Commit a72a8e1a authored by Israel Ramos's avatar Israel Ramos Committed by Geovanni Perez

regex and ad group validation (#160)

Closes #159, #151 
* regex as a app setting, validation regex setting

* Ad Groups in app settings to handle restricted and allowed users to change their password

* Refactor to add just two fields in appsettings.json to allowed ad groups
parent e6942afe
......@@ -11,5 +11,7 @@
public string LdapUsername { get; set; }
public List<string> RestrictedADGroups { get; set; }
public bool CheckRestrictedAdGroups { get; set; }
public List<string> AllowedADGroups { get; set; }
public bool CheckAllowedAdGroups { get; set; }
}
}
......@@ -48,6 +48,17 @@
}
}
if (_options.CheckAllowedAdGroups)
{
foreach (var userPrincipalAuthGroup in userPrincipal.GetAuthorizationGroups())
{
if (!_options.AllowedADGroups.Contains(userPrincipalAuthGroup.Name))
{
return new ApiErrorItem { ErrorCode = ApiErrorCode.ChangeNotPermitted };
}
}
}
// Validate user credentials
if (principalContext.ValidateCredentials(username, currentPassword) == false)
{
......
......@@ -13,9 +13,7 @@ import { Recaptcha } from '../models/recaptcha.model';
import { Title } from '@angular/platform-browser';
import { ViewOptions } from '../models/view-options.model';
import { ErrorsPasswordForm } from '../models/errors-password-form.model';
const emailRegex = /^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/;
const usernameRegex = /^[a-zA-Z0-9._-]{3,20}$/; // Maybe find a better regex
import { ValidationRegex } from '../models/validation-regex.model';
@Component({
selector: 'app-root',
......@@ -59,6 +57,7 @@ export class ChangePasswordComponent implements OnInit {
this.ViewOptions.recaptcha = new Recaptcha;
this.ViewOptions.changePasswordForm = new ChangePasswordForm;
this.ViewOptions.errorsPasswordForm = new ErrorsPasswordForm;
this.ViewOptions.validationRegex = new ValidationRegex();
this.r.queryParams.subscribe((params: Params) => {
let userId = params['userName'] || '';
this.GetData(userId);
......@@ -134,9 +133,9 @@ export class ChangePasswordComponent implements OnInit {
sp.src = 'https://www.google.com/recaptcha/api.js?onload=vcRecaptchaApiLoaded&render=explicit&hl=' + this.ViewOptions.recaptcha.languageCode;
}
if (this.ViewOptions.defaultDomain) {
this.FormGroup.get('username').setValidators(Validators.pattern(usernameRegex));
this.FormGroup.get('username').setValidators(Validators.pattern(this.ViewOptions.validationRegex.usernameRegex));
} else {
this.FormGroup.get('username').setValidators(Validators.pattern(emailRegex));
this.FormGroup.get('username').setValidators(Validators.pattern(this.ViewOptions.validationRegex.emailRegex));
}
});
}
......
export class ValidationRegex {
emailRegex: string;
usernameRegex: string;
}
\ No newline at end of file
......@@ -2,6 +2,7 @@ import { Alerts } from './alerts.model';
import { ChangePasswordForm } from './change-password-form.model';
import { Recaptcha } from "./recaptcha.model";
import { ErrorsPasswordForm } from './errors-password-form.model';
import { ValidationRegex } from "./validation-regex.model";
export class ViewOptions {
alerts: Alerts;
......@@ -12,4 +13,5 @@ export class ViewOptions {
showPasswordMeter: boolean;
defaultDomain: string;
errorsPasswordForm: ErrorsPasswordForm;
validationRegex: ValidationRegex;
}
\ No newline at end of file
namespace Unosquare.PassCore.Web.Models
{
using System.Collections.Generic;
/// <summary>
/// Represents all of the strongly-typed application settings loaded from a JSON file
/// </summary>
......@@ -22,6 +20,7 @@ namespace Unosquare.PassCore.Web.Models
public string ApplicationTitle { get; set; }
public string ChangePasswordTitle { get; set; }
public string DefaultDomain { get; set; }
public ValidationRegex ValidationRegex { get; set; }
}
public class ChangePasswordForm
......@@ -67,4 +66,10 @@ namespace Unosquare.PassCore.Web.Models
public string UsernameEmailPattern { get; set; }
public string UsernamePattern { get; set; }
}
public class ValidationRegex
{
public string EmailRegex { get; set; }
public string UsernameRegex { get; set; }
}
}
\ No newline at end of file
......@@ -18,12 +18,18 @@
"Administrators",
"Domain Admins",
"Enterprise Admins"
]
],
"CheckAllowedAdGroups": false,
"AllowedADGroups": [ ]
},
"AppSettings": {
"EnableHttpsRedirect": false,
"RecaptchaPrivateKey": "", // ReCAPTCHA private key: replace this!
"ClientSettings": {
"ValidationRegex": {
"EmailRegex": "^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*$",
"UsernameRegex": "^[a-zA-Z0-9._-]{3,20}$"
},
"ShowPasswordMeter": true,
"Recaptcha": {
"IsEnabled": true,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment