Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using EleWise.ELMA.Cache;
- using EleWise.ELMA.ComponentModel;
- using EleWise.ELMA.Extensions;
- using EleWise.ELMA.IntegrationLdap.Settings;
- using EleWise.ELMA.Logging;
- using EleWise.ELMA.Model.Attributes;
- using EleWise.ELMA.Runtime.Managers;
- using EleWise.ELMA.Security.Managers;
- using EleWise.ELMA.Security.Models;
- using EleWise.ELMA.Security.Services;
- using EleWise.ELMA.Services;
- using EleWise.ELMA.Threading;
- using EleWise.ELMA.ConfigurationModel;
- using System;
- using System.Collections.Generic;
- using System.DirectoryServices;
- using System.Linq;
- using System.Threading;
- using EleWise.ELMA;
- using EleWise.ELMA.IntegrationLdap;
- using EleWise.ELMA.IntegrationLdap.Services;
- namespace AlfaLdapExtension
- {
- [Service]
- public class TrickyLdapService :ILdapService
- {
- private static readonly ILogger IntegrationLdapLog = Logger.GetLogger("ElmaIntegrationLdap");
- private ICacheService CacheService
- {
- get
- {
- return Locator.GetServiceNotNull<ICacheService>();
- }
- }
- /// <summary>
- /// Получение строки поиска пользователя по доменному имени
- /// </summary>
- private string GetSearchStringDN(LdapExternalMembershipModuleSettings settings, string searchString)
- {
- if (string.IsNullOrWhiteSpace(settings.LdapParamLogin))
- {
- throw new ArgumentNullException("LdapLogin");
- }
- if (string.IsNullOrWhiteSpace(searchString))
- {
- throw new ArgumentNullException("Login");
- }
- var text = string.Format("({0}={1})", settings.LdapParamLogin, searchString);
- if (!string.IsNullOrWhiteSpace(settings.LdapAuthFilter))
- {
- text = string.Format("(&{0}{1})", settings.LdapAuthFilter, text);
- }
- return text;
- }
- /// <summary>
- /// Получение произвольной строки поиска
- /// </summary>
- private string GetSearchString(LdapExternalMembershipModuleSettings settings, string searchString)
- {
- var text = "";
- if (!string.IsNullOrWhiteSpace(searchString))
- {
- if (string.IsNullOrWhiteSpace(settings.LdapParamLogin))
- {
- throw new ArgumentNullException("LdapLogin");
- }
- text = string.Format("({0}=*{1}*)", settings.LdapParamLogin, searchString);
- if (!string.IsNullOrWhiteSpace(settings.LdapParamName))
- {
- text = string.Format("(|({0}=*{1}*){2})", settings.LdapParamName, searchString, text);
- }
- if (!string.IsNullOrWhiteSpace(settings.LdapParamSecond))
- {
- text = string.Format("(|({0}=*{1}*){2})", settings.LdapParamSecond, searchString, text);
- }
- if (!string.IsNullOrWhiteSpace(settings.LdapEMail))
- {
- text = string.Format("(|({0}=*{1}*){2})", settings.LdapEMail, searchString, text);
- }
- if (!string.IsNullOrWhiteSpace(settings.LdapParamMiddle))
- {
- text = string.Format("(|({0}=*{1}*){2})", settings.LdapParamMiddle, searchString, text);
- }
- if (!string.IsNullOrWhiteSpace(settings.LdapAuthFilter))
- {
- text = string.Format("(&{0}{1})", settings.LdapAuthFilter, text);
- }
- }
- else if (!string.IsNullOrWhiteSpace(settings.LdapAuthFilter))
- {
- text = string.Format("{0}", settings.LdapAuthFilter);
- }
- return text;
- }
- /// <summary>
- /// Преобразование шаблона авторизации
- /// </summary>
- private string SetLoginTemplate(SearchResult searchResult, LdapExternalMembershipModuleSettings settings)
- {
- if (settings.UseForest && settings.LdapDomainTemplate != null && settings.LdapDomainTemplate.Contains("{$login}"))
- {
- return settings.LdapDomainTemplate.Replace("{$login}", searchResult.Properties[settings.LdapParamLogin][0].ToString());
- }
- return searchResult.Properties[settings.LdapParamLogin][0].ToString();
- }
- /// <summary>
- /// Считывание данных о пользователе из результата поиска
- /// </summary>
- private IUser ReadUserParam(SearchResult searchResult, LdapExternalMembershipModuleSettings settings)
- {
- var user = UserManager.Instance.Create();
- try
- {
- user.UserName = SetLoginTemplate(searchResult, settings);
- }
- catch (Exception exception)
- {
- var message = string.Format("Login read fail. Param: {0}", settings.LdapParamLogin);
- IntegrationLdapLog.Debug(message, exception);
- }
- ReadUserParam(searchResult, settings, user);
- return user;
- }
- /// <summary>
- /// Считывание данных о пользователе из результата поиска
- /// </summary>
- private bool ReadUserParam(SearchResult searchResult, LdapExternalMembershipModuleSettings settings, IUser user)
- {
- var result = false;
- #region Поля из стандартного модуля
- try
- {
- var text = searchResult.Properties[settings.LdapParamName][0].ToString();
- if (user.FirstName != text)
- {
- user.FirstName = text;
- result = true;
- }
- }
- catch (Exception message)
- {
- IntegrationLdapLog.Debug(message);
- }
- try
- {
- var text2 = searchResult.Properties[settings.LdapParamSecond][0].ToString();
- if (user.LastName != text2)
- {
- user.LastName = text2;
- result = true;
- }
- }
- catch (Exception message2)
- {
- IntegrationLdapLog.Debug(message2);
- }
- try
- {
- var text3 = searchResult.Properties[settings.LdapParamMiddle][0].ToString();
- if (user.MiddleName != text3)
- {
- user.MiddleName = text3;
- result = true;
- }
- }
- catch (Exception message3)
- {
- IntegrationLdapLog.Debug(message3);
- }
- var fullName = user.GetFullName();
- if (user.FullName != fullName)
- {
- user.FullName = fullName;
- result = true;
- }
- #endregion
- try
- {
- var text4 = searchResult.Properties[settings.LdapEMail][0].ToString();
- if (user.EMail != text4)
- {
- user.EMail = text4;
- result = true;
- }
- }
- catch (Exception exception)
- {
- var message4 = string.Format("Email read fail. Param: {0}", settings.LdapEMail);
- IntegrationLdapLog.Debug(message4, exception);
- }
- #region Загрузка города
- try
- {
- var city = searchResult.Properties["l"][0].ToString();
- var userExt = user as IUserExt;
- if (userExt.City != city)
- {
- userExt.City = city;
- }
- }
- catch (Exception message3)
- {
- IntegrationLdapLog.Debug(message3);
- }
- #endregion
- return result;
- }
- /// <summary>
- /// Узел/объект LDAP
- /// </summary>
- private DirectoryEntry GetDirectoryEntry(LdapExternalMembershipModuleSettings settings)
- {
- if (settings == null)
- {
- throw new Exception(SR.T("Отсутствуют настройки LDAP"));
- }
- return new DirectoryEntry
- {
- Path = "LDAP://" + settings.LdapUrl + "/" + settings.LdapPath,
- AuthenticationType = (AuthenticationTypes)settings.LdapAuthType,
- Username = settings.LdapLogin,
- Password = settings.LdapPassword
- };
- }
- /// <summary>
- /// Получение строки поиска для пользователя
- /// </summary>
- private string GetUserSearchString(LdapExternalMembershipModuleSettings settings, string searchString)
- {
- var text = "";
- if (!string.IsNullOrWhiteSpace(searchString))
- {
- if (string.IsNullOrWhiteSpace(settings.LdapParamLogin))
- {
- throw new ArgumentNullException("LdapLogin");
- }
- text = string.Format("({0}={1})", settings.LdapParamLogin, searchString);
- if (!string.IsNullOrWhiteSpace(settings.LdapAuthFilter))
- {
- text = string.Format("(&{0}{1})", settings.LdapAuthFilter, text);
- }
- }
- return text;
- }
- private string SyncUsersStatusKey(Guid serviceUid)
- {
- return string.Format("SyncUsersStatusKey{0}", serviceUid.ToString("n"));
- }
- private void AuthProviderSyncStatusSave(bool syncStatus, Guid serviceUid)
- {
- if (!syncStatus)
- {
- CacheService.Remove(SyncUsersStatusKey(serviceUid));
- return;
- }
- CacheService.Insert(SyncUsersStatusKey(serviceUid), true);
- }
- private void ExecuteSync(Guid serviceUid, LdapExternalMembershipModuleSettings settings, bool isAuto)
- {
- if (AuthProviderSyncRunning(serviceUid))
- {
- return;
- }
- AuthProviderSyncStatusSave(true, serviceUid);
- try
- {
- var users = new Dictionary<string, IUser>();
- var list = DataAccessManager.BLOBManager.GetBLOB<List<string>>(serviceUid, "BlockedUsers") ?? new List<string>();
- var userSearchString = GetUserSearchString(settings, "");
- using (var directoryEntry = GetDirectoryEntry(settings))
- {
- using (var directorySearcher = new DirectorySearcher(directoryEntry, GetSearchString(settings, userSearchString))
- {
- PageSize = 1000
- })
- {
- using (var searchResultCollection = directorySearcher.FindAll())
- {
- var enumeration = UserManager.Instance.Find(u => u.AuthProviderGuid == serviceUid).GroupBy(u => u.UserName, StringComparer.InvariantCultureIgnoreCase);
- enumeration.ForEach(delegate (IGrouping<string, IUser> g)
- {
- if (g.Count() != 1)
- {
- IntegrationLdapLog.Debug(SR.T("Ошибка синхронизации с LDAP: найдено несколько пользователей с UserName {0}", new object[]
- {
- g.Key
- }));
- return;
- }
- users.Add(g.Key.ToLower(), g.First());
- });
- if (isAuto)
- {
- DataAccessManager.BLOBManager.SetBLOB(serviceUid, IntegrationLdapConstants.LastAutoSyncKey, DateTime.Now);
- }
- DataAccessManager.BLOBManager.SetBLOB(serviceUid, IntegrationLdapConstants.LastSyncKey, DateTime.Now);
- var flag = false;
- foreach (SearchResult searchResult in searchResultCollection)
- {
- try
- {
- var key = searchResult.Properties[settings.LdapParamLogin][0].ToString().ToLower();
- IUser user;
- if (users.TryGetValue(key, out user))
- {
- if (user.Status == UserStatus.Active || list.Contains(user.UserName) || list.Contains(user.Uid.ToString("n")))
- {
- user.Status = UserStatus.Active;
- list.Remove(user.UserName);
- list.Remove(user.Uid.ToString("n"));
- flag = true;
- ReadUserParam(searchResult, settings, user);
- }
- users.Remove(key);
- }
- }
- catch (Exception ex)
- {
- var message = string.Format("{0}: {1}", SR.T("Не удалось получить пользователя из LDAP"), ex.Message);
- IntegrationLdapLog.Debug(message, ex);
- }
- }
- foreach (var current in users.Values)
- {
- current.Status = UserStatus.Blocked;
- if (!list.Contains(current.Uid.ToString("n")))
- {
- list.Add(current.Uid.ToString("n"));
- }
- flag = true;
- }
- if (flag)
- {
- DataAccessManager.BLOBManager.SetBLOB(serviceUid, "BlockedUsers", list);
- }
- }
- }
- }
- }
- catch (Exception ex2)
- {
- var message2 = string.Format("{0}: {1}", SR.T("Ошибка синхронизации с LDAP"), ex2.Message);
- IntegrationLdapLog.Error(message2, ex2);
- }
- finally
- {
- AuthProviderSyncStatusSave(false, serviceUid);
- }
- }
- /// <summary>
- /// Проверка на наличие запущенной синхронизации
- /// </summary>
- public bool AuthProviderSyncRunning(Guid serviceUid)
- {
- bool flag;
- return CacheService.TryGetValue(SyncUsersStatusKey(serviceUid), out flag) && flag;
- }
- /// <summary>
- /// Запуск ручной синхронизации в отдельном потоке
- /// </summary>
- public void AuthProviderManualSyncStart(Guid serviceUid)
- {
- AuthProviderSyncStart(serviceUid, false);
- }
- /// <summary>
- /// Запуск автосинхронизации в отдельном потоке
- /// </summary>
- public void AuthProviderAutoSyncStart(Guid serviceUid)
- {
- AuthProviderSyncStart(serviceUid, true);
- }
- /// <summary>
- /// Запуск синхронизации в отдельном потоке
- /// </summary>
- private void AuthProviderSyncStart(Guid serviceUid, bool isAuto)
- {
- new Thread((ThreadStart)delegate
- {
- new BackgroundTask(delegate
- {
- AuthProviderSync(serviceUid, isAuto);
- }, typeof(ILdapService), SR.T("Синхронизация импортированных пользователей"), SR.T("Синхронизация параметров импортированных пользователей ...")).Execute();
- }).Start();
- }
- /// <summary>
- /// Запуск синхронизации
- /// </summary>
- [Transaction]
- protected virtual void AuthProviderSync(Guid serviceUid, bool isAuto)
- {
- var ldapExternalMembershipModuleSettings = Locator.GetServiceNotNull<IExternalMembershipManager>().LoadSettings(serviceUid) as LdapExternalMembershipModuleSettings;
- if (ldapExternalMembershipModuleSettings != null)
- {
- ExecuteSync(serviceUid, ldapExternalMembershipModuleSettings, isAuto);
- }
- }
- /// <summary>
- /// Получить дату последней синхронизации
- /// </summary>
- public DateTime? GetLastSyncDate(Guid serviceUid)
- {
- return DataAccessManager.BLOBManager.GetBLOB<DateTime?>(serviceUid, IntegrationLdapConstants.LastSyncKey);
- }
- /// <summary>
- /// Заполнение свойств пользователя данными из LDAP
- /// </summary>
- public void Sync(EleWise.ELMA.Security.IUser user, LdapExternalMembershipModuleSettings settings)
- {
- if (user == null)
- {
- IntegrationLdapLog.Debug("Synchronization Error: user is null");
- return;
- }
- if (settings == null)
- {
- IntegrationLdapLog.Debug(SR.T("Отсутствуют настройки LDAP"));
- return;
- }
- if (string.IsNullOrWhiteSpace(settings.LdapUrl))
- {
- IntegrationLdapLog.Error(SR.T("Отсутствует адрес LDAP сервера"));
- return;
- }
- using (var directoryEntry = GetDirectoryEntry(settings))
- {
- var userSearchString = GetUserSearchString(settings, user.UserName);
- if (string.IsNullOrWhiteSpace(userSearchString))
- {
- IntegrationLdapLog.Debug(string.Format("Synchronization Error: can't read from LDAP {0}", user.UserName));
- }
- else
- {
- using (var directorySearcher = new DirectorySearcher(directoryEntry, userSearchString))
- {
- using (var searchResultCollection = directorySearcher.FindAll())
- {
- if (searchResultCollection != null && searchResultCollection.Count > 0)
- {
- ReadUserParam(searchResultCollection[0], settings, (IUser)user);
- }
- else
- {
- IntegrationLdapLog.Debug(SR.T("Не удалось получить дополнительную информацию о пользователе LDAP"));
- }
- }
- }
- }
- }
- }
- /// <summary>
- /// Валидация по Distinguished Names
- /// </summary>
- public bool ValidatingDN(UserValidationContext context, LdapExternalMembershipModuleSettings settings)
- {
- return ValidatingDN(context.User.UserName, context.Password, settings);
- }
- /// <summary>
- /// Валидация по доменному имени
- /// </summary>
- public bool ValidatingTemplate(UserValidationContext context, LdapExternalMembershipModuleSettings settings)
- {
- return ValidatingTemplate(context.User.UserName, context.Password, settings);
- }
- /// <summary>
- /// Валидация по Distinguished Names
- /// </summary>
- public bool ValidatingDN(string userName, string password, LdapExternalMembershipModuleSettings settings)
- {
- if (settings == null || string.IsNullOrWhiteSpace(settings.LdapUrl))
- {
- IntegrationLdapLog.Debug(SR.T("Отсутствуют настройки LDAP"));
- return false;
- }
- if (settings == null)
- {
- throw new Exception(SR.T("Отсутствуют настройки LDAP"));
- }
- bool result;
- using (var directoryEntry = new DirectoryEntry
- {
- Path = "LDAP://" + settings.LdapUrl + "/" + settings.LdapPath,
- AuthenticationType = (AuthenticationTypes)settings.LdapAuthType,
- Username = settings.LdapLogin,
- Password = settings.LdapPassword
- })
- {
- using (var directorySearcher = new DirectorySearcher(directoryEntry, GetSearchStringDN(settings, userName)))
- {
- using (var searchResultCollection = directorySearcher.FindAll())
- {
- if (searchResultCollection == null)
- {
- throw new Exception("searchResultCollection == null");
- }
- if (searchResultCollection.Count == 0)
- {
- throw new Exception("User not found in LDAP");
- }
- if (searchResultCollection.Count > 1)
- {
- throw new Exception("It is more than one user in LDAP");
- }
- var searchResult = searchResultCollection[0];
- if ((settings.LdapAuthType == 0 || settings.LdapAuthType == 4) && string.IsNullOrEmpty(password))
- {
- result = false;
- }
- else
- {
- using (var directoryEntry2 = new DirectoryEntry
- {
- Path = searchResult.Path,
- AuthenticationType = (AuthenticationTypes)settings.LdapAuthType,
- Username = searchResult.Path.Remove(0, ("LDAP://" + settings.LdapUrl + "/").Length),
- Password = password
- })
- {
- var arg_161_0 = directoryEntry2.NativeObject;
- }
- result = true;
- }
- }
- }
- }
- return result;
- }
- /// <summary>
- /// Валидация по доменному имени
- /// </summary>
- public bool ValidatingTemplate(string userName, string password, LdapExternalMembershipModuleSettings settings)
- {
- if (settings == null || string.IsNullOrWhiteSpace(settings.LdapUrl))
- {
- IntegrationLdapLog.Debug(SR.T("Отсутствуют настройки LDAP"));
- return false;
- }
- if ((settings.LdapAuthType == 0 || settings.LdapAuthType == 4) && string.IsNullOrEmpty(password))
- {
- return false;
- }
- var username = (settings.LdapAuthLogin == null) ? userName : settings.LdapAuthLogin.Replace("{$login}", userName);
- using (var directoryEntry = new DirectoryEntry
- {
- Path = "LDAP://" + settings.LdapUrl + "/" + settings.LdapPath,
- AuthenticationType = (AuthenticationTypes)settings.LdapAuthType,
- Username = username,
- Password = password
- })
- {
- var arg_A7_0 = directoryEntry.NativeObject;
- }
- return true;
- }
- /// <summary>
- /// Поиск пользователей в LDAP
- /// </summary>
- public IEnumerable<EleWise.ELMA.Security.IUser> FindUsers(string searchString, LdapExternalMembershipModuleSettings settings, Guid serviceUid)
- {
- var list = new List<EleWise.ELMA.Security.IUser>();
- try
- {
- if (searchString == null)
- {
- return list;
- }
- if (settings == null)
- {
- throw new Exception(SR.T("Отсутствуют настройки LDAP"));
- }
- if (string.IsNullOrWhiteSpace(settings.LdapUrl))
- {
- throw new Exception(SR.T("Отсутствует адрес LDAP сервера"));
- }
- if (string.IsNullOrWhiteSpace(settings.LdapParamLogin))
- {
- throw new Exception(SR.T("Отсутствует настройка параметра \"Логин\""));
- }
- using (var directoryEntry = GetDirectoryEntry(settings))
- {
- using (var directorySearcher = new DirectorySearcher(directoryEntry, GetSearchString(settings, searchString))
- {
- PageSize = 1000,
- CacheResults = false
- })
- {
- using (var searchResultCollection = directorySearcher.FindAll())
- {
- foreach (SearchResult searchResult in searchResultCollection)
- {
- try
- {
- var user = ReadUserParam(searchResult, settings);
- user.AuthProviderGuid = serviceUid;
- list.Add(user);
- }
- catch (Exception ex)
- {
- var message = string.Format("{0}: {1}", "Import user from LDAP failed", ex.Message);
- IntegrationLdapLog.Error(message, ex);
- }
- }
- }
- }
- }
- }
- catch (Exception ex2)
- {
- var message2 = string.Format("{0}: {1}", SR.T("Не удалось получить список пользователей из LDAP"), ex2.Message);
- IntegrationLdapLog.Debug(message2, ex2);
- throw new Exception(message2);
- }
- return list;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement