示例#1
0
        public async Task AddTwoStepLoginFailureAsync()
        {
            int userId = Manager.SessionSettings.SiteSettings.GetValue <int>(LoginTwoStepController.IDENTITY_TWOSTEP_USERID);

            if (userId == 0)
            {
                throw new InternalError("No user id available in AddTwoStepLoginFailure");
            }
            using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
                UserDefinition user = await userDP.GetItemByUserIdAsync(userId);

                if (user == null)
                {
                    throw new InternalError("Unexpected error in AddTwoStepLoginFailure - no user found");
                }
                LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();

                user.LoginFailures = user.LoginFailures + 1;
                if (config.MaxLoginFailures != 0 && user.LoginFailures >= config.MaxLoginFailures)
                {
                    if (user.UserStatus != UserStatusEnum.Suspended)
                    {
                        user.UserStatus = UserStatusEnum.Suspended;
                    }
                }
                UpdateStatusEnum status = await userDP.UpdateItemAsync(user);

                if (status != UpdateStatusEnum.OK)
                {
                    throw new InternalError("Unexpected status {0} updating user account in AddTwoStepLoginFailure", status);
                }
            }
        }
 private async Task AddConfigAsync(LoginConfigData data)
 {
     data.Id = KEY;
     if (!await DataProvider.AddAsync(data))
     {
         throw new InternalError("Unexpected error adding settings");
     }
     await Auditing.AddAuditAsync($"{nameof(LoginConfigDataProvider)}.{nameof(AddConfigAsync)}", "Config", Guid.Empty,
                                  "Add Login Config",
                                  DataBefore : null,
                                  DataAfter : data,
                                  ExpensiveMultiInstance : true
                                  );
 }
        public async Task UpdateConfigAsync(LoginConfigData data)
        {
            LoginConfigData origConfig = Auditing.Active ? await GetItemAsync() : null;

            data.Id = KEY;
            UpdateStatusEnum status = await DataProvider.UpdateAsync(data.Id, data.Id, data);

            if (status != UpdateStatusEnum.OK)
            {
                throw new InternalError("Unexpected error saving configuration {0}", status);
            }
            await Auditing.AddAuditAsync($"{nameof(LoginConfigDataProvider)}.{nameof(UpdateConfigAsync)}", "Config", Guid.Empty,
                                         "Update Login Config",
                                         DataBefore : origConfig,
                                         DataAfter : data,
                                         ExpensiveMultiInstance : true
                                         );
        }
示例#4
0
        public async Task <bool> GetTwoStepLoginFailuresExceededAsync()
        {
            int userId = Manager.SessionSettings.SiteSettings.GetValue <int>(LoginTwoStepController.IDENTITY_TWOSTEP_USERID);

            if (userId == 0)
            {
                throw new InternalError("No user id available in GetTwoStepLoginFailures");
            }
            using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
                UserDefinition user = await userDP.GetItemByUserIdAsync(userId);

                if (user == null)
                {
                    throw new InternalError("Unexpected error in GetTwoStepLoginFailures - no user found");
                }
                LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();

                return(config.MaxLoginFailures != 0 && user.LoginFailures >= config.MaxLoginFailures);
            }
        }
        public async Task RehashAllPasswordsAsync()
        {
            LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();

            if (!config.SavePlainTextPassword)
            {
                throw new InternalError("Rehashing all passwords is only available if plain text passwords are saved");
            }
            UserManager <UserDefinition> userManager = Managers.GetUserManager();
            const int TAKE = 10;

            for (int skip = 0; ; skip += TAKE)
            {
                DataProviderGetRecords <UserDefinition> list = await GetItemsAsync(skip, TAKE, null, null);

                if (list.Data.Count == 0)
                {
                    break;
                }
                foreach (UserDefinition user in list.Data)
                {
                    if (!string.IsNullOrWhiteSpace(user.PasswordPlainText))
                    {
#if MVC6
                        IPasswordHasher <UserDefinition> passwordHasher = (IPasswordHasher <UserDefinition>)YetaWFManager.ServiceProvider.GetService(typeof(IPasswordHasher <UserDefinition>));
                        user.PasswordHash = passwordHasher.HashPassword(user, user.PasswordPlainText);
#else
                        user.PasswordHash = userManager.PasswordHasher.HashPassword(user.PasswordPlainText);
#endif
                        UpdateStatusEnum status = await UpdateItemAsync(user);

                        if (status != UpdateStatusEnum.OK)
                        {
                            throw new InternalError("Update failed - status {0} user id {1}", status, user.Id);
                        }
                    }
                }
            }
        }
        public async Task <LoginConfigData> GetItemAsync()
        {
            LoginConfigData config = await DataProvider.GetAsync(KEY);

            if (config == null)
            {
                config = new LoginConfigData()
                {
                    Id = KEY,
                    AllowUserRegistration = true,
                    RegistrationType      = RegistrationTypeEnum.EmailOnly,
                    SavePlainTextPassword = false,
                    Captcha              = false,
                    VerifyNewUsers       = false,
                    ApproveNewUsers      = false,
                    NotifyAdminNewUsers  = false,
                    BccVerification      = false,
                    BccForgottenPassword = false,
                    PersistentLogin      = true,
                };
                await AddConfigAsync(config);
            }
            return(config);
        }
        public async Task <List <LoginProviderDescription> > GetActiveExternalLoginProvidersAsync()
        {
            LoginConfigData configData = await GetConfigAsync();

            List <LoginProviderDescription> list = new List <LoginProviderDescription>();

#if MVC6
            SignInManager <UserDefinition> _signinManager = (SignInManager <UserDefinition>)YetaWFManager.ServiceProvider.GetService(typeof(SignInManager <UserDefinition>));

            List <AuthenticationScheme> loginProviders = (await _signinManager.GetExternalAuthenticationSchemesAsync()).ToList();
            foreach (AuthenticationScheme provider in loginProviders)
            {
                string name = provider.Name;
                if (name == "Facebook" && configData.UseFacebook && configData.DefinedFacebook)
                {
                    list.Add(new LoginProviderDescription {
                        InternalName = name, DisplayName = provider.DisplayName
                    });
                }
                else if (name == "Google" && configData.UseGoogle && configData.DefinedGoogle)
                {
                    list.Add(new LoginProviderDescription {
                        InternalName = name, DisplayName = provider.DisplayName
                    });
                }
                else if (name == "Microsoft" && configData.UseMicrosoft && configData.DefinedMicrosoft)
                {
                    list.Add(new LoginProviderDescription {
                        InternalName = name, DisplayName = provider.DisplayName
                    });
                }
                else if (name == "Twitter" && configData.UseTwitter && configData.DefinedTwitter)
                {
                    list.Add(new LoginProviderDescription {
                        InternalName = name, DisplayName = provider.DisplayName
                    });
                }
            }
#else
            List <AuthenticationDescription> loginProviders = Manager.CurrentContext.GetOwinContext().Authentication.GetExternalAuthenticationTypes().ToList();
            foreach (AuthenticationDescription provider in loginProviders)
            {
                string name = provider.AuthenticationType;
                if (name == "Facebook" && configData.UseFacebook && configData.DefinedFacebook)
                {
                    list.Add(new LoginProviderDescription {
                        InternalName = name, DisplayName = provider.Caption
                    });
                }
                else if (name == "Google" && configData.UseGoogle && configData.DefinedGoogle)
                {
                    list.Add(new LoginProviderDescription {
                        InternalName = name, DisplayName = provider.Caption
                    });
                }
                else if (name == "Microsoft" && configData.UseMicrosoft && configData.DefinedMicrosoft)
                {
                    list.Add(new LoginProviderDescription {
                        InternalName = name, DisplayName = provider.Caption
                    });
                }
                else if (name == "Twitter" && configData.UseTwitter && configData.DefinedTwitter)
                {
                    list.Add(new LoginProviderDescription {
                        InternalName = name, DisplayName = provider.Caption
                    });
                }
            }
#endif
            return(list);
        }
示例#8
0
        public async Task <AddUserInfo> AddUserAsync(string name, string email, string password, bool needsNewPassword, string comment)
        {
            AddUserInfo     info   = new AddUserInfo();
            LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();

            UserDefinition user = new UserDefinition {
                UserName          = name,
                Email             = email,
                PasswordPlainText = config.SavePlainTextPassword || needsNewPassword ? password : null,
                Comment           = comment,
            };

            if (config.RegistrationType == RegistrationTypeEnum.NameAndEmail)
            {
                using (UserDefinitionDataProvider dataProvider = new UserDefinitionDataProvider()) {
                    // Email == user.Email
                    List <DataProviderFilterInfo> filters = new List <DataProviderFilterInfo> {
                        new DataProviderFilterInfo {
                            Field = nameof(UserDefinition.Email), Operator = "==", Value = user.Email,
                        },
                    };
                    UserDefinition userExists = await dataProvider.GetItemAsync(filters);

                    if (userExists != null && user.UserName != userExists.Email)
                    {
                        info.ErrorType = AddUserInfo.ErrorTypeEnum.Email;
                        info.Errors.Add(this.__ResStr("emailUsed", "An account with email address {0} already exists.", user.Email));
                        return(info);
                    }
                }
            }
            user.UserStatus = UserStatusEnum.Approved;

            // create user
            var result = await Managers.GetUserManager().CreateAsync(user, password);

            if (!result.Succeeded)
            {
                info.ErrorType = AddUserInfo.ErrorTypeEnum.Name;
                foreach (var error in result.Errors)
                {
#if MVC6
                    info.Errors.Add(error.Description);
#else
                    info.Errors.Add(error);
#endif
                    return(info);
                }
            }
            if (needsNewPassword)
            {
                using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
                    user.NeedsNewPassword = true;
                    if (await userDP.UpdateItemAsync(user) != UpdateStatusEnum.OK)
                    {
                        throw new InternalError($"Failed to update new user to set {nameof(user.NeedsNewPassword)}");
                    }
                }
            }

            info.ErrorType = AddUserInfo.ErrorTypeEnum.None;
            info.UserId    = user.UserId;
            return(info);
        }
示例#9
0
        public async Task ResolveUserAsync()
        {
            if (!Manager.HaveCurrentRequest)
            {
                throw new InternalError("No httpRequest");
            }

            // check whether we have a logged on user
#if MVC6
            if (SiteDefinition.INITIAL_INSTALL || !Manager.CurrentContext.User.Identity.IsAuthenticated)
#else
            if (SiteDefinition.INITIAL_INSTALL || !Manager.CurrentRequest.IsAuthenticated)
#endif
            {
                return;// no user logged in
            }
            // get user info and save in Manager
            string userName = Manager.CurrentContext.User.Identity.Name;
            using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
                if (!await userDP.IsInstalledAsync())
                {
                    Logging.AddErrorLog("UserDefinitionDataProvider not installed");
                    return;
                }
                UserDefinition user = await userDP.GetItemAsync(userName);

                if (user == null)
                {
                    Logging.AddErrorLog("Authenticated user {0} doesn't exist", userName);
#if DEBUG
                    //throw new InternalError("Authenticated user doesn't exist");
#endif
                    return;
                }
                // Check whether user needs to set up two-step authentication
                // External login providers don't require local two-step authentication (should be offered by external login provider)
                // If any of the user's roles require two-step authentication and the user has not enabled two-step authentication providers,
                // set marker so we can redirect the user
                if (Manager.Need2FAState == null)
                {
                    Manager.Need2FAState = false;
                    using (UserLoginInfoDataProvider logInfoDP = new UserLoginInfoDataProvider()) {
                        if (!await logInfoDP.IsExternalUserAsync(user.UserId))
                        {
                            // not an external login, so check if we need two-step auth
                            LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();

                            if (config.TwoStepAuth != null && user.RolesList != null)
                            {
                                foreach (Role role in config.TwoStepAuth)
                                {
                                    if (role.RoleId == Resource.ResourceAccess.GetUserRoleId() || user.RolesList.Contains(new Role {
                                        RoleId = role.RoleId
                                    }, new RoleComparer()))
                                    {
                                        if ((await user.GetEnabledAndAvailableTwoStepAuthenticationsAsync()).Count == 0)
                                        {
                                            Manager.Need2FAState = true;
                                        }
                                        break;
                                    }
                                }
                            }
                        }
                    }
                }
                // Check whether the user needs to change the password
                Manager.NeedNewPassword = user.NeedsNewPassword;

                // user good to go
                Manager.UserName   = user.UserName;
                Manager.UserEmail  = user.Email;
                Manager.UserId     = user.UserId;
                Manager.UserObject = user;
                await UserSettings.UserSettingsAccess.ResolveUserAsync();

                Manager.UserRoles = (from l in user.RolesList select l.RoleId).ToList();

                int superuserRole = Resource.ResourceAccess.GetSuperuserRoleId();
                if (user.RolesList.Contains(new Role {
                    RoleId = superuserRole
                }, new RoleComparer()))
                {
                    Manager.SetSuperUserRole(true);
                }
            }
        }