public WebServiceResponse EditUser (WebServiceLogin login, DBPerson user) { WebServiceResponse response = new WebServiceResponse (); using (DB db = new DB ()) { Authenticate (db, login, response, true); if (user.id == 0) { /* new user, anybody can create new users */ /* create a new person object, and only copy over the fields self is allowed to edit */ if (string.IsNullOrEmpty (user.password) || user.password.Length < 8) { response.Exception = new WebServiceException ("Password must be at least 8 characters long"); return response; } DBPerson person = new DBPerson (); person.fullname = user.fullname; person.login = user.login; person.password = user.password; person.irc_nicknames = user.irc_nicknames; person.Save (db); } else { if (Utilities.IsInRole (response, Roles.Administrator)) { /* admin editing (or adming editing self) */ user.Save (db); // no restrictions } else if (response.UserName == user.login) { /* editing self */ /* create another person object, and only copy over the fields self is allowed to edit */ DBPerson person = DBPerson_Extensions.Create (db, user.id); person.fullname = user.fullname; person.password = user.password; person.irc_nicknames = user.irc_nicknames; person.Save (db); } else { /* somebody else editing some other person */ response.Exception = new WebServiceException (new HttpException (403, "You're not allowed to edit this user")); } } } return response; }
public GetUserResponse GetUser (WebServiceLogin login, int? id, string username) { DBPerson result = null; GetUserResponse response = new GetUserResponse (); using (DB db = new DB ()) { Authenticate (db, login, response, true); if (!id.HasValue) { using (IDbCommand cmd = db.CreateCommand ()) { cmd.CommandText = "SELECT * FROM Person WHERE login = @login;"; DB.CreateParameter (cmd, "login", username); using (IDataReader reader = cmd.ExecuteReader ()) { if (reader.Read ()) result = new DBPerson (reader); } } } else { result = DBPerson_Extensions.Create (db, id.Value); } if (result != null && (result.login == response.UserName || Utilities.IsInRole (response, Roles.Administrator))) { result.Emails = result.GetEmails (db).ToArray (); response.User = result; } else { response.Exception = new WebServiceException (new HttpException (403, "You don't have access to this user's data")); } } return response; }
private void FindPerson (DBPerson person, List<DBPerson> people) { using (DB db = new DB ()) { using (IDbCommand cmd = db.CreateCommand ()) { cmd.CommandText = string.Empty; // find registered people with the same email if (person.Emails != null) { int email_counter = 0; foreach (string email in person.Emails) { if (string.IsNullOrEmpty (email)) continue; email_counter++; cmd.CommandText += "SELECT Person.* FROM Person INNER JOIN UserEmail ON Person.id = UserEmail.person_id WHERE UserEmail.email ILIKE @email" + email_counter.ToString () + ";\n"; DB.CreateParameter (cmd, "email" + email_counter.ToString (), email); } } // find registered people with the same fullname if (!string.IsNullOrEmpty (person.fullname)) { cmd.CommandText += "SELECT Person.* FROM Person WHERE fullname ILIKE @fullname;"; DB.CreateParameter (cmd, "fullname", person.fullname); } using (IDataReader reader = cmd.ExecuteReader ()) { do { while (reader.Read ()) { DBPerson guy = new DBPerson (reader); if (people.Exists ((v) => v.id == guy.id)) continue; people.Add (guy); } } while (reader.NextResult ()); } } } if (people.Count == 0) people.Add (person); }
public void EditHostWithPassword (WebServiceLogin login, DBHost host, string password) { using (DB db = new DB ()) { using (IDbTransaction transaction = db.BeginTransaction ()) { VerifyUserInRole (db, login, Roles.Administrator); var oldHost = FindHost (db, host.id, null); host.Save (db); // NOTE: it is possible to change the password of an existing account by creating // a host with the same name and specify the password. Given that admin rights // are required to create/modify hosts, it shouldn't pose a security issue. // TODO: if host changed name, delete the old user account. DBPerson person = FindPerson (db, host.host); if (person == null) { person = new DBPerson (); person.login = host.host; person.roles = Roles.BuildBot; } else { if (person.roles != Roles.BuildBot) throw new ArgumentException ("The hosts entry in the person table must have its roles set to 'BuildBot'."); } person.password = password; person.Save (db); transaction.Commit (); Audit (login, "edited host `{0}` -> `{1}`", Newtonsoft.Json.JsonConvert.SerializeObject(oldHost), Newtonsoft.Json.JsonConvert.SerializeObject(host) ); } } }
public static void FindPeopleForCommit (DBLane lane, DBRevision revision, List<DBPerson> people) { DBPerson person; try { foreach (string repository in lane.repository.Split (new char [] { ',' }, StringSplitOptions.RemoveEmptyEntries)) { string cache_dir = Configuration.GetSchedulerRepositoryCacheDirectory (repository); if (!Directory.Exists (cache_dir)) continue; using (Process git = new Process ()) { DateTime git_start = DateTime.Now; git.StartInfo.FileName = "git"; git.StartInfo.Arguments = "log -1 --pretty=format:'%aE%n%aN%n%cE%n%cN' " + revision.revision; git.StartInfo.WorkingDirectory = cache_dir; git.StartInfo.UseShellExecute = false; git.StartInfo.RedirectStandardOutput = true; git.Start (); string author_email = git.StandardOutput.ReadLine (); string author_name = git.StandardOutput.ReadLine (); string committer_email = git.StandardOutput.ReadLine (); string committer_name = git.StandardOutput.ReadLine (); // Wait 10 minutes for git to finish, otherwise abort. if (!git.WaitForExit (1000 * 60 * 10)) { GITUpdater.log.Error ("Getting commit info took more than 10 minutes, aborting."); try { git.Kill (); git.WaitForExit (10000); // Give the process 10 more seconds to completely exit. } catch (Exception ex) { GITUpdater.log.ErrorFormat ("Aborting commit info retrieval failed: {0}", ex.ToString ()); } } if (git.HasExited && git.ExitCode == 0) { GITUpdater.log.InfoFormat ("Got commit info successfully in {0} seconds", (DateTime.Now - git_start).TotalSeconds); person = new DBPerson (); person.fullname = author_name; person.Emails = new string [] { author_email }; people.Add (person); if (author_name != committer_name && !string.IsNullOrEmpty (committer_name)) { person = new DBPerson (); person.fullname = committer_name; person.Emails = new string [] {committer_email}; people.Add (person); } GITUpdater.log.DebugFormat ("Git commit info for {0}: author_name = {1} author_email: {2} committer_name: {3} committer_email: {4}", revision.revision, author_name, author_email, committer_name, committer_email); } else { GITUpdater.log.ErrorFormat ("Didn't get commit info, HasExited: {0}, ExitCode: {1}", git.HasExited, git.HasExited ? git.ExitCode.ToString () : "N/A"); } } } } catch (Exception ex) { GITUpdater.log.ErrorFormat ("Exception while trying to get commit info: {0}", ex.ToString ()); } }
public static void LoginDB (DB db, LoginResponse response, string username, string roles, string ip4) { // We now create an account with an empty password and the specified roles. // Note that it is not possible to log into an account with an empty password // using the normal login procedure. DBPerson open_person = null; using (IDbCommand cmd = db.CreateCommand ()) { cmd.CommandText = @"SELECT * FROM Person WHERE login = @login;"; DB.CreateParameter (cmd, "login", username); using (var reader = cmd.ExecuteReader ()) { if (reader.Read ()) open_person = new DBPerson (reader); } } if (open_person == null) { open_person = new DBPerson (); open_person.login = username; open_person.roles = roles; open_person.Save (db); } else { // only save if something has changed if (open_person.roles != roles) { open_person.roles = roles; open_person.Save (db); } } WebServiceLogin login = new WebServiceLogin (); login.Ip4 = ip4; login.User = open_person.login; db.Audit (login, "DBLogin_Extensions.Login (username: {0}, ip4: {1})", username, ip4); var result = new DBLogin (); result.person_id = open_person.id; result.ip4 = ip4; result.cookie = CreateCookie (); result.expires = DateTime.Now.AddDays (1); result.Save (db); response.User = username; response.UserName = username; response.UserRoles = open_person.Roles; response.Cookie = result.cookie; }
protected void cmdSave_OnClick (object sender, EventArgs e) { WebServiceResponse rsp; DBPerson user; bool created = false; if (response == null) { user = new DBPerson (); user.login = txtUserName.Text; created = true; } else { user = response.User; } user.fullname = txtFullName.Text; user.password = txtPassword.Text; user.roles = txtRoles.Text; user.irc_nicknames = txtIRCNicks.Text; rsp = Utils.LocalWebService.EditUser (Master.WebServiceLogin, user); if (rsp.Exception != null) { lblMessage.Text = rsp.Exception.Message; } else { if (!Authentication.IsLoggedIn (rsp) && created) { Authentication.Login (user.login, user.password, Request, Response); } Response.Redirect ("User.aspx?username=" + HttpUtility.UrlEncode (user.login), false); } }
public static void LoginOpenId (DB db, LoginResponse response, string email, string ip4) { if (string.IsNullOrEmpty (Configuration.OpenIdProvider) && string.IsNullOrEmpty (Configuration.OauthClientId)) throw new Exception ("No OpenId provider available"); if (string.IsNullOrEmpty (Configuration.OpenIdRoles)) throw new Exception ("No OpenId roles specified"); if (string.IsNullOrEmpty (email)) throw new Exception ("OpenId authentication requires an email"); string [] specs = Configuration.OpenIdRoles.Split (';'); foreach (var spec in specs) { // email:role1,role2 string [] split = spec.Split (':'); if (split.Length != 2) { log.ErrorFormat ("AuthenticateOpenId: Invalid role spec: {0}", spec); continue; } if (string.IsNullOrEmpty (split [1])) { log.ErrorFormat ("AuthenticateOpenId: No roles specified for {0}", split [0]); continue; } if (!Regex.IsMatch (email, split [0])) continue; // We now create an account with an empty password and the specified roles. // Note that it is not possible to log into an account with an empty password // using the normal login procedure. DBPerson open_person = null; using (IDbCommand cmd = db.CreateCommand ()) { cmd.CommandText = @"SELECT * FROM Person WHERE login = @login;"; DB.CreateParameter (cmd, "login", email); using (var reader = cmd.ExecuteReader ()) { if (reader.Read ()) open_person = new DBPerson (reader); } } if (open_person == null) { open_person = new DBPerson (); open_person.login = email; open_person.roles = split [1]; open_person.Save (db); } else { // only save if something has changed if (open_person.roles != split [1]) { open_person.roles = split [1]; open_person.Save (db); } } WebServiceLogin login = new WebServiceLogin (); login.Ip4 = ip4; login.User = open_person.login; db.Audit (login, "DBLogin_Extensions.LoginOpenId (email: {0}, ip4: {1})", email, ip4); var result = new DBLogin (); result.person_id = open_person.id; result.ip4 = ip4; result.cookie = CreateCookie (); result.expires = DateTime.Now.AddDays (1); result.Save (db); response.User = email; response.UserName = email; response.UserRoles = open_person.Roles; response.Cookie = result.cookie; return; } throw new Exception ("The provided email address is not allowed to log in"); }
public static void FindPeopleForCommit (DBLane lane, DBRevision revision, List<DBPerson> people) { DBPerson person = new DBPerson (); person.fullname = revision.author; people.Add (person); }