase)Page).GetPageResource("InvalidLoginPasswordMessage")); }