示例#1
0
        public ClientResult Init(IIdentity caller, ClientRecord record)
        {
            var result = new ClientResult {
                OK = true
            };

            try {
                InternalInit(caller, record, result);
            }
            catch (Exception e) {
                result.OK    = false;
                result.Error = e;
            }
            return(result);
        }
示例#2
0
        private void InternalToDemo(string clientSysName, ClientResult result)
        {
            var group = Users.GetUser(clientSysName + "@groups");

            if (null == group)
            {
                throw new Exception("no group found");
            }
            if (group.Roles.Contains(SecurityConst.ROLE_DEMO_ACCESS))
            {
                return; //already demo
            }
            group.Roles.Add(SecurityConst.ROLE_DEMO_ACCESS);
            group.Roles.Remove("writer"); //HACK: it's unlift-related role
            result.Group = group;
            Users.Store(group);
        }
示例#3
0
        public ClientResult SetExpire(IIdentity caller, string clientSysName, DateTime newExpire)
        {
            var result = new ClientResult {
                OK = true
            };

            try
            {
                CheckCaller(caller);
                InternalSetExpire(clientSysName, newExpire, result);
            }
            catch (Exception e)
            {
                result.OK    = false;
                result.Error = e;
            }
            return(result);
        }
示例#4
0
        public ClientResult ToWork(IIdentity caller, string clientSysName)
        {
            var result = new ClientResult {
                OK = true
            };

            try {
                CheckCaller(caller);
                InternalToWork(clientSysName, result);
                if (null != result.Group)
                {
                    InternalSetExpire(clientSysName, DateTime.Today.AddDays(1).Add(SecurityConst.LEASE_USER), result);
                }
            }
            catch (Exception e) {
                result.OK    = false;
                result.Error = e;
            }
            return(result);
        }
示例#5
0
        private void InternalSetExpire(string clientSysName, DateTime date, ClientResult result)
        {
            result.Group = result.Group ?? Users.GetUser(clientSysName + "@groups");
            if (null == result.Group)
            {
                throw new Exception("no group found");
            }
            result.Group.Expire = date;
            Users.Store(result.Group);
            var users = Users.SearchUsers(new UserSearchQuery {
                Domain = clientSysName
            }).ToArray();

            foreach (var user in users)
            {
                if (user.Active)
                {
                    user.Expire = result.Group.Expire;
                    Users.Store(user);
                }
            }
        }
示例#6
0
        private void InternalInit(IIdentity caller, ClientRecord record, ClientResult result)
        {
            CheckCaller(caller);
            if (string.IsNullOrWhiteSpace(record.Name))
            {
                throw new ArgumentException("no client name supplied", nameof(record.Name));
            }
            if (string.IsNullOrWhiteSpace(record.SysName))
            {
                record.SysName = Escaper.OrganizationSysName(record.Name);
            }
            if (string.IsNullOrWhiteSpace(record.SysName) ||
                record.SysName != Escaper.OrganizationSysName(record.SysName))
            {
                throw new ArgumentException("invalid sysname " + record.SysName, nameof(record.SysName));
            }


            var groupLogin = record.SysName + "@groups";
            var existed    = Users.GetUser(groupLogin);

            if (null != existed)
            {
                throw new SecurityException("group already exists");
            }
            var group = new User {
                Active  = true,
                Login   = groupLogin,
                IsGroup = true,
                Name    = record.Name,
                Email   = record.UserEmail,
                Roles   = new[] { SecurityConst.ROLE_DEMO_ACCESS },
                Expire  = DateTime.Today.AddDays(1).Add(SecurityConst.LEASE_DEMO),
                Custom  = new Dictionary <string, object> {
                    { "contact", record.Phone }
                }
            };

            Users.Store(group);

            var userLogin = "******" + record.SysName;

            existed = Users.GetUser(userLogin);
            if (null != existed)
            {
                throw new SecurityException("user already exists");
            }
            var name = string.IsNullOrWhiteSpace(record.UserName) ? record.Name : record.UserName;

            var user = new User {
                Login   = userLogin,
                Name    = name,
                Logable = true,
                Domain  = record.SysName,
                Groups  = new[] { record.SysName },
                Active  = true,
                Expire  = group.Expire,
                Roles   = new[] { SecurityConst.ROLE_DOMAIN_ADMIN }
            };
            var pass = string.IsNullOrWhiteSpace(record.Password) ? PasswordManager.Generate() : record.Password;

            if (!PasswordManager.GetPolicy(pass).Ok)
            {
                throw new SecurityException("password not match policy");
            }

            PasswordManager.SetPassword(user, pass, true);
            Users.Store(user);

            result.GeneratedSysName  = record.SysName;
            result.GeneratedPassword = pass;
            result.Group             = group;
            result.User = user;
        }