Exemplo n.º 1
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            //Validation of parameters and user have been successful. We may now proceed to read from the database
            var adoAccount = new Account_ADO();

            //Accounts are returned as an ADO result
            if (DTO.CcnUsername == null)
            {
                DTO.CcnUsername = SamAccountName;
            }
            ADO_readerOutput result = adoAccount.Read(Ado, DTO);

            //Merge the data with Active Directory data
            if (result.hasData)
            {
                ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
                adAdo.MergeAdToUsers(ref result);

                if (!string.IsNullOrEmpty(DTO.CcnUsername))
                {
                    adAdo.MergeGroupsToUsers(Ado, ref result);
                }

                Response.data = result.data;
                return(true);
            }

            Log.Instance.Debug("No Account data found");
            return(false);
        }
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            DTO.CcnUsername = SamAccountName;
            Account_ADO accountAdo = new Account_ADO();

            Account_DTO_Read dtoRead = new Account_DTO_Read();

            dtoRead.CcnUsername = SamAccountName;

            var readUser = accountAdo.Read(Ado, dtoRead);

            if (readUser.hasData)
            {
                DTO.PrvCode = accountAdo.ReadAccounts(readUser)[0].PrvCode;
                int nUpdated = accountAdo.Update(Ado, DTO, SamAccountName);

                if (nUpdated == 0)
                {
                    Log.Instance.Debug("Failed to update Account");
                    Response.error = Label.Get("error.update");
                    return(false);
                }
            }
            Response.data = JSONRPC.success;
            return(true);
        }
Exemplo n.º 3
0
        protected override bool Execute()
        {
            if (!ReCAPTCHA.Validate(DTO.Captcha))
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }

            ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
            ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);

            dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);

            if (adUser?.CcnEmail != null)
            {
                DTO.CcnEmail       = adUser.CcnEmail;
                DTO.CcnDisplayname = adUser.CcnDisplayName;
                DTO.CcnUsername    = adUser.CcnUsername;
            }
            else
            {
                Account_ADO aAdo = new Account_ADO();
                var         user = aAdo.Read(Ado, new Account_DTO_Read()
                {
                    CcnUsername = DTO.CcnEmail
                });
                if (!user.hasData)
                {
                    Response.data = JSONRPC.success;
                    return(true);
                }

                if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
                {
                    Response.data = JSONRPC.success;
                    return(true);
                }

                DTO.CcnDisplayname = user.data[0].CcnDisplayName;
                DTO.CcnEmail       = user.data[0].CcnEmail;
                DTO.CcnUsername    = DTO.CcnEmail;
            }
            Login_BSO        lBso   = new Login_BSO(Ado);
            ADO_readerOutput output = lBso.ReadByToken2Fa(DTO.LgnToken2Fa, DTO.CcnUsername);

            if (!output.hasData)
            {
                return(false);
            }
            //create a 2fa, save it to the database, unlock the account and send the 2fa back to the client to be displayed as a QRCode

            string token = lBso.Update2FA(new Login_DTO_Create2FA()
            {
                LgnToken2Fa = DTO.LgnToken2Fa, CcnUsername = DTO.CcnUsername
            });

            Response.data = token;
            return(true);
        }
Exemplo n.º 4
0
        /// <summary>
        /// Checks if the user is registered on the system
        /// </summary>
        /// <param name="ado"></param>
        /// <param name="ccnUsername"></param>
        /// <returns></returns>


        internal bool IsRegistered(ADO ado, string ccnUsername)
        {
            Account_ADO      accountAdo = new Account_ADO();
            Account_DTO_Read dto        = new Account_DTO_Read();

            dto.CcnUsername = ccnUsername;
            ADO_readerOutput output = accountAdo.Read(ado, dto);

            return(output.hasData);
        }
Exemplo n.º 5
0
        protected override bool Execute()
        {
            if (!ReCAPTCHA.Validate(DTO.Captcha))
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }
            Login_BSO   lBso = new Login_BSO(Ado);
            Account_ADO aAdo = new Account_ADO();


            ADO_readerOutput responseUser = aAdo.Read(Ado, DTO.CcnEmail);

            //If this is an AD user using their email as an identifier then we must get their details from AD
            if (!responseUser.hasData)
            {
                ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();

                var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);


                if (adResult == null)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }
                //Check if AD local access is allowed
                if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess") && adResult != null)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }

                DTO.CcnUsername = adResult.CcnUsername;
            }
            else
            {
                DTO.CcnUsername = responseUser.data[0].CcnUsername;
            }


            var response = lBso.Update2FA(DTO);

            if (response != null)
            {
                Response.data = response;

                return(true);
            }
            Response.error = Label.Get("error.authentication");
            return(false);
        }
Exemplo n.º 6
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            //Validation of parameters and user have been successful. We may now proceed to read from the database
            var adoGroupAccount = new GroupAccount_ADO();

            //Power users or Administrators may not be group members
            if (IsPowerUser(DTO.CcnUsername) || IsAdministrator(DTO.CcnUsername))
            {
                Log.Instance.Debug("Power users or Administrators may not be group members");
                Response.error = Label.Get("error.create");
                return(false);
            }



            //Check if the user exists

            var adoAccount = new Account_ADO();
            var account    = adoAccount.Read(Ado, DTO.CcnUsername);

            if (!account.hasData)
            {
                Log.Instance.Debug("User does not exist");
                Response.error = Label.Get("error.create");
                return(false);
            }


            //First we must check if the GroupAccount exists already (we can't have duplicates)
            if (adoGroupAccount.Exists(Ado, DTO.CcnUsername, DTO.GrpCode))
            {
                //This GroupAccount exists already, we can't proceed
                Log.Instance.Debug("GroupAccount exists already - create request refused");
                Response.error = Label.Get("error.duplicate");
                return(false);
            }

            //Create the GroupAccount - and retrieve the newly created Id
            int newId = adoGroupAccount.Create(Ado, DTO, SamAccountName);

            if (newId == 0)
            {
                Log.Instance.Debug("Can't create Group Account");
                Response.error = Label.Get("error.create");
                return(false);
            }

            Response.data = JSONRPC.success;
            return(true);
        }
Exemplo n.º 7
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            if (DTO.CcnUsername == null)
            {
                DTO.CcnUsername = SamAccountName;
            }

            Account_ADO      adoAccount = new Account_ADO();
            ADO_readerOutput result     = adoAccount.ReadReleaseApprovers(Ado, DTO);

            Response.data = result.hasData;

            return(true);
        }
Exemplo n.º 8
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            //A power user may not create an Administrator
            if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
            {
                Log.Instance.Debug("A power user may not create an Administrator");
                Response.error = Label.Get("error.privilege");
                return(false);
            }

            //We need to check if the requested user is in Active Directory, otherwise we refuse the request.
            ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();

            ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);

            if (adDto.CcnUsername == null)
            {
                Log.Instance.Debug("AD user not found");
                Response.error = Label.Get("error.create");
                return(false);
            }


            //Validation of parameters and user have been successful. We may now proceed to read from the database
            var adoAccount = new Account_ADO();

            //First we must check if the Account exists already (we can't have duplicates)
            if (adoAccount.Exists(Ado, DTO.CcnUsername))
            {
                //This Account exists already, we can't proceed
                Log.Instance.Debug("Account exists already");
                Response.error = Label.Get("error.duplicate");
                return(false);
            }

            //Create the Account - and retrieve the newly created Id
            int newId = adoAccount.Create(Ado, DTO, SamAccountName);

            if (newId == 0)
            {
                Log.Instance.Debug("adoAccount.Create - can't crete Account");
                Response.error = Label.Get("error.create");
                return(false);
            }

            Response.data = JSONRPC.success;
            return(true);
        }
Exemplo n.º 9
0
        protected override bool Execute()
        {
            Login_BSO lBso = new Login_BSO(Ado);

            Account_ADO aAdo = new Account_ADO();

            ADO_readerOutput response = aAdo.Read(Ado, DTO.CcnEmail);



            if (!response.hasData)
            {
                ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
                //adAdo.MergeAdToUsers(ref result);

                var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);


                ////Email address not in the login table, try to get the username from the email address via AD
                //PrincipalContext context = new PrincipalContext(ContextType.Domain);
                //user = UserPrincipal.FindByIdentity(context, DTO.CcnEmail).Name;

                if (adResult == null)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }


                DTO.CcnUsername = adResult.CcnUsername;
            }
            else
            {
                DTO.CcnUsername = response.data[0].CcnUsername;
            }

            Login_ADO lAdo = new Login_ADO(Ado);

            if (lAdo.ReadOpen2Fa(DTO.CcnUsername))
            {
                Response.data = JSONRPC.success;
                return(true);
            }
            return(false);
        }
Exemplo n.º 10
0
 /// <summary>
 /// Get all users of a given privilege
 /// </summary>
 /// <param name="prvCode"></param>
 /// <returns></returns>
 internal ADO_readerOutput getUsersOfPrivilege(string prvCode)
 {
     ado = new ADO("defaultConnection");
     try
     {
         Account_ADO aAdo   = new Account_ADO();
         var         result = aAdo.ReadMinimumPrivilege(ado, prvCode);
         return(result);
     }
     catch (Exception ex)
     {
         throw ex;
     }
     finally
     {
         ado.Dispose();
     }
 }
Exemplo n.º 11
0
        internal ADO_readerOutput ReadCurrentAccess(ADO Ado, string ccnUsername)
        {
            //Validation of parameters and user have been successful. We may now proceed to read from the database
            var adoAccount = new Account_ADO();

            ADO_readerOutput result = adoAccount.Read(Ado, ccnUsername);

            if (result.hasData)
            {
                // Set the cache based on the data returned
                MemCacheD.Store_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", ccnUsername, result.data, new DateTime());

                return(result);
            }

            Log.Instance.Debug("No Account data found");
            return(result);
        }
Exemplo n.º 12
0
 /// <summary>
 /// Get a list of users connected to this release with a number of filter options
 /// </summary>
 /// <param name="rlsCode"></param>
 /// <param name="isApprover"></param>
 /// <param name="prvCode"></param>
 /// <returns></returns>
 internal ADO_readerOutput getReleaseUsers(int rlsCode, bool?isApprover, string prvCode = null)
 {
     ado = new ADO("defaultConnection");
     try
     {
         Account_ADO aAdo   = new Account_ADO();
         var         result = aAdo.ReadReleaseUsers(ado, rlsCode, isApprover, prvCode);
         return(result);
     }
     catch (Exception ex)
     {
         throw ex;
     }
     finally
     {
         ado.Dispose();
     }
 }
Exemplo n.º 13
0
        internal bool IsModerator(ADO ado, string ccnUsername)
        {
            Account_ADO      accountAdo = new Account_ADO();
            Account_DTO_Read dto        = new Account_DTO_Read();

            dto.CcnUsername = ccnUsername;
            ADO_readerOutput output = accountAdo.Read(ado, dto);


            if (!output.hasData)
            {
                return(false);
            }
            else
            {
                dynamic account = output.data.First();
                return(account.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_MODERATOR));
            }
        }
Exemplo n.º 14
0
        protected override bool Execute()
        {
            ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();

            ActiveDirectory_DTO adDto = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);

            if (adDto?.CcnUsername != null)
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }

            Login_BSO lBso = new Login_BSO(Ado);

            Account_ADO aado = new Account_ADO();
            var         user = aado.Read(Ado, DTO.CcnEmail);

            if (!user.hasData)
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }
            string token = Utility.GetRandomSHA256(user.data[0].CcnId.ToString());

            if (lBso.Update1FaTokenForUser(user.data[0].CcnUsername, token) != null)
            {
                SendEmail(new Login_DTO_Create()
                {
                    CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
                }, token, "PxStat.Security.Login_API.Update1FA");
                Response.data = JSONRPC.success;
                return(true);
            }

            Response.error = Label.Get("error.authentication");
            return(false);
        }
Exemplo n.º 15
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            Stopwatch sw = new Stopwatch();

            sw.Start();

            if (!ReCAPTCHA.Validate(DTO.Captcha))
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }
            ActiveDirectory_ADO adAdo  = new ActiveDirectory_ADO();
            dynamic             adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);

            //Check if local access is available for AD users
            if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess") && adUser != null)
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }

            DTO.CcnUsername = DTO.CcnEmail;
            Login_BSO lBso = new Login_BSO(Ado);

            Account_ADO aAdo = new Account_ADO();

            ADO_readerOutput response = aAdo.Read(Ado, DTO.CcnEmail);

            string user;

            if (!response.hasData)
            {
                //Email address not in the login table, try to get the username from the email address via AD


                var adResult = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
                Log.Instance.Debug("AD user found from email - time ms: " + sw.ElapsedMilliseconds);

                if (adResult == null)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }

                user = adResult.CcnUsername;

                //Now get the user details from the table

                response = aAdo.Read(Ado, user);
                if (!response.hasData)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }

                if (response.data[0].CcnLockedFlag)
                {
                    Response.error = Label.Get("error.account.locked");
                    return(false);
                }
            }
            else
            {
                user = response.data[0].CcnUsername;
            }


            if (response.data[0].Lgn2Fa.Equals(DBNull.Value))
            {
                Response.error = Label.Get("error.authentication");

                return(false);
            }

            if (response.data[0].CcnLockedFlag)
            {
                Response.error = Label.Get("error.authentication");

                return(false);
            }

            int    ccnId    = response.data[0].CcnId;
            string login2Fa = response.data[0].Lgn2Fa;

            if (!API.TwoFA.Validate2fa(DTO.Totp, login2Fa))
            {
                Response.error = Label.Get("error.authentication");

                return(false);
            }

            response = lBso.Validate1Fa(DTO.Lgn1Fa, user);

            if (!response.hasData)
            {
                //No validation available via the Login table, try Active Directory
                long lValidatePassword = sw.ElapsedMilliseconds;
                if (!ActiveDirectory.IsPasswordValid(user, DTO.Lgn1Fa))
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }
                Log.Instance.Debug("Elaspsed time ValidatePassword: "******"AD validation time ms: " + sw.ElapsedMilliseconds);
                //Get the remaining details from the database
                response = aAdo.Read(Ado, user);

                if (!response.hasData)
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }
            }
            //If we have found an account, credentials are ok, but the account is locked, then we return an account locked error
            //could be AD too
            //IsUserAuthenticated needs to check if the user is locked too


            if (response.data[0].CcnLockedFlag)
            {
                Response.error = Label.Get("error.account.locked");
                return(false);
            }


            string sessionToken = Utility.GetRandomSHA256(ccnId.ToString());

            DateTime expiry = DateTime.Now.AddSeconds(Configuration_BSO.GetCustomConfig(ConfigType.global, "session.length"));

            if (!lBso.CreateSession(sessionToken, expiry, user))
            {
                Response.error = Label.Get("error.create");
                return(false);
            }

            Response.sessionCookie = new HttpCookie(API.Common.SessionCookieName)
            {
                Value = sessionToken
            };

            Response.data = API.JSONRPC.success;
            long l = sw.ElapsedMilliseconds;

            return(true);
        }
Exemplo n.º 16
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            //A power user may not update a user to become an Administrator
            if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
            {
                Log.Instance.Debug("A power user may not update a user to become an Administrator");
                Response.error = Label.Get("error.privilege");
                return(false);
            }

            //A power user may not downgrade an administrator
            if (IsPowerUser() && IsAdministrator(DTO.CcnUsername) && !DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
            {
                Log.Instance.Debug("A power user may not downgrade an administrator");
                Response.error = Label.Get("error.privilege");
                return(false);
            }

            Account_ADO adoAccount = new Account_ADO();

            //There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused.
            if (IsAdministrator(DTO.CcnUsername))
            {
                if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
                {
                    Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this update.");
                    Response.error = Label.Get("error.update");
                    return(false);
                }
            }

            //Update and retrieve the number of updated rows
            int nUpdated = adoAccount.Update(Ado, DTO, SamAccountName);

            if (nUpdated == 0)
            {
                Log.Instance.Debug("Failed to update Account");
                Response.error = Label.Get("error.update");
                return(false);
            }

            //An administrator or power user may not be a member of a group. Therefore we will remove any group memberships for the updated user
            // We run the check based on the proposed PrvCode, not on the existing privilege
            if (DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR) || DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_POWER_USER))
            {
                List <GroupAccount_DTO> groupAccountList = getGroupMembership(DTO.CcnUsername);

                foreach (GroupAccount_DTO groupAccount in groupAccountList)
                {
                    GroupAccount_ADO        gaAdo = new GroupAccount_ADO();
                    GroupAccount_DTO_Delete gaDto = new GroupAccount_DTO_Delete();
                    gaDto.CcnUsername = groupAccount.CcnUsername;
                    gaDto.GrpCode     = groupAccount.GrpCode;
                    int deleted = gaAdo.Delete(Ado, gaDto, SamAccountName);
                    if (deleted == 0)
                    {
                        Log.Instance.Debug("Failed to delete account group membership");
                        Response.error = Label.Get("error.update");
                        return(false);
                    }
                }
            }
            //If this user is cached then we must remove it because the data is now out of date
            MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername);
            Response.data = JSONRPC.success;
            return(true);
        }
Exemplo n.º 17
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            bool success = false;

            ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
            ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);

            dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);

            if (adUser?.CcnEmail != null)
            {
                //Check if local access is available for AD users
                if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess"))
                {
                    Response.error = Label.Get("error.authentication");
                    return(false);
                }
                DTO.CcnEmail       = adUser.CcnEmail;
                DTO.CcnDisplayname = adUser.CcnDisplayName;
                DTO.CcnUsername    = adUser.CcnUsername;
            }
            else
            {
                Account_ADO aAdo = new Account_ADO();
                var         user = aAdo.Read(Ado, new Account_DTO_Read()
                {
                    CcnUsername = DTO.CcnEmail
                });
                if (!user.hasData)
                {
                    Response.data = JSONRPC.success;
                    return(success);
                }

                if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
                {
                    Response.data = JSONRPC.success;
                    return(true);
                }

                DTO.CcnDisplayname = user.data[0].CcnDisplayName;
                DTO.CcnEmail       = user.data[0].CcnEmail;
                DTO.CcnUsername    = DTO.CcnEmail;
            }


            Login_BSO lBso = new Login_BSO(Ado);

            string token = Utility.GetRandomSHA256(DTO.CcnUsername);

            lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, token);

            if (token != null)
            {
                SendEmail(new Login_DTO_Create()
                {
                    CcnUsername = DTO.CcnUsername, CcnEmail = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnDisplayname = DTO.CcnDisplayname
                }, token, "PxStat.Security.Login_API.Update2FA");
                Response.data = JSONRPC.success;
                success       = true;
            }

            Response.data = JSONRPC.success;
            return(success);
        }
Exemplo n.º 18
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            //A power user may not delete an Administrator
            if (IsPowerUser() && IsAdministrator(DTO.CcnUsername))
            {
                Log.Instance.Debug("A power user may not delete an Administrator");
                Response.error = Label.Get("error.privilege");
                return(false);
            }

            //You can't delete yourself
            if (DTO.CcnUsername.Equals(SamAccountName))
            {
                Log.Instance.Debug("A user may not delete themselves");
                Response.error = Label.Get("error.delete");
                return(false);
            }

            var adoAccount = new Account_ADO();

            //There must always be at least one administrator in the system. If this delete would leave no administrator then the request must be refused.
            if (IsAdministrator(DTO.CcnUsername))
            {
                if (!adoAccount.EnoughPrivilegesInAccounts(Ado, Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
                {
                    Log.Instance.Debug("There are insufficient Administrators in the Account table to proceed with this delete.");
                    Response.error = Label.Get("error.delete");
                    return(false);
                }
            }

            //We also need to delete user membership of any groups
            GroupAccount_ADO      gaAdo = new GroupAccount_ADO();
            GroupAccount_DTO_Read gaDto = new GroupAccount_DTO_Read();

            gaDto.CcnUsername = DTO.CcnUsername;
            ADO_readerOutput groupAccountList = gaAdo.Read(Ado, gaDto);

            if (groupAccountList.hasData)
            {
                foreach (dynamic res in groupAccountList.data)
                {
                    GroupAccount_DTO_Delete dtoDelete = new GroupAccount_DTO_Delete();
                    dtoDelete.CcnUsername = DTO.CcnUsername;
                    dtoDelete.GrpCode     = res.GrpCode;
                    gaAdo.Delete(Ado, dtoDelete, SamAccountName);
                }
            }

            //attempting to delete. The number of entities deleted are passed to the entitiesDeleted variable (this is 1 for a successful delete)
            int nDeleted = adoAccount.Delete(Ado, DTO, SamAccountName);

            if (nDeleted == 0)
            {
                Log.Instance.Debug("adoAccount.Delete - can't delete Account");
                Response.error = Label.Get("error.delete");
                return(false);
            }

            //If this user is cached then we must remove the cache entry as well
            MemCacheD.Remove_BSO <dynamic>("PxStat.Security", "Account_API", "ReadCurrentAccesss", DTO.CcnUsername);

            Response.data = JSONRPC.success;
            return(true);
        }
Exemplo n.º 19
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            //A power user may not create an Administrator
            if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
            {
                Log.Instance.Debug("A power user may not create an Administrator");
                Response.error = Label.Get("error.privilege");
                return(false);
            }

            //We need to check if the requested user is in Active Directory, otherwise we refuse the request.
            ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();

            ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);

            if (adDto.CcnUsername == null)
            {
                Log.Instance.Debug("AD user not found");
                Response.error = Label.Get("error.create");
                return(false);
            }

            //Validation of parameters and user have been successful. We may now proceed to read from the database
            var adoAccount = new Account_ADO();

            //First we must check if the Account exists already (we can't have duplicates)
            if (adoAccount.Exists(Ado, DTO.CcnUsername))
            {
                //This Account exists already, we can't proceed
                Log.Instance.Debug("Account exists already");
                Response.error = Label.Get("error.duplicate");
                return(false);
            }

            //Create the Account - and retrieve the newly created Id
            int newId = adoAccount.Create(Ado, DTO, SamAccountName, true);

            if (newId == 0)
            {
                Log.Instance.Debug("adoAccount.Create - can't create Account");
                Response.error = Label.Get("error.create");
                return(false);
            }
            string    token = Utility.GetRandomSHA256(newId.ToString());
            Login_BSO lBso  = new Login_BSO(Ado);

            lBso.CreateLogin(new Login_DTO_Create()
            {
                CcnUsername = DTO.CcnUsername
            }, SamAccountName, null);

            //Check if local access is available for AD users
            if (Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess"))
            {
                lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, token);

                SendEmail(new Login_DTO_Create()
                {
                    CcnDisplayname = adDto.CcnDisplayName, CcnEmail = adDto.CcnEmail, CcnUsername = DTO.CcnUsername, LngIsoCode = DTO.LngIsoCode
                }, token, "PxStat.Security.Login_API.Create2FA");
            }

            Response.data = JSONRPC.success;
            return(true);
        }
Exemplo n.º 20
0
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            //A power user may not create an Administrator
            if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
            {
                Log.Instance.Debug("A power user may not create an Administrator");
                Response.error = Label.Get("error.privilege");
                return(false);
            }

            //We need to check if the requested user is NOT in Active Directory, otherwise we refuse the request.
            ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();

            ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);

            if (adDto.CcnUsername != null)
            {
                Log.Instance.Debug("Account exists already");
                Response.error = Label.Get("error.create");
                return(false);
            }

            //Validation of parameters and user have been successful. We may now proceed to read from the database
            var adoAccount = new Account_ADO();

            //First we must check if the Account exists already (we can't have duplicates)
            if (adoAccount.Exists(Ado, DTO.CcnEmail))
            {
                //This Account exists already, we can't proceed
                Log.Instance.Debug("Account exists already");
                Response.error = Label.Get("error.duplicate");
                return(false);
            }

            //Next check if the email exists
            if (adoAccount.ExistsByEmail(Ado, DTO.CcnEmail))
            {
                //This Account exists already, we can't proceed
                Log.Instance.Debug("Account exists already");
                Response.error = Label.Get("error.duplicate");
                return(false);
            }

            //make sure this email isn't an AD email - they should not become local users
            var aduser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);

            if (aduser != null)
            {
                //This Account exists in AD, we can't proceed
                Log.Instance.Debug("Account exists in AD");
                Response.error = Label.Get("error.create");
                return(false);
            }


            //Create the Account - and retrieve the newly created Id
            int newId = adoAccount.Create(Ado, new Account_DTO_Create()
            {
                CcnUsername = DTO.CcnUsername, CcnNotificationFlag = DTO.CcnNotificationFlag, LngIsoCode = DTO.LngIsoCode, PrvCode = DTO.PrvCode, CcnDisplayName = DTO.CcnDisplayName, CcnEmail = DTO.CcnEmail
            }, SamAccountName, false);

            if (newId == 0)
            {
                Log.Instance.Debug("adoAccount.Create - can't create Account");
                Response.error = Label.Get("error.create");
                return(false);
            }

            Login_DTO_Create lDto = new Login_DTO_Create()
            {
                CcnUsername = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = DTO.CcnDisplayName
            };

            Login_BSO lBso = new Login_BSO(Ado);

            string token = Utility.GetRandomSHA256(newId.ToString());


            if (lBso.CreateLogin(lDto, SamAccountName, token))
            {
                SendEmail(lDto, token, "PxStat.Security.Login_API.Create1FA");
            }
            else
            {
                Response.error = Label.Get("error.create");
                return(false);
            }


            Response.data = JSONRPC.success;
            return(true);
        }
        /// <summary>
        /// Execute
        /// </summary>
        /// <returns></returns>
        protected override bool Execute()
        {
            if (!ReCAPTCHA.Validate(DTO.Captcha))
            {
                Response.error = Label.Get("error.authentication");
                return(false);
            }

            if (DTO.CcnUsername == null)
            {
                DTO.CcnUsername = DTO.CcnEmail;
            }

            //Not allowed for AD users
            ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
            ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);



            if (adDto.CcnDisplayName != null)
            {
                Response.data = JSONRPC.success;
                return(true);
            }

            Account_ADO ccnAdo = new Account_ADO();
            var         user   = ccnAdo.Read(Ado, new Account_DTO_Read()
            {
                CcnUsername = DTO.CcnEmail
            });

            if (!user.hasData)
            {
                Response.data = JSONRPC.success;
                return(true);
            }
            if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
            {
                Response.data = JSONRPC.success;
                return(true);
            }

            DTO.CcnEmail = user.data[0].CcnEmail;

            Login_BSO lBso = new Login_BSO(Ado);

            string loginToken = Utility.GetRandomSHA256(user.data[0].CcnId.ToString());

            Login_DTO_Create ldto = new Login_DTO_Create()
            {
                CcnUsername = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
            };

            if (lBso.Update1FaTokenForUser(DTO.CcnEmail, loginToken) != null)
            {
                SendEmail(new Login_DTO_Create()
                {
                    CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
                }, loginToken, "PxStat.Security.Login_API.Update1FA");

                Response.data = JSONRPC.success;
                return(true);
            }
            else
            {
                Response.error = Label.Get("error.create");
                return(false);
            }
        }