/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
if (Request.sessionCookie == null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
ADO_readerOutput user = null;
using (Login_BSO lBso = new Login_BSO())
{
user = lBso.ReadBySession(Request.sessionCookie.Value);
if (user.hasData)
{
if (user.data[0].CcnEmail == null)
{
DTO.CcnUsername = user.data[0].CcnUsername;
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
if (adDto.CcnDisplayName != null)
{
user.data[0].CcnEmail = adDto.CcnEmail;
}
}
Response.data = user.data;
return(true);
}
else
{
Response.error = Label.Get("error.authentication");
return(false);
}
}
}
protected override bool Execute()
{
if (!ReCAPTCHA.Validate(DTO.Captcha))
{
Response.error = Label.Get("error.authentication");
return(false);
}
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
if (adUser?.CcnEmail != null)
{
DTO.CcnEmail = adUser.CcnEmail;
DTO.CcnDisplayname = adUser.CcnDisplayName;
DTO.CcnUsername = adUser.CcnUsername;
}
else
{
Account_ADO aAdo = new Account_ADO();
var user = aAdo.Read(Ado, new Account_DTO_Read()
{
CcnUsername = DTO.CcnEmail
});
if (!user.hasData)
{
Response.data = JSONRPC.success;
return(true);
}
if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
{
Response.data = JSONRPC.success;
return(true);
}
DTO.CcnDisplayname = user.data[0].CcnDisplayName;
DTO.CcnEmail = user.data[0].CcnEmail;
DTO.CcnUsername = DTO.CcnEmail;
}
Login_BSO lBso = new Login_BSO(Ado);
ADO_readerOutput output = lBso.ReadByToken2Fa(DTO.LgnToken2Fa, DTO.CcnUsername);
if (!output.hasData)
{
return(false);
}
//create a 2fa, save it to the database, unlock the account and send the 2fa back to the client to be displayed as a QRCode
string token = lBso.Update2FA(new Login_DTO_Create2FA()
{
LgnToken2Fa = DTO.LgnToken2Fa, CcnUsername = DTO.CcnUsername
});
Response.data = token;
return(true);
}
/// <summary>
/// Finds a single AD user in Active Directory
/// </summary>
/// <param name="Ado"></param>
/// <param name="accountDto"></param>
/// <returns></returns>
//internal ActiveDirectory_DTO GetUser(ADO Ado, Account_DTO_Create accountDto)
internal ActiveDirectory_DTO GetUser <T>(ADO Ado, T accountDto)
{
List <ActiveDirectory_DTO> result = Read(Ado, accountDto);
ActiveDirectory_DTO adDTO = new ActiveDirectory_DTO();
if (result.Count != default(int))
{
adDTO = result.FirstOrDefault();
}
return(adDTO);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not create an Administrator
if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not create an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//We need to check if the requested user is in Active Directory, otherwise we refuse the request.
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
if (adDto.CcnUsername == null)
{
Log.Instance.Debug("AD user not found");
Response.error = Label.Get("error.create");
return(false);
}
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoAccount = new Account_ADO();
//First we must check if the Account exists already (we can't have duplicates)
if (adoAccount.Exists(Ado, DTO.CcnUsername))
{
//This Account exists already, we can't proceed
Log.Instance.Debug("Account exists already");
Response.error = Label.Get("error.duplicate");
return(false);
}
//Create the Account - and retrieve the newly created Id
int newId = adoAccount.Create(Ado, DTO, SamAccountName);
if (newId == 0)
{
Log.Instance.Debug("adoAccount.Create - can't crete Account");
Response.error = Label.Get("error.create");
return(false);
}
Response.data = JSONRPC.success;
return(true);
}
protected override bool Execute()
{
if (Request.sessionCookie == null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
Login_BSO lBso = new Login_BSO(Ado);
var userResponse = lBso.ReadBySession(Request.sessionCookie.Value);
if (userResponse.hasData)
{
string user = userResponse.data[0].CcnUsername;
//This should not be allowed for an AD user
DTO.CcnUsername = user;
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
if (adDto.CcnDisplayName != null)
{
Response.data = JSONRPC.success;
return(true);
}
string token = Utility.GetRandomSHA256(userResponse.data[0].CcnId.ToString());
if (lBso.Update1FaTokenForUser(userResponse.data[0].CcnUsername, token) != null)
{
SendEmail(new Login_DTO_Create()
{
CcnUsername = userResponse.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = userResponse.data[0].CcnEmail, CcnDisplayname = userResponse.data[0].CcnDisplayName
}, token, "PxStat.Security.Login_API.Update1FA");
Response.data = JSONRPC.success;
return(true);
}
return(false);
}
Response.error = Label.Get("error.authentication");
return(false);
}
/// <summary>
/// Returns the entire Active Directory list if no CcnUsername parameter is supplied
/// Otherwise return the AD entry for the specified user
/// </summary>
/// <param name="ado"></param>
/// <param name="parameters"></param>
/// <returns></returns>
internal static List <ActiveDirectory_DTO> Read(ADO ado, dynamic parameters)
{
List <ActiveDirectory_DTO> readList = new List <ActiveDirectory_DTO>();
// Get Active Directory
IDictionary <string, dynamic> adDirectory;
if (!string.IsNullOrEmpty(parameters.CcnUsername)) // we are searching for one user
{
dynamic readAD;
readAD = ActiveDirectory.Search(parameters.CcnUsername);
if (readAD == null)
{
return(readList);
}
ActiveDirectory_DTO dto = new ActiveDirectory_DTO();
dto.CcnUsername = readAD.SamAccountName;
dto.CcnEmail = readAD.EmailAddress;
dto.CcnName = readAD.GivenName + " " + readAD.Surname;
readList.Add(dto);
return(readList);
}
// List all users
adDirectory = ActiveDirectory.List();
foreach (KeyValuePair <string, dynamic> pair in adDirectory)
{
ActiveDirectory_DTO dto = new ActiveDirectory_DTO(parameters);
dto.CcnUsername = pair.Value.SamAccountName;
dto.CcnEmail = pair.Value.EmailAddress;
dto.CcnName = pair.Value.GivenName + " " + pair.Value.Surname;
readList.Add(dto);
}
return(readList);
}
protected override bool Execute()
{
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
if (adDto?.CcnUsername != null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
Login_BSO lBso = new Login_BSO(Ado);
Account_ADO aado = new Account_ADO();
var user = aado.Read(Ado, DTO.CcnEmail);
if (!user.hasData)
{
Response.error = Label.Get("error.authentication");
return(false);
}
string token = Utility.GetRandomSHA256(user.data[0].CcnId.ToString());
if (lBso.Update1FaTokenForUser(user.data[0].CcnUsername, token) != null)
{
SendEmail(new Login_DTO_Create()
{
CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
}, token, "PxStat.Security.Login_API.Update1FA");
Response.data = JSONRPC.success;
return(true);
}
Response.error = Label.Get("error.authentication");
return(false);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
bool success = false;
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
dynamic adUser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
if (adUser?.CcnEmail != null)
{
//Check if local access is available for AD users
if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess"))
{
Response.error = Label.Get("error.authentication");
return(false);
}
DTO.CcnEmail = adUser.CcnEmail;
DTO.CcnDisplayname = adUser.CcnDisplayName;
DTO.CcnUsername = adUser.CcnUsername;
}
else
{
Account_ADO aAdo = new Account_ADO();
var user = aAdo.Read(Ado, new Account_DTO_Read()
{
CcnUsername = DTO.CcnEmail
});
if (!user.hasData)
{
Response.data = JSONRPC.success;
return(success);
}
if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
{
Response.data = JSONRPC.success;
return(true);
}
DTO.CcnDisplayname = user.data[0].CcnDisplayName;
DTO.CcnEmail = user.data[0].CcnEmail;
DTO.CcnUsername = DTO.CcnEmail;
}
Login_BSO lBso = new Login_BSO(Ado);
string token = Utility.GetRandomSHA256(DTO.CcnUsername);
lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, token);
if (token != null)
{
SendEmail(new Login_DTO_Create()
{
CcnUsername = DTO.CcnUsername, CcnEmail = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnDisplayname = DTO.CcnDisplayname
}, token, "PxStat.Security.Login_API.Update2FA");
Response.data = JSONRPC.success;
success = true;
}
Response.data = JSONRPC.success;
return(success);
}
protected override bool Execute()
{
//Validate against ReCAPTCHA
if (!ReCAPTCHA.Validate(DTO.Captcha))
{
Response.error = Label.Get("error.authentication");
return(false);
}
//get the user from the token while checking the token is still valid
// generate a new token and new timeout
//update TD_LOGIN with the hashed password, the new token and the new timeout
bool success = false;
Login_BSO lBso = new Login_BSO(Ado);
var userdata = lBso.ReadByToken1Fa(DTO.LgnToken1Fa, DTO.CcnUsername);
if (!userdata.hasData)
{
Response.error = Label.Get("error.authentication");
return(false);
}
string newToken = Utility.GetRandomSHA256(userdata.data[0].CcnId.ToString());
DTO.CcnEmail = userdata.data[0].CcnEmail;
DTO.CcnUsername = userdata.data[0].CcnUsername;
//Not allowed for AD users
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
if (adDto.CcnDisplayName != null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
if (lBso.Update1FA(DTO, newToken))
{
DTO.LgnToken1Fa = newToken;
lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, newToken);
if (sendMail)
{
SendEmail(new Login_DTO_Create()
{
CcnUsername = DTO.CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = userdata.data[0].CcnDisplayName
}, newToken, "PxStat.Security.Login_API.Create2FA");
}
Response.data = JSONRPC.success;
success = true;
}
else
{
Response.error = Label.Get("error.create");
success = false;
}
return(success);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
Login_BSO lBso = new Login_BSO(Ado);
ADO_readerOutput user;
string displayName = null;
string email = null;
string ccnUsername = null;
if (SamAccountName != null)
{
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, new Account_DTO_Create()
{
CcnUsername = SamAccountName
});
displayName = adDto.CcnDisplayName;
email = adDto.CcnEmail;
ccnUsername = adDto.CcnUsername;
}
//Check if local access is available for AD users
if (!Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess") && ccnUsername != null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
if (ccnUsername == null)
{
if (Request.sessionCookie == null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
user = lBso.ReadBySession(Request.sessionCookie.Value);
if (user.hasData)
{
if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
{
Response.data = JSONRPC.success;
return(true);
}
displayName = user.data[0].CcnDisplayName;
email = user.data[0].CcnEmail;
ccnUsername = user.data[0].CcnUsername;
}
}
if (ccnUsername == null)
{
Response.error = Label.Get("error.authentication");
return(false);
}
string token = Utility.GetRandomSHA256(ccnUsername);
lBso.UpdateInvitationToken2Fa(ccnUsername, token);
if (token != null)
{
SendEmail(new Login_DTO_Create()
{
CcnUsername = ccnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = email, CcnDisplayname = displayName
}, token, "PxStat.Security.Login_API.Update2FA");
Response.data = JSONRPC.success;
return(true);
}
Response.error = Label.Get("error.create");
return(false);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not create an Administrator
if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not create an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//We need to check if the requested user is in Active Directory, otherwise we refuse the request.
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
if (adDto.CcnUsername == null)
{
Log.Instance.Debug("AD user not found");
Response.error = Label.Get("error.create");
return(false);
}
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoAccount = new Account_ADO();
//First we must check if the Account exists already (we can't have duplicates)
if (adoAccount.Exists(Ado, DTO.CcnUsername))
{
//This Account exists already, we can't proceed
Log.Instance.Debug("Account exists already");
Response.error = Label.Get("error.duplicate");
return(false);
}
//Create the Account - and retrieve the newly created Id
int newId = adoAccount.Create(Ado, DTO, SamAccountName, true);
if (newId == 0)
{
Log.Instance.Debug("adoAccount.Create - can't create Account");
Response.error = Label.Get("error.create");
return(false);
}
string token = Utility.GetRandomSHA256(newId.ToString());
Login_BSO lBso = new Login_BSO(Ado);
lBso.CreateLogin(new Login_DTO_Create()
{
CcnUsername = DTO.CcnUsername
}, SamAccountName, null);
//Check if local access is available for AD users
if (Configuration_BSO.GetCustomConfig(ConfigType.global, "security.adOpenAccess"))
{
lBso.UpdateInvitationToken2Fa(DTO.CcnUsername, token);
SendEmail(new Login_DTO_Create()
{
CcnDisplayname = adDto.CcnDisplayName, CcnEmail = adDto.CcnEmail, CcnUsername = DTO.CcnUsername, LngIsoCode = DTO.LngIsoCode
}, token, "PxStat.Security.Login_API.Create2FA");
}
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
//A power user may not create an Administrator
if (IsPowerUser() && DTO.PrvCode.Equals(Resources.Constants.C_SECURITY_PRIVILEGE_ADMINISTRATOR))
{
Log.Instance.Debug("A power user may not create an Administrator");
Response.error = Label.Get("error.privilege");
return(false);
}
//We need to check if the requested user is NOT in Active Directory, otherwise we refuse the request.
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
if (adDto.CcnUsername != null)
{
Log.Instance.Debug("Account exists already");
Response.error = Label.Get("error.create");
return(false);
}
//Validation of parameters and user have been successful. We may now proceed to read from the database
var adoAccount = new Account_ADO();
//First we must check if the Account exists already (we can't have duplicates)
if (adoAccount.Exists(Ado, DTO.CcnEmail))
{
//This Account exists already, we can't proceed
Log.Instance.Debug("Account exists already");
Response.error = Label.Get("error.duplicate");
return(false);
}
//Next check if the email exists
if (adoAccount.ExistsByEmail(Ado, DTO.CcnEmail))
{
//This Account exists already, we can't proceed
Log.Instance.Debug("Account exists already");
Response.error = Label.Get("error.duplicate");
return(false);
}
//make sure this email isn't an AD email - they should not become local users
var aduser = adAdo.GetAdSpecificDataForEmail(DTO.CcnEmail);
if (aduser != null)
{
//This Account exists in AD, we can't proceed
Log.Instance.Debug("Account exists in AD");
Response.error = Label.Get("error.create");
return(false);
}
//Create the Account - and retrieve the newly created Id
int newId = adoAccount.Create(Ado, new Account_DTO_Create()
{
CcnUsername = DTO.CcnUsername, CcnNotificationFlag = DTO.CcnNotificationFlag, LngIsoCode = DTO.LngIsoCode, PrvCode = DTO.PrvCode, CcnDisplayName = DTO.CcnDisplayName, CcnEmail = DTO.CcnEmail
}, SamAccountName, false);
if (newId == 0)
{
Log.Instance.Debug("adoAccount.Create - can't create Account");
Response.error = Label.Get("error.create");
return(false);
}
Login_DTO_Create lDto = new Login_DTO_Create()
{
CcnUsername = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = DTO.CcnDisplayName
};
Login_BSO lBso = new Login_BSO(Ado);
string token = Utility.GetRandomSHA256(newId.ToString());
if (lBso.CreateLogin(lDto, SamAccountName, token))
{
SendEmail(lDto, token, "PxStat.Security.Login_API.Create1FA");
}
else
{
Response.error = Label.Get("error.create");
return(false);
}
Response.data = JSONRPC.success;
return(true);
}
/// <summary>
/// Execute
/// </summary>
/// <returns></returns>
protected override bool Execute()
{
if (!ReCAPTCHA.Validate(DTO.Captcha))
{
Response.error = Label.Get("error.authentication");
return(false);
}
if (DTO.CcnUsername == null)
{
DTO.CcnUsername = DTO.CcnEmail;
}
//Not allowed for AD users
ActiveDirectory_ADO adAdo = new ActiveDirectory_ADO();
ActiveDirectory_DTO adDto = adAdo.GetUser(Ado, DTO);
if (adDto.CcnDisplayName != null)
{
Response.data = JSONRPC.success;
return(true);
}
Account_ADO ccnAdo = new Account_ADO();
var user = ccnAdo.Read(Ado, new Account_DTO_Read()
{
CcnUsername = DTO.CcnEmail
});
if (!user.hasData)
{
Response.data = JSONRPC.success;
return(true);
}
if (user.data[0].CcnEmail.Equals(DBNull.Value) || user.data[0].CcnDisplayName.Equals(DBNull.Value))
{
Response.data = JSONRPC.success;
return(true);
}
DTO.CcnEmail = user.data[0].CcnEmail;
Login_BSO lBso = new Login_BSO(Ado);
string loginToken = Utility.GetRandomSHA256(user.data[0].CcnId.ToString());
Login_DTO_Create ldto = new Login_DTO_Create()
{
CcnUsername = DTO.CcnEmail, LngIsoCode = DTO.LngIsoCode, CcnEmail = DTO.CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
};
if (lBso.Update1FaTokenForUser(DTO.CcnEmail, loginToken) != null)
{
SendEmail(new Login_DTO_Create()
{
CcnUsername = user.data[0].CcnUsername, LngIsoCode = DTO.LngIsoCode, CcnEmail = user.data[0].CcnEmail, CcnDisplayname = user.data[0].CcnDisplayName
}, loginToken, "PxStat.Security.Login_API.Update1FA");
Response.data = JSONRPC.success;
return(true);
}
else
{
Response.error = Label.Get("error.create");
return(false);
}
}
