public override bool IsSelfUser(User user) { var doctorUrlId = this.ControllerContext.RouteData.GetRequiredString("doctor"); if (user.DoctorId != null) return user.Doctor.UrlIdentifier == doctorUrlId; return base.IsSelfUser(user); }
public InternalCreateAccountEmailViewModel(User user, CreateAccountViewModel registrationData) { this.RegistrationData = registrationData.Clone(); this.RegistrationData.Password = "******"; this.RegistrationData.ConfirmPassword = "******"; this.UrlIdentifier = user.Practice.UrlIdentifier; this.UserName = user.UserName; }
public UserEmailViewModel(User user) { this.UserName = user.UserName; if (user.Person != null) this.PersonName = user.Person.FullName; if (user.Practice != null) this.PracticeIdentifier = user.Practice.UrlIdentifier; if (user.Practice != null && user.Practice.AccountContract != null) this.IsTrial = user.Practice.AccountContract.IsTrial; }
internal static UserInfo GetUserInfo(User dbUser) { return new UserInfo { Id = dbUser.Id, DisplayName = dbUser.Person.FullName, GravatarEmailHash = dbUser.Person.EmailGravatarHash, // the following properties will only be set if the current user is a doctor DoctorId = dbUser.DoctorId, DoctorUrlIdentifier = dbUser.Doctor != null ? dbUser.Doctor.UrlIdentifier : null, AdministratorId = dbUser.AdministratorId, IsOwner = dbUser.IsOwner, }; }
internal void InitDbUser(RequestContext requestContext) { if (this.DbUser == null) { if (!requestContext.HttpContext.Request.IsAuthenticated) return; var authenticatedPrincipal = requestContext.HttpContext.User as AuthenticatedPrincipal; if (authenticatedPrincipal == null) throw new Exception( "HttpContext.User should be a AuthenticatedPrincipal when the user is authenticated"); var db1 = this.InitDb(); var result = db1.SetCurrentUserById(authenticatedPrincipal.Profile.Id); this.DbUser = result; } }
/// <summary> /// Create a new User object. /// </summary> /// <param name="id">Initial value of the Id property.</param> /// <param name="password">Initial value of the Password property.</param> /// <param name="passwordSalt">Initial value of the PasswordSalt property.</param> /// <param name="personId">Initial value of the PersonId property.</param> /// <param name="practiceId">Initial value of the PracticeId property.</param> /// <param name="userName">Initial value of the UserName property.</param> /// <param name="userNameNormalized">Initial value of the UserNameNormalized property.</param> /// <param name="isOwner">Initial value of the IsOwner property.</param> public static User CreateUser(global::System.Int32 id, global::System.String password, global::System.String passwordSalt, global::System.Int32 personId, global::System.Int32 practiceId, global::System.String userName, global::System.String userNameNormalized, global::System.Boolean isOwner) { User user = new User(); user.Id = id; user.Password = password; user.PasswordSalt = passwordSalt; user.PersonId = personId; user.PracticeId = practiceId; user.UserName = userName; user.UserNameNormalized = userNameNormalized; user.IsOwner = isOwner; return user; }
internal static void FillUserViewModel(User user, Practice practice, UserViewModel viewModel) { viewModel.Id = user.Id; viewModel.UserName = user.UserName; viewModel.FullName = user.Person.FullName; viewModel.ImageUrl = GravatarHelper.GetGravatarUrl(user.Person.EmailGravatarHash, GravatarHelper.Size.s16); viewModel.Gender = user.Person.Gender; viewModel.DateOfBirth = ConvertToLocalDateTime(practice, user.Person.DateOfBirth); viewModel.MaritalStatus = user.Person.MaritalStatus; viewModel.BirthPlace = user.Person.BirthPlace; viewModel.Cpf = user.Person.CPF; viewModel.Profissao = user.Person.Profession; viewModel.Email = user.Person.Email; viewModel.IsAdministrador = user.AdministratorId != null; viewModel.IsDoctor = user.DoctorId != null; viewModel.IsSecretary = user.SecretaryId != null; viewModel.IsOwner = user.IsOwner; }
/// <summary> /// Deprecated Method for adding a new object to the Users EntitySet. Consider using the .Add method of the associated ObjectSet<T> property instead. /// </summary> public void AddToUsers(User user) { base.AddObject("Users", user); }
public virtual bool IsSelfUser(User user) { return false; }
public InternalUpgradeEmailViewModel(User user, ChangeContractViewModel upgradeData) : base(user) { this.Upgrade = upgradeData; }
/// <summary> /// Creates a new user and adds it to the storage object context. /// </summary> /// <param name="createdUser">Output paramater that returns the new user.</param> /// <param name="registrationData">Object containing informations about the user to be created.</param> /// <param name="dbUserSet">Storage object context used to add the new user. It won't be saved, just changed.</param> /// <param name="utcNow"> </param> /// <param name="practiceId">The id of the practice that the new user belongs to.</param> /// <returns>An enumerated value indicating what has happened.</returns> public static CreateUserResult CreateUser(out User createdUser, CreateAccountViewModel registrationData, IObjectSet<User> dbUserSet, DateTime utcNow, int? practiceId) { // Password cannot be null, nor empty. if (string.IsNullOrEmpty(registrationData.Password)) { createdUser = null; return CreateUserResult.InvalidUserNameOrPassword; } // User-name cannot be null, nor empty. if (string.IsNullOrEmpty(registrationData.UserName)) { createdUser = null; return CreateUserResult.InvalidUserNameOrPassword; } // Password salt and hash. string passwordSalt = CipherHelper.GenerateSalt(); var passwordHash = CipherHelper.Hash(registrationData.Password, passwordSalt); // Normalizing user name. // The normalized user-name will be used to discover if another user with the same user-name already exists. // This is a security measure. This makes it very difficult to guess what a person's user name may be. // You can only login with the exact user name that you provided the first timestamp, // but if someone tries to register a similar user name just to know if that one is the one you used... // the attacker won't be sure... because it could be any other variation. // e.g. I register user-name "Miguel.Angelo"... the attacker tries to register "miguelangelo", he'll be denied... // but that doesn't mean the exact user-name "miguelangelo" is the one I used, in fact it is not. var normalizedUserName = StringHelper.NormalizeUserName(registrationData.UserName); var isUserNameAlreadyInUse = practiceId != null && dbUserSet.Any(u => u.UserNameNormalized == normalizedUserName && u.PracticeId == practiceId); if (isUserNameAlreadyInUse) { createdUser = null; return CreateUserResult.UserNameAlreadyInUse; } // Creating user. createdUser = new User { Person = new Person { // Note: DateOfBirth property cannot be set in this method because of Utc/Local conversions. // The caller of this method must set the property. Gender = registrationData.Gender ?? 0, FullName = registrationData.FullName, CreatedOn = utcNow, Email = registrationData.EMail, EmailGravatarHash = GravatarHelper.GetGravatarHash(registrationData.EMail), }, UserName = registrationData.UserName, UserNameNormalized = normalizedUserName, PasswordSalt = passwordSalt, Password = passwordHash, SYS_PasswordAlt = null, LastActiveOn = utcNow, }; if (practiceId != null) { createdUser.PracticeId = (int)practiceId; createdUser.Person.PracticeId = (int)practiceId; } dbUserSet.AddObject(createdUser); return CreateUserResult.Ok; }
internal static void FillDoctorViewModel(User user, SYS_MedicalEntity medicalEntity, SYS_MedicalSpecialty medicalSpecialty, UserViewModel viewModel, Doctor doctor) { viewModel.MedicCRM = doctor.CRM; viewModel.MedicalSpecialtyId = medicalSpecialty != null ? medicalSpecialty.Id : (int?)null; viewModel.MedicalSpecialtyName = medicalSpecialty != null ? medicalSpecialty.Name : null; viewModel.MedicalEntityId = medicalEntity != null ? medicalEntity.Id : (int?)null; viewModel.MedicalEntityName = medicalEntity != null ? medicalEntity.Name : null; viewModel.MedicalEntityJurisdiction = (int)(TypeEstadoBrasileiro)Enum.Parse( typeof(TypeEstadoBrasileiro), user.Doctor.MedicalEntityJurisdiction); }
public static void ResetUserPassword(User user) { SetUserPassword(user, Constants.DEFAULT_PASSWORD); }
// ReSharper disable MemberCanBePrivate.Local // ReSharper disable UnusedMember.Local // ReSharper disable UnusedParameter.Local public void DelUser(User user) { if (user != null && user.Secretary != null) this.db.DeleteObject(user.Secretary); if (user != null && user.Administrator != null) this.db.DeleteObject(user.Administrator); if (user != null && user.Doctor != null) this.db.DeleteObject(user.Doctor); if (user != null) this.db.DeleteObject(user); this.db.SaveChanges(); }
public override bool IsSelfUser(User user) { // using request parameters that may contain the user-id var location = this.Request.Params["location"]; if (location.StartsWith(string.Format(@"patient-files-{0}\", user.Id))) return true; return base.IsSelfUser(user); }
public Practice PracticeNew(string name, User user, string urlId) { return Firestarter.CreatePractice(this.db, name, user, urlId); }
public void SetOwner(User user) { if (user != null) { if (user.Practice != null) { if (user.Practice.Owner != null) user.Practice.Owner.IsOwner = false; user.Practice.Owner = user; } user.IsOwner = true; } this.db.SaveChanges(); }
/// <summary> /// Logs an user in. /// </summary> /// <param name="cookieCollection"> /// Cookie collection that is going to hold an encrypted cookie with informations about the user. /// </param> /// <param name="loginModel"> /// Model containing login informations such as practice-name, user-name and password. /// </param> /// <param name="dbUserSet"> /// Object set used to get informations about the user. /// No data will be saved to this object set. /// </param> /// <param name="loggedInUser"> /// Out parameter returning the database User object representing the logged in user, only if the /// login succeded. Otherwise null. /// </param> /// <returns>Returns whether the login succeded or not.</returns> public static bool Login(HttpCookieCollection cookieCollection, LoginViewModel loginModel, IObjectSet<User> dbUserSet, out User loggedInUser, DateTime utcNow) { loggedInUser = null; try { string securityToken; loggedInUser = AuthenticateUser(loginModel.UserNameOrEmail, loginModel.Password, loginModel.PracticeIdentifier, dbUserSet, out securityToken); if (loggedInUser != null) { var expiryDate = utcNow.AddYears(1); var ticket = new FormsAuthenticationTicket( 1, loginModel.UserNameOrEmail, utcNow, expiryDate, loginModel.RememberMe, securityToken, FormsAuthentication.FormsCookiePath); var encryptedTicket = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { Expires = loginModel.RememberMe ? utcNow.AddYears(1) : DateTime.MinValue }; cookieCollection.Add(cookie); return true; } } catch { // Any excpetion will be ignored here, and the login will just fail. } // add log information about this exception FormsAuthentication.SignOut(); return false; }
private MailMessage EmailMessageToUser(User user, DateTime utcNow, bool isTrial) { TokenId tokenId; // Setting verification token. using (var db2 = this.CreateNewCerebelloEntities()) { var token = new GLB_Token(); token.Value = Guid.NewGuid().ToString("N"); token.Type = "VerifyPracticeAndEmail"; token.Name = string.Format("Practice={0}&UserName={1}", user.Practice.UrlIdentifier, user.UserName); token.ExpirationDate = utcNow.AddHours(Constants.MAX_HOURS_TO_VERIFY_TRIAL_ACCOUNT); db2.GLB_Token.AddObject(token); db2.SaveChanges(); tokenId = new TokenId(token.Id, token.Value); } // Rendering message bodies from partial view. var emailViewModel = new UserEmailViewModel(user) { Token = tokenId.ToString(), IsTrial = isTrial }; var toAddress = new MailAddress(user.Person.Email, user.Person.FullName); var emailMessageToUser = this.CreateEmailMessage("ConfirmationEmail", toAddress, emailViewModel); return emailMessageToUser; }
private static void SetUserPassword(User user, string password) { // Password salt and hash. string passwordSalt = CipherHelper.GenerateSalt(); var passwordHash = CipherHelper.Hash(password, passwordSalt); user.Password = passwordHash; user.PasswordSalt = passwordSalt; }
private void SendAccountCreatedSelfEmail(CreateAccountViewModel registrationData, User user) { // sending e-mail to [email protected] // to tell us the good news // lots of try catch... this is an internal thing, and should never fail to the client, even if it fails try { var emailViewModel2 = new InternalCreateAccountEmailViewModel(user, registrationData); var toAddress2 = new MailAddress("*****@*****.**", registrationData.FullName); var mailMessage2 = this.CreateEmailMessagePartial("InternalCreateAccountEmail", toAddress2, emailViewModel2); this.SendEmailAsync(mailMessage2).ContinueWith( t => { // send e-mail again is not an option, SendEmailAsync already tries a lot of times // observing exception so that it is not raised var ex = t.Exception; Trace.TraceError( string.Format( "AuthenticationController.CreateAccount(CreateAccountViewModel): exception when sending internal e-mail: {0}", TraceHelper.GetExceptionMessage(ex))); }); } catch (Exception ex) { Trace.TraceError( string.Format( "AuthenticationController.CreateAccount(CreateAccountViewModel): exception when sending internal e-mail: {0}", TraceHelper.GetExceptionMessage(ex))); } }
public User SetCurrentUserById(int userId) { this.user = this.innerDb.Users.Include("Practice").SingleOrDefault(u => u.Id == userId); if (this.user != null) this.practice = this.user.Practice; this.AccountDisabled = this.practice == null || this.practice.AccountDisabled; return this.user; }
public override bool IsSelfUser(User user) { if (this.IsActionName("Edit") || this.IsActionName("Details") || this.IsActionName("Delete") || this.IsActionName("ResetPassword")) { var context = this.ControllerContext; var idObj = context.RequestContext.RouteData.Values["id"] ?? ""; int id; var isValidId = int.TryParse(idObj.ToString(), out id); if (isValidId) return user.Id == id; } return base.IsSelfUser(user); }