private void _handleLoginOperation(Login login, Action<BplContextNode> onSuccess) {
Log.Info("Login: Start");
if (login.LoginName.IsEmpty() || login.Password.IsEmpty()) {
Log.Warn("Login: Attempt to perform login with empty {0}", login.LoginName.IsEmpty() ? "login name" : "password");
onSuccess(new LoginResult { Status = LoginStatus.InvalidLogin });
} else {
//TK: We need to create dummy contact to generate correct loinName;
var loginContact = new LoginContact(login.LoginName);
AuthServices.Login(loginContact, login.Password, (status, loginName) => _processLogin(loginName, status, r => onSuccess(new Value<LoginResult> { result = r })));
}
}
private static string _getName(LoginContact contact) {
if (contact != null && contact.LoginName.NotEmpty()) {
return CryptServices.HashLogin(contact.LoginName);
}
return null;
}
internal static void CreateUser(BplIdentity id, LoginContact contact, string password, Action<RegistrationResult, string> onFinished) {
//cleanup role
var loginName = _getName(contact);
if (loginName.IsEmpty() || password.IsEmpty()) {
onFinished(RegistrationResult.InvalidInformation, null);
} else {
try {
//register in AD
using (var context = new PrincipalContext(ContextType.Domain, ADServer, ADUserContainer, ADUsername, ADPassword)) {
var result = RegistrationResult.Success;
try {
var up = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, loginName);
if (up != null) {
result = up.Enabled == true ? RegistrationResult.ClientAlreadyRegistered : RegistrationResult.ClientBlocked;
} else {
up = new UserPrincipal(context);
up.SamAccountName = loginName;
//TK: Consider duplication on up.UserPrincipalName
up.Name = (string)id.LocalId; //TODO: Consider not only for drivers. Local ID can be not unique.
if (contact.LoginKind == LoginKind.Email) {
up.EmailAddress = contact.LoginValue;
} else {
//this is phone number
up.VoiceTelephoneNumber = contact.LoginValue;
}
up.Save();
object pgid = null;
var gpOscar = GroupPrincipal.FindByIdentity(context, IdentityType.SamAccountName, _usersGroup);
if (gpOscar != null) {
var grp = (DirectoryEntry)gpOscar.GetUnderlyingObject();
grp.Invoke("GetInfoEx", new object[] { new object[] { "primaryGroupToken" }, 0 });
pgid = grp.Invoke("Get", new object[] { "primaryGroupToken" });
grp.Properties["member"].Add(up.DistinguishedName);
grp.CommitChanges();
grp.Close();
} else {
throw new ApplicationException("Unable to get and assign valid group {0}".Substitute(_usersGroup));
}
//this is how we are doing impersonation
using (var entry = new DirectoryEntry("LDAP://{0}/{1}".Substitute(ADServer, up.DistinguishedName), ADUsername, ADPassword)) {
//TK: consider using reg code -> entry.Properties["uid"].Value = request.RegistrationCode;
if (pgid != null) {
entry.Properties["primaryGroupID"].Value = pgid;
}
entry.Invoke("SetPassword", new object[] { password });
entry.CommitChanges();
using (var gContext = new PrincipalContext(ContextType.Domain, ADServer, ADGlobalContainer, ADUsername, ADPassword)) {
var gpUsers = GroupPrincipal.FindByIdentity(gContext, "Domain Users");
if (gpUsers != null) {
var grp = (DirectoryEntry)gpUsers.GetUnderlyingObject();
grp.Properties["member"].Remove(up.DistinguishedName);
grp.CommitChanges();
grp.Close();
} else {
throw new ApplicationException("Unable to remove user from domain default group.");
}
}
}
up.Enabled = true;
up.Save();
result = up.Enabled == true ? RegistrationResult.Success : RegistrationResult.Failure;
up.Dispose();
up = null;
Log.Info("User {0} registered in AD", loginName);
}
onFinished(result, loginName);
} catch (Exception e) {
//check and cleanup user if it is
using (var up = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, loginName)) {
if (up != null && up.Enabled != true) {
up.Delete();
}
}
onFinished(RegistrationResult.Failure, null);
Log.Exception(e, "Unable to register user in active directory");
}
}
} catch (Exception dx) {
onFinished(RegistrationResult.Failure, null);
Log.Exception(dx, "Unable to connect to active directory");
}
}
}
internal static void Login(LoginContact loginContact, string password, Action<LoginStatus, string> onFinished) {
if (loginContact == null || loginContact.LoginName.IsEmpty() || password.IsEmpty()) {
onFinished(LoginStatus.InvalidLogin, null);
} else {
using (var context = new PrincipalContext(ContextType.Domain, ADServer, ADUserContainer, ADUsername, ADPassword)) {
var loginName = _getName(loginContact);
onFinished(context.ValidateCredentials(loginName, password) ? LoginStatus.Success : LoginStatus.InvalidLogin, loginName);
}
}
}
private void _validateContact(LoginContact contact, Uri callbackUri, string pin, string token, Action<bool> onResult) {
if (contact == null) {
Log.Warn("Unable to validate empty contact");
onResult(false);
} else {
var message = new SendContactMessage { Contact = contact.CreateContact() };
if (contact.LoginKind == LoginKind.Email) {
var builder = new UriBuilder(callbackUri);
builder.Query = builder.Query.Append("&pin={0}&token={1}".Substitute(pin, token));
//TODO: Localize this;
message.Message = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Please follow {0}.".Substitute(builder.Uri.AbsoluteUri);
} else if (message.Contact.Type == ContactTypes.MobilePhone) {
//TODO: Localize this;
message.Message = "Validation code: ".Append(pin);
} else {
Log.Warn("Driver registration: Unable to validate contact information since contact is neither email nor mobile phone.");
onResult(false);
}
if (message.Message.NotEmpty()) {
Services.Invoke(message, o => onResult(o), e => {
Log.Error("Driver registration: Unable to send a message due to {0}", e.Error);
onResult(false);
});
}
}
}
