Exemplo n.º 1
0
        public ActionResult SaveProfile(List <ProfileFieldInfo> FieldInfo, string TimeZoneID)
        {
            System.Threading.Thread.Sleep(1000);
            RequestResultModel _model = new RequestResultModel();

            _model.InfoType = RequestResultInfoType.ErrorOrDanger;
            _model.Message  = "";

            // Check mandatory fields
            foreach (ProfileFieldInfo Field in FieldInfo)
            {
                ProfileField profileField = ProfileFields.GetBy(int.Parse(Field.ID));
                if (profileField.IsMandatory == 1 && (Field.Value == null || Field.Value.Trim().Length == 0))
                {
                    _model.Message += String.Format("<li>{0}</li>", String.Format(GetLabel("Account.CreateAccount.Mandatory"), profileField.FieldName));
                }

                if (profileField.IsMandatory == 1 && profileField.FieldTypeID == ProfileFieldTypeEnum.CheckBox && Field.Value != null && Field.Value.ToLower() == "false")
                {
                    _model.Message += String.Format("<li>{0}</li>", String.Format(GetLabel("Account.CreateAccount.Mandatory"), profileField.FieldName));
                }
            }

            if (_model.Message.Length > 0)
            {
                _model.Message = String.Format("<ul class=\"error-message-list\">{0}</ul>", _model.Message);
                return(Json(new
                {
                    Status = RequestResultInfoType.ErrorOrDanger,
                    NotifyType = NotifyType.DialogInline,
                    Message = HttpUtility.HtmlDecode(this.RenderPartialView(@"_RequestResultPageInLine", _model))
                }, JsonRequestBehavior.AllowGet));
            }

            if (Profile.Member.TimeZoneID != TimeZoneID)
            {
                AuditEvent.AppEventInfo(AppSession.Profile.Member.Email, String.Format("Member updated time zone to: \"{0}\" ", Profile.Member.TimeZoneID));
            }

            Profile.Member.TimeZoneID = TimeZoneID;
            Profile.Member.UpdateTimeZone();

            String FieldValues = "";
            List <MemberProfileField> memberProfileFields = MemberProfileFields.GetByMember(Profile.Member.MemberID);

            foreach (ProfileFieldInfo Field in FieldInfo)
            {
                String Value = Field.Value != null?Field.Value.Trim() : Field.Value;

                ProfileField       profileField       = ProfileFields.GetBy(int.Parse(Field.ID));
                MemberProfileField memberProfileField = MemberProfileFields.GetField(memberProfileFields, int.Parse(Field.ID));

                if (profileField.Encrypted == 1 && memberProfileField.FieldValue != null && memberProfileField.FieldValue.Length > 0)
                {
                    memberProfileField.FieldValue = Encryptor.DecryptStringAES(memberProfileField.FieldValue, AppSession.EncryptionKey);
                }

                if (Value != memberProfileField.FieldValue)
                {
                    FieldValues += String.Format("<b>Name</b>:  {0} <b>Before:</b>  \"{1}\" <b>Now:</b>  \"{2}\"<br/>", profileField.FieldName, memberProfileField.FieldValue, Value);
                }

                memberProfileField.MemberID   = Profile.Member.MemberID;
                memberProfileField.FieldID    = int.Parse(Field.ID);
                memberProfileField.FieldValue = Value;

                if (profileField.Encrypted == 1 && memberProfileField.FieldValue != null && memberProfileField.FieldValue.Length > 0)
                {
                    memberProfileField.FieldValue = Encryptor.EncryptStringAES(memberProfileField.FieldValue, AppSession.EncryptionKey);
                }

                memberProfileField.Save();
            }

            memberProfileFields = MemberProfileFields.GetByMember(Profile.Member.MemberID);

            List <MemberFieldNameValue> MemberFieldNameValues = new List <MemberFieldNameValue>();

            foreach (MemberProfileField memberField in memberProfileFields)
            {
                MemberFieldNameValues.Add(new MemberFieldNameValue {
                    Name = memberField.ProfileFieldID.ToString(), Value = memberField.FieldValue, Type = (int)ProfileFields.GetBy(memberField.FieldID).FieldTypeID
                });
            }

            _model.Message  = "Your profile has been updated successfully.";
            _model.InfoType = RequestResultInfoType.Success;

            AuditEvent.AppEventInfo(AppSession.Profile.Member.Email, String.Format("Profile of \"{0}\" {1} member has been updated successfully.", AppSession.Profile.Member.Name, AppSession.Profile.Member.Email), AuditEvent.GetSessionDetails(FieldValues));

            return(Json(new
            {
                Status = RequestResultInfoType.Success,
                NotifyType = NotifyType.DialogInline,
                Message = HttpUtility.HtmlDecode(this.RenderPartialView(@"_RequestResultPageInLine", _model)),
                MemberFields = MemberFieldNameValues,
                TimeZoneID = Profile.Member.TimeZoneID != null && Profile.Member.TimeZoneID.Length > 0 ? Profile.Member.TimeZoneID : ""
            }, JsonRequestBehavior.AllowGet));
        }
        public bool Authenticate(ref String Email, String Password)
        {
            bool LDAPAuthSuccess = false;
            bool IsClassicAuth   = AppSession.Parameters.LDAPUseOnly.Value == "false";
            bool IsLDAPAuth      = AppSession.Parameters.LDAPEnabled.Value == "true";

            //LDAP Auth
            if (AppSession.Parameters.LDAPEnabled.Value == "true" && Email.IndexOf("@" + AppSession.Parameters.LDAPDomain.Value) > 0)
            {
                LDAPTools ldapTools = new LDAPTools();
                ldapTools.UserName      = Email;
                ldapTools.Password      = Password;
                ldapTools.DirectoryPath = AppSession.Parameters.LDAPPath.Value;

                if (ldapTools.Authenticate())
                {
                    LDAPAuthSuccess = true;
                    string memberName      = ldapTools.MemberInfo.DisplayName;
                    string memberAllGroups = ldapTools.GetGroups();

                    ///////////////////////////////////////////////////////////////////////////////////////////////////////////
                    // The member email will be changed because the first part of e-mail can be different with user network id.
                    ///////////////////////////////////////////////////////////////////////////////////////////////////////////
                    Email = ldapTools.MemberInfo.Email;
                    Member memberNew = Members.GetByEmail(Email);

                    if (memberNew.MemberID <= 0)
                    {
                        memberNew.Name      = memberName;
                        memberNew.Email     = Email;
                        memberNew.Password  = StringTool.RandomString(80);
                        memberNew.IsBuiltIn = false;
                        memberNew.Created   = DateTime.UtcNow;
                        memberNew.Save();

                        string Message = String.Format("LDAP member added: {0} {1}", memberName, Email);
                        AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message, null, true);

                        // Add signin/sign up domain.
                        Domain _domain = Domains.GetByName(AppSession.SignUpDomain);
                        if (_domain.DomainID > 0)
                        {
                            MemberDomain _memberDomain = new MemberDomain();
                            _memberDomain.DomainID = _domain.DomainID;
                            _memberDomain.MemberID = memberNew.MemberID;
                            _memberDomain.Save();
                        }

                        // Create LDAP settings roles
                        if (AppSession.Parameters.LDAPAddToRoles.Value != null && AppSession.Parameters.LDAPAddToRoles.Value.Length > 0)
                        {
                            string[] memberRoles = AppSession.Parameters.LDAPAddToRoles.Value.Split(new string[] { ";" }, StringSplitOptions.RemoveEmptyEntries);
                            foreach (string memberRole in memberRoles)
                            {
                                Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberRole);
                                if (_role.RoleID > 0)
                                {
                                    MemberRole _memberRole = new MemberRole();
                                    _memberRole.MemberID = memberNew.MemberID;
                                    _memberRole.RoleID   = _role.RoleID;
                                    _memberRole.Save();
                                }
                            }
                        }
                    }

                    // Create LDAP specific roles
                    if (memberAllGroups != null && memberAllGroups.Length > 0 && AppSession.Parameters.LDAPAddRoleGroup.Value == "true")
                    {
                        string[] memberGroups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries);
                        foreach (string memberGroup in memberGroups)
                        {
                            Web.Admin.Logic.Objects.Role _role = Web.Admin.Logic.Collections.Roles.GetBy(memberGroup);
                            if (_role.RoleID <= 0)
                            {
                                _role.Name      = memberGroup;
                                _role.Settings  = "LDAP role reflection. Keep key word: [LDAP-Auto-Role] to be synchronized.";
                                _role.BackColor = "6bbb54";
                                _role.ForeColor = "ffffff";
                                _role.Save();

                                string Message = String.Format("LDAP role added: {0}", _role.Name);
                                AuditEvent.AppEventInfo(AppSession.Parameters.GeneralAdminEmail.Value, Message, null, true);
                            }
                            ;

                            if (_role.RoleID > 0)
                            {
                                MemberRole _memberRole = new MemberRole();
                                _memberRole.MemberID = memberNew.MemberID;
                                _memberRole.RoleID   = _role.RoleID;
                                _memberRole.Save();
                            }
                        }
                    }

                    // Synchronize members roles with LDAP [LDAP-Auto-Role] key words.
                    List <Role> _roles  = Web.Admin.Logic.Collections.Roles.GetByMemberKeyWordInDescription(memberNew.MemberID, "[LDAP-Auto-Role]");
                    string[]    _groups = memberAllGroups.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries);
                    foreach (Web.Admin.Logic.Objects.Role _role in _roles)
                    {
                        if (_groups != null && _groups.Length > 0)
                        {
                            if (_groups.Where(t => t.Trim().ToLower() == _role.Name.Trim().ToLower()).FirstOrDefault() == default(String))
                            {
                                Web.Admin.Logic.Objects.Role removeRoleFromUser = Web.Admin.Logic.Collections.Roles.GetBy(_role.Name);
                                MemberRole _memberRole = new MemberRole();
                                _memberRole.MemberID = memberNew.MemberID;
                                _memberRole.RoleID   = removeRoleFromUser.RoleID;
                                _memberRole.Delete();
                            }
                        }
                        else
                        {
                            MemberRole _memberRole = new MemberRole();
                            _memberRole.MemberID = memberNew.MemberID;
                            _memberRole.RoleID   = _role.RoleID;
                            _memberRole.Delete();
                        }
                    }
                }
            }


            //Classic Auth
            Member member = Members.GetByEmail(Email);

            if (member.MemberID > 0)
            {
                if ((IsLDAPAuth && LDAPAuthSuccess) ||
                    (IsClassicAuth && Member.ComputePasswordHash(Password) == member.Password)
                    )
                {
                    MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID);
                    if (Attempt.AttemptID > 0)
                    {
                        Attempt.IsAttemptValid = 0;
                        Attempt.Save();
                    }

                    // Add signin/sign up domain.
                    Domain _domain = Domains.GetByName(AppSession.SignUpDomain);
                    if (_domain.DomainID > 0)
                    {
                        MemberDomain _memberDomain = new MemberDomain();
                        _memberDomain.DomainID = _domain.DomainID;
                        _memberDomain.MemberID = member.MemberID;
                        _memberDomain.Save();
                    }

                    member.UpdateLoginTime();

                    return(true);
                }
                else
                {
                    MemberAttempt Attempt = MemberAttempts.GetTodayLoginPasswordFail(member.MemberID);

                    if (Attempt.MemberID <= 0)
                    {
                        Attempt.MemberID       = member.MemberID;
                        Attempt.AttemptType    = MemberAttemptTypes.LoginPasswordFailed;
                        Attempt.IsAttemptValid = 1;
                    }

                    if (Attempt.Attempts > 0)
                    {
                        Attempt.Attempts++;
                    }
                    else
                    {
                        Attempt.Attempts = 1;
                    }

                    Attempt.Save();

                    if (AppSession.Parameters.RulesPasswordFailedRoles.Value != null && AppSession.Parameters.RulesPasswordFailedRoles.Value.Length > 0 && !AppSession.IsMemberInAdminRole)
                    {
                        Parameter Param = AppSession.Parameters.RulesPasswordFailedAttempts;

                        long value  = -1;
                        bool result = long.TryParse(Param.Value, out value);

                        if (result && value > 0 && Attempt.Attempts >= value)
                        {
                            string[] RoleNames = AppSession.Parameters.RulesPasswordFailedRoles.Value.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
                            foreach (String RoleName in RoleNames)
                            {
                                Role role = Web.Admin.Logic.Collections.Roles.GetBy(RoleName);
                                if (role.RoleID > 0)
                                {
                                    MemberRole memberrole = new MemberRole();
                                    memberrole.MemberID = member.MemberID;
                                    memberrole.RoleID   = role.RoleID;
                                    memberrole.Save();
                                }
                            }
                        }
                    }

                    return(false);
                }
            }
            else
            {
                return(false);
            }
        }