예제 #1
0
        public ClientResult Init(IIdentity caller, ClientRecord record)
        {
            var result = new ClientResult {
                OK = true
            };

            try {
                InternalInit(caller, record, result);
            }
            catch (Exception e) {
                result.OK    = false;
                result.Error = e;
            }
            return(result);
        }
예제 #2
0
 public ClientResult Init(string userName, ClientRecord record)
 {
     return(Init(new Identity(Users.GetUser(userName)), record));
 }
예제 #3
0
        private void InternalInit(IIdentity caller, ClientRecord record, ClientResult result)
        {
            CheckCaller(caller);
            if (string.IsNullOrWhiteSpace(record.Name))
            {
                throw new ArgumentException("no client name supplied", nameof(record.Name));
            }
            if (string.IsNullOrWhiteSpace(record.SysName))
            {
                record.SysName = Escaper.OrganizationSysName(record.Name);
            }
            if (string.IsNullOrWhiteSpace(record.SysName) ||
                record.SysName != Escaper.OrganizationSysName(record.SysName))
            {
                throw new ArgumentException("invalid sysname " + record.SysName, nameof(record.SysName));
            }


            var groupLogin = record.SysName + "@groups";
            var existed    = Users.GetUser(groupLogin);

            if (null != existed)
            {
                throw new SecurityException("group already exists");
            }
            var group = new User {
                Active  = true,
                Login   = groupLogin,
                IsGroup = true,
                Name    = record.Name,
                Email   = record.UserEmail,
                Roles   = new[] { SecurityConst.ROLE_DEMO_ACCESS },
                Expire  = DateTime.Today.AddDays(1).Add(SecurityConst.LEASE_DEMO),
                Custom  = new Dictionary <string, object> {
                    { "contact", record.Phone }
                }
            };

            Users.Store(group);

            var userLogin = "******" + record.SysName;

            existed = Users.GetUser(userLogin);
            if (null != existed)
            {
                throw new SecurityException("user already exists");
            }
            var name = string.IsNullOrWhiteSpace(record.UserName) ? record.Name : record.UserName;

            var user = new User {
                Login   = userLogin,
                Name    = name,
                Logable = true,
                Domain  = record.SysName,
                Groups  = new[] { record.SysName },
                Active  = true,
                Expire  = group.Expire,
                Roles   = new[] { SecurityConst.ROLE_DOMAIN_ADMIN }
            };
            var pass = string.IsNullOrWhiteSpace(record.Password) ? PasswordManager.Generate() : record.Password;

            if (!PasswordManager.GetPolicy(pass).Ok)
            {
                throw new SecurityException("password not match policy");
            }

            PasswordManager.SetPassword(user, pass, true);
            Users.Store(user);

            result.GeneratedSysName  = record.SysName;
            result.GeneratedPassword = pass;
            result.Group             = group;
            result.User = user;
        }