2019-05-15 14:56:09 +00:00
|
|
|
/*
|
|
|
|
|
*
|
|
|
|
|
* (c) Copyright Ascensio System Limited 2010-2018
|
|
|
|
|
*
|
|
|
|
|
* This program is freeware. You can redistribute it and/or modify it under the terms of the GNU
|
|
|
|
|
* General Public License (GPL) version 3 as published by the Free Software Foundation (https://www.gnu.org/copyleft/gpl.html).
|
|
|
|
|
* In accordance with Section 7(a) of the GNU GPL its Section 15 shall be amended to the effect that
|
|
|
|
|
* Ascensio System SIA expressly excludes the warranty of non-infringement of any third-party rights.
|
|
|
|
|
*
|
|
|
|
|
* THIS PROGRAM IS DISTRIBUTED WITHOUT ANY WARRANTY; WITHOUT EVEN THE IMPLIED WARRANTY OF MERCHANTABILITY OR
|
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE. For more details, see GNU GPL at https://www.gnu.org/copyleft/gpl.html
|
|
|
|
|
*
|
|
|
|
|
* You can contact Ascensio System SIA by email at sales@onlyoffice.com
|
|
|
|
|
*
|
|
|
|
|
* The interactive user interfaces in modified source and object code versions of ONLYOFFICE must display
|
|
|
|
|
* Appropriate Legal Notices, as required under Section 5 of the GNU GPL version 3.
|
|
|
|
|
*
|
|
|
|
|
* Pursuant to Section 7 § 3(b) of the GNU GPL you must retain the original ONLYOFFICE logo which contains
|
|
|
|
|
* relevant author attributions when distributing the software. If the display of the logo in its graphic
|
|
|
|
|
* form is not reasonably feasible for technical reasons, you must include the words "Powered by ONLYOFFICE"
|
|
|
|
|
* in every copy of the program you distribute.
|
|
|
|
|
* Pursuant to Section 7 § 3(e) we decline to grant you any rights under trademark law for use of our trademarks.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
using System;
|
2020-02-17 08:58:14 +00:00
|
|
|
using System.Text;
|
2020-01-15 15:22:43 +00:00
|
|
|
|
2020-02-17 08:58:14 +00:00
|
|
|
using ASC.Common;
|
2019-11-06 15:03:09 +00:00
|
|
|
using ASC.Common.Logging;
|
2019-08-15 12:04:42 +00:00
|
|
|
using ASC.Core;
|
2019-09-27 10:45:37 +00:00
|
|
|
using ASC.Core.Users;
|
2020-02-17 08:58:14 +00:00
|
|
|
using ASC.Web.Studio.Utility;
|
|
|
|
|
|
2019-09-27 10:45:37 +00:00
|
|
|
using Microsoft.AspNetCore.Http;
|
|
|
|
|
using Microsoft.AspNetCore.WebUtilities;
|
2019-11-06 15:03:09 +00:00
|
|
|
using Microsoft.Extensions.Configuration;
|
2020-02-17 08:58:14 +00:00
|
|
|
using Microsoft.Extensions.Options;
|
|
|
|
|
|
2019-11-06 15:03:09 +00:00
|
|
|
using static ASC.Security.Cryptography.EmailValidationKeyProvider;
|
|
|
|
|
|
2019-05-15 14:56:09 +00:00
|
|
|
namespace ASC.Security.Cryptography
|
|
|
|
|
{
|
|
|
|
|
public class EmailValidationKeyProvider
|
|
|
|
|
{
|
|
|
|
|
public enum ValidationResult
|
|
|
|
|
{
|
|
|
|
|
Ok,
|
|
|
|
|
Invalid,
|
|
|
|
|
Expired
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-17 15:55:35 +00:00
|
|
|
private readonly ILog log;
|
2019-11-06 15:03:09 +00:00
|
|
|
private static readonly DateTime _from = new DateTime(2010, 01, 01, 0, 0, 0, DateTimeKind.Utc);
|
2020-09-15 13:11:05 +00:00
|
|
|
internal readonly TimeSpan ValidInterval;
|
|
|
|
|
|
|
|
|
|
private MachinePseudoKeys MachinePseudoKeys { get; }
|
2020-08-12 09:58:08 +00:00
|
|
|
private TenantManager TenantManager { get; }
|
2019-09-27 10:45:37 +00:00
|
|
|
|
2020-09-15 13:11:05 +00:00
|
|
|
public EmailValidationKeyProvider(MachinePseudoKeys machinePseudoKeys, TenantManager tenantManager, IConfiguration configuration, IOptionsMonitor<ILog> options)
|
|
|
|
|
{
|
|
|
|
|
MachinePseudoKeys = machinePseudoKeys;
|
2019-11-06 15:03:09 +00:00
|
|
|
TenantManager = tenantManager;
|
2019-09-27 10:45:37 +00:00
|
|
|
if (!TimeSpan.TryParse(configuration["email:validinterval"], out var validInterval))
|
|
|
|
|
{
|
|
|
|
|
validInterval = TimeSpan.FromDays(7);
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-06 15:03:09 +00:00
|
|
|
ValidInterval = validInterval;
|
|
|
|
|
log = options.CurrentValue;
|
|
|
|
|
}
|
2019-09-17 12:42:32 +00:00
|
|
|
|
|
|
|
|
public string GetEmailKey(string email)
|
2019-05-15 14:56:09 +00:00
|
|
|
{
|
2019-09-17 12:42:32 +00:00
|
|
|
return GetEmailKey(TenantManager.GetCurrentTenant().TenantId, email);
|
2019-05-15 14:56:09 +00:00
|
|
|
}
|
|
|
|
|
|
2019-09-23 12:20:08 +00:00
|
|
|
public string GetEmailKey(int tenantId, string email)
|
2019-05-15 14:56:09 +00:00
|
|
|
{
|
|
|
|
|
if (string.IsNullOrEmpty(email)) throw new ArgumentNullException("email");
|
|
|
|
|
|
|
|
|
|
email = FormatEmail(tenantId, email);
|
|
|
|
|
|
|
|
|
|
var ms = (long)(DateTime.UtcNow - _from).TotalMilliseconds;
|
|
|
|
|
var hash = GetMashineHashedData(BitConverter.GetBytes(ms), Encoding.ASCII.GetBytes(email));
|
|
|
|
|
return string.Format("{0}.{1}", ms, DoStringFromBytes(hash));
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-23 12:20:08 +00:00
|
|
|
private string FormatEmail(int tenantId, string email)
|
2019-05-15 14:56:09 +00:00
|
|
|
{
|
|
|
|
|
if (email == null) throw new ArgumentNullException("email");
|
|
|
|
|
try
|
|
|
|
|
{
|
2020-09-15 13:11:05 +00:00
|
|
|
return string.Format("{0}|{1}|{2}", email.ToLowerInvariant(), tenantId, Encoding.UTF8.GetString(MachinePseudoKeys.GetMachineConstant()));
|
2019-05-15 14:56:09 +00:00
|
|
|
}
|
|
|
|
|
catch (Exception e)
|
|
|
|
|
{
|
|
|
|
|
log.Fatal("Failed to format tenant specific email", e);
|
|
|
|
|
return email.ToLowerInvariant();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-17 12:42:32 +00:00
|
|
|
public ValidationResult ValidateEmailKey(string email, string key)
|
2019-05-15 14:56:09 +00:00
|
|
|
{
|
|
|
|
|
return ValidateEmailKey(email, key, TimeSpan.MaxValue);
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-17 12:42:32 +00:00
|
|
|
public ValidationResult ValidateEmailKey(string email, string key, TimeSpan validInterval)
|
2019-05-15 14:56:09 +00:00
|
|
|
{
|
|
|
|
|
var result = ValidateEmailKeyInternal(email, key, validInterval);
|
2019-09-17 12:42:32 +00:00
|
|
|
log.DebugFormat("validation result: {0}, source: {1} with key: {2} interval: {3} tenant: {4}", result, email, key, validInterval, TenantManager.GetCurrentTenant().TenantId);
|
2019-05-15 14:56:09 +00:00
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-09-17 12:42:32 +00:00
|
|
|
private ValidationResult ValidateEmailKeyInternal(string email, string key, TimeSpan validInterval)
|
2019-05-15 14:56:09 +00:00
|
|
|
{
|
|
|
|
|
if (string.IsNullOrEmpty(email)) throw new ArgumentNullException("email");
|
|
|
|
|
if (key == null) throw new ArgumentNullException("key");
|
|
|
|
|
|
2019-09-17 12:42:32 +00:00
|
|
|
email = FormatEmail(TenantManager.GetCurrentTenant().TenantId, email);
|
2019-05-15 14:56:09 +00:00
|
|
|
var parts = key.Split(new[] { '.' }, StringSplitOptions.RemoveEmptyEntries);
|
|
|
|
|
if (parts.Length != 2) return ValidationResult.Invalid;
|
|
|
|
|
|
2019-08-15 13:16:39 +00:00
|
|
|
if (!long.TryParse(parts[0], out var ms)) return ValidationResult.Invalid;
|
2019-05-15 14:56:09 +00:00
|
|
|
|
|
|
|
|
var hash = GetMashineHashedData(BitConverter.GetBytes(ms), Encoding.ASCII.GetBytes(email));
|
|
|
|
|
var key2 = DoStringFromBytes(hash);
|
2019-08-15 13:16:39 +00:00
|
|
|
var key2_good = string.Compare(parts[1], key2, StringComparison.InvariantCultureIgnoreCase) == 0;
|
2019-05-15 14:56:09 +00:00
|
|
|
if (!key2_good) return ValidationResult.Invalid;
|
|
|
|
|
var ms_current = (long)(DateTime.UtcNow - _from).TotalMilliseconds;
|
2019-08-15 12:04:42 +00:00
|
|
|
return validInterval >= TimeSpan.FromMilliseconds(ms_current - ms) ? ValidationResult.Ok : ValidationResult.Expired;
|
2019-05-15 14:56:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
internal static string DoStringFromBytes(byte[] data)
|
|
|
|
|
{
|
2019-08-15 13:03:57 +00:00
|
|
|
var str = Convert.ToBase64String(data);
|
2019-05-15 14:56:09 +00:00
|
|
|
str = str.Replace("=", "").Replace("+", "").Replace("/", "").Replace("\\", "");
|
|
|
|
|
return str.ToUpperInvariant();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
internal static byte[] GetMashineHashedData(byte[] salt, byte[] data)
|
|
|
|
|
{
|
|
|
|
|
var alldata = new byte[salt.Length + data.Length];
|
|
|
|
|
Array.Copy(data, alldata, data.Length);
|
|
|
|
|
Array.Copy(salt, 0, alldata, data.Length, salt.Length);
|
|
|
|
|
return Hasher.Hash(alldata, HashAlg.SHA256);
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-11-06 15:03:09 +00:00
|
|
|
|
|
|
|
|
public class EmailValidationKeyModel
|
|
|
|
|
{
|
|
|
|
|
public string Key { get; set; }
|
|
|
|
|
public EmployeeType? EmplType { get; set; }
|
|
|
|
|
public string Email { get; set; }
|
|
|
|
|
public Guid? UiD { get; set; }
|
|
|
|
|
public ConfirmType? Type { get; set; }
|
2020-07-02 14:11:59 +00:00
|
|
|
public int? P { get; set; }
|
|
|
|
|
public EmailValidationKeyProvider Provider { get; }
|
|
|
|
|
public AuthContext AuthContext { get; }
|
|
|
|
|
public TenantManager TenantManager { get; }
|
|
|
|
|
public UserManager UserManager { get; }
|
|
|
|
|
public AuthManager Authentication { get; }
|
|
|
|
|
|
|
|
|
|
public EmailValidationKeyModel(
|
|
|
|
|
IHttpContextAccessor httpContextAccessor,
|
|
|
|
|
EmailValidationKeyProvider provider,
|
|
|
|
|
AuthContext authContext,
|
|
|
|
|
TenantManager tenantManager,
|
|
|
|
|
UserManager userManager,
|
|
|
|
|
AuthManager authentication)
|
|
|
|
|
{
|
|
|
|
|
Provider = provider;
|
|
|
|
|
AuthContext = authContext;
|
|
|
|
|
TenantManager = tenantManager;
|
|
|
|
|
UserManager = userManager;
|
|
|
|
|
Authentication = authentication;
|
|
|
|
|
|
|
|
|
|
var request = QueryHelpers.ParseQuery(httpContextAccessor.HttpContext.Request.Headers["confirm"]);
|
|
|
|
|
|
|
|
|
|
_ = request.TryGetValue("type", out var type);
|
|
|
|
|
|
|
|
|
|
ConfirmType? cType = null;
|
|
|
|
|
if (Enum.TryParse<ConfirmType>(type, out var confirmType))
|
|
|
|
|
{
|
|
|
|
|
cType = confirmType;
|
|
|
|
|
}
|
2019-11-06 15:03:09 +00:00
|
|
|
|
2020-07-02 14:11:59 +00:00
|
|
|
_ = request.TryGetValue("key", out var key);
|
2019-11-06 15:03:09 +00:00
|
|
|
|
2020-07-02 14:11:59 +00:00
|
|
|
_ = request.TryGetValue("p", out var pkey);
|
|
|
|
|
_ = int.TryParse(pkey, out var p);
|
|
|
|
|
|
|
|
|
|
_ = request.TryGetValue("emplType", out var emplType);
|
|
|
|
|
_ = Enum.TryParse<EmployeeType>(emplType, out var employeeType);
|
|
|
|
|
|
|
|
|
|
_ = request.TryGetValue("email", out var _email);
|
|
|
|
|
_ = request.TryGetValue("uid", out var userIdKey);
|
|
|
|
|
_ = Guid.TryParse(userIdKey, out var userId);
|
|
|
|
|
|
|
|
|
|
Key = key;
|
|
|
|
|
Type = cType;
|
|
|
|
|
Email = _email;
|
|
|
|
|
EmplType = employeeType;
|
|
|
|
|
UiD = userId;
|
|
|
|
|
P = p;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public ValidationResult Validate()
|
2019-11-06 15:03:09 +00:00
|
|
|
{
|
|
|
|
|
ValidationResult checkKeyResult;
|
|
|
|
|
|
|
|
|
|
switch (Type)
|
|
|
|
|
{
|
|
|
|
|
case ConfirmType.EmpInvite:
|
2020-07-02 14:11:59 +00:00
|
|
|
checkKeyResult = Provider.ValidateEmailKey(Email + Type + (int)EmplType, Key, Provider.ValidInterval);
|
2019-11-06 15:03:09 +00:00
|
|
|
break;
|
|
|
|
|
case ConfirmType.LinkInvite:
|
2020-07-02 14:11:59 +00:00
|
|
|
checkKeyResult = Provider.ValidateEmailKey(Type.ToString() + (int)EmplType, Key, Provider.ValidInterval);
|
2019-11-06 15:03:09 +00:00
|
|
|
break;
|
2020-02-17 08:58:14 +00:00
|
|
|
case ConfirmType.PortalOwnerChange:
|
2020-07-02 14:11:59 +00:00
|
|
|
checkKeyResult = Provider.ValidateEmailKey(Email + Type + UiD.HasValue, Key, Provider.ValidInterval);
|
2020-01-15 15:22:43 +00:00
|
|
|
break;
|
2019-11-06 15:03:09 +00:00
|
|
|
case ConfirmType.EmailChange:
|
2020-07-02 14:11:59 +00:00
|
|
|
checkKeyResult = Provider.ValidateEmailKey(Email + Type + AuthContext.CurrentAccount.ID, Key, Provider.ValidInterval);
|
2019-11-06 15:03:09 +00:00
|
|
|
break;
|
2020-09-15 13:11:05 +00:00
|
|
|
case ConfirmType.PasswordChange:
|
|
|
|
|
|
|
|
|
|
var hash = Authentication.GetUserPasswordStamp(UserManager.GetUserByEmail(Email).ID).ToString("s");
|
|
|
|
|
|
|
|
|
|
checkKeyResult = Provider.ValidateEmailKey(Email + Type + hash, Key, Provider.ValidInterval);
|
2019-11-06 15:03:09 +00:00
|
|
|
break;
|
|
|
|
|
case ConfirmType.Activation:
|
2020-07-02 14:11:59 +00:00
|
|
|
checkKeyResult = Provider.ValidateEmailKey(Email + Type + UiD, Key, Provider.ValidInterval);
|
2019-11-06 15:03:09 +00:00
|
|
|
break;
|
|
|
|
|
case ConfirmType.ProfileRemove:
|
|
|
|
|
// validate UiD
|
|
|
|
|
if (P == 1)
|
|
|
|
|
{
|
2020-07-02 14:11:59 +00:00
|
|
|
var user = UserManager.GetUsers(UiD.GetValueOrDefault());
|
|
|
|
|
if (user == null || user.Status == EmployeeStatus.Terminated || AuthContext.IsAuthenticated && AuthContext.CurrentAccount.ID != UiD)
|
2019-11-06 15:03:09 +00:00
|
|
|
return ValidationResult.Invalid;
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-02 14:11:59 +00:00
|
|
|
checkKeyResult = Provider.ValidateEmailKey(Email + Type + UiD, Key, Provider.ValidInterval);
|
|
|
|
|
break;
|
|
|
|
|
case ConfirmType.Wizard:
|
|
|
|
|
checkKeyResult = Provider.ValidateEmailKey("" + Type, Key, Provider.ValidInterval);
|
2019-11-06 15:03:09 +00:00
|
|
|
break;
|
|
|
|
|
default:
|
2020-07-02 14:11:59 +00:00
|
|
|
checkKeyResult = Provider.ValidateEmailKey(Email + Type, Key, Provider.ValidInterval);
|
2019-11-06 15:03:09 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return checkKeyResult;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public void Deconstruct(out string key, out string email, out EmployeeType? employeeType, out Guid? userId, out ConfirmType? confirmType, out int? p)
|
|
|
|
|
=> (key, email, employeeType, userId, confirmType, p) = (Key, Email, EmplType, UiD, Type, P);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static class EmailValidationKeyProviderExtension
|
|
|
|
|
{
|
2020-02-17 08:58:14 +00:00
|
|
|
public static DIHelper AddEmailValidationKeyProviderService(this DIHelper services)
|
2020-09-25 10:47:21 +00:00
|
|
|
{
|
|
|
|
|
if (services.TryAddScoped<EmailValidationKeyProvider>())
|
|
|
|
|
{
|
|
|
|
|
services.TryAddTransient<EmailValidationKeyModel>();
|
|
|
|
|
|
|
|
|
|
return services
|
|
|
|
|
.AddTenantManagerService()
|
|
|
|
|
.AddMachinePseudoKeysService();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return services;
|
2019-11-06 15:03:09 +00:00
|
|
|
}
|
2019-05-15 14:56:09 +00:00
|
|
|
}
|
|
|
|
|
}
|
