UI plumbing change UPN

Fixed: ExchangeAccount Password stored unencrypted when setting primary email address
2012-11-23 18:42:11 +04:00 · 2012-11-23 18:42:11 +04:00 · 8a4159a0ff
commit 8a4159a0ff
parent 95d0623ce3
9 changed files with 75 additions and 35 deletions
--- a/WebsitePanel/Database/update_db.sql
+++ b/WebsitePanel/Database/update_db.sql
@ -6957,3 +6957,10 @@ AS
 	RETURN @Result'
 END
 GO
 IF NOT EXISTS (SELECT * FROM [dbo].[Quotas] WHERE [QuotaName] = 'HostedSolution.AllowChangeUPN')
 BEGIN
 INSERT [dbo].[Quotas] ([QuotaID], [GroupID], [QuotaOrder], [QuotaName], [QuotaDescription], [QuotaTypeID], [ServiceQuota], [ItemTypeID]) VALUES (230,	13,	4,	N'HostedSolution.AllowChangeUPN', N'Allow to Change UserPrincipalName',	1,	0, NULL)
 END
 GO
--- a/WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Base/Packages/Quotas.cs
+++ b/WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Base/Packages/Quotas.cs
@ -150,6 +150,7 @@ order by rg.groupOrder
        public const string ORGANIZATIONS = "HostedSolution.Organizations";
        public const string ORGANIZATION_USERS = "HostedSolution.Users";
        public const string ORGANIZATION_DOMAINS = "HostedSolution.Domains";
        public const string ORGANIZATION_ALLOWCHANGEUPN = "HostedSolution.AllowChangeUPN";
        public const string CRM_USERS = "HostedCRM.Users";
        public const string CRM_ORGANIZATION = "HostedCRM.Organization";
--- a/WebsitePanel/Sources/WebsitePanel.EnterpriseServer/Code/ExchangeServer/ExchangeServerController.cs
+++ b/WebsitePanel/Sources/WebsitePanel.EnterpriseServer/Code/ExchangeServer/ExchangeServerController.cs
@ -1818,6 +1818,7 @@ namespace WebsitePanel.EnterpriseServer
                account.AccountType = ExchangeAccountType.User;                
                account.MailEnabledPublicFolder = false;
                account.AccountPassword = null;
                UpdateAccount(account);
                DataProvider.DeleteUserEmailAddresses(account.AccountId, account.PrimaryEmailAddress);
@ -2129,6 +2130,7 @@ namespace WebsitePanel.EnterpriseServer
                }
 				// save account
                account.AccountPassword = null;
 				UpdateAccount(account);
 				return 0;
@ -2357,6 +2359,7 @@ namespace WebsitePanel.EnterpriseServer
                else account.MailboxManagerActions &= ~action;
                // update account
                account.AccountPassword = null;
                UpdateAccount(account);
                return 0;
@ -3193,6 +3196,7 @@ namespace WebsitePanel.EnterpriseServer
                // update account
                account.DisplayName = displayName;
                account.PrimaryEmailAddress = emailAddress;
                account.AccountPassword = null;
                UpdateAccount(account);
                return 0;
@ -3521,6 +3525,7 @@ namespace WebsitePanel.EnterpriseServer
                // update account
                account.DisplayName = displayName;
                account.AccountPassword = null;
                UpdateAccount(account);
                return 0;
@ -3741,6 +3746,7 @@ namespace WebsitePanel.EnterpriseServer
                    addressLists.ToArray());
                // save account
                account.AccountPassword = null;
                UpdateAccount(account);
                return 0;
@ -4143,6 +4149,7 @@ namespace WebsitePanel.EnterpriseServer
 				account.AccountName = accountName;
 				account.MailEnabledPublicFolder = true;
 				account.PrimaryEmailAddress = email;
                account.AccountPassword = null;
 				UpdateAccount(account);
 				// register e-mail
@ -4195,6 +4202,7 @@ namespace WebsitePanel.EnterpriseServer
 				// update and save account
 				account.MailEnabledPublicFolder = false;
 				account.PrimaryEmailAddress = "";
                account.AccountPassword = null;
 				UpdateAccount(account);
@ -4314,6 +4322,7 @@ namespace WebsitePanel.EnterpriseServer
 				{
 					// rename original folder
 					account.DisplayName = newFullName;
                    account.AccountPassword = null;
 					UpdateAccount(account);
 					// rename nested folders
@ -4531,6 +4540,7 @@ namespace WebsitePanel.EnterpriseServer
 					emailAddress);
 				// save account
                account.AccountPassword = null;
 				UpdateAccount(account);
 				return 0;
--- a/WebsitePanel/Sources/WebsitePanel.EnterpriseServer/Code/HostedSolution/OrganizationController.cs
+++ b/WebsitePanel/Sources/WebsitePanel.EnterpriseServer/Code/HostedSolution/OrganizationController.cs
@ -1735,7 +1735,7 @@ namespace WebsitePanel.EnterpriseServer
                if (!String.IsNullOrEmpty(password))
                    account.AccountPassword = CryptoUtils.Encrypt(password);
                else 
-                    account.AccountPassword = string.Empty;
+                    account.AccountPassword = null;
                UpdateAccount(account);
--- a/WebsitePanel/Sources/WebsitePanel.EnterpriseServer/Web.config
+++ b/WebsitePanel/Sources/WebsitePanel.EnterpriseServer/Web.config
@ -5,11 +5,19 @@
  </configSections>
  <!-- Connection strings -->
  <connectionStrings>
-        <add name="EnterpriseServer" connectionString="Server=(local)\SQLExpress;Database=WebsitePanel;uid=sa;pwd=Password12" providerName="System.Data.SqlClient" />
+    <!--
    <add name="EnterpriseServer" connectionString="server=HSTPROV01;database=WebsitePanelMerge;uid=WebsitePanel;pwd=aj7ep6fyhmw3b5qeth7c;" />
    <add name="EnterpriseServer" connectionString="server=HSTWSP01;database=WebsitePanelMerge;uid=WebsitePanel;pwd=pserxfbnlc6hwmdedbp0;" providerName="System.Data.SqlClient" />
    -->
    <add name="EnterpriseServer" connectionString="server=HSTPROV01;database=WebsitePanelMerge;uid=WebsitePanel;pwd=aj7ep6fyhmw3b5qeth7c;" />
  </connectionStrings>
  <appSettings>
-    <!-- Encryption util settings -->
+    <!-- A1D4KDHUE83NKHddF -->
-    <add key="WebsitePanel.CryptoKey" value="1234567890" />
+    <!--
    <add key="WebsitePanel.CryptoKey" value="3x7eqt7zabc5n5afs6dg" />
    <add key="WebsitePanel.CryptoKey" value="fr2ym4wn2gmbrj7dz336" />
    -->
    <add key="WebsitePanel.CryptoKey" value="3x7eqt7zabc5n5afs6dg" />
    <!-- A1D4KDHUE83NKHddF -->
    <add key="WebsitePanel.EncryptionEnabled" value="true" />
    <!-- Web Applications -->
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/App_GlobalResources/WebsitePanel_SharedResources.ascx.resx
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/App_GlobalResources/WebsitePanel_SharedResources.ascx.resx
@ -3263,6 +3263,9 @@
  <data name="Quota.HostedSolution.Users" xml:space="preserve">
    <value>Users per Organization</value>
  </data>
  <data name="Quota.HostedSolution.AllowChangeUPN" xml:space="preserve">
    <value>Allow to Change UserPrincipalName</value>
  </data>
  <data name="Quota.HostedSolution.Domains" xml:space="preserve">
    <value>Domains per Organization</value>
  </data>
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ExchangeServer/OrganizationUserGeneralSettings.ascx
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ExchangeServer/OrganizationUserGeneralSettings.ascx
@ -8,6 +8,7 @@
 <%@ Register Src="../UserControls/EnableAsyncTasksSupport.ascx" TagName="EnableAsyncTasksSupport" TagPrefix="wsp" %>
 <%@ Register Src="UserControls/Menu.ascx" TagName="Menu" TagPrefix="wsp" %>
 <%@ Register Src="UserControls/Breadcrumb.ascx" TagName="Breadcrumb" TagPrefix="wsp" %>
 <%@ Register Src="UserControls/EmailAddress.ascx" TagName="EmailAddress" TagPrefix="wsp" %>
@ -43,7 +44,10 @@
 					<table>
 						<tr>
 						    <td class="FormLabel150"> <asp:Localize ID="locUserPrincipalName" runat="server" meta:resourcekey="locUserPrincipalName" Text="Login Name:"></asp:Localize></td>
-						    <td><asp:Label runat="server" ID="lblUserPrincipalName" /></td>
+						    <td>
                                <asp:Label runat="server" ID="lblUserPrincipalName" />
                                <wsp:EmailAddress id="upn" runat="server" ValidationGroup="CreateMailbox"></wsp:EmailAddress>
 						    </td>
 						</tr>					   
 						<tr>
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ExchangeServer/OrganizationUserGeneralSettings.ascx.cs
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ExchangeServer/OrganizationUserGeneralSettings.ascx.cs
@ -120,6 +120,32 @@ namespace WebsitePanel.Portal.HostedSolution
                    }
                }
                if (cntx.Quotas.ContainsKey(Quotas.ORGANIZATION_ALLOWCHANGEUPN))
                {
                    if (cntx.Quotas[Quotas.ORGANIZATION_ALLOWCHANGEUPN].QuotaAllocatedValue != 1)
                    {
                        lblUserPrincipalName.Visible = true;
                        upn.Visible = false;
                    }
                    else
                    {
                        lblUserPrincipalName.Visible = false;
                        upn.Visible = true;
                        if (!string.IsNullOrEmpty(user.UserPrincipalName))
                        {
                            string[] Tmp = user.UserPrincipalName.Split('@');
                            upn.AccountName = Tmp[0];
                            if (Tmp.Length > 1)
                            {
                                upn.DomainName = Tmp[1];
                            }
                        }
                    }
                }
                if (user.Locked)
                    chkLocked.Enabled = true;
                else
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ExchangeServer/OrganizationUserGeneralSettings.ascx.designer.cs
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/ExchangeServer/OrganizationUserGeneralSettings.ascx.designer.cs
@ -1,31 +1,3 @@
 // Copyright (c) 2012, Outercurve Foundation.
 // All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without modification,
 // are permitted provided that the following conditions are met:
 //
 // - Redistributions of source code must  retain  the  above copyright notice, this
 //   list of conditions and the following disclaimer.
 //
 // - Redistributions in binary form  must  reproduce the  above  copyright  notice,
 //   this list of conditions  and  the  following  disclaimer in  the documentation
 //   and/or other materials provided with the distribution.
 //
 // - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
 //   contributors may be used to endorse or  promote  products  derived  from  this
 //   software without specific prior written permission.
 //
 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
 // WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
 // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
 // ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 // (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
 // LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
 // ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
 // (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
 // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
@ -139,6 +111,15 @@ namespace WebsitePanel.Portal.HostedSolution {
        /// </remarks>
        protected global::System.Web.UI.WebControls.Label lblUserPrincipalName;
        /// <summary>
        /// upn control.
        /// </summary>
        /// <remarks>
        /// Auto-generated field.
        /// To modify move field declaration from designer file to code-behind file.
        /// </remarks>
        protected global::WebsitePanel.Portal.ExchangeServer.UserControls.EmailAddress upn;
        /// <summary>
        /// locDisplayName control.
        /// </summary>