Skip to content

Commit

Permalink
Merge pull request #4116 from cisagov/feature/CSET-2869
Browse files Browse the repository at this point in the history 
Added logging to user signup and password change
  • Loading branch information
@LaddieZeigler
LaddieZeigler authored Sep 30, 2024
2 parents 2946e98 + a744ae5 commit 3592c22
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 6 deletions.
34 changes: 31 additions & 3 deletions CSETWebApi/CSETWeb_Api/CSETWebCore.Business/Notification/NotificationBusiness.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
using System.Threading.Tasks;
using HtmlAgilityPack;
using System.IO;
using DocumentFormat.OpenXml.Wordprocessing;


namespace CSETWebCore.Business.Notification
Expand Down Expand Up @@ -134,6 +135,13 @@ public void InviteToAssessment(ContactCreateParameters contact)
/// <param name="password"></param>
public void SendPasswordEmail(string email, string firstName, string lastName, string password, string appName)
{
// make sure we default to a known app name
if (!_appDisplayName.ContainsKey(appName))
{
appName = "CSET";
}


string bodyHtml = _resourceHelper.GetEmbeddedResource(Path.Combine("App_Data", @"passwordCreationTemplate_{{scope}}.html"), appName);
var emailConfig = _configuration.GetSection("Email").AsEnumerable();
bodyHtml = bodyHtml.Replace("{{name}}", firstName + " " + lastName);
Expand All @@ -148,7 +156,7 @@ public void SendPasswordEmail(string email, string firstName, string lastName, s


MailMessage message = new MailMessage();
message.Subject = "New " + _appDisplayName[appName] + " account creation";
message.Subject = $"New {_appDisplayName[appName]} account creation";
message.Body = bodyHtml;
message.To.Add(new MailAddress(email));
message.From = new MailAddress(
Expand All @@ -171,6 +179,12 @@ public void SendPasswordEmail(string email, string firstName, string lastName, s
/// <param name="password"></param>
public void SendInviteePassword(string email, string firstName, string lastName, string password, string appName)
{
// make sure we default to a known app name
if (!_appDisplayName.ContainsKey(appName))
{
appName = "CSET";
}

var emailConfig = _configuration.GetSection("Email").AsEnumerable();
string bodyHtml = _resourceHelper.GetEmbeddedResource(Path.Combine("App_Data", @"invitedPasswordCreationTemplate_{{scope}}.html"), appName);
bodyHtml = bodyHtml.Replace("{{name}}", firstName + " " + lastName);
Expand All @@ -185,7 +199,7 @@ public void SendInviteePassword(string email, string firstName, string lastName,


MailMessage message = new MailMessage();
message.Subject = "You are invited to " + _appDisplayName[appName];
message.Subject = $"You are invited to {_appDisplayName[appName]}";
message.Body = bodyHtml;
message.To.Add(new MailAddress(email));
message.From = new MailAddress(
Expand All @@ -209,7 +223,14 @@ public void SendInviteePassword(string email, string firstName, string lastName,
/// <param name="subject"></param>
public void SendPasswordResetEmail(string email, string firstName, string lastName, string password, string subject, string appName)
{
// make sure we default to a known app name
if (!_appDisplayName.ContainsKey(appName))
{
appName = "CSET";
}

SetScope(appName);

string bodyHtml = _resourceHelper.GetEmbeddedResource(Path.Combine("App_Data", @"passwordResetTemplate_{{scope}}.html"), appName);
string name = (firstName + " " + lastName).Trim();
var emailConfig = _configuration.GetSection("Email").AsEnumerable();
Expand Down Expand Up @@ -306,6 +327,13 @@ public void SendTestEmail(string recip)
{
SetScope();

// make sure we default to a known app name
var appName = "CSET";
if (_appDisplayName.ContainsKey(_scope))
{
appName = _appDisplayName[_scope];
}

// only send the email if configured to do so (unpublished app setting)
var emailConfig = _configuration.GetSection("Email").AsEnumerable();
bool allowed = false;
Expand All @@ -319,7 +347,7 @@ public void SendTestEmail(string recip)
}

MailMessage m = new MailMessage();
m.Subject = _appDisplayName[_scope] + " Test Message";
m.Subject = $"{appName} Test Message";
m.Body = string.Format("Testing email server {0} on port {1}",
emailConfig.FirstOrDefault(x => x.Key == "Email:SmtpHost").Value,
emailConfig.FirstOrDefault(x => x.Key == "Email:SmtpPort").Value);
Expand Down
7 changes: 5 additions & 2 deletions CSETWebApi/CSETWeb_Api/CSETWebCore.Helpers/UserAccountSecurityManager.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
using CSETWebCore.Model.Auth;
using System.IO;
using Microsoft.AspNetCore.Hosting;
using NLog;

namespace CSETWebCore.Helpers
{
Expand Down Expand Up @@ -104,15 +105,17 @@ public bool CreateUser(CreateUser info, bool sendEmail)
}
catch (ApplicationException app)
{
LogManager.GetCurrentClassLogger().Error($"account already exists: ${Newtonsoft.Json.JsonConvert.SerializeObject(app)}");
throw new Exception("This account already exists. Please request a new password using the Forgot Password link if you have forgotten your password.", app);
}
catch (DbUpdateException due)
{
LogManager.GetCurrentClassLogger().Error($"account already exists: ${Newtonsoft.Json.JsonConvert.SerializeObject(due)}");
throw new Exception("This account already exists. Please request a new password using the Forgot Password link if you have forgotten your password.", due);
}
catch (Exception exc)
{
NLog.LogManager.GetCurrentClassLogger().Error($"... {exc}");
LogManager.GetCurrentClassLogger().Error($"... {exc}");

return false;
}
Expand Down Expand Up @@ -231,7 +234,7 @@ public bool ResetPassword(string email, string subject, string appName)
}
catch (Exception exc)
{
NLog.LogManager.GetCurrentClassLogger().Error($"... {exc}");
LogManager.GetCurrentClassLogger().Error($"... {exc}");

return false;
}
Expand Down
15 changes: 14 additions & 1 deletion CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Controllers/ResetPasswordController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
using CSETWebCore.Api.Models;
using NLog;
using Microsoft.AspNetCore.Hosting;
using Newtonsoft.Json;

namespace CSETWebCore.Api.Controllers
{
Expand Down Expand Up @@ -219,38 +220,46 @@ public IActionResult PostRegisterUser([FromBody] CreateUser user)
{
if (!ModelState.IsValid)
{
LogManager.GetCurrentClassLogger().Error($"Invalid Model State: {JsonConvert.SerializeObject(ModelState)}");
return BadRequest("Invalid Model State");
}

if (String.IsNullOrWhiteSpace(user.PrimaryEmail))
{
LogManager.GetCurrentClassLogger().Error("missing email");
return BadRequest("missing email");
}

if (!emailvalidator.IsMatch(user.PrimaryEmail))
{
LogManager.GetCurrentClassLogger().Error($"invalid email format: ${JsonConvert.SerializeObject(user)}");
return BadRequest("invalid email format");
}

if (!emailvalidator.IsMatch(user.ConfirmEmail.Trim()))
{
LogManager.GetCurrentClassLogger().Error($"invalid email format: ${JsonConvert.SerializeObject(user)}");
return BadRequest("invalid email format");
}

if (user.PrimaryEmail != user.ConfirmEmail)
{

LogManager.GetCurrentClassLogger().Error($"emails do not match: ${JsonConvert.SerializeObject(user)}");
return BadRequest("emails do not match");
}

if (_userBusiness.GetUserDetail(user.PrimaryEmail) != null)
{
LogManager.GetCurrentClassLogger().Error($"account already exists: ${JsonConvert.SerializeObject(user)}");
return BadRequest("account already exists");
}

// Validate the email against an allowlist (if defined by the host)
var securityManager = new UserAccountSecurityManager(_context, _userBusiness, _notificationBusiness, _configuration);
if (!securityManager.EmailIsAllowed(user.PrimaryEmail, _webHost))
{
LogManager.GetCurrentClassLogger().Error($"email not allowed: ${JsonConvert.SerializeObject(user)}");
return BadRequest("email not allowed");
}

Expand All @@ -261,7 +270,7 @@ public IActionResult PostRegisterUser([FromBody] CreateUser user)

if (beta)
{
LogManager.GetCurrentClassLogger().Info("CreateUser - CSET is set to 'online beta' mode - no email sent to new user");
LogManager.GetCurrentClassLogger().Error("CreateUser - CSET is set to 'online beta' mode - no email sent to new user");

// create the user but DO NOT send the temp password email (test/beta)
var rval = resetter.CreateUser(user, false);
Expand All @@ -280,10 +289,12 @@ public IActionResult PostRegisterUser([FromBody] CreateUser user)
}
}

LogManager.GetCurrentClassLogger().Error($"Unknown error: {user}");
return BadRequest("Unknown error");
}
catch (Exception e)
{
LogManager.GetCurrentClassLogger().Error($"... {e}");
return BadRequest(e);
}
}
Expand All @@ -304,11 +315,13 @@ public IActionResult ResetPassword([FromBody] SecurityQuestionAnswer answer)

if (!emailvalidator.IsMatch(answer.PrimaryEmail))
{
LogManager.GetCurrentClassLogger().Error("reset password - emails don't match");
return BadRequest();
}

if (!_userBusiness.GetUserDetail(answer.PrimaryEmail).IsActive)
{
LogManager.GetCurrentClassLogger().Error("reset password - user inactive");
return BadRequest("user inactive");
}

Expand Down

0 comments on commit 3592c22

Please sign in to comment.