private IQueryable <UserPasswordResetRequest> QueryNumberResetAttempts(IExecutionContext executionContext)
{
var connectionInfo = _clientConnectionService.GetConnectionInfo();
var dateToDetectAttempts = executionContext.ExecutionDate.AddHours(-MAX_PASSWORD_RESET_ATTEMPTS_NUMHOURS);
return(_dbContext.UserPasswordResetRequests.Where(r => r.IPAddress == connectionInfo.IPAddress && r.CreateDate > dateToDetectAttempts));
}
public void Execute(LogFailedLoginAttemptCommand command, IExecutionContext executionContext)
{
var connectionInfo = _clientConnectionService.GetConnectionInfo();
_sqlExecutor.ExecuteCommand("Cofoundry.FailedAuthticationAttempt_Add",
new SqlParameter("UserAreaCode", command.UserAreaCode),
new SqlParameter("Username", TextFormatter.Limit(command.Username, 150)),
new SqlParameter("IPAddress", connectionInfo.IPAddress),
new SqlParameter("DateTimeNow", executionContext.ExecutionDate)
);
}
public async Task <bool> ExecuteAsync(HasExceededMaxAuthenticationAttemptsQuery query, IExecutionContext executionContext)
{
var options = _userAreaDefinitionRepository.GetOptionsByCode(query.UserAreaCode).Authentication;
if ((options.IPAddressRateLimit == null || !options.IPAddressRateLimit.HasValidQuantityAndWindow()) &&
(options.UsernameRateLimit == null || !options.UsernameRateLimit.HasValidQuantityAndWindow()))
{
return(false);
}
var connectionInfo = _clientConnectionService.GetConnectionInfo();
var isValid = await _userStoredProcedures.IsAuthenticationAttemptValidAsync(
query.UserAreaCode,
TextFormatter.Limit(query.Username, 150),
connectionInfo.IPAddress,
executionContext.ExecutionDate,
GetRateLimitQuantityIfValid(options.IPAddressRateLimit),
RateLimitWindowToSeconds(options.IPAddressRateLimit),
GetRateLimitQuantityIfValid(options.UsernameRateLimit),
RateLimitWindowToSeconds(options.UsernameRateLimit)
);
return(!isValid);
}
public void Execute(LogAuthenticatedUserInCommand command, IExecutionContext executionContext)
{
var user = Query(command.UserId).SingleOrDefault();
EntityNotFoundException.ThrowIfNull(user, command.UserId);
var connectionInfo = _clientConnectionService.GetConnectionInfo();
SetLoggedIn(user, executionContext);
_dbContext.SaveChanges();
_sqlExecutor.ExecuteCommand("Cofoundry.UserLoginLog_Add",
new SqlParameter("UserId", user.UserId),
new SqlParameter("IPAddress", connectionInfo.IPAddress),
new SqlParameter("DateTimeNow", executionContext.ExecutionDate)
);
}
public bool Execute(HasExceededMaxLoginAttemptsQuery query, IExecutionContext executionContext)
{
var connectionInfo = _clientConnectionService.GetConnectionInfo();
var isValid = _sqlExecutor.ExecuteScalar <int>("Cofoundry.FailedAuthticationAttempt_IsAttemptValid",
new SqlParameter("UserAreaCode", query.UserAreaCode),
new SqlParameter("Username", query.Username.Trim()),
new SqlParameter("IPAddress", connectionInfo.IPAddress),
new SqlParameter("DateTimeNow", executionContext.ExecutionDate),
new SqlParameter("MaxIPAttempts", _authenticationSettings.MaxIPAttempts),
new SqlParameter("MaxUsernameAttempts", _authenticationSettings.MaxUsernameAttempts),
new SqlParameter("MaxIPAttemptsBoundaryInMinutes", _authenticationSettings.MaxIPAttemptsBoundaryInMinutes),
new SqlParameter("MaxUsernameAttemptsBoundaryInMinutes", _authenticationSettings.MaxUsernameAttemptsBoundaryInMinutes)
);
return(isValid != 1);
}
public async Task ExecuteAsync(LogSuccessfulAuthenticationCommand command, IExecutionContext executionContext)
{
var connectionInfo = _clientConnectionService.GetConnectionInfo();
await _userStoredProcedures.LogAuthenticationSuccessAsync(
command.UserId,
connectionInfo.IPAddress,
executionContext.ExecutionDate
);
}
public async Task ExecuteAsync(LogFailedAuthenticationAttemptCommand command, IExecutionContext executionContext)
{
var connectionInfo = _clientConnectionService.GetConnectionInfo();
await _userStoredProcedures.LogAuthenticationFailedAsync(
command.UserAreaCode,
TextFormatter.Limit(command.Username, 150),
connectionInfo.IPAddress,
executionContext.ExecutionDate
);
await _domainRepository.Transactions().QueueCompletionTaskAsync(() => OnTransactionComplete(command));
}
public async Task ExecuteAsync(AddCurrentIPAddressIfNotExistsCommand command, IExecutionContext executionContext)
{
var connectionInfo = _clientConnectionService.GetConnectionInfo();
EntityNotFoundException.ThrowIfNull(connectionInfo, null);
if (string.IsNullOrWhiteSpace(connectionInfo.IPAddress))
{
return;
}
command.OutputIPAddressId = await _ipAddressStoredProcedures.AddIfNotExistsAsync(connectionInfo.IPAddress, executionContext.ExecutionDate);
}
public async Task ExecuteAsync(LogSuccessfulLoginCommand command, IExecutionContext executionContext)
{
var user = await Query(command.UserId).SingleOrDefaultAsync();
EntityNotFoundException.ThrowIfNull(user, command.UserId);
var connectionInfo = _clientConnectionService.GetConnectionInfo();
SetLoggedIn(user, executionContext);
await _dbContext.SaveChangesAsync();
await _sqlExecutor.ExecuteCommandAsync(_dbContext,
"Cofoundry.UserLoginLog_Add",
new SqlParameter("UserId", user.UserId),
new SqlParameter("IPAddress", connectionInfo.IPAddress),
new SqlParameter("DateTimeNow", executionContext.ExecutionDate)
);
}
