zydronium/websitepanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Websitepanel user account lockout and state management added

Browse source
This commit is contained in:
robvde 2012-07-30 11:19:50 +04:00
parent 008fc296d5
commit 72348041f0
27 changed files with 1705 additions and 373 deletions
Download patch file Download diff file Expand all files Collapse all files

23
WebsitePanel/Sources/WebsitePanel.EnterpriseServer/Code/Data/DataProvider.cs
View file

@ -190,7 +190,7 @@ namespace WebsitePanel.EnterpriseServer
new SqlParameter("@Username", username));
}
public static int AddUser(int actorId, int ownerId, int roleId, int statusId, bool isDemo,
public static int AddUser(int actorId, int ownerId, int roleId, int statusId, int loginStatusId, bool isDemo,
bool isPeer, string comments, string username, string password,
string firstName, string lastName, string email, string secondaryEmail,
string address, string city, string country, string state, string zip,
@ -208,6 +208,7 @@ namespace WebsitePanel.EnterpriseServer
new SqlParameter("@OwnerID", ownerId),
new SqlParameter("@RoleID", roleId),
new SqlParameter("@StatusId", statusId),
new SqlParameter("@LoginStatusId", loginStatusId),
new SqlParameter("@IsDemo", isDemo),
new SqlParameter("@IsPeer", isPeer),
new SqlParameter("@Comments", comments),
@ -227,13 +228,13 @@ namespace WebsitePanel.EnterpriseServer
new SqlParameter("@fax", fax),
new SqlParameter("@instantMessenger", instantMessenger),
new SqlParameter("@htmlMail", htmlMail),
new SqlParameter("@CompanyName", companyName),
new SqlParameter("@EcommerceEnabled", ecommerceEnabled));
new SqlParameter("@CompanyName", companyName),
new SqlParameter("@EcommerceEnabled", ecommerceEnabled));
return Convert.ToInt32(prmUserId.Value);
}
public static void UpdateUser(int actorId, int userId, int roleId, int statusId, bool isDemo,
public static void UpdateUser(int actorId, int userId, int roleId, int statusId, int loginStatusId, bool isDemo,
bool isPeer, string comments, string firstName, string lastName, string email, string secondaryEmail,
string address, string city, string country, string state, string zip,
string primaryPhone, string secondaryPhone, string fax, string instantMessenger, bool htmlMail,
@ -245,6 +246,7 @@ namespace WebsitePanel.EnterpriseServer
new SqlParameter("@ActorId", actorId),
new SqlParameter("@RoleID", roleId),
new SqlParameter("@StatusId", statusId),
new SqlParameter("@LoginStatusId", loginStatusId),
new SqlParameter("@UserID", userId),
new SqlParameter("@IsDemo", isDemo),
new SqlParameter("@IsPeer", isPeer),
@ -263,11 +265,20 @@ namespace WebsitePanel.EnterpriseServer
new SqlParameter("@fax", fax),
new SqlParameter("@instantMessenger", instantMessenger),
new SqlParameter("@htmlMail", htmlMail),
new SqlParameter("@CompanyName", companyName),
new SqlParameter("@EcommerceEnabled", ecommerceEnabled),
new SqlParameter("@CompanyName", companyName),
new SqlParameter("@EcommerceEnabled", ecommerceEnabled),
new SqlParameter("@AdditionalParams", additionalParams));
}
public static void UpdateUserFailedLoginAttempt(int userId, int lockOut, bool reset)
{
SqlHelper.ExecuteNonQuery(ConnectionString, CommandType.StoredProcedure,
ObjectQualifier + "UpdateUserFailedLoginAttempt",
new SqlParameter("@UserID", userId),
new SqlParameter("@LockOut", lockOut),
new SqlParameter("@Reset", reset));
}
public static void DeleteUser(int actorId, int userId)
{
SqlHelper.ExecuteNonQuery(ConnectionString, CommandType.StoredProcedure,

124
WebsitePanel/Sources/WebsitePanel.EnterpriseServer/Code/Users/UserController.cs
View file

@ -49,56 +49,92 @@ namespace WebsitePanel.EnterpriseServer
return (user != null);
}
public static int AuthenticateUser(string username, string password, string ip)
{
// start task
TaskManager.StartTask("USER", "AUTHENTICATE", username);
TaskManager.WriteParameter("IP", ip);
public static int AuthenticateUser(string username, string password, string ip)
{
// start task
TaskManager.StartTask("USER", "AUTHENTICATE", username);
TaskManager.WriteParameter("IP", ip);
try
{
// try to get user from database
UserInfo user = GetUserInternally(username);
try
{
// try to get user from database
UserInfo user = GetUserInternally(username);
// check if the user exists
if (user == null)
{
TaskManager.WriteWarning("Wrong username");
return BusinessErrorCodes.ERROR_USER_WRONG_USERNAME;
}
// check if the user exists
if (user == null)
{
TaskManager.WriteWarning("Wrong username");
return BusinessErrorCodes.ERROR_USER_WRONG_USERNAME;
}
// compare user passwords
if (user.Password != password)
{
TaskManager.WriteWarning("Wrong password");
return BusinessErrorCodes.ERROR_USER_WRONG_PASSWORD;
}
// check if the user is disabled
if (user.LoginStatus == UserLoginStatus.Disabled)
{
TaskManager.WriteWarning("User disabled");
return BusinessErrorCodes.ERROR_USER_ACCOUNT_DISABLED;
}
// check status
if (user.Status == UserStatus.Cancelled)
{
TaskManager.WriteWarning("Account cancelled");
return BusinessErrorCodes.ERROR_USER_ACCOUNT_CANCELLED;
}
// check if the user is locked out
if (user.LoginStatus == UserLoginStatus.LockedOut)
{
TaskManager.WriteWarning("User locked out");
return BusinessErrorCodes.ERROR_USER_ACCOUNT_LOCKEDOUT;
}
if (user.Status == UserStatus.Pending)
{
TaskManager.WriteWarning("Account pending");
return BusinessErrorCodes.ERROR_USER_ACCOUNT_PENDING;
}
//Get the password policy
UserSettings userSettings = UserController.GetUserSettings(user.UserId, UserSettings.WEBSITEPANEL_POLICY);
int lockOut = -1;
return 0;
if (!string.IsNullOrEmpty(userSettings["PasswordPolicy"]))
{
string passwordPolicy = userSettings["PasswordPolicy"];
try
{
// parse settings
string[] parts = passwordPolicy.Split(';');
lockOut = Convert.ToInt32(parts[7]);
}
catch { /* skip */ }
}
}
catch (Exception ex)
{
throw TaskManager.WriteError(ex);
}
finally
{
TaskManager.CompleteTask();
}
}
// compare user passwords
if (user.Password != password)
{
if (lockOut >= 0)
DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, false);
TaskManager.WriteWarning("Wrong password");
return BusinessErrorCodes.ERROR_USER_WRONG_PASSWORD;
}
else
DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, true);
// check status
if (user.Status == UserStatus.Cancelled)
{
TaskManager.WriteWarning("Account cancelled");
return BusinessErrorCodes.ERROR_USER_ACCOUNT_CANCELLED;
}
if (user.Status == UserStatus.Pending)
{
TaskManager.WriteWarning("Account pending");
return BusinessErrorCodes.ERROR_USER_ACCOUNT_PENDING;
}
return 0;
}
catch (Exception ex)
{
throw TaskManager.WriteError(ex);
}
finally
{
TaskManager.CompleteTask();
}
}
public static UserInfo GetUserByUsernamePassword(string username, string password, string ip)
{
@ -382,6 +418,7 @@ namespace WebsitePanel.EnterpriseServer
user.OwnerId,
user.RoleId,
user.StatusId,
user.LoginStatusId,
user.IsDemo,
user.IsPeer,
user.Comments,
@ -525,6 +562,7 @@ namespace WebsitePanel.EnterpriseServer
user.UserId,
user.RoleId,
user.StatusId,
user.LoginStatusId,
user.IsDemo,
user.IsPeer,
user.Comments,