Exemplo n.º 1
0
        public ActionResult CreateADUser()
        {
            var efms = MembershipService as EFMembershipService;

            if ((!Request.IsAuthenticated) || efms == null)
            {
                Log.Warning("CreateADUser: can't run IsAuth: {IsAuth}, MemServ {MemServ}",
                            Request.IsAuthenticated,
                            MembershipService.GetType());
                return(RedirectToAction("Unauthorized", "Home"));
            }

            var credentials = User.Username();
            var adUser      = ADHelper.GetUserPrincipal(credentials);

            if (adUser != null)
            {
                var userId = adUser.Guid.GetValueOrDefault(Guid.NewGuid());

                if (string.IsNullOrEmpty(adUser.EmailAddress))
                {
                    var username = credentials.Split('\\')[1];
                    adUser.EmailAddress = $"{username}@{AuthenticationSettings.EmailDomain}";
                }

                if (MembershipService.CreateUser(credentials, Guid.NewGuid().ToString(), adUser.GivenName, adUser.Surname, adUser.EmailAddress, userId))
                {
                    // 2 because we just added the user and there is the default admin user.
                    if (AuthenticationSettings.ImportWindowsAuthUsersAsAdmin || efms.UserCount() == 2)
                    {
                        Log.Information("Making AD user {User} into an admin", credentials);

                        var id = MembershipService.GetUserModel(credentials).Id;
                        RoleProvider.AddUserToRoles(id, new[] { Definitions.Roles.Administrator });

                        // Add the administrator role to the Identity/cookie
                        var Identity = (ClaimsIdentity)User.Identity;
                        Identity.AddClaim(new Claim(ClaimTypes.Role, Definitions.Roles.Administrator));
                        var AuthenticationManager = HttpContext.GetOwinContext().Authentication;
                        AuthenticationManager.AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(Identity), new AuthenticationProperties {
                            IsPersistent = true
                        });
                    }

                    return(RedirectToAction("Index", "Repository"));
                }
                else
                {
                    ModelState.AddModelError("Username", Resources.Account_Create_AccountAlreadyExists);
                    return(RedirectToAction("Index"));
                }
            }
            else
            {
                return(RedirectToAction("Unauthorized", "Home"));
            }
        }
Exemplo n.º 2
0
        public ActionResult Edit(UserEditModel model)
        {
            if (User.Id() != model.Id && !User.IsInRole(Definitions.Roles.Administrator))
            {
                return(RedirectToAction("Unauthorized", "Home"));
            }

            if (AuthenticationSettings.DemoModeActive && User.IsInRole(Definitions.Roles.Administrator) && User.Id() == model.Id)
            {
                // Don't allow the admin user to be changed in demo mode
                return(RedirectToAction("Unauthorized", "Home"));
            }

            if (ModelState.IsValid)
            {
                bool valid = true;

                if (!User.IsInRole(Definitions.Roles.Administrator) && (model.OldPassword == null && model.NewPassword != null))
                {
                    ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordEmpty);
                    valid = false;
                }

                if (model.OldPassword != null && MembershipService.ValidateUser(model.Username, model.OldPassword) != ValidationResult.Success)
                {
                    ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordIncorrect);
                    valid = false;
                }

                if (User.IsInRole(Definitions.Roles.Administrator) && model.Id == User.Id() && !(model.PostedSelectedRoles != null && model.PostedSelectedRoles.Contains(Definitions.Roles.Administrator)))
                {
                    ModelState.AddModelError("Roles", Resources.Account_Edit_CannotRemoveYourselfFromAdminRole);
                    valid = false;
                }

                if (valid)
                {
                    MembershipService.UpdateUser(model.Id, model.Username, model.Name, model.Surname, model.Email, model.NewPassword);
                    // Only Administrators can make any changes to roles
                    if (User.IsInRole(Definitions.Roles.Administrator))
                    {
                        RoleProvider.RemoveUserFromRoles(model.Id, RoleProvider.GetAllRoles());
                        if (model.PostedSelectedRoles != null)
                        {
                            RoleProvider.AddUserToRoles(model.Id, model.PostedSelectedRoles);
                        }
                    }
                    ViewBag.UpdateSuccess = true;
                }
            }

            model.Roles         = RoleProvider.GetAllRoles();
            model.SelectedRoles = model.PostedSelectedRoles;

            return(View(model));
        }
Exemplo n.º 3
0
        public ActionResult Edit(UserEditModel model)
        {
            if (!User.Id().Equals(model.Username, StringComparison.OrdinalIgnoreCase) && !User.IsInRole(Definitions.Roles.Administrator))
            {
                return(RedirectToAction("Unauthorized", "Home"));
            }

            if (ModelState.IsValid)
            {
                bool valid = true;

                if (!User.IsInRole(Definitions.Roles.Administrator) && (model.OldPassword == null && model.NewPassword != null))
                {
                    ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordEmpty);
                    valid = false;
                }

                if (model.OldPassword != null && MembershipService.ValidateUser(model.Username, model.OldPassword) != ValidationResult.Success)
                {
                    ModelState.AddModelError("OldPassword", Resources.Account_Edit_OldPasswordIncorrect);
                    valid = false;
                }

                if (User.IsInRole(Definitions.Roles.Administrator) && model.Username.Equals(User.Id(), StringComparison.OrdinalIgnoreCase) && !(model.Roles != null && model.Roles.Contains(Definitions.Roles.Administrator)))
                {
                    ModelState.AddModelError("Roles", Resources.Account_Edit_CannotRemoveYourselfFromAdminRole);
                    valid = false;
                }

                if (valid)
                {
                    MembershipService.UpdateUser(model.Username, model.Name, model.Surname, model.Email, model.NewPassword);
                    RoleProvider.RemoveUserFromRoles(model.Username, RoleProvider.GetAllRoles());
                    if (model.Roles != null)
                    {
                        RoleProvider.AddUserToRoles(model.Username, model.Roles);
                    }
                    ViewBag.UpdateSuccess = true;
                }
            }

            PopulateRoles();
            return(View(model));
        }
        public ActionResult CreateADUser()
        {
            if ((!Request.IsAuthenticated) || !(MembershipService is EFMembershipService))
            {
                return(RedirectToAction("Unauthorized", "Home"));
            }

            var credentials = User.Username();
            var dc          = new PrincipalContext(ContextType.Domain, credentials.GetDomain());
            var adUser      = UserPrincipal.FindByIdentity(dc, credentials);

            if (adUser != null)
            {
                //TODO Is this legit? Could an AD user ever not have a Guid
                var userId = adUser.Guid.GetValueOrDefault(Guid.NewGuid());
                if (MembershipService.CreateUser(credentials, Guid.NewGuid().ToString(), adUser.GivenName, adUser.Surname, adUser.EmailAddress, userId))
                {
                    if (MembershipService is EFMembershipService)
                    {
                        var efms = MembershipService as EFMembershipService;
                        // 2 because we just added the user and there is the default admin user.
                        if ((AuthenticationSettings.ImportWindowsAuthUsersAsAdmin || efms.UserCount() == 2))
                        {
                            var id = MembershipService.GetUserModel(credentials).Id;
                            RoleProvider.AddUserToRoles(id, new string[] { Definitions.Roles.Administrator });
                        }
                    }
                    return(RedirectToAction("Index", "Repository"));
                }
                else
                {
                    ModelState.AddModelError("Username", Resources.Account_Create_AccountAlreadyExists);
                    return(RedirectToAction("Index"));
                }
            }
            else
            {
                return(RedirectToAction("Unauthorized", "Home"));
            }
        }