/// <summary> /// Method that tries to login in the user with a cookie. /// Requires Profile API to be initialised. /// </summary> /// <param name="signInComponent">Initialised SignIn Component</param> /// <param name="autoLogIn">Indicates whether user login was performed.</param> /// <param name="migrated">Indicate whether the user is migrating. This happens when we can't find the identity userid, but we can the legacy sso id</param> private void TryLoginUser(ref IDnaIdentityWebServiceProxy signInComponent, ref bool autoLogIn, ref bool migrated) { autoLogIn = false; _userID = 0; // Check to see if they are logged in _userLoggedIn = signInComponent.IsUserLoggedIn; if (!_userLoggedIn) { try { // Try to log them into the service _userLoggedIn = signInComponent.LoginUser(); autoLogIn = _userLoggedIn; } catch (ProfileAPIException ex) { // Catch any Profile Exceptions, but don't throw as we can carry on without the user being logged in InputContext.Diagnostics.WriteWarningToLog("User", "Failed to log in user"); InputContext.Diagnostics.WriteExceptionToLog(ex); _userLoggedIn = false; } //catch (MySql.Data.MySqlClient.MySqlException ex) //{ // InputContext.Diagnostics.WriteWarningToLog("User", "Failed to log in user"); // InputContext.Diagnostics.WriteExceptionToLog(ex); // _userLoggedIn = false; //} } _loginName = signInComponent.LoginName; // Now get the userid if we logged them in ok if (_userLoggedIn) { GetDnaUserIDFromSignInID(signInComponent, ""); if (_userID == 0 && signInComponent.SignInSystemType == SignInSystem.Identity) { if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "legacy_user_id")) { int legacyID = 0; if (int.TryParse(signInComponent.GetUserAttribute("legacy_user_id"), out legacyID)) { GetDnaUserIDFromSignInID(signInComponent, legacyID.ToString()); migrated = true; } } } } }
/// <summary> /// <param name="signInComponent"></param> /// <param name="ssoLoginName"></param> /// <param name="ssoEmail"></param> /// <param name="ssoFirstNames"></param> /// <param name="ssoLastName"></param> /// <param name="identityUserID"></param> /// <param name="ssoUserID"></param> /// <param name="ssoDisplayName"></param> /// </summary> private bool ReadUserSSODetails(IDnaIdentityWebServiceProxy signInComponent, out string ssoLoginName, out string ssoEmail, out string ssoFirstNames, out string ssoLastName, out string identityUserID, out int ssoUserID, out string ssoDisplayName) { ssoLoginName = signInComponent.LoginName; ssoDisplayName = string.Empty; if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "displayname")) { ssoDisplayName = signInComponent.GetUserAttribute("displayname"); } ssoEmail = string.Empty; if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "email")) { ssoEmail = signInComponent.GetUserAttribute("email"); } ssoFirstNames = string.Empty; if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "firstname")) { ssoFirstNames = signInComponent.GetUserAttribute("firstname"); } ssoLastName = string.Empty; if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "lastname")) { ssoLastName = signInComponent.GetUserAttribute("lastname"); } ssoUserID = 0; identityUserID = signInComponent.UserID; if (signInComponent.GetUserAttribute("legacy_user_id").Length > 0) { ssoUserID = Convert.ToInt32(signInComponent.GetUserAttribute("legacy_user_id")); } return true; }
/// <summary> /// Checks to see if the current users email is in the banned email list /// </summary> /// <param name="signInComponent">The Signin component for this request</param> /// <returns>True if they are, false if not</returns> /// <remarks>If there are any problems encounted within the method, then it defaults by returning true for safety reasons.</remarks> private bool IsEmailInBannedList(IDnaIdentityWebServiceProxy signInComponent) { // User should be logged in before calling this method if (!signInComponent.IsUserLoggedIn) { return true; } // Get the current users cookie DnaCookie cookie; if (signInComponent.SignInSystemType == SignInSystem.Identity) { cookie = InputContext.GetCookie("IDENTITY"); } else { cookie = InputContext.GetCookie("SSO2-UID"); } bool validCookie = (cookie != null && cookie.Value != null && cookie.Value.Length >= 64); // Check to see if the users cookie is in the banned cookie list if (validCookie) { // Lock the banned list while we check Monitor.Enter(_lock); try { foreach (string bannedCookie in AppContext.BannedCookies) { // If we find a match, then return true as they are banned if (cookie.Value.CompareTo(bannedCookie) == 0) { return true; } } } finally { Monitor.Exit(_lock); } } // Now check to see if their email is in the banned list in the database string ssoEmail = string.Empty; if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "email")) { // Get the email for this current user ssoEmail = signInComponent.GetUserAttribute("email"); } else { // The service does not support emails, nothing to check. Return not banned return false; } // Make sure we have an email from SSO if (ssoEmail.Length == 0) { return true; } // Check it against the database using (IDnaDataReader reader = InputContext.CreateDnaDataReader("IsEmailInBannedList")) { // Add the email param, execute and then check the return value reader.AddParameter("Email", ssoEmail); reader.Execute(); // Check to make sure we got something back! if (!reader.HasRows || !reader.Read()) { return true; } // If they are banned and they have a valid cookie, add them to the banned list and return true if (reader.GetInt32("IsBanned") > 0) { // Add the users cookie to the banned cookie list, and then return if (validCookie) { // Lock the banned list while we add the cookie Monitor.Enter(_lock); try { AppContext.BannedCookies.Add(cookie.Value); } finally { Monitor.Exit(_lock); } } return true; } } // If we get here, then we're not banned return false; }