public static ConfirmPayoutResult ConfirmPayout(string protoIdentity) { protoIdentity = HttpUtility.UrlDecode(protoIdentity); AuthenticationData authData = GetAuthenticationDataAndCulture(); if ( !authData.Authority.HasAccess(new Access(authData.CurrentOrganization, AccessAspect.Financials, AccessType.Write))) { throw new SecurityException("Insufficient privileges for operation"); } ConfirmPayoutResult result = new ConfirmPayoutResult(); Payout payout = Payout.CreateFromProtoIdentity(authData.CurrentUser, protoIdentity); PWEvents.CreateEvent(EventSource.PirateWeb, EventType.PayoutCreated, authData.CurrentUser.Identity, 1, 1, 0, payout.Identity, protoIdentity); // Create result and return it result.AssignedId = payout.Identity; result.DisplayMessage = String.Format(Resources.Pages.Financial.PayOutMoney_PayoutCreated, payout.Identity, payout.Recipient); result.DisplayMessage = CommonV5.JavascriptEscape(result.DisplayMessage); return(result); }
protected void Page_Init(object sender, EventArgs e) { try { this._authority = CommonV5.GetAuthenticationDataAndCulture(HttpContext.Current).Authority; } catch (Exception) { // if this fails FOR WHATEVER REASON then we're not authenticated this._authority = null; FormsAuthentication.SignOut(); Response.Redirect("/", true); } // BEGIN TEST CODE // END TEST CODE if (this._authority.Organization.Identity == 3 && PilotInstallationIds.IsPilot(PilotInstallationIds.PiratePartySE)) { this._authority = null; FormsAuthentication.SignOut(); Response.Redirect("/", true); } }
protected static AuthenticationData GetAuthenticationDataAndCulture() { // This function is called from static page methods in AJAX calls to get // the current set of authentication data. Static page methods cannot access // the instance data of PageV5Base. return(CommonV5.GetAuthenticationDataAndCulture(HttpContext.Current)); }
protected override void OnInit(EventArgs e) { try { this._authority = CommonV5.GetAuthenticationDataAndCulture(HttpContext.Current).Authority; } catch (Exception) { // if this fails FOR WHATEVER REASON then we're not authenticated this._authority = null; FormsAuthentication.SignOut(); Response.Redirect("/"); } base.OnInit(e); }
public static AjaxCallResult Commence(int personId) { AuthenticationData authData = GetAuthenticationDataAndCulture(); if (!authData.Authority.HasSystemAccess()) { // Restrict impersonation to system-level access for now: it's a debugging tool return(new AjaxCallResult { Success = false, DisplayMessage = CommonV5.JavascriptEscape(Resources.Pages.Admin.CommenceImpersonation_Failed) }); } // BEGIN IMPERSONATION Person impersonatedPerson = Person.FromIdentity(personId); SwarmopsLogEntry newEntry = SwarmopsLog.CreateEntry(impersonatedPerson, new ImpersonationLogEntry { ImpersonatorPersonId = authData.CurrentUser.PersonId, Started = true }); newEntry.CreateAffectedObject(authData.CurrentUser); // link impersonator to log entry for searchability // Someone who has system level access can always impersonate => no further access control at this time // SECURITY CONSIDERATIONS: If somebody replaces/fires a superior? Trivially undoable at the database level DateTime utcNow = DateTime.UtcNow; Authority impersonatingAuthority = Authority.FromLogin(impersonatedPerson, authData.CurrentOrganization); impersonatingAuthority.Impersonation = new Impersonation { ImpersonatedByPersonId = authData.CurrentUser.PersonId, ImpersonationStarted = utcNow }; FormsAuthentication.SetAuthCookie(impersonatingAuthority.ToEncryptedXml(), false); HttpContext.Current.Response.AppendCookie(new HttpCookie("DashboardMessage", CommonV5.JavascriptEscape(String.Format(Resources.Pages.Admin.CommenceImpersonation_Success, utcNow)))); return(new AjaxCallResult { Success = true }); }
/// <param name="e">An <see cref="T:System.EventArgs"></see> that contains the event data.</param> protected override void OnInitComplete(EventArgs e) { base.OnInitComplete(e); string identity = HttpContext.Current.User.Identity.Name; if (!string.IsNullOrEmpty(identity)) { try { CurrentAuthority = CommonV5.GetAuthenticationDataAndCulture(HttpContext.Current).Authority; } catch (Exception) { // if this fails FOR WHATEVER REASON then we're not authenticated this.CurrentAuthority = null; FormsAuthentication.SignOut(); } } else { CurrentAuthority = null; // unauthenticated! } }
protected void Page_Load(object sender, EventArgs e) { // No access control on page - this is called from Signup _organization = Organization.FromIdentity(Convert.ToInt32(Request["OrganizationId"])); int geographyId = Convert.ToInt32(Request["GeographyId"]); if (geographyId != 0) { _geography = Geography.FromIdentity(geographyId); } Positions positions = Positions.ForOrganization(_organization).AtLevel(PositionLevel.GeographyDefault); // Format as JSON and return CommonV5.CulturePreInit(Request); // Sets the culture Response.ContentType = "application/json"; string json = FormatAsJson(positions); Response.Output.WriteLine(json); Response.End(); }
protected override void OnPreInit(EventArgs e) { CommonV5.CulturePreInit(Request); base.OnPreInit(e); }
public static AjaxCallResult SignupParticipant(string name, int organizationId, string mail, string password, string phone, string street1, string street2, string postalCode, string city, string countryCode, string dateOfBirth, int geographyId, bool activist, PersonGender gender, int[] positionIdsVolunteer) { CommonV5.CulturePreInit(HttpContext.Current.Request); // Set culture, for date parsing if (geographyId == 0) { geographyId = Geography.RootIdentity; // if geo was undetermined, set it to "Global" } Organization organization = Organization.FromIdentity(organizationId); DateTime parsedDateOfBirth = new DateTime(1800, 1, 1); // Default if unspecified if (dateOfBirth.Length > 0) { parsedDateOfBirth = DateTime.Parse(dateOfBirth); } Person newPerson = Person.Create(name, mail, password, phone, street1 + "\n" + street2.Trim(), postalCode, city, countryCode, parsedDateOfBirth, gender); Participation participation = newPerson.AddParticipation(organization, DateTime.UtcNow.AddYears(1)); // TODO: set duration from organization settings of Participantship // TODO: SEND NOTIFICATIONS // Log the signup SwarmopsLog.CreateEntry(newPerson, new PersonAddedLogEntry(participation, newPerson)); // Create notification OutboundComm.CreateParticipantNotification(newPerson, newPerson, organization, NotificationResource.Participant_Signup); // Add the bells and whistles if (activist) { newPerson.CreateActivist(false, false); } if (positionIdsVolunteer.Length > 0) { Volunteer volunteer = newPerson.CreateVolunteer(); foreach (int positionId in positionIdsVolunteer) { Position position = Position.FromIdentity(positionId); volunteer.AddPosition(position); SwarmopsLog.CreateEntry(newPerson, new VolunteerForPositionLogEntry(newPerson, position)); } } newPerson.LastLogonOrganizationId = organizationId; // Create a welcome message to the Dashboard HttpContext.Current.Response.AppendCookie(new HttpCookie("DashboardMessage", CommonV5.JavascriptEscape(String.Format(Resources.Pages.Public.Signup_DashboardMessage, organization.Name)))); // Set authentication cookie, which will log the new person in using the credentials just given FormsAuthentication.SetAuthCookie(Authority.FromLogin(newPerson).ToEncryptedXml(), true); AjaxCallResult result = new AjaxCallResult { Success = true }; return(result); }
protected string JavascriptEscape(string input) { return(CommonV5.JavascriptEscape(input)); }
private static AjaxCallResult HandleAttestationDeattestation(string identifier, AttestationMode mode) { AuthenticationData authData = GetAuthenticationDataAndCulture(); IAttestable attestableItem; string attestedTemplate; string deattestedTemplate; char costType = identifier[0]; int itemId = Int32.Parse(identifier.Substring(1)); Int64 amountCents; string beneficiary; string result; // Find the item we are attesting or deattesting switch (costType) { case 'A': // Case advance CashAdvance advance = CashAdvance.FromIdentity(itemId); if (advance.OrganizationId != authData.CurrentOrganization.Identity) { throw new InvalidOperationException("Called to attest out-of-org line item"); } if (advance.Budget.OwnerPersonId != authData.CurrentUser.Identity && advance.Budget.OwnerPersonId != Person.NobodyId) { throw new SecurityException("Called without attestation privileges"); } attestableItem = advance; attestedTemplate = Resources.Pages.Financial.AttestCosts_AdvanceAttested; deattestedTemplate = Resources.Pages.Financial.AttestCosts_AdvanceDeattested; beneficiary = advance.Person.Name; amountCents = advance.AmountCents; break; case 'E': // Expense claim ExpenseClaim expense = ExpenseClaim.FromIdentity(itemId); if (expense.OrganizationId != authData.CurrentOrganization.Identity) { throw new InvalidOperationException("Called to attest out-of-org line item"); } if (expense.Budget.OwnerPersonId != authData.CurrentUser.Identity && expense.Budget.OwnerPersonId != Person.NobodyId) { throw new SecurityException("Called without attestation privileges"); } attestableItem = expense; attestedTemplate = Resources.Pages.Financial.AttestCosts_ExpenseAttested; deattestedTemplate = Resources.Pages.Financial.AttestCosts_ExpenseDeattested; beneficiary = expense.Claimer.Name; amountCents = expense.AmountCents; break; case 'I': // Inbound invoice InboundInvoice invoice = InboundInvoice.FromIdentity(itemId); if (invoice.OrganizationId != authData.CurrentOrganization.Identity) { throw new InvalidOperationException("Called to attest out-of-org line item"); } if (invoice.Budget.OwnerPersonId != authData.CurrentUser.Identity && invoice.Budget.OwnerPersonId != Person.NobodyId) { throw new SecurityException("Called without attestation privileges"); } attestableItem = invoice; attestedTemplate = Resources.Pages.Financial.AttestCosts_InvoiceAttested; deattestedTemplate = Resources.Pages.Financial.AttestCosts_InvoiceDeattested; beneficiary = invoice.Supplier; amountCents = invoice.AmountCents; break; case 'S': // Salary payout Salary salary = Salary.FromIdentity(itemId); if (salary.PayrollItem.OrganizationId != authData.CurrentOrganization.Identity) { throw new InvalidOperationException("Called to attest out-of-org line item"); } if (salary.PayrollItem.Budget.OwnerPersonId != authData.CurrentUser.Identity && salary.PayrollItem.Budget.OwnerPersonId != Person.NobodyId) { throw new SecurityException("Called without attestation privileges"); } attestableItem = salary; attestedTemplate = Resources.Pages.Financial.AttestCosts_SalaryAttested; deattestedTemplate = Resources.Pages.Financial.AttestCosts_SalaryDeattested; beneficiary = salary.PayrollItem.PersonCanonical; amountCents = salary.GrossSalaryCents + salary.AdditiveTaxCents; break; case 'P': // Parley, aka Conference Parley parley = Parley.FromIdentity(itemId); if (parley.OrganizationId != authData.CurrentOrganization.Identity) { throw new InvalidOperationException("Called to attest out-of-org line item"); } if (parley.Budget.OwnerPersonId != authData.CurrentUser.Identity && parley.Budget.OwnerPersonId != Person.NobodyId) { throw new SecurityException("Called without attestation privileges"); } attestableItem = parley; attestedTemplate = Resources.Pages.Financial.AttestCosts_ParleyAttested; deattestedTemplate = Resources.Pages.Financial.AttestCosts_ParleyDeattested; beneficiary = parley.Person.Name; amountCents = parley.BudgetCents; break; default: throw new InvalidOperationException("Unknown Cost Type in HandleAttestationDeattestation: \"" + identifier + "\""); } // Finally, attest or deattest if (mode == AttestationMode.Attestation) { Int64 budgetRemaining = attestableItem.Budget.GetBudgetCentsRemaining(); result = string.Empty; if (amountCents > -budgetRemaining) { if ( authData.Authority.HasAccess(new Access(authData.CurrentOrganization, AccessAspect.Administration))) { // Admin rights, so allow (forced) overdraft // Unless budget was nonzero and allocated, set protest message if (attestableItem.Budget.Owner != null || attestableItem.Budget.GetBudgetCents() != 0) { result = Resources.Pages.Financial.AttestCosts_Overdrafted + " "; } } else { // Do not allow overdraft return(new AjaxCallResult { DisplayMessage = CommonV5.JavascriptEscape(Resources.Pages.Financial.AttestCosts_OutOfBudget), Success = false }); } } attestableItem.Attest(authData.CurrentUser); result += string.Format(attestedTemplate, itemId, beneficiary, authData.CurrentOrganization.Currency.Code, amountCents / 100.0); } else if (mode == AttestationMode.Deattestation) { attestableItem.Deattest(authData.CurrentUser); result = string.Format(deattestedTemplate, itemId, beneficiary, authData.CurrentOrganization.Currency.Code, amountCents / 100.0); } else { throw new InvalidOperationException("Unknown Attestation Mode: " + mode); } FinancialAccount.ClearAttestationAdjustmentsCache(authData.CurrentOrganization); return(new AjaxCallResult { DisplayMessage = CommonV5.JavascriptEscape(result), Success = true }); }
public string JavascriptEscape(string input) { return(CommonV5.JavascriptEscape(input)); }
protected static AuthenticationData GetAuthenticationDataAndCulture() { return(CommonV5.GetAuthenticationDataAndCulture(HttpContext.Current)); }
protected void Page_Load(object sender, EventArgs e) { if (CurrentUser == null) { throw new UnauthorizedAccessException("No"); // may cause problems on login screen? } PageAccessRequired = new Access(AccessAspect.Null); string returnUrlString = Request.QueryString["ReturnUrl"]; string organizationIdString = Request.QueryString["OrganizationId"]; int organizationId = Int32.Parse(organizationIdString); Organization suggestedOrganization = null; try { suggestedOrganization = Organization.FromIdentity(organizationId); } catch (ArgumentException) { suggestedOrganization = null; } if (suggestedOrganization.Identity == Organization.SandboxIdentity && !CurrentUser.ParticipatesInOrganization(suggestedOrganization)) { // Add a forever participation in Sandbox Participation.Create(CurrentUser, Organization.Sandbox, Constants.DateTimeHigh); } else if (suggestedOrganization == null || !CurrentUser.ParticipatesInOrganization(suggestedOrganization)) { // Some work here on PPSE pilot - we want everybody to be able to switch to Sandbox, which is #1 // except for in PPSE installation, where it is... #3 or something // TODO: Allow logon to organization if there is a Position active throw new UnauthorizedAccessException(); } // when we get here, we are authorized to log on to the suggested organization. // The reason we're modifying the existing Authority object instead of creating a new one // is to minimize the risk for impersonation exploits: The only way to assign a Person identity // to an Authority object is on login. Authority newAuthority = CurrentAuthority; newAuthority.SetOrganization(suggestedOrganization); // will/can also modify Position CurrentUser.LastLogonOrganizationId = suggestedOrganization.Identity; if (suggestedOrganization.Identity == Organization.SandboxIdentity) { // Set a dashboard message that the user is now working in Sandbox Response.SetCookie(new HttpCookie("DashboardMessage", CommonV5.JavascriptEscape(Resources.Global.Global_EnteringSandbox))); } if (!string.IsNullOrEmpty(returnUrlString)) { FormsAuthentication.SetAuthCookie(newAuthority.ToEncryptedXml(), true); Response.Redirect(returnUrlString); } else { FormsAuthentication.RedirectFromLoginPage(newAuthority.ToEncryptedXml(), true); } }
public static AjaxCallResult TerminateImpersonation() { AuthenticationData authData = GetAuthenticationDataAndCulture(); if (!authData.Authority.ImpersonationActive) { return(new AjaxCallResult { Success = false }); // no impersonation active. Race condition? } int realUserPersonId = authData.Authority.Impersonation.ImpersonatedByPersonId; Person impersonator = Person.FromIdentity(realUserPersonId); // Terminate impersonation and set new authority cookie from the impersonator data. // VERY SECURITY SENSITIVE: The identity as impersonator will be the new user. // TODO: LOG LOG LOG LOG SwarmopsLogEntry logEntry = SwarmopsLog.CreateEntry(authData.CurrentUser, new ImpersonationLogEntry { ImpersonatorPersonId = impersonator.Identity, Started = false }); logEntry.CreateAffectedObject(impersonator); // link impersonator to log entry for searchability DateTime utcNow = DateTime.UtcNow; Authority authority = Authority.FromLogin(impersonator, authData.CurrentOrganization); FormsAuthentication.SetAuthCookie(authority.ToEncryptedXml(), false); HttpContext.Current.Response.AppendCookie(new HttpCookie("DashboardMessage", CommonV5.JavascriptEscape(String.Format(Resources.Pages.Admin.CommenceImpersonation_Ended, utcNow)))); // returning Success will force a reload, resetting dashboard to original user return(new AjaxCallResult { Success = true }); }