public async Task AddTwoStepLoginFailureAsync()
{
int userId = Manager.SessionSettings.SiteSettings.GetValue <int>(LoginTwoStepController.IDENTITY_TWOSTEP_USERID);
if (userId == 0)
{
throw new InternalError("No user id available in AddTwoStepLoginFailure");
}
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
UserDefinition user = await userDP.GetItemByUserIdAsync(userId);
if (user == null)
{
throw new InternalError("Unexpected error in AddTwoStepLoginFailure - no user found");
}
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
user.LoginFailures = user.LoginFailures + 1;
if (config.MaxLoginFailures != 0 && user.LoginFailures >= config.MaxLoginFailures)
{
if (user.UserStatus != UserStatusEnum.Suspended)
{
user.UserStatus = UserStatusEnum.Suspended;
}
}
UpdateStatusEnum status = await userDP.UpdateItemAsync(user);
if (status != UpdateStatusEnum.OK)
{
throw new InternalError("Unexpected status {0} updating user account in AddTwoStepLoginFailure", status);
}
}
}
private async Task AddConfigAsync(LoginConfigData data)
{
data.Id = KEY;
if (!await DataProvider.AddAsync(data))
{
throw new InternalError("Unexpected error adding settings");
}
await Auditing.AddAuditAsync($"{nameof(LoginConfigDataProvider)}.{nameof(AddConfigAsync)}", "Config", Guid.Empty,
"Add Login Config",
DataBefore : null,
DataAfter : data,
ExpensiveMultiInstance : true
);
}
public async Task UpdateConfigAsync(LoginConfigData data)
{
LoginConfigData origConfig = Auditing.Active ? await GetItemAsync() : null;
data.Id = KEY;
UpdateStatusEnum status = await DataProvider.UpdateAsync(data.Id, data.Id, data);
if (status != UpdateStatusEnum.OK)
{
throw new InternalError("Unexpected error saving configuration {0}", status);
}
await Auditing.AddAuditAsync($"{nameof(LoginConfigDataProvider)}.{nameof(UpdateConfigAsync)}", "Config", Guid.Empty,
"Update Login Config",
DataBefore : origConfig,
DataAfter : data,
ExpensiveMultiInstance : true
);
}
public async Task <bool> GetTwoStepLoginFailuresExceededAsync()
{
int userId = Manager.SessionSettings.SiteSettings.GetValue <int>(LoginTwoStepController.IDENTITY_TWOSTEP_USERID);
if (userId == 0)
{
throw new InternalError("No user id available in GetTwoStepLoginFailures");
}
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
UserDefinition user = await userDP.GetItemByUserIdAsync(userId);
if (user == null)
{
throw new InternalError("Unexpected error in GetTwoStepLoginFailures - no user found");
}
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
return(config.MaxLoginFailures != 0 && user.LoginFailures >= config.MaxLoginFailures);
}
}
public async Task RehashAllPasswordsAsync()
{
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
if (!config.SavePlainTextPassword)
{
throw new InternalError("Rehashing all passwords is only available if plain text passwords are saved");
}
UserManager <UserDefinition> userManager = Managers.GetUserManager();
const int TAKE = 10;
for (int skip = 0; ; skip += TAKE)
{
DataProviderGetRecords <UserDefinition> list = await GetItemsAsync(skip, TAKE, null, null);
if (list.Data.Count == 0)
{
break;
}
foreach (UserDefinition user in list.Data)
{
if (!string.IsNullOrWhiteSpace(user.PasswordPlainText))
{
#if MVC6
IPasswordHasher <UserDefinition> passwordHasher = (IPasswordHasher <UserDefinition>)YetaWFManager.ServiceProvider.GetService(typeof(IPasswordHasher <UserDefinition>));
user.PasswordHash = passwordHasher.HashPassword(user, user.PasswordPlainText);
#else
user.PasswordHash = userManager.PasswordHasher.HashPassword(user.PasswordPlainText);
#endif
UpdateStatusEnum status = await UpdateItemAsync(user);
if (status != UpdateStatusEnum.OK)
{
throw new InternalError("Update failed - status {0} user id {1}", status, user.Id);
}
}
}
}
}
public async Task <LoginConfigData> GetItemAsync()
{
LoginConfigData config = await DataProvider.GetAsync(KEY);
if (config == null)
{
config = new LoginConfigData()
{
Id = KEY,
AllowUserRegistration = true,
RegistrationType = RegistrationTypeEnum.EmailOnly,
SavePlainTextPassword = false,
Captcha = false,
VerifyNewUsers = false,
ApproveNewUsers = false,
NotifyAdminNewUsers = false,
BccVerification = false,
BccForgottenPassword = false,
PersistentLogin = true,
};
await AddConfigAsync(config);
}
return(config);
}
public async Task <List <LoginProviderDescription> > GetActiveExternalLoginProvidersAsync()
{
LoginConfigData configData = await GetConfigAsync();
List <LoginProviderDescription> list = new List <LoginProviderDescription>();
#if MVC6
SignInManager <UserDefinition> _signinManager = (SignInManager <UserDefinition>)YetaWFManager.ServiceProvider.GetService(typeof(SignInManager <UserDefinition>));
List <AuthenticationScheme> loginProviders = (await _signinManager.GetExternalAuthenticationSchemesAsync()).ToList();
foreach (AuthenticationScheme provider in loginProviders)
{
string name = provider.Name;
if (name == "Facebook" && configData.UseFacebook && configData.DefinedFacebook)
{
list.Add(new LoginProviderDescription {
InternalName = name, DisplayName = provider.DisplayName
});
}
else if (name == "Google" && configData.UseGoogle && configData.DefinedGoogle)
{
list.Add(new LoginProviderDescription {
InternalName = name, DisplayName = provider.DisplayName
});
}
else if (name == "Microsoft" && configData.UseMicrosoft && configData.DefinedMicrosoft)
{
list.Add(new LoginProviderDescription {
InternalName = name, DisplayName = provider.DisplayName
});
}
else if (name == "Twitter" && configData.UseTwitter && configData.DefinedTwitter)
{
list.Add(new LoginProviderDescription {
InternalName = name, DisplayName = provider.DisplayName
});
}
}
#else
List <AuthenticationDescription> loginProviders = Manager.CurrentContext.GetOwinContext().Authentication.GetExternalAuthenticationTypes().ToList();
foreach (AuthenticationDescription provider in loginProviders)
{
string name = provider.AuthenticationType;
if (name == "Facebook" && configData.UseFacebook && configData.DefinedFacebook)
{
list.Add(new LoginProviderDescription {
InternalName = name, DisplayName = provider.Caption
});
}
else if (name == "Google" && configData.UseGoogle && configData.DefinedGoogle)
{
list.Add(new LoginProviderDescription {
InternalName = name, DisplayName = provider.Caption
});
}
else if (name == "Microsoft" && configData.UseMicrosoft && configData.DefinedMicrosoft)
{
list.Add(new LoginProviderDescription {
InternalName = name, DisplayName = provider.Caption
});
}
else if (name == "Twitter" && configData.UseTwitter && configData.DefinedTwitter)
{
list.Add(new LoginProviderDescription {
InternalName = name, DisplayName = provider.Caption
});
}
}
#endif
return(list);
}
public async Task <AddUserInfo> AddUserAsync(string name, string email, string password, bool needsNewPassword, string comment)
{
AddUserInfo info = new AddUserInfo();
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
UserDefinition user = new UserDefinition {
UserName = name,
Email = email,
PasswordPlainText = config.SavePlainTextPassword || needsNewPassword ? password : null,
Comment = comment,
};
if (config.RegistrationType == RegistrationTypeEnum.NameAndEmail)
{
using (UserDefinitionDataProvider dataProvider = new UserDefinitionDataProvider()) {
// Email == user.Email
List <DataProviderFilterInfo> filters = new List <DataProviderFilterInfo> {
new DataProviderFilterInfo {
Field = nameof(UserDefinition.Email), Operator = "==", Value = user.Email,
},
};
UserDefinition userExists = await dataProvider.GetItemAsync(filters);
if (userExists != null && user.UserName != userExists.Email)
{
info.ErrorType = AddUserInfo.ErrorTypeEnum.Email;
info.Errors.Add(this.__ResStr("emailUsed", "An account with email address {0} already exists.", user.Email));
return(info);
}
}
}
user.UserStatus = UserStatusEnum.Approved;
// create user
var result = await Managers.GetUserManager().CreateAsync(user, password);
if (!result.Succeeded)
{
info.ErrorType = AddUserInfo.ErrorTypeEnum.Name;
foreach (var error in result.Errors)
{
#if MVC6
info.Errors.Add(error.Description);
#else
info.Errors.Add(error);
#endif
return(info);
}
}
if (needsNewPassword)
{
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
user.NeedsNewPassword = true;
if (await userDP.UpdateItemAsync(user) != UpdateStatusEnum.OK)
{
throw new InternalError($"Failed to update new user to set {nameof(user.NeedsNewPassword)}");
}
}
}
info.ErrorType = AddUserInfo.ErrorTypeEnum.None;
info.UserId = user.UserId;
return(info);
}
public async Task ResolveUserAsync()
{
if (!Manager.HaveCurrentRequest)
{
throw new InternalError("No httpRequest");
}
// check whether we have a logged on user
#if MVC6
if (SiteDefinition.INITIAL_INSTALL || !Manager.CurrentContext.User.Identity.IsAuthenticated)
#else
if (SiteDefinition.INITIAL_INSTALL || !Manager.CurrentRequest.IsAuthenticated)
#endif
{
return;// no user logged in
}
// get user info and save in Manager
string userName = Manager.CurrentContext.User.Identity.Name;
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
if (!await userDP.IsInstalledAsync())
{
Logging.AddErrorLog("UserDefinitionDataProvider not installed");
return;
}
UserDefinition user = await userDP.GetItemAsync(userName);
if (user == null)
{
Logging.AddErrorLog("Authenticated user {0} doesn't exist", userName);
#if DEBUG
//throw new InternalError("Authenticated user doesn't exist");
#endif
return;
}
// Check whether user needs to set up two-step authentication
// External login providers don't require local two-step authentication (should be offered by external login provider)
// If any of the user's roles require two-step authentication and the user has not enabled two-step authentication providers,
// set marker so we can redirect the user
if (Manager.Need2FAState == null)
{
Manager.Need2FAState = false;
using (UserLoginInfoDataProvider logInfoDP = new UserLoginInfoDataProvider()) {
if (!await logInfoDP.IsExternalUserAsync(user.UserId))
{
// not an external login, so check if we need two-step auth
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
if (config.TwoStepAuth != null && user.RolesList != null)
{
foreach (Role role in config.TwoStepAuth)
{
if (role.RoleId == Resource.ResourceAccess.GetUserRoleId() || user.RolesList.Contains(new Role {
RoleId = role.RoleId
}, new RoleComparer()))
{
if ((await user.GetEnabledAndAvailableTwoStepAuthenticationsAsync()).Count == 0)
{
Manager.Need2FAState = true;
}
break;
}
}
}
}
}
}
// Check whether the user needs to change the password
Manager.NeedNewPassword = user.NeedsNewPassword;
// user good to go
Manager.UserName = user.UserName;
Manager.UserEmail = user.Email;
Manager.UserId = user.UserId;
Manager.UserObject = user;
await UserSettings.UserSettingsAccess.ResolveUserAsync();
Manager.UserRoles = (from l in user.RolesList select l.RoleId).ToList();
int superuserRole = Resource.ResourceAccess.GetSuperuserRoleId();
if (user.RolesList.Contains(new Role {
RoleId = superuserRole
}, new RoleComparer()))
{
Manager.SetSuperUserRole(true);
}
}
}
