///////////////////////////////////////////////////////////////////////
public static DataRow get_user_datarow_maybe_using_from_addr(Message message, string from_addr, string username)
{
DataRow dr = null;
var sql = new SQLString(@"
select us_id, us_admin, us_username, us_org, og_other_orgs_permission_level, isnull(us_forced_project,0) us_forced_project
from users
inner join orgs on us_org = og_id
where us_username = @us");
// Create a new user from the "from" email address
string btnet_service_username = Util.get_setting("CreateUserFromEmailAddressIfThisUsername", "");
if (!string.IsNullOrEmpty(from_addr) && username == btnet_service_username)
{
from_addr = get_from_addr(message);
// See if there's already a username that matches this email address
username = Email.simplify_email_address(from_addr);
// Does a user with this email already exist?
sql = sql.AddParameterWithValue("us", username);
// We maybe found [email protected], so let's use him as the user instead of the btnet_service.exe user
dr = btnet.DbUtil.get_datarow(sql);
// We didn't find the user, so let's create him, using the email address as the username.
if (dr == null)
{
bool use_domain_as_org_name = Util.get_setting("UseEmailDomainAsNewOrgNameWhenCreatingNewUser", "0") == "1";
btnet.User.copy_user(
username,
username,
"", "", "", // first, last, signature
0, // salt
Guid.NewGuid().ToString(), // random value for password,
Util.get_setting("CreateUsersFromEmailTemplate", "[error - missing user template]"),
use_domain_as_org_name);
// now that we have created a user, try again
dr = btnet.DbUtil.get_datarow(sql);
}
}
else
{
// Use the btnet_service.exe user as the username
sql = sql.AddParameterWithValue("$us", username.Replace("'", "''"));
dr = btnet.DbUtil.get_datarow(sql);
}
return(dr);
}
public static LoginResult AttemptLogin(IOwinContext owinContext, string username, string password)
{
LoginResult result = new LoginResult();
bool authenticated = check_password(username, password);
if (authenticated)
{
SQLString sql = new SQLString("select us_id, us_username, us_org from users where us_username = @us");
sql = sql.AddParameterWithValue("us", username);
DataRow dr = DbUtil.get_datarow(sql);
if (dr != null)
{
Security.SignIn(owinContext, username);
result.Success = true;
result.ErrorMessage = string.Empty;
}
else
{
// How could this happen? If someday the authentication
// method uses, say LDAP, then check_password could return
// true, even though there's no user in the database";
result.Success = false;
result.ErrorMessage = "User not found in database";
}
}
else
{
result.Success = false;
result.ErrorMessage = "Invalid User or Password.";
}
return result;
}
public static LoginResult AttemptLogin(IOwinContext owinContext, string username, string password)
{
LoginResult result = new LoginResult();
bool authenticated = check_password(username, password);
if (authenticated)
{
SQLString sql = new SQLString("select us_id, us_username, us_org from users where us_username = @us");
sql = sql.AddParameterWithValue("us", username);
DataRow dr = DbUtil.get_datarow(sql);
if (dr != null)
{
Security.SignIn(owinContext, username);
result.Success = true;
result.ErrorMessage = string.Empty;
}
else
{
// How could this happen? If someday the authentication
// method uses, say LDAP, then check_password could return
// true, even though there's no user in the database";
result.Success = false;
result.ErrorMessage = "User not found in database";
}
}
else
{
result.Success = false;
result.ErrorMessage = "Invalid User or Password.";
}
return(result);
}
public static void auto_reply(int bugid, string from_addr, string short_desc, int projectid)
{
string auto_reply_text = Util.get_setting("AutoReplyText", "");
if (auto_reply_text == "")
{
return;
}
auto_reply_text = auto_reply_text.Replace("$BUGID$", Convert.ToString(bugid));
var sql = new SQLString(@"select
pj_pop3_email_from
from projects
where pj_id = @pj" );
sql = sql.AddParameterWithValue("pj", Convert.ToString(projectid));
object project_email = btnet.DbUtil.execute_scalar(sql);
if (project_email == null)
{
btnet.Util.write_to_log("skipping auto reply because project email is blank");
return;
}
string project_email_string = Convert.ToString(project_email);
if (project_email_string == "")
{
btnet.Util.write_to_log("skipping auto reply because project email is blank");
return;
}
// To avoid an infinite loop of replying to emails and then having to reply to the replies!
if (project_email_string.ToLower() == from_addr.ToLower())
{
btnet.Util.write_to_log("skipping auto reply because from address is same as project email:" + project_email_string);
return;
}
string outgoing_subject = short_desc + " ("
+ Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:")
+ Convert.ToString(bugid) + ")";
bool use_html_format = (btnet.Util.get_setting("AutoReplyUseHtmlEmailFormat", "0") == "1");
// commas cause trouble
string cleaner_from_addr = from_addr.Replace(",", " ");
Email.send_email( // 4 args
cleaner_from_addr, // we are responding TO the address we just received email FROM
project_email_string,
"", // cc
outgoing_subject,
auto_reply_text,
use_html_format ? MailFormat.Html : MailFormat.Text);
}
public static int get_bugid_from_subject(ref string subject)
{
int bugid = 0;
// Try to parse out the bugid from the subject line
string bugidString = Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:");
int pos = subject.IndexOf(bugidString);
if (pos >= 0)
{
// position of colon
pos = subject.IndexOf(":", pos);
pos++;
// position of close paren
int pos2 = subject.IndexOf(")", pos);
if (pos2 > pos)
{
string bugid_string_temp = subject.Substring(pos, pos2 - pos);
if (Util.is_int(bugid_string_temp))
{
bugid = Convert.ToInt32(bugid_string_temp);
}
}
}
// maybe a deleted bug?
if (bugid != 0)
{
var sql = new SQLString("select count(1) from bugs where bg_id = @bg");
sql = sql.AddParameterWithValue("bg", Convert.ToString(bugid));
int bug_count = (int)btnet.DbUtil.execute_scalar(sql);
if (bug_count != 1)
{
subject = subject.Replace(bugidString, "WAS #:");
bugid = 0;
}
}
return bugid;
}
public static int get_bugid_from_subject(ref string subject)
{
int bugid = 0;
// Try to parse out the bugid from the subject line
string bugidString = Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:");
int pos = subject.IndexOf(bugidString);
if (pos >= 0)
{
// position of colon
pos = subject.IndexOf(":", pos);
pos++;
// position of close paren
int pos2 = subject.IndexOf(")", pos);
if (pos2 > pos)
{
string bugid_string_temp = subject.Substring(pos, pos2 - pos);
if (Util.is_int(bugid_string_temp))
{
bugid = Convert.ToInt32(bugid_string_temp);
}
}
}
// maybe a deleted bug?
if (bugid != 0)
{
var sql = new SQLString("select count(1) from bugs where bg_id = @bg");
sql = sql.AddParameterWithValue("bg", Convert.ToString(bugid));
int bug_count = (int)btnet.DbUtil.execute_scalar(sql);
if (bug_count != 1)
{
subject = subject.Replace(bugidString, "WAS #:");
bugid = 0;
}
}
return(bugid);
}
/// <summary>
/// Index of re-index the bug matching the specified id
/// </summary>
/// <param name="bugId">The id of the bug to index</param>
public void IndexBug(int bugId)
{
try
{
Util.write_to_log("started updating search index");
var sql = new SQLString(@"
select bg_id,
isnull(bg_tags,'') tags,
bg_reported_date,
isnull(st_name,'') status,
bg_short_desc as [desc]
from bugs
left outer join statuses on st_id = bg_status
where bg_id = @bugid");
sql = sql.AddParameterWithValue("bugid", Convert.ToString(bugId));
DataRow bugRow = DbUtil.get_datarow(sql);
sql = new SQLString(@"
select bp_id,
isnull(bp_comment_search,bp_comment) [text] ,
bp_date
from bug_posts
where bp_type <> 'update'
and bp_hidden_from_external_users = 0
and bp_bug = @bugId");
sql.AddParameterWithValue("bugId", bugId.ToString());
DataSet bugPosts = DbUtil.get_dataset(sql);
IndexBug(bugRow, bugPosts.Tables[0]);
Util.write_to_log("done updating search index");
}
catch (Exception e)
{
Util.write_to_log("exception updating search index: " + e.Message);
Util.write_to_log(e.StackTrace);
}
}
///////////////////////////////////////////////////////////////////////
public static DataRow get_user_datarow_maybe_using_from_addr(Message message, string from_addr, string username)
{
DataRow dr = null;
var sql = new SQLString( @"
select us_id, us_admin, us_username, us_org, og_other_orgs_permission_level, isnull(us_forced_project,0) us_forced_project
from users
inner join orgs on us_org = og_id
where us_username = @us");
// Create a new user from the "from" email address
string btnet_service_username = Util.get_setting("CreateUserFromEmailAddressIfThisUsername", "");
if (!string.IsNullOrEmpty(from_addr) && username == btnet_service_username)
{
from_addr = get_from_addr(message);
// See if there's already a username that matches this email address
username = Email.simplify_email_address(from_addr);
// Does a user with this email already exist?
sql = sql.AddParameterWithValue("us", username);
// We maybe found [email protected], so let's use him as the user instead of the btnet_service.exe user
dr = btnet.DbUtil.get_datarow(sql);
// We didn't find the user, so let's create him, using the email address as the username.
if (dr == null)
{
bool use_domain_as_org_name = Util.get_setting("UseEmailDomainAsNewOrgNameWhenCreatingNewUser", "0") == "1";
btnet.User.copy_user(
username,
username,
"", "", "", // first, last, signature
0, // salt
Guid.NewGuid().ToString(), // random value for password,
Util.get_setting("CreateUsersFromEmailTemplate", "[error - missing user template]"),
use_domain_as_org_name);
// now that we have created a user, try again
dr = btnet.DbUtil.get_datarow(sql);
}
}
else
{
// Use the btnet_service.exe user as the username
sql = sql.AddParameterWithValue("$us", username.Replace("'", "''"));
dr = btnet.DbUtil.get_datarow(sql);
}
return dr;
}
public IHttpActionResult Post([FromBody] BugFromEmail bugFromEmail)
{
if (bugFromEmail != null && ModelState.IsValid)
{
if (bugFromEmail.ShortDescription == null)
{
bugFromEmail.ShortDescription = "";
}
else if (bugFromEmail.ShortDescription.Length > 200)
{
bugFromEmail.ShortDescription = bugFromEmail.ShortDescription.Substring(0, 200);
}
Message mimeMessage = null;
if (!string.IsNullOrEmpty(bugFromEmail.Message))
{
mimeMessage = Mime.GetMimeMessage(bugFromEmail.Message);
bugFromEmail.Comment = Mime.get_comment(mimeMessage);
string headers = Mime.get_headers_for_comment(mimeMessage);
if (headers != "")
{
bugFromEmail.Comment = string.Format("{0}{1}{2}", headers, Environment.NewLine, bugFromEmail.Comment);
}
bugFromEmail.FromAddress = Mime.get_from_addr(mimeMessage);
}
else
{
if (bugFromEmail.Comment == null)
{
bugFromEmail.Comment = string.Empty;
}
}
// Even though btnet_service.exe has already parsed out the bugid,
// we can do a better job here with SharpMimeTools.dll
string subject = "";
if (mimeMessage != null)
{
subject = Mime.get_subject(mimeMessage);
if (subject != "[No Subject]")
{
bugFromEmail.BugId = Mime.get_bugid_from_subject(ref subject);
}
bugFromEmail.CcAddress = Mime.get_cc(mimeMessage);
}
SQLString sql;
if (bugFromEmail.BugId != 0)
{
// Check if the bug is still in the database
// No comment can be added to merged or deleted bugids
// In this case a new bug is created, this to prevent possible loss of information
sql = new SQLString(@"select count(bg_id)
from bugs
where bg_id = @id" );
sql = sql.AddParameterWithValue("id", Convert.ToString(bugFromEmail.BugId));
if (Convert.ToInt32(DbUtil.execute_scalar(sql)) == 0)
{
bugFromEmail.BugId = 0;
}
}
// Either insert a new bug or append a commment to existing bug
// based on presence, absence of bugid
if (bugFromEmail.BugId == 0)
{
// insert a new bug
if (mimeMessage != null)
{
// in case somebody is replying to a bug that has been deleted or merged
subject = subject.Replace(Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:"), "PREVIOUS:");
bugFromEmail.ShortDescription = subject;
if (bugFromEmail.ShortDescription.Length > 200)
{
bugFromEmail.ShortDescription = bugFromEmail.ShortDescription.Substring(0, 200);
}
}
DataRow defaults = Bug.get_bug_defaults();
// If you didn't set these from the query string, we'll give them default values
if (!bugFromEmail.ProjectId.HasValue || bugFromEmail.ProjectId == 0)
{
bugFromEmail.ProjectId = (int)defaults["pj"];
}
bugFromEmail.OrganizationId = bugFromEmail.OrganizationId ?? User.Identity.GetOrganizationId();
bugFromEmail.CategoryId = bugFromEmail.CategoryId ?? (int)defaults["ct"];
bugFromEmail.PriorityId = bugFromEmail.PriorityId ?? (int)defaults["pr"];
bugFromEmail.StatusId = bugFromEmail.StatusId ?? (int)defaults["st"];
bugFromEmail.UdfId = bugFromEmail.UdfId ?? (int)defaults["udf"];
// but forced project always wins
if (User.Identity.GetForcedProjectId() != 0)
{
bugFromEmail.ProjectId = User.Identity.GetForcedProjectId();
}
Bug.NewIds newIds = Bug.insert_bug(
bugFromEmail.ShortDescription,
User.Identity,
"", // tags
bugFromEmail.ProjectId.Value,
bugFromEmail.OrganizationId.Value,
bugFromEmail.CategoryId.Value,
bugFromEmail.PriorityId.Value,
bugFromEmail.StatusId.Value,
bugFromEmail.AssignedTo ?? 0,
bugFromEmail.UdfId.Value,
bugFromEmail.Comment,
bugFromEmail.Comment,
bugFromEmail.FromAddress,
bugFromEmail.CcAddress,
"text/plain",
false, // internal only
null, // custom columns
false); // suppress notifications for now - wait till after the attachments
if (mimeMessage != null)
{
Mime.add_attachments(mimeMessage, newIds.bugid, newIds.postid, User.Identity);
Email.auto_reply(newIds.bugid, bugFromEmail.FromAddress, bugFromEmail.ShortDescription, bugFromEmail.ProjectId.Value);
}
else if (bugFromEmail.Attachment != null && bugFromEmail.Attachment.Length > 0)
{
Stream stream = new MemoryStream(bugFromEmail.Attachment);
Bug.insert_post_attachment(
User.Identity,
newIds.bugid,
stream,
bugFromEmail.Attachment.Length,
bugFromEmail.AttachmentFileName ?? string.Empty,
bugFromEmail.AttachmentDescription ?? string.Empty,
bugFromEmail.AttachmentContentType ?? string.Empty,
-1, // parent
false, // internal_only
false); // don't send notification yet
}
// your customizations
Bug.apply_post_insert_rules(newIds.bugid);
Bug.send_notifications(Bug.INSERT, newIds.bugid, User.Identity);
WhatsNew.add_news(newIds.bugid, bugFromEmail.ShortDescription, "added", User.Identity);
return(Ok(newIds.bugid));
}
else // update existing bug
{
string statusResultingFromIncomingEmail = Util.get_setting("StatusResultingFromIncomingEmail", "0");
if (statusResultingFromIncomingEmail != "0")
{
sql = new SQLString(@"update bugs
set bg_status = @st
where bg_id = @bg
" );
sql = sql.AddParameterWithValue("st", statusResultingFromIncomingEmail);
sql = sql.AddParameterWithValue("bg", bugFromEmail.BugId);
DbUtil.execute_nonquery(sql);
}
sql = new SQLString("select bg_short_desc from bugs where bg_id = @bg");
sql = sql.AddParameterWithValue("bg", bugFromEmail.BugId);
DataRow dr2 = DbUtil.get_datarow(sql);
// Add a comment to existing bug.
int postid = Bug.insert_comment(
bugFromEmail.BugId,
User.Identity.GetUserId(), // (int) dr["us_id"],
bugFromEmail.Comment,
bugFromEmail.Comment,
bugFromEmail.FromAddress,
bugFromEmail.CcAddress,
"text/plain",
false); // internal only
if (mimeMessage != null)
{
Mime.add_attachments(mimeMessage, bugFromEmail.BugId, postid, User.Identity);
}
else if (bugFromEmail.Attachment != null && bugFromEmail.Attachment.Length > 0)
{
Stream stream = new MemoryStream(bugFromEmail.Attachment);
Bug.insert_post_attachment(
User.Identity,
bugFromEmail.BugId,
stream,
bugFromEmail.Attachment.Length,
bugFromEmail.AttachmentFileName ?? string.Empty,
bugFromEmail.AttachmentDescription ?? string.Empty,
bugFromEmail.AttachmentContentType ?? string.Empty,
-1, // parent
false, // internal_only
false); // don't send notification yet
}
Bug.send_notifications(Bug.UPDATE, bugFromEmail.BugId, User.Identity);
WhatsNew.add_news(bugFromEmail.BugId, (string)dr2["bg_short_desc"], "updated", User.Identity);
return(Ok(bugFromEmail.BugId));
}
}
else
{
return(BadRequest(ModelState));
}
}
public IHttpActionResult Post([FromBody] BugFromEmail bugFromEmail)
{
if (bugFromEmail != null && ModelState.IsValid)
{
if (bugFromEmail.ShortDescription == null)
{
bugFromEmail.ShortDescription = "";
}
else if (bugFromEmail.ShortDescription.Length > 200)
{
bugFromEmail.ShortDescription = bugFromEmail.ShortDescription.Substring(0, 200);
}
Message mimeMessage = null;
if (!string.IsNullOrEmpty(bugFromEmail.Message))
{
mimeMessage = Mime.GetMimeMessage(bugFromEmail.Message);
bugFromEmail.Comment = Mime.get_comment(mimeMessage);
string headers = Mime.get_headers_for_comment(mimeMessage);
if (headers != "")
{
bugFromEmail.Comment = string.Format("{0}{1}{2}", headers, Environment.NewLine, bugFromEmail.Comment);
}
bugFromEmail.FromAddress = Mime.get_from_addr(mimeMessage);
}
else
{
if (bugFromEmail.Comment == null)
{
bugFromEmail.Comment = string.Empty;
}
}
// Even though btnet_service.exe has already parsed out the bugid,
// we can do a better job here with SharpMimeTools.dll
string subject = "";
if (mimeMessage != null)
{
subject = Mime.get_subject(mimeMessage);
if (subject != "[No Subject]")
{
bugFromEmail.BugId = Mime.get_bugid_from_subject(ref subject);
}
bugFromEmail.CcAddress = Mime.get_cc(mimeMessage);
}
SQLString sql;
if (bugFromEmail.BugId != 0)
{
// Check if the bug is still in the database
// No comment can be added to merged or deleted bugids
// In this case a new bug is created, this to prevent possible loss of information
sql = new SQLString(@"select count(bg_id)
from bugs
where bg_id = @id");
sql = sql.AddParameterWithValue("id", Convert.ToString(bugFromEmail.BugId));
if (Convert.ToInt32(DbUtil.execute_scalar(sql)) == 0)
{
bugFromEmail.BugId = 0;
}
}
// Either insert a new bug or append a commment to existing bug
// based on presence, absence of bugid
if (bugFromEmail.BugId == 0)
{
// insert a new bug
if (mimeMessage != null)
{
// in case somebody is replying to a bug that has been deleted or merged
subject = subject.Replace(Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:"), "PREVIOUS:");
bugFromEmail.ShortDescription = subject;
if (bugFromEmail.ShortDescription.Length > 200)
{
bugFromEmail.ShortDescription = bugFromEmail.ShortDescription.Substring(0, 200);
}
}
DataRow defaults = Bug.get_bug_defaults();
// If you didn't set these from the query string, we'll give them default values
if (!bugFromEmail.ProjectId.HasValue || bugFromEmail.ProjectId == 0) { bugFromEmail.ProjectId = (int)defaults["pj"]; }
bugFromEmail.OrganizationId = bugFromEmail.OrganizationId ?? User.Identity.GetOrganizationId();
bugFromEmail.CategoryId = bugFromEmail.CategoryId ?? (int)defaults["ct"];
bugFromEmail.PriorityId = bugFromEmail.PriorityId ?? (int)defaults["pr"];
bugFromEmail.StatusId = bugFromEmail.StatusId ?? (int)defaults["st"];
bugFromEmail.UdfId = bugFromEmail.UdfId ?? (int)defaults["udf"];
// but forced project always wins
if (User.Identity.GetForcedProjectId() != 0)
{
bugFromEmail.ProjectId = User.Identity.GetForcedProjectId();
}
Bug.NewIds newIds = Bug.insert_bug(
bugFromEmail.ShortDescription,
User.Identity,
"", // tags
bugFromEmail.ProjectId.Value,
bugFromEmail.OrganizationId.Value,
bugFromEmail.CategoryId.Value,
bugFromEmail.PriorityId.Value,
bugFromEmail.StatusId.Value,
bugFromEmail.AssignedTo ?? 0,
bugFromEmail.UdfId.Value,
bugFromEmail.Comment,
bugFromEmail.Comment,
bugFromEmail.FromAddress,
bugFromEmail.CcAddress,
"text/plain",
false, // internal only
null, // custom columns
false); // suppress notifications for now - wait till after the attachments
if (mimeMessage != null)
{
Mime.add_attachments(mimeMessage, newIds.bugid, newIds.postid, User.Identity);
Email.auto_reply(newIds.bugid, bugFromEmail.FromAddress, bugFromEmail.ShortDescription, bugFromEmail.ProjectId.Value);
}
else if (bugFromEmail.Attachment != null && bugFromEmail.Attachment.Length > 0)
{
Stream stream = new MemoryStream(bugFromEmail.Attachment);
Bug.insert_post_attachment(
User.Identity,
newIds.bugid,
stream,
bugFromEmail.Attachment.Length,
bugFromEmail.AttachmentFileName ?? string.Empty,
bugFromEmail.AttachmentDescription ?? string.Empty,
bugFromEmail.AttachmentContentType ?? string.Empty,
-1, // parent
false, // internal_only
false); // don't send notification yet
}
// your customizations
Bug.apply_post_insert_rules(newIds.bugid);
Bug.send_notifications(Bug.INSERT, newIds.bugid, User.Identity);
WhatsNew.add_news(newIds.bugid, bugFromEmail.ShortDescription, "added", User.Identity);
return Ok(newIds.bugid);
}
else // update existing bug
{
string statusResultingFromIncomingEmail = Util.get_setting("StatusResultingFromIncomingEmail", "0");
if (statusResultingFromIncomingEmail != "0")
{
sql = new SQLString(@"update bugs
set bg_status = @st
where bg_id = @bg
");
sql = sql.AddParameterWithValue("st", statusResultingFromIncomingEmail);
sql = sql.AddParameterWithValue("bg", bugFromEmail.BugId);
DbUtil.execute_nonquery(sql);
}
sql = new SQLString("select bg_short_desc from bugs where bg_id = @bg");
sql = sql.AddParameterWithValue("bg", bugFromEmail.BugId);
DataRow dr2 = DbUtil.get_datarow(sql);
// Add a comment to existing bug.
int postid = Bug.insert_comment(
bugFromEmail.BugId,
User.Identity.GetUserId(), // (int) dr["us_id"],
bugFromEmail.Comment,
bugFromEmail.Comment,
bugFromEmail.FromAddress,
bugFromEmail.CcAddress,
"text/plain",
false); // internal only
if (mimeMessage != null)
{
Mime.add_attachments(mimeMessage, bugFromEmail.BugId, postid, User.Identity);
}
else if (bugFromEmail.Attachment != null && bugFromEmail.Attachment.Length > 0)
{
Stream stream = new MemoryStream(bugFromEmail.Attachment);
Bug.insert_post_attachment(
User.Identity,
bugFromEmail.BugId,
stream,
bugFromEmail.Attachment.Length,
bugFromEmail.AttachmentFileName ?? string.Empty,
bugFromEmail.AttachmentDescription ?? string.Empty,
bugFromEmail.AttachmentContentType ?? string.Empty,
-1, // parent
false, // internal_only
false); // don't send notification yet
}
Bug.send_notifications(Bug.UPDATE, bugFromEmail.BugId, User.Identity);
WhatsNew.add_news(bugFromEmail.BugId, (string)dr2["bg_short_desc"], "updated", User.Identity);
return Ok(bugFromEmail.BugId);
}
}
else
{
return BadRequest(ModelState);
}
}
public static bool check_password(string username, string password)
{
var sql = new SQLString(@"
select us_username, us_id, us_password, isnull(us_salt,0) us_salt, us_active
from users
where us_username = @username");
sql = sql.AddParameterWithValue("username", username);
DataRow dr = btnet.DbUtil.get_datarow(sql);
if (dr == null)
{
Util.write_to_log("Unknown user " + username + " attempted to login.");
return false;
}
int us_active = (int)dr["us_active"];
if (us_active == 0)
{
Util.write_to_log("Inactive user " + username + " attempted to login.");
return false;
}
bool authenticated = false;
LinkedList<DateTime> failed_attempts = null;
// Too many failed attempts?
// We'll only allow N in the last N minutes.
failed_attempts = (LinkedList<DateTime>)HttpRuntime.Cache[username];
if (failed_attempts != null)
{
// Don't count attempts older than N minutes ago.
int minutes_ago = Convert.ToInt32(btnet.Util.get_setting("FailedLoginAttemptsMinutes", "10"));
int failed_attempts_allowed = Convert.ToInt32(btnet.Util.get_setting("FailedLoginAttemptsAllowed", "10"));
DateTime n_minutes_ago = DateTime.Now.AddMinutes(-1 * minutes_ago);
while (true)
{
if (failed_attempts.Count > 0)
{
if (failed_attempts.First.Value < n_minutes_ago)
{
Util.write_to_log("removing stale failed attempt for " + username);
failed_attempts.RemoveFirst();
}
else
{
break;
}
}
else
{
break;
}
}
// how many failed attempts in last N minutes?
Util.write_to_log("failed attempt count for " + username + ":" + Convert.ToString(failed_attempts.Count));
if (failed_attempts.Count > failed_attempts_allowed)
{
Util.write_to_log("Too many failed login attempts in too short a time period: " + username);
return false;
}
// Save the list of attempts
HttpRuntime.Cache[username] = failed_attempts;
}
if (btnet.Util.get_setting("AuthenticateUsingLdap", "0") == "1")
{
authenticated = check_password_with_ldap(username, password);
}
else
{
authenticated = check_password_with_db(username, password, dr);
}
if (authenticated)
{
// clear list of failed attempts
if (failed_attempts != null)
{
failed_attempts.Clear();
HttpRuntime.Cache[username] = failed_attempts;
}
btnet.Util.update_most_recent_login_datetime((int)dr["us_id"]);
return true;
}
else
{
if (failed_attempts == null)
{
failed_attempts = new LinkedList<DateTime>();
}
// Record a failed login attempt.
failed_attempts.AddLast(DateTime.Now);
HttpRuntime.Cache[username] = failed_attempts;
return false;
}
}
public static bool check_password(string username, string password)
{
var sql = new SQLString(@"
select us_username, us_id, us_password, isnull(us_salt,0) us_salt, us_active
from users
where us_username = @username");
sql = sql.AddParameterWithValue("username", username);
DataRow dr = btnet.DbUtil.get_datarow(sql);
if (dr == null)
{
Util.write_to_log("Unknown user " + username + " attempted to login.");
return(false);
}
int us_active = (int)dr["us_active"];
if (us_active == 0)
{
Util.write_to_log("Inactive user " + username + " attempted to login.");
return(false);
}
bool authenticated = false;
LinkedList <DateTime> failed_attempts = null;
// Too many failed attempts?
// We'll only allow N in the last N minutes.
failed_attempts = (LinkedList <DateTime>)HttpRuntime.Cache[username];
if (failed_attempts != null)
{
// Don't count attempts older than N minutes ago.
int minutes_ago = Convert.ToInt32(btnet.Util.get_setting("FailedLoginAttemptsMinutes", "10"));
int failed_attempts_allowed = Convert.ToInt32(btnet.Util.get_setting("FailedLoginAttemptsAllowed", "10"));
DateTime n_minutes_ago = DateTime.Now.AddMinutes(-1 * minutes_ago);
while (true)
{
if (failed_attempts.Count > 0)
{
if (failed_attempts.First.Value < n_minutes_ago)
{
Util.write_to_log("removing stale failed attempt for " + username);
failed_attempts.RemoveFirst();
}
else
{
break;
}
}
else
{
break;
}
}
// how many failed attempts in last N minutes?
Util.write_to_log("failed attempt count for " + username + ":" + Convert.ToString(failed_attempts.Count));
if (failed_attempts.Count > failed_attempts_allowed)
{
Util.write_to_log("Too many failed login attempts in too short a time period: " + username);
return(false);
}
// Save the list of attempts
HttpRuntime.Cache[username] = failed_attempts;
}
if (btnet.Util.get_setting("AuthenticateUsingLdap", "0") == "1")
{
authenticated = check_password_with_ldap(username, password);
}
else
{
authenticated = check_password_with_db(username, password, dr);
}
if (authenticated)
{
// clear list of failed attempts
if (failed_attempts != null)
{
failed_attempts.Clear();
HttpRuntime.Cache[username] = failed_attempts;
}
btnet.Util.update_most_recent_login_datetime((int)dr["us_id"]);
return(true);
}
else
{
if (failed_attempts == null)
{
failed_attempts = new LinkedList <DateTime>();
}
// Record a failed login attempt.
failed_attempts.AddLast(DateTime.Now);
HttpRuntime.Cache[username] = failed_attempts;
return(false);
}
}
public static void auto_reply(int bugid, string from_addr, string short_desc, int projectid)
{
string auto_reply_text = Util.get_setting("AutoReplyText", "");
if (auto_reply_text == "")
return;
auto_reply_text = auto_reply_text.Replace("$BUGID$", Convert.ToString(bugid));
var sql = new SQLString(@"select
pj_pop3_email_from
from projects
where pj_id = @pj");
sql = sql.AddParameterWithValue("pj", Convert.ToString(projectid));
object project_email = btnet.DbUtil.execute_scalar(sql);
if (project_email == null)
{
btnet.Util.write_to_log("skipping auto reply because project email is blank");
return;
}
string project_email_string = Convert.ToString(project_email);
if (project_email_string == "")
{
btnet.Util.write_to_log("skipping auto reply because project email is blank");
return;
}
// To avoid an infinite loop of replying to emails and then having to reply to the replies!
if (project_email_string.ToLower() == from_addr.ToLower())
{
btnet.Util.write_to_log("skipping auto reply because from address is same as project email:" + project_email_string);
return;
}
string outgoing_subject = short_desc + " ("
+ Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:")
+ Convert.ToString(bugid) + ")";
bool use_html_format = (btnet.Util.get_setting("AutoReplyUseHtmlEmailFormat", "0") == "1");
// commas cause trouble
string cleaner_from_addr = from_addr.Replace(",", " ");
Email.send_email(// 4 args
cleaner_from_addr, // we are responding TO the address we just received email FROM
project_email_string,
"", // cc
outgoing_subject,
auto_reply_text,
use_html_format ? MailFormat.Html : MailFormat.Text);
}
public static ClaimsIdentity GetIdentity(string username)
{
SQLString sql = new SQLString(@"
select u.us_id, u.us_username, u.us_org, u.us_bugs_per_page, u.us_enable_bug_list_popups,
u.us_use_fckeditor, u.us_forced_project, u.us_email,
org.*,
isnull(u.us_forced_project, 0 ) us_forced_project,
proj.pu_permission_level,
isnull(proj.pu_admin, 0) pu_admin,
u.us_admin
from users u
inner join orgs org
on u.us_org = org.og_id
left outer join project_user_xref proj
on proj.pu_project = u.us_forced_project
and proj.pu_user = u.us_id
where us_username = @us and u.us_active = 1");
sql = sql.AddParameterWithValue("us", username);
DataRow dr = btnet.DbUtil.get_datarow(sql);
var bugsPerPage = dr["us_bugs_per_page"] == DBNull.Value ? 10 : (int)dr["us_bugs_per_page"];
var claims = new List<Claim>
{
new Claim(BtnetClaimTypes.UserId, Convert.ToString(dr["us_id"])),
new Claim(ClaimTypes.Name, Convert.ToString(dr["us_username"])),
new Claim(ClaimTypes.Email, Convert.ToString(dr["us_email"])),
new Claim(BtnetClaimTypes.OrganizationId, Convert.ToString(dr["us_org"])),
new Claim(BtnetClaimTypes.BugsPerPage, Convert.ToString(bugsPerPage)),
new Claim(BtnetClaimTypes.EnablePopUps, Convert.ToString((int) dr["us_enable_bug_list_popups"] == 1)),
new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int) dr["og_can_only_see_own_reported"] == 1)),
new Claim(BtnetClaimTypes.CanUseReports, Convert.ToString((int) dr["og_can_use_reports"] == 1)),
new Claim(BtnetClaimTypes.CanEditReports, Convert.ToString((int) dr["og_can_edit_reports"] == 1)),
new Claim(BtnetClaimTypes.CanEditAndDeleteBugs, Convert.ToString((int) dr["og_can_edit_and_delete_posts"] == 1)),
new Claim(BtnetClaimTypes.CanDeleteBugs, Convert.ToString((int) dr["og_can_delete_bug"] == 1)),
new Claim(BtnetClaimTypes.CanMergeBugs, Convert.ToString((int) dr["og_can_merge_bugs"] == 1)),
new Claim(BtnetClaimTypes.CanMassEditBugs, Convert.ToString((int) dr["og_can_mass_edit_bugs"] == 1)),
new Claim(BtnetClaimTypes.CanAssignToInternalUsers, Convert.ToString((int) dr["og_can_assign_to_internal_users"] == 1)),
new Claim(BtnetClaimTypes.CanEditAndDeletePosts, Convert.ToString((int) dr["og_can_edit_and_delete_posts"] == 1)),
new Claim(BtnetClaimTypes.CanEditTasks, Convert.ToString((int) dr["og_can_edit_tasks"] == 1)),
new Claim(BtnetClaimTypes.CanViewTasks, Convert.ToString((int) dr["og_can_view_tasks"] == 1)),
new Claim(BtnetClaimTypes.OtherOrgsPermissionLevel, Convert.ToString(dr["og_other_orgs_permission_level"])),
new Claim(BtnetClaimTypes.CategoryFieldPermissionLevel, Convert.ToString(dr["og_category_field_permission_level"])),
new Claim(BtnetClaimTypes.PriorityFieldPermissionLevel, Convert.ToString(dr["og_priority_field_permission_level"])),
new Claim(BtnetClaimTypes.ProjectFieldPermissionLevel, Convert.ToString(dr["og_project_field_permission_level"])),
new Claim(BtnetClaimTypes.StatusFieldPermissionLevel, Convert.ToString(dr["og_status_field_permission_level"])),
new Claim(BtnetClaimTypes.AssignedToFieldPermissionLevel, Convert.ToString(dr["og_assigned_to_field_permission_level"])),
new Claim(BtnetClaimTypes.OrgFieldPermissionLevel, Convert.ToString(dr["og_org_field_permission_level"])),
new Claim(BtnetClaimTypes.UdfFieldPermissionLevel, Convert.ToString(dr["og_udf_field_permission_level"])),
new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int) dr["us_enable_bug_list_popups"] == 1)),
new Claim(BtnetClaimTypes.CanSearch, Convert.ToString((int) dr["og_can_search"] == 1)),
new Claim(BtnetClaimTypes.IsExternalUser, Convert.ToString((int) dr["og_external_user"] == 1)),
new Claim(BtnetClaimTypes.UseFCKEditor, Convert.ToString((int) dr["us_use_fckeditor"] == 1))
};
bool canAdd = true;
int permssionLevel = dr["pu_permission_level"] == DBNull.Value
? Convert.ToInt32(Util.get_setting("DefaultPermissionLevel", "2"))
: (int)dr["pu_permission_level"];
// if user is forced to a specific project, and doesn't have
// at least reporter permission on that project, than user
// can't add bugs
int forcedProjectId = dr["us_forced_project"] == DBNull.Value ? 0 : (int)dr["us_forced_project"];
if (forcedProjectId != 0)
{
if (permssionLevel == PermissionLevel.ReadOnly || permssionLevel == PermissionLevel.None)
{
canAdd = false;
}
}
claims.Add(new Claim(BtnetClaimTypes.CanAddBugs, Convert.ToString(canAdd)));
claims.Add(new Claim(BtnetClaimTypes.ForcedProjectId, Convert.ToString(forcedProjectId)));
int tagsPermissionLevel;
if (Util.get_setting("EnableTags", "0") == "1")
{
tagsPermissionLevel = (int)dr["og_tags_field_permission_level"];
}
else
{
tagsPermissionLevel = PermissionLevel.None;
}
claims.Add(new Claim(BtnetClaimTypes.TagsFieldPermissionLevel, Convert.ToString(tagsPermissionLevel)));
if ((int)dr["us_admin"] == 1)
{
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.Admin));
}
else
{
if ((int)dr["project_admin"] > 0)
{
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.ProjectAdmin));
}
}
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.User));
return new ClaimsIdentity(claims, "ApplicationCookie", ClaimTypes.Name, ClaimTypes.Role);
}
/// <summary>
/// Index of re-index the bug matching the specified id
/// </summary>
/// <param name="bugId">The id of the bug to index</param>
public void IndexBug(int bugId)
{
try
{
Util.write_to_log("started updating search index");
var sql = new SQLString(@"
select bg_id,
isnull(bg_tags,'') tags,
bg_reported_date,
isnull(st_name,'') status,
bg_short_desc as [desc]
from bugs
left outer join statuses on st_id = bg_status
where bg_id = @bugid");
sql = sql.AddParameterWithValue("bugid", Convert.ToString(bugId));
DataRow bugRow = DbUtil.get_datarow(sql);
sql = new SQLString(@"
select bp_id,
isnull(bp_comment_search,bp_comment) [text] ,
bp_date
from bug_posts
where bp_type <> 'update'
and bp_hidden_from_external_users = 0
and bp_bug = @bugId");
sql.AddParameterWithValue("bugId", bugId.ToString());
DataSet bugPosts = DbUtil.get_dataset(sql);
IndexBug(bugRow, bugPosts.Tables[0]);
Util.write_to_log("done updating search index");
}
catch (Exception e)
{
Util.write_to_log("exception updating search index: " + e.Message);
Util.write_to_log(e.StackTrace);
}
}
public static ClaimsIdentity GetIdentity(string username)
{
SQLString sql = new SQLString(@"
select u.us_id, u.us_username, u.us_org, u.us_bugs_per_page, u.us_enable_bug_list_popups,
u.us_use_fckeditor, u.us_forced_project, u.us_email,
org.*,
isnull(u.us_forced_project, 0 ) us_forced_project,
proj.pu_permission_level,
isnull(proj.pu_admin, 0) pu_admin,
u.us_admin
from users u
inner join orgs org
on u.us_org = org.og_id
left outer join project_user_xref proj
on proj.pu_project = u.us_forced_project
and proj.pu_user = u.us_id
where us_username = @us and u.us_active = 1");
sql = sql.AddParameterWithValue("us", username);
DataRow dr = btnet.DbUtil.get_datarow(sql);
var bugsPerPage = dr["us_bugs_per_page"] == DBNull.Value ? 10 : (int)dr["us_bugs_per_page"];
var claims = new List <Claim>
{
new Claim(BtnetClaimTypes.UserId, Convert.ToString(dr["us_id"])),
new Claim(ClaimTypes.Name, Convert.ToString(dr["us_username"])),
new Claim(ClaimTypes.Email, Convert.ToString(dr["us_email"])),
new Claim(BtnetClaimTypes.OrganizationId, Convert.ToString(dr["us_org"])),
new Claim(BtnetClaimTypes.BugsPerPage, Convert.ToString(bugsPerPage)),
new Claim(BtnetClaimTypes.EnablePopUps, Convert.ToString((int)dr["us_enable_bug_list_popups"] == 1)),
new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int)dr["og_can_only_see_own_reported"] == 1)),
new Claim(BtnetClaimTypes.CanUseReports, Convert.ToString((int)dr["og_can_use_reports"] == 1)),
new Claim(BtnetClaimTypes.CanEditReports, Convert.ToString((int)dr["og_can_edit_reports"] == 1)),
new Claim(BtnetClaimTypes.CanEditAndDeleteBugs, Convert.ToString((int)dr["og_can_edit_and_delete_posts"] == 1)),
new Claim(BtnetClaimTypes.CanDeleteBugs, Convert.ToString((int)dr["og_can_delete_bug"] == 1)),
new Claim(BtnetClaimTypes.CanMergeBugs, Convert.ToString((int)dr["og_can_merge_bugs"] == 1)),
new Claim(BtnetClaimTypes.CanMassEditBugs, Convert.ToString((int)dr["og_can_mass_edit_bugs"] == 1)),
new Claim(BtnetClaimTypes.CanAssignToInternalUsers, Convert.ToString((int)dr["og_can_assign_to_internal_users"] == 1)),
new Claim(BtnetClaimTypes.CanEditAndDeletePosts, Convert.ToString((int)dr["og_can_edit_and_delete_posts"] == 1)),
new Claim(BtnetClaimTypes.CanEditTasks, Convert.ToString((int)dr["og_can_edit_tasks"] == 1)),
new Claim(BtnetClaimTypes.CanViewTasks, Convert.ToString((int)dr["og_can_view_tasks"] == 1)),
new Claim(BtnetClaimTypes.OtherOrgsPermissionLevel, Convert.ToString(dr["og_other_orgs_permission_level"])),
new Claim(BtnetClaimTypes.CategoryFieldPermissionLevel, Convert.ToString(dr["og_category_field_permission_level"])),
new Claim(BtnetClaimTypes.PriorityFieldPermissionLevel, Convert.ToString(dr["og_priority_field_permission_level"])),
new Claim(BtnetClaimTypes.ProjectFieldPermissionLevel, Convert.ToString(dr["og_project_field_permission_level"])),
new Claim(BtnetClaimTypes.StatusFieldPermissionLevel, Convert.ToString(dr["og_status_field_permission_level"])),
new Claim(BtnetClaimTypes.AssignedToFieldPermissionLevel, Convert.ToString(dr["og_assigned_to_field_permission_level"])),
new Claim(BtnetClaimTypes.OrgFieldPermissionLevel, Convert.ToString(dr["og_org_field_permission_level"])),
new Claim(BtnetClaimTypes.UdfFieldPermissionLevel, Convert.ToString(dr["og_udf_field_permission_level"])),
new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int)dr["us_enable_bug_list_popups"] == 1)),
new Claim(BtnetClaimTypes.CanSearch, Convert.ToString((int)dr["og_can_search"] == 1)),
new Claim(BtnetClaimTypes.IsExternalUser, Convert.ToString((int)dr["og_external_user"] == 1)),
new Claim(BtnetClaimTypes.UseFCKEditor, Convert.ToString((int)dr["us_use_fckeditor"] == 1))
};
bool canAdd = true;
int permssionLevel = dr["pu_permission_level"] == DBNull.Value
? Convert.ToInt32(Util.get_setting("DefaultPermissionLevel", "2"))
: (int)dr["pu_permission_level"];
// if user is forced to a specific project, and doesn't have
// at least reporter permission on that project, than user
// can't add bugs
int forcedProjectId = dr["us_forced_project"] == DBNull.Value ? 0 : (int)dr["us_forced_project"];
if (forcedProjectId != 0)
{
if (permssionLevel == PermissionLevel.ReadOnly || permssionLevel == PermissionLevel.None)
{
canAdd = false;
}
}
claims.Add(new Claim(BtnetClaimTypes.CanAddBugs, Convert.ToString(canAdd)));
claims.Add(new Claim(BtnetClaimTypes.ForcedProjectId, Convert.ToString(forcedProjectId)));
int tagsPermissionLevel;
if (Util.get_setting("EnableTags", "0") == "1")
{
tagsPermissionLevel = (int)dr["og_tags_field_permission_level"];
}
else
{
tagsPermissionLevel = PermissionLevel.None;
}
claims.Add(new Claim(BtnetClaimTypes.TagsFieldPermissionLevel, Convert.ToString(tagsPermissionLevel)));
if ((int)dr["us_admin"] == 1)
{
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.Admin));
}
else
{
if ((int)dr["project_admin"] > 0)
{
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.ProjectAdmin));
}
}
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.User));
return(new ClaimsIdentity(claims, "ApplicationCookie", ClaimTypes.Name, ClaimTypes.Role));
}
