public override bool IsSelfUser(User user)
{
var doctorUrlId = this.ControllerContext.RouteData.GetRequiredString("doctor");
if (user.DoctorId != null)
return user.Doctor.UrlIdentifier == doctorUrlId;
return base.IsSelfUser(user);
}
public InternalCreateAccountEmailViewModel(User user, CreateAccountViewModel registrationData)
{
this.RegistrationData = registrationData.Clone();
this.RegistrationData.Password = "******";
this.RegistrationData.ConfirmPassword = "******";
this.UrlIdentifier = user.Practice.UrlIdentifier;
this.UserName = user.UserName;
}
public UserEmailViewModel(User user)
{
this.UserName = user.UserName;
if (user.Person != null)
this.PersonName = user.Person.FullName;
if (user.Practice != null)
this.PracticeIdentifier = user.Practice.UrlIdentifier;
if (user.Practice != null && user.Practice.AccountContract != null)
this.IsTrial = user.Practice.AccountContract.IsTrial;
}
internal static UserInfo GetUserInfo(User dbUser)
{
return new UserInfo
{
Id = dbUser.Id,
DisplayName = dbUser.Person.FullName,
GravatarEmailHash = dbUser.Person.EmailGravatarHash,
// the following properties will only be set if the current user is a doctor
DoctorId = dbUser.DoctorId,
DoctorUrlIdentifier = dbUser.Doctor != null ? dbUser.Doctor.UrlIdentifier : null,
AdministratorId = dbUser.AdministratorId,
IsOwner = dbUser.IsOwner,
};
}
internal void InitDbUser(RequestContext requestContext)
{
if (this.DbUser == null)
{
if (!requestContext.HttpContext.Request.IsAuthenticated)
return;
var authenticatedPrincipal = requestContext.HttpContext.User as AuthenticatedPrincipal;
if (authenticatedPrincipal == null)
throw new Exception(
"HttpContext.User should be a AuthenticatedPrincipal when the user is authenticated");
var db1 = this.InitDb();
var result = db1.SetCurrentUserById(authenticatedPrincipal.Profile.Id);
this.DbUser = result;
}
}
/// <summary>
/// Create a new User object.
/// </summary>
/// <param name="id">Initial value of the Id property.</param>
/// <param name="password">Initial value of the Password property.</param>
/// <param name="passwordSalt">Initial value of the PasswordSalt property.</param>
/// <param name="personId">Initial value of the PersonId property.</param>
/// <param name="practiceId">Initial value of the PracticeId property.</param>
/// <param name="userName">Initial value of the UserName property.</param>
/// <param name="userNameNormalized">Initial value of the UserNameNormalized property.</param>
/// <param name="isOwner">Initial value of the IsOwner property.</param>
public static User CreateUser(global::System.Int32 id, global::System.String password, global::System.String passwordSalt, global::System.Int32 personId, global::System.Int32 practiceId, global::System.String userName, global::System.String userNameNormalized, global::System.Boolean isOwner)
{
User user = new User();
user.Id = id;
user.Password = password;
user.PasswordSalt = passwordSalt;
user.PersonId = personId;
user.PracticeId = practiceId;
user.UserName = userName;
user.UserNameNormalized = userNameNormalized;
user.IsOwner = isOwner;
return user;
}
internal static void FillUserViewModel(User user, Practice practice, UserViewModel viewModel)
{
viewModel.Id = user.Id;
viewModel.UserName = user.UserName;
viewModel.FullName = user.Person.FullName;
viewModel.ImageUrl = GravatarHelper.GetGravatarUrl(user.Person.EmailGravatarHash, GravatarHelper.Size.s16);
viewModel.Gender = user.Person.Gender;
viewModel.DateOfBirth = ConvertToLocalDateTime(practice, user.Person.DateOfBirth);
viewModel.MaritalStatus = user.Person.MaritalStatus;
viewModel.BirthPlace = user.Person.BirthPlace;
viewModel.Cpf = user.Person.CPF;
viewModel.Profissao = user.Person.Profession;
viewModel.Email = user.Person.Email;
viewModel.IsAdministrador = user.AdministratorId != null;
viewModel.IsDoctor = user.DoctorId != null;
viewModel.IsSecretary = user.SecretaryId != null;
viewModel.IsOwner = user.IsOwner;
}
/// <summary>
/// Deprecated Method for adding a new object to the Users EntitySet. Consider using the .Add method of the associated ObjectSet<T> property instead.
/// </summary>
public void AddToUsers(User user)
{
base.AddObject("Users", user);
}
public virtual bool IsSelfUser(User user)
{
return false;
}
public InternalUpgradeEmailViewModel(User user, ChangeContractViewModel upgradeData)
: base(user)
{
this.Upgrade = upgradeData;
}
/// <summary>
/// Creates a new user and adds it to the storage object context.
/// </summary>
/// <param name="createdUser">Output paramater that returns the new user.</param>
/// <param name="registrationData">Object containing informations about the user to be created.</param>
/// <param name="dbUserSet">Storage object context used to add the new user. It won't be saved, just changed.</param>
/// <param name="utcNow"> </param>
/// <param name="practiceId">The id of the practice that the new user belongs to.</param>
/// <returns>An enumerated value indicating what has happened.</returns>
public static CreateUserResult CreateUser(out User createdUser, CreateAccountViewModel registrationData, IObjectSet<User> dbUserSet, DateTime utcNow, int? practiceId)
{
// Password cannot be null, nor empty.
if (string.IsNullOrEmpty(registrationData.Password))
{
createdUser = null;
return CreateUserResult.InvalidUserNameOrPassword;
}
// User-name cannot be null, nor empty.
if (string.IsNullOrEmpty(registrationData.UserName))
{
createdUser = null;
return CreateUserResult.InvalidUserNameOrPassword;
}
// Password salt and hash.
string passwordSalt = CipherHelper.GenerateSalt();
var passwordHash = CipherHelper.Hash(registrationData.Password, passwordSalt);
// Normalizing user name.
// The normalized user-name will be used to discover if another user with the same user-name already exists.
// This is a security measure. This makes it very difficult to guess what a person's user name may be.
// You can only login with the exact user name that you provided the first timestamp,
// but if someone tries to register a similar user name just to know if that one is the one you used...
// the attacker won't be sure... because it could be any other variation.
// e.g. I register user-name "Miguel.Angelo"... the attacker tries to register "miguelangelo", he'll be denied...
// but that doesn't mean the exact user-name "miguelangelo" is the one I used, in fact it is not.
var normalizedUserName = StringHelper.NormalizeUserName(registrationData.UserName);
var isUserNameAlreadyInUse =
practiceId != null &&
dbUserSet.Any(u => u.UserNameNormalized == normalizedUserName && u.PracticeId == practiceId);
if (isUserNameAlreadyInUse)
{
createdUser = null;
return CreateUserResult.UserNameAlreadyInUse;
}
// Creating user.
createdUser = new User
{
Person = new Person
{
// Note: DateOfBirth property cannot be set in this method because of Utc/Local conversions.
// The caller of this method must set the property.
Gender = registrationData.Gender ?? 0,
FullName = registrationData.FullName,
CreatedOn = utcNow,
Email = registrationData.EMail,
EmailGravatarHash = GravatarHelper.GetGravatarHash(registrationData.EMail),
},
UserName = registrationData.UserName,
UserNameNormalized = normalizedUserName,
PasswordSalt = passwordSalt,
Password = passwordHash,
SYS_PasswordAlt = null,
LastActiveOn = utcNow,
};
if (practiceId != null)
{
createdUser.PracticeId = (int)practiceId;
createdUser.Person.PracticeId = (int)practiceId;
}
dbUserSet.AddObject(createdUser);
return CreateUserResult.Ok;
}
internal static void FillDoctorViewModel(User user, SYS_MedicalEntity medicalEntity, SYS_MedicalSpecialty medicalSpecialty, UserViewModel viewModel, Doctor doctor)
{
viewModel.MedicCRM = doctor.CRM;
viewModel.MedicalSpecialtyId = medicalSpecialty != null ? medicalSpecialty.Id : (int?)null;
viewModel.MedicalSpecialtyName = medicalSpecialty != null ? medicalSpecialty.Name : null;
viewModel.MedicalEntityId = medicalEntity != null ? medicalEntity.Id : (int?)null;
viewModel.MedicalEntityName = medicalEntity != null ? medicalEntity.Name : null;
viewModel.MedicalEntityJurisdiction = (int)(TypeEstadoBrasileiro)Enum.Parse(
typeof(TypeEstadoBrasileiro),
user.Doctor.MedicalEntityJurisdiction);
}
public static void ResetUserPassword(User user)
{
SetUserPassword(user, Constants.DEFAULT_PASSWORD);
}
// ReSharper disable MemberCanBePrivate.Local
// ReSharper disable UnusedMember.Local
// ReSharper disable UnusedParameter.Local
public void DelUser(User user)
{
if (user != null && user.Secretary != null)
this.db.DeleteObject(user.Secretary);
if (user != null && user.Administrator != null)
this.db.DeleteObject(user.Administrator);
if (user != null && user.Doctor != null)
this.db.DeleteObject(user.Doctor);
if (user != null) this.db.DeleteObject(user);
this.db.SaveChanges();
}
public override bool IsSelfUser(User user)
{
// using request parameters that may contain the user-id
var location = this.Request.Params["location"];
if (location.StartsWith(string.Format(@"patient-files-{0}\", user.Id)))
return true;
return base.IsSelfUser(user);
}
public Practice PracticeNew(string name, User user, string urlId)
{
return Firestarter.CreatePractice(this.db, name, user, urlId);
}
public void SetOwner(User user)
{
if (user != null)
{
if (user.Practice != null)
{
if (user.Practice.Owner != null) user.Practice.Owner.IsOwner = false;
user.Practice.Owner = user;
}
user.IsOwner = true;
}
this.db.SaveChanges();
}
/// <summary>
/// Logs an user in.
/// </summary>
/// <param name="cookieCollection">
/// Cookie collection that is going to hold an encrypted cookie with informations about the user.
/// </param>
/// <param name="loginModel">
/// Model containing login informations such as practice-name, user-name and password.
/// </param>
/// <param name="dbUserSet">
/// Object set used to get informations about the user.
/// No data will be saved to this object set.
/// </param>
/// <param name="loggedInUser">
/// Out parameter returning the database User object representing the logged in user, only if the
/// login succeded. Otherwise null.
/// </param>
/// <returns>Returns whether the login succeded or not.</returns>
public static bool Login(HttpCookieCollection cookieCollection, LoginViewModel loginModel, IObjectSet<User> dbUserSet, out User loggedInUser, DateTime utcNow)
{
loggedInUser = null;
try
{
string securityToken;
loggedInUser = AuthenticateUser(loginModel.UserNameOrEmail, loginModel.Password, loginModel.PracticeIdentifier, dbUserSet, out securityToken);
if (loggedInUser != null)
{
var expiryDate = utcNow.AddYears(1);
var ticket = new FormsAuthenticationTicket(
1,
loginModel.UserNameOrEmail,
utcNow,
expiryDate,
loginModel.RememberMe,
securityToken,
FormsAuthentication.FormsCookiePath);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
Expires = loginModel.RememberMe ? utcNow.AddYears(1) : DateTime.MinValue
};
cookieCollection.Add(cookie);
return true;
}
}
catch
{
// Any excpetion will be ignored here, and the login will just fail.
}
// add log information about this exception
FormsAuthentication.SignOut();
return false;
}
private MailMessage EmailMessageToUser(User user, DateTime utcNow, bool isTrial)
{
TokenId tokenId;
// Setting verification token.
using (var db2 = this.CreateNewCerebelloEntities())
{
var token = new GLB_Token();
token.Value = Guid.NewGuid().ToString("N");
token.Type = "VerifyPracticeAndEmail";
token.Name = string.Format("Practice={0}&UserName={1}", user.Practice.UrlIdentifier, user.UserName);
token.ExpirationDate = utcNow.AddHours(Constants.MAX_HOURS_TO_VERIFY_TRIAL_ACCOUNT);
db2.GLB_Token.AddObject(token);
db2.SaveChanges();
tokenId = new TokenId(token.Id, token.Value);
}
// Rendering message bodies from partial view.
var emailViewModel = new UserEmailViewModel(user) { Token = tokenId.ToString(), IsTrial = isTrial };
var toAddress = new MailAddress(user.Person.Email, user.Person.FullName);
var emailMessageToUser = this.CreateEmailMessage("ConfirmationEmail", toAddress, emailViewModel);
return emailMessageToUser;
}
private static void SetUserPassword(User user, string password)
{
// Password salt and hash.
string passwordSalt = CipherHelper.GenerateSalt();
var passwordHash = CipherHelper.Hash(password, passwordSalt);
user.Password = passwordHash;
user.PasswordSalt = passwordSalt;
}
private void SendAccountCreatedSelfEmail(CreateAccountViewModel registrationData, User user)
{
// sending e-mail to [email protected]
// to tell us the good news
// lots of try catch... this is an internal thing, and should never fail to the client, even if it fails
try
{
var emailViewModel2 = new InternalCreateAccountEmailViewModel(user, registrationData);
var toAddress2 = new MailAddress("*****@*****.**", registrationData.FullName);
var mailMessage2 = this.CreateEmailMessagePartial("InternalCreateAccountEmail", toAddress2, emailViewModel2);
this.SendEmailAsync(mailMessage2).ContinueWith(
t =>
{
// send e-mail again is not an option, SendEmailAsync already tries a lot of times
// observing exception so that it is not raised
var ex = t.Exception;
Trace.TraceError(
string.Format(
"AuthenticationController.CreateAccount(CreateAccountViewModel): exception when sending internal e-mail: {0}",
TraceHelper.GetExceptionMessage(ex)));
});
}
catch (Exception ex)
{
Trace.TraceError(
string.Format(
"AuthenticationController.CreateAccount(CreateAccountViewModel): exception when sending internal e-mail: {0}",
TraceHelper.GetExceptionMessage(ex)));
}
}
public User SetCurrentUserById(int userId)
{
this.user = this.innerDb.Users.Include("Practice").SingleOrDefault(u => u.Id == userId);
if (this.user != null)
this.practice = this.user.Practice;
this.AccountDisabled = this.practice == null || this.practice.AccountDisabled;
return this.user;
}
public override bool IsSelfUser(User user)
{
if (this.IsActionName("Edit")
|| this.IsActionName("Details")
|| this.IsActionName("Delete")
|| this.IsActionName("ResetPassword"))
{
var context = this.ControllerContext;
var idObj = context.RequestContext.RouteData.Values["id"] ?? "";
int id;
var isValidId = int.TryParse(idObj.ToString(), out id);
if (isValidId)
return user.Id == id;
}
return base.IsSelfUser(user);
}
