public async Task AddTwoStepLoginFailureAsync() { int userId = Manager.SessionSettings.SiteSettings.GetValue <int>(LoginTwoStepController.IDENTITY_TWOSTEP_USERID); if (userId == 0) { throw new InternalError("No user id available in AddTwoStepLoginFailure"); } using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) { UserDefinition user = await userDP.GetItemByUserIdAsync(userId); if (user == null) { throw new InternalError("Unexpected error in AddTwoStepLoginFailure - no user found"); } LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync(); user.LoginFailures = user.LoginFailures + 1; if (config.MaxLoginFailures != 0 && user.LoginFailures >= config.MaxLoginFailures) { if (user.UserStatus != UserStatusEnum.Suspended) { user.UserStatus = UserStatusEnum.Suspended; } } UpdateStatusEnum status = await userDP.UpdateItemAsync(user); if (status != UpdateStatusEnum.OK) { throw new InternalError("Unexpected status {0} updating user account in AddTwoStepLoginFailure", status); } } }
public async Task <bool> GetTwoStepLoginFailuresExceededAsync() { int userId = Manager.SessionSettings.SiteSettings.GetValue <int>(LoginTwoStepController.IDENTITY_TWOSTEP_USERID); if (userId == 0) { throw new InternalError("No user id available in GetTwoStepLoginFailures"); } using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) { UserDefinition user = await userDP.GetItemByUserIdAsync(userId); if (user == null) { throw new InternalError("Unexpected error in GetTwoStepLoginFailures - no user found"); } LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync(); return(config.MaxLoginFailures != 0 && user.LoginFailures >= config.MaxLoginFailures); } }
public async Task RehashAllPasswordsAsync() { LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync(); if (!config.SavePlainTextPassword) { throw new InternalError("Rehashing all passwords is only available if plain text passwords are saved"); } UserManager <UserDefinition> userManager = Managers.GetUserManager(); const int TAKE = 10; for (int skip = 0; ; skip += TAKE) { DataProviderGetRecords <UserDefinition> list = await GetItemsAsync(skip, TAKE, null, null); if (list.Data.Count == 0) { break; } foreach (UserDefinition user in list.Data) { if (!string.IsNullOrWhiteSpace(user.PasswordPlainText)) { #if MVC6 IPasswordHasher <UserDefinition> passwordHasher = (IPasswordHasher <UserDefinition>)YetaWFManager.ServiceProvider.GetService(typeof(IPasswordHasher <UserDefinition>)); user.PasswordHash = passwordHasher.HashPassword(user, user.PasswordPlainText); #else user.PasswordHash = userManager.PasswordHasher.HashPassword(user.PasswordPlainText); #endif UpdateStatusEnum status = await UpdateItemAsync(user); if (status != UpdateStatusEnum.OK) { throw new InternalError("Update failed - status {0} user id {1}", status, user.Id); } } } } }
public static async Task <LoginConfigData> GetConfigAsync() { using (LoginConfigDataProvider configDP = new LoginConfigDataProvider()) { return(await configDP.GetItemAsync()); } }
public async Task <AddUserInfo> AddUserAsync(string name, string email, string password, bool needsNewPassword, string comment) { AddUserInfo info = new AddUserInfo(); LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync(); UserDefinition user = new UserDefinition { UserName = name, Email = email, PasswordPlainText = config.SavePlainTextPassword || needsNewPassword ? password : null, Comment = comment, }; if (config.RegistrationType == RegistrationTypeEnum.NameAndEmail) { using (UserDefinitionDataProvider dataProvider = new UserDefinitionDataProvider()) { // Email == user.Email List <DataProviderFilterInfo> filters = new List <DataProviderFilterInfo> { new DataProviderFilterInfo { Field = nameof(UserDefinition.Email), Operator = "==", Value = user.Email, }, }; UserDefinition userExists = await dataProvider.GetItemAsync(filters); if (userExists != null && user.UserName != userExists.Email) { info.ErrorType = AddUserInfo.ErrorTypeEnum.Email; info.Errors.Add(this.__ResStr("emailUsed", "An account with email address {0} already exists.", user.Email)); return(info); } } } user.UserStatus = UserStatusEnum.Approved; // create user var result = await Managers.GetUserManager().CreateAsync(user, password); if (!result.Succeeded) { info.ErrorType = AddUserInfo.ErrorTypeEnum.Name; foreach (var error in result.Errors) { #if MVC6 info.Errors.Add(error.Description); #else info.Errors.Add(error); #endif return(info); } } if (needsNewPassword) { using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) { user.NeedsNewPassword = true; if (await userDP.UpdateItemAsync(user) != UpdateStatusEnum.OK) { throw new InternalError($"Failed to update new user to set {nameof(user.NeedsNewPassword)}"); } } } info.ErrorType = AddUserInfo.ErrorTypeEnum.None; info.UserId = user.UserId; return(info); }
public async Task ResolveUserAsync() { if (!Manager.HaveCurrentRequest) { throw new InternalError("No httpRequest"); } // check whether we have a logged on user #if MVC6 if (SiteDefinition.INITIAL_INSTALL || !Manager.CurrentContext.User.Identity.IsAuthenticated) #else if (SiteDefinition.INITIAL_INSTALL || !Manager.CurrentRequest.IsAuthenticated) #endif { return;// no user logged in } // get user info and save in Manager string userName = Manager.CurrentContext.User.Identity.Name; using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) { if (!await userDP.IsInstalledAsync()) { Logging.AddErrorLog("UserDefinitionDataProvider not installed"); return; } UserDefinition user = await userDP.GetItemAsync(userName); if (user == null) { Logging.AddErrorLog("Authenticated user {0} doesn't exist", userName); #if DEBUG //throw new InternalError("Authenticated user doesn't exist"); #endif return; } // Check whether user needs to set up two-step authentication // External login providers don't require local two-step authentication (should be offered by external login provider) // If any of the user's roles require two-step authentication and the user has not enabled two-step authentication providers, // set marker so we can redirect the user if (Manager.Need2FAState == null) { Manager.Need2FAState = false; using (UserLoginInfoDataProvider logInfoDP = new UserLoginInfoDataProvider()) { if (!await logInfoDP.IsExternalUserAsync(user.UserId)) { // not an external login, so check if we need two-step auth LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync(); if (config.TwoStepAuth != null && user.RolesList != null) { foreach (Role role in config.TwoStepAuth) { if (role.RoleId == Resource.ResourceAccess.GetUserRoleId() || user.RolesList.Contains(new Role { RoleId = role.RoleId }, new RoleComparer())) { if ((await user.GetEnabledAndAvailableTwoStepAuthenticationsAsync()).Count == 0) { Manager.Need2FAState = true; } break; } } } } } } // Check whether the user needs to change the password Manager.NeedNewPassword = user.NeedsNewPassword; // user good to go Manager.UserName = user.UserName; Manager.UserEmail = user.Email; Manager.UserId = user.UserId; Manager.UserObject = user; await UserSettings.UserSettingsAccess.ResolveUserAsync(); Manager.UserRoles = (from l in user.RolesList select l.RoleId).ToList(); int superuserRole = Resource.ResourceAccess.GetSuperuserRoleId(); if (user.RolesList.Contains(new Role { RoleId = superuserRole }, new RoleComparer())) { Manager.SetSuperUserRole(true); } } }