private void InternalInit(IIdentity caller, ClientRecord record, ClientResult result)
{
CheckCaller(caller);
if (string.IsNullOrWhiteSpace(record.Name))
{
throw new ArgumentException("no client name supplied", nameof(record.Name));
}
if (string.IsNullOrWhiteSpace(record.SysName))
{
record.SysName = Escaper.OrganizationSysName(record.Name);
}
if (string.IsNullOrWhiteSpace(record.SysName) ||
record.SysName != Escaper.OrganizationSysName(record.SysName))
{
throw new ArgumentException("invalid sysname " + record.SysName, nameof(record.SysName));
}
var groupLogin = record.SysName + "@groups";
var existed = Users.GetUser(groupLogin);
if (null != existed)
{
throw new SecurityException("group already exists");
}
var group = new User {
Active = true,
Login = groupLogin,
IsGroup = true,
Name = record.Name,
Email = record.UserEmail,
Roles = new[] { SecurityConst.ROLE_DEMO_ACCESS },
Expire = DateTime.Today.AddDays(1).Add(SecurityConst.LEASE_DEMO),
Custom = new Dictionary <string, object> {
{ "contact", record.Phone }
}
};
Users.Store(group);
var userLogin = "******" + record.SysName;
existed = Users.GetUser(userLogin);
if (null != existed)
{
throw new SecurityException("user already exists");
}
var name = string.IsNullOrWhiteSpace(record.UserName) ? record.Name : record.UserName;
var user = new User {
Login = userLogin,
Name = name,
Logable = true,
Domain = record.SysName,
Groups = new[] { record.SysName },
Active = true,
Expire = group.Expire,
Roles = new[] { SecurityConst.ROLE_DOMAIN_ADMIN }
};
var pass = string.IsNullOrWhiteSpace(record.Password) ? PasswordManager.Generate() : record.Password;
if (!PasswordManager.GetPolicy(pass).Ok)
{
throw new SecurityException("password not match policy");
}
PasswordManager.SetPassword(user, pass, true);
Users.Store(user);
result.GeneratedSysName = record.SysName;
result.GeneratedPassword = pass;
result.Group = group;
result.User = user;
}
public void OrganizationSystemName(string input, string result)
{
Assert.AreEqual(result, Escaper.OrganizationSysName(input));
}
