Do not return password form Enterprise Service Methods
This commit is contained in:
alexY2004
parent
e93d354058
commit
db16c927cb
15 changed files with 129 additions and 61 deletions
|
|
@ -69,7 +69,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
protected override string AuthenticateToken(UsernameToken token)
|
||||
{
|
||||
// try to load user account
|
||||
UserInfo user = UserController.GetUserInternally(token.Username);
|
||||
UserInfoInternal user = UserController.GetUserInternally(token.Username);
|
||||
if (user == null)
|
||||
return null;
|
||||
|
||||
|
|
|
|||
|
|
@ -182,7 +182,7 @@ namespace WebsitePanel.Ecommerce.EnterpriseServer.ContractSystem
|
|||
//
|
||||
if (customerId > -1)
|
||||
{
|
||||
ES.UserInfo userInfo = (internally) ? ES.UserController.GetUserInternally(customerId) :
|
||||
ES.UserInfoInternal userInfo = (internally) ? ES.UserController.GetUserInternally(customerId) :
|
||||
ES.UserController.GetUser(customerId);
|
||||
//
|
||||
if (internally)
|
||||
|
|
|
|||
|
|
@ -520,12 +520,12 @@ namespace WebsitePanel.Ecommerce.EnterpriseServer
|
|||
return settings;
|
||||
}
|
||||
|
||||
private CommandParams PrepeareAccountParams(UserInfo userInfo)
|
||||
private CommandParams PrepeareAccountParams(UserInfo userInfo, string password)
|
||||
{
|
||||
CommandParams args = new CommandParams();
|
||||
|
||||
args[CommandParams.USERNAME] = userInfo.Username;
|
||||
args[CommandParams.PASSWORD] = userInfo.Password;
|
||||
args[CommandParams.PASSWORD] = password;
|
||||
args[CommandParams.FIRST_NAME] = userInfo.FirstName;
|
||||
args[CommandParams.LAST_NAME] = userInfo.LastName;
|
||||
args[CommandParams.EMAIL] = userInfo.Email;
|
||||
|
|
|
|||
|
|
@ -113,7 +113,7 @@ namespace WebsitePanel.Ecommerce.EnterpriseServer
|
|||
// create user account
|
||||
ES.UserInfo userInfo = new ES.UserInfo();
|
||||
userInfo.Username = account[ContractAccount.USERNAME];
|
||||
userInfo.Password = account[ContractAccount.PASSWORD];
|
||||
// userInfo.Password = account[ContractAccount.PASSWORD];
|
||||
userInfo.Email = account[ContractAccount.EMAIL];
|
||||
userInfo.FirstName = account[ContractAccount.FIRST_NAME];
|
||||
userInfo.LastName = account[ContractAccount.LAST_NAME];
|
||||
|
|
@ -133,7 +133,7 @@ namespace WebsitePanel.Ecommerce.EnterpriseServer
|
|||
userInfo.OwnerId = contract.ResellerId;
|
||||
userInfo.Created = DateTime.Now;
|
||||
// create account
|
||||
int resultCode = ES.UserController.AddUser(userInfo, true);
|
||||
int resultCode = ES.UserController.AddUser(userInfo, true, account[ContractAccount.PASSWORD]);
|
||||
//
|
||||
if (resultCode > 0)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -422,7 +422,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
return result;
|
||||
|
||||
// load user info
|
||||
UserInfo user = UserController.GetUser(userId);
|
||||
UserInfoInternal user = UserController.GetUser(userId);
|
||||
|
||||
if (createFtpAccount)
|
||||
{
|
||||
|
|
@ -2086,7 +2086,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
items["user"] = user;
|
||||
|
||||
// get reseller details
|
||||
UserInfo reseller = UserController.GetUser(user.OwnerId);
|
||||
UserInfoInternal reseller = UserController.GetUser(user.OwnerId);
|
||||
if (reseller != null)
|
||||
{
|
||||
reseller.Password = "";
|
||||
|
|
@ -2123,7 +2123,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
items["user"] = user;
|
||||
|
||||
// get reseller details
|
||||
UserInfo reseller = UserController.GetUser(user.OwnerId);
|
||||
UserInfoInternal reseller = UserController.GetUser(user.OwnerId);
|
||||
if (reseller != null)
|
||||
{
|
||||
reseller.Password = "";
|
||||
|
|
|
|||
|
|
@ -112,10 +112,12 @@ namespace WebsitePanel.EnterpriseServer
|
|||
UserInfo user = PackageController.GetPackageOwner(item.PackageId);
|
||||
if (user != null)
|
||||
{
|
||||
UserInfoInternal userInternal = UserController.GetUserInternally(user.UserId);
|
||||
|
||||
site.StatisticsUrl = Utils.ReplaceStringVariable(site.StatisticsUrl, "username",
|
||||
HttpUtility.UrlEncode(user.Username));
|
||||
HttpUtility.UrlEncode(userInternal.Username));
|
||||
site.StatisticsUrl = Utils.ReplaceStringVariable(site.StatisticsUrl, "password",
|
||||
HttpUtility.UrlEncode(user.Password));
|
||||
HttpUtility.UrlEncode(userInternal.Password));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
try
|
||||
{
|
||||
// try to get user from database
|
||||
UserInfo user = GetUserInternally(username);
|
||||
UserInfoInternal user = GetUserInternally(username);
|
||||
|
||||
// check if the user exists
|
||||
if (user == null)
|
||||
|
|
@ -99,7 +99,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
|
||||
|
||||
// compare user passwords
|
||||
if (user.Password != password)
|
||||
if (CryptoUtils.SHA1(user.Password) != password)
|
||||
{
|
||||
if (lockOut >= 0)
|
||||
DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, false);
|
||||
|
|
@ -145,7 +145,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
try
|
||||
{
|
||||
// try to get user from database
|
||||
UserInfo user = GetUserInternally(username);
|
||||
UserInfoInternal user = GetUserInternally(username);
|
||||
|
||||
// check if the user exists
|
||||
if (user == null)
|
||||
|
|
@ -155,8 +155,8 @@ namespace WebsitePanel.EnterpriseServer
|
|||
}
|
||||
|
||||
// compare user passwords
|
||||
if (user.Password == password)
|
||||
return user;
|
||||
if (CryptoUtils.SHA1(user.Password) == password)
|
||||
return new UserInfo(user);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
|
@ -239,7 +239,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
items["Email"] = true;
|
||||
|
||||
// get reseller details
|
||||
UserInfo reseller = UserController.GetUser(user.OwnerId);
|
||||
UserInfoInternal reseller = UserController.GetUser(user.OwnerId);
|
||||
if (reseller != null)
|
||||
{
|
||||
reseller.Password = "";
|
||||
|
|
@ -264,10 +264,10 @@ namespace WebsitePanel.EnterpriseServer
|
|||
}
|
||||
}
|
||||
|
||||
internal static UserInfo GetUserInternally(int userId)
|
||||
internal static UserInfoInternal GetUserInternally(int userId)
|
||||
{
|
||||
// try to get user from database
|
||||
UserInfo user = ObjectUtils.FillObjectFromDataReader<UserInfo>(
|
||||
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
|
||||
DataProvider.GetUserByIdInternally(userId));
|
||||
|
||||
if (user != null)
|
||||
|
|
@ -275,10 +275,10 @@ namespace WebsitePanel.EnterpriseServer
|
|||
return user;
|
||||
}
|
||||
|
||||
internal static UserInfo GetUserInternally(string username)
|
||||
internal static UserInfoInternal GetUserInternally(string username)
|
||||
{
|
||||
// try to get user from database
|
||||
UserInfo user = ObjectUtils.FillObjectFromDataReader<UserInfo>(
|
||||
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
|
||||
DataProvider.GetUserByUsernameInternally(username));
|
||||
|
||||
if (user != null)
|
||||
|
|
@ -288,10 +288,10 @@ namespace WebsitePanel.EnterpriseServer
|
|||
return user;
|
||||
}
|
||||
|
||||
public static UserInfo GetUser(int userId)
|
||||
public static UserInfoInternal GetUser(int userId)
|
||||
{
|
||||
// try to get user from database
|
||||
UserInfo user = ObjectUtils.FillObjectFromDataReader<UserInfo>(
|
||||
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
|
||||
DataProvider.GetUserById(SecurityContext.User.UserId, userId));
|
||||
|
||||
if (user != null)
|
||||
|
|
@ -299,10 +299,10 @@ namespace WebsitePanel.EnterpriseServer
|
|||
return user;
|
||||
}
|
||||
|
||||
public static UserInfo GetUser(string username)
|
||||
public static UserInfoInternal GetUser(string username)
|
||||
{
|
||||
// try to get user from database
|
||||
UserInfo user = ObjectUtils.FillObjectFromDataReader<UserInfo>(
|
||||
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
|
||||
DataProvider.GetUserByUsername(SecurityContext.User.UserId, username));
|
||||
|
||||
if (user != null)
|
||||
|
|
@ -381,7 +381,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
return DataProvider.GetUsers(SecurityContext.User.UserId, ownerId, recursive);
|
||||
}
|
||||
|
||||
public static int AddUser(UserInfo user, bool sendLetter)
|
||||
public static int AddUser(UserInfo user, bool sendLetter, string password)
|
||||
{
|
||||
// check account
|
||||
int accountCheck = SecurityContext.CheckAccount(DemandAccount.NotDemo);
|
||||
|
|
@ -424,7 +424,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
user.IsPeer,
|
||||
user.Comments,
|
||||
user.Username.Trim(),
|
||||
CryptoUtils.Encrypt(user.Password),
|
||||
CryptoUtils.Encrypt(password),
|
||||
user.FirstName,
|
||||
user.LastName,
|
||||
user.Email,
|
||||
|
|
|
|||
|
|
@ -119,11 +119,11 @@ namespace WebsitePanel.EnterpriseServer
|
|||
user.Email = email;
|
||||
user.SecondaryEmail = secondaryEmail;
|
||||
user.Username = username;
|
||||
user.Password = password;
|
||||
// user.Password = password;
|
||||
user.HtmlMail = htmlMail;
|
||||
|
||||
// add a new user
|
||||
createdUserId = UserController.AddUser(user, false);
|
||||
createdUserId = UserController.AddUser(user, false, password);
|
||||
if (createdUserId < 0)
|
||||
{
|
||||
// exit
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue