public static bool TryParse (string input, out AuthenticationHeaderValue parsedValue)
{
var lexer = new Lexer (input);
var t = lexer.Scan ();
if (t != Token.Type.Token || !(lexer.PeekChar () == ' ' || lexer.PeekChar () == -1)) {
parsedValue = null;
return false;
}
parsedValue = new AuthenticationHeaderValue ();
parsedValue.Scheme = lexer.GetStringValue (t);
t = lexer.Scan ();
if (t != Token.Type.End)
parsedValue.Parameter = lexer.GetRemainingStringValue (t.StartPosition);
return true;
}
public Web3Quorum(string url = @"http://localhost:8545/", ILog log = null, AuthenticationHeaderValue authenticationHeader = null) : base(url, log, authenticationHeader)
{
}
public void Parse_BadValues_Throws()
{
string input = "D\rigest qop=\"auth\",algorithm=MD5-sess,charset=utf-8,realm=\"Digest\"";
Assert.Throws <FormatException>(() => { AuthenticationHeaderValue.Parse(input); });
}
public IntrospectionRequestReceived(string id, string processId, IntrospectionParameter parameter, AuthenticationHeaderValue authHeaderValue, int order)
{
Id = id;
ProcessId = processId;
Parameter = parameter;
AuthenticationHeader = authHeaderValue;
Order = order;
}
public Web3Quorum(UnlockedAccount account, string url = @"http://localhost:8545/", ILog log = null, AuthenticationHeaderValue authenticationHeader = null) : base(url, log, authenticationHeader)
{
TransactionManager = account.TransactionManager;
TransactionManager.Client = Client;
}
private async Task GenerateHeaders(string tokenUrl)
{
//var oneCardProps = _config.GetSection("OneCardProperties");
//Logger.Info($"Connection string: {oneCardProps.GetValue<string>("AgentCode")}");
var timeStamp = (int)DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1)).TotalSeconds;
Logger.Info($"Timestamp component: {timeStamp}");
var nonce = RandomStringGeneratorUtil.GenerateNonce();//.NewGuid().ToString().Replace("-", "");
Logger.Info($"Nonce: {nonce}");
const string clientId = "IKIA36A24822E7E30C61AAE5112A0F4608ADC2CA0997";
Logger.Info($"ClientId: {clientId}");
const string clientSecret = "i7BZAcxnUFNxmcP9FkOOVP3PpJSKcpeS3XsK6eYHHCQ=";
Logger.Info($"ClientSecret: {clientSecret}");
var authorization = Convert.ToBase64String(Encoding.UTF8.GetBytes(clientId));
Logger.Info($"Authorization: Interswitch Auth {authorization}");
//const string generateTokenUrl = "https://saturn.interswitchng.com/api/v1/pwm/subscribers/2348022901232/tokens";
var encodedUrl = HttpUtility.UrlEncode(tokenUrl, Encoding.UTF8);
var stringBuilder = new StringBuilder("Post");
//stringBuilder.Append(HttpMethod.Post.Method);
//stringBuilder.Append("Post");
stringBuilder.Append("&");
stringBuilder.Append(encodedUrl);
stringBuilder.Append("&");
stringBuilder.Append(timeStamp);
stringBuilder.Append("&");
stringBuilder.Append(nonce);
stringBuilder.Append("&");
stringBuilder.Append(clientId);
stringBuilder.Append("&");
stringBuilder.Append(clientSecret);
var signatureCipher = stringBuilder.ToString();
Logger.Info($"Signature Cipher: {signatureCipher}");
var sha = new SHA1Managed();
var signatureBytes = sha.ComputeHash(Encoding.UTF8.GetBytes(signatureCipher));
var signature = Convert.ToBase64String(signatureBytes);
//var encodedSignature = Encoding.UTF8.GetBytes(signatureCipher);
//var sha1Digest = new SHA1Managed();
//sha1Digest.BlockUpdate(encodedSignature, 0, encodedSignature.Length);
//var signatureByte = new byte[sha1Digest.GetDigestSize()];
//var signature = Convert.ToBase64String(signatureByte);
Logger.Info($"Signature: {signature}");
Logger.Info("Signature Method: SHA1");
Logger.Info("Terminal Id: 3NRX0001");
Logger.Info("Frontend Partner: APEX");
Logger.Info("After FrontEnd Apex...");
var stringContent = JsonConvert.SerializeObject(new
{
scope = "profile",
grant_type = "client_credentials"
});
Logger.Info("About creating content");
var httpContent = new StringContent(stringContent);
var headers = httpContent.Headers;
httpContent.Headers.ContentType = MediaTypeHeaderValue.Parse("application/x-www-form-urlencoded");
Logger.Info("Preparing authorization header...");
try
{
using (var httpClient = new HttpClient())
{
httpClient.BaseAddress = new Uri("https://saturn.interswitchng.com/");
var basicAuthCredentials = $"{clientId}:{clientSecret}";
var basicAuthEnc = Convert.ToBase64String(Encoding.UTF8.GetBytes(basicAuthCredentials));
var authValue = $"Basic {basicAuthEnc}";
Logger.Info($"Auth value: {authValue}");
httpClient.DefaultRequestHeaders.Authorization = AuthenticationHeaderValue.Parse(authValue);
Logger.Info("Lets get into HttpClient section...");
var response = await httpClient.PostAsync("passport/oauth/token", httpContent);
Logger.Info("About to check status code");
Logger.Info($"status code: {response.StatusCode}");
Logger.Info($"response: {response.Content.ReadAsStringAsync()}");
if (response.IsSuccessStatusCode)
{
var responseStr = await response.Content.ReadAsStringAsync();
Logger.Info($"Access Token String: {responseStr}");
}
else
{
Logger.Info("This thing is false...");
}
}
}
catch (Exception exc)
{
Logger.Error(exc.Message);
Logger.Error(exc.StackTrace);
}
}
public override async Task <ActionResponse> ExecuteActionAsync(ActionRequest request)
{
_token = request.DataStore.GetJson("MsCrmToken", "access_token");;
AuthenticationHeaderValue bearer = new AuthenticationHeaderValue("Bearer", _token);
_rc = new RestClient(request.DataStore.GetValue("ConnectorUrl"), bearer);
_orgUrl = request.DataStore.GetValue("OrganizationUrl");
_orgId = request.DataStore.GetValue("OrganizationId");
string name = request.DataStore.GetValue("ProfileName") ?? "bpst-mscrm-profile";
string kV = request.DataStore.GetValue("KeyVault");
string[] entities = request.DataStore.GetValue("Entities").Split(new[] { ',', ' ', '\t' }, StringSplitOptions.RemoveEmptyEntries);
MsCrmProfile profile = new MsCrmProfile
{
Entities = new MsCrmEntity[entities.Length],
Name = name,
OrganizationId = _orgId,
DestinationKeyVaultUri = kV,
DestinationPrefix = string.Empty,
DestinationSchemaName = "dbo"
};
for (int i = 0; i < profile.Entities.Length; i++)
{
MsCrmEntity e = new MsCrmEntity {
Type = entities[i]
};
profile.Entities[i] = e;
}
List <string> invalidEntities = await RetrieveInvalidEntities(entities);
if (invalidEntities.Count > 0)
{
return(new ActionResponse(ActionStatus.Failure, JsonUtility.GetEmptyJObject(),
new ArgumentException("The following entities are not provisioned for replication: " + string.Join(", ", invalidEntities)),
"MsCrm_ErrorCreateProfile"));
}
try
{
string response = await _rc.Post(MsCrmEndpoints.URL_PROFILES, JsonConvert.SerializeObject(profile));
MsCrmProfile createdProfile = JsonConvert.DeserializeObject <MsCrmProfile>(response);
request.DataStore.AddToDataStore("ProfileName", createdProfile.Name, DataStoreType.Public);
request.DataStore.AddToDataStore("ProfileId", createdProfile.Id, DataStoreType.Public);
//Log exporter creation
request.Logger.LogResource(request.DataStore, createdProfile.Name,
DeployedResourceType.CRMExporter, CreatedBy.BPST, DateTime.UtcNow.ToString("o"), createdProfile.Id);
return(new ActionResponse(ActionStatus.Success, createdProfile.Id));
}
catch (Exception e)
{
return(new ActionResponse(ActionStatus.Failure, JsonUtility.GetEmptyJObject(), e, "MsCrm_ErrorCreateProfile"));
}
}
/// <summary>
/// HttpClient 用GET方法访问指定URI
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="uri">请求发送到的 URI。</param>
/// <param name="headers">请求的头部信息</param>
/// <param name="authentication">请求的验证信息</param>
/// <returns></returns>
public static async Task <T> GetAsync <T>(string uri, IDictionary <string, string> headers = null, AuthenticationHeaderValue authentication = null)
{
HttpClient c = null;
HttpResponseMessage msg = null;
T TEntity = default(T);
try
{
c = new HttpClient();
if (headers != null)
{
foreach (var kv in headers)
{
c.DefaultRequestHeaders.Add(kv.Key, kv.Value);
}
}
if (authentication != null)
{
c.DefaultRequestHeaders.Authorization = authentication;
}
msg = await c.GetAsync(uri);
string json = await msg.Content.ReadAsStringAsync();
TEntity = SerializeHelper.DeserializeFromJson <T>(json);
}
finally
{
if (c != null)
{
c.Dispose();
}
if (msg != null)
{
msg.Dispose();
}
}
return(TEntity);
}
public async Task <GrantedToken> GetTokenByResourceOwnerCredentialsGrantType(ResourceOwnerGrantTypeParameter resourceOwnerGrantTypeParameter, AuthenticationHeaderValue authenticationHeaderValue, X509Certificate2 certificate, string issuerName)
{
if (resourceOwnerGrantTypeParameter == null)
{
throw new ArgumentNullException(nameof(resourceOwnerGrantTypeParameter));
}
var processId = Guid.NewGuid().ToString();
try
{
_eventPublisher.Publish(new GrantTokenViaResourceOwnerCredentialsReceived(Guid.NewGuid().ToString(), processId, _payloadSerializer.GetPayload(resourceOwnerGrantTypeParameter, authenticationHeaderValue), authenticationHeaderValue, 0));
_oauthEventSource.StartGetTokenByResourceOwnerCredentials(resourceOwnerGrantTypeParameter.ClientId,
resourceOwnerGrantTypeParameter.UserName,
resourceOwnerGrantTypeParameter.Password);
_resourceOwnerGrantTypeParameterValidator.Validate(resourceOwnerGrantTypeParameter);
var result = await _getTokenByResourceOwnerCredentialsGrantType.Execute(resourceOwnerGrantTypeParameter,
authenticationHeaderValue, certificate, issuerName);
var accessToken = result != null ? result.AccessToken : string.Empty;
var identityToken = result != null ? result.IdToken : string.Empty;
_oauthEventSource.EndGetTokenByResourceOwnerCredentials(accessToken, identityToken);
_eventPublisher.Publish(new TokenGranted(Guid.NewGuid().ToString(), processId, _payloadSerializer.GetPayload(result), 1));
return(result);
}
catch (IdentityServerException ex)
{
_eventPublisher.Publish(new OAuthErrorReceived(Guid.NewGuid().ToString(), processId, ex.Code, ex.Message, 1));
throw;
}
}
public async Task <TClass> Post <TClass>(string url, HttpContent body, Dictionary <string, string> headers = null, AuthenticationHeaderValue authorization = null)
where TClass : class
{
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.ExpectationFailed);
using (var client = new HttpClient())
{
if (authorization != null)
{
client.DefaultRequestHeaders.Authorization = authorization;
}
HttpRequestMessage message = new HttpRequestMessage(HttpMethod.Post, url);
if (headers != null)
{
foreach (var header in headers)
{
message.Headers.Add(header.Key, header.Value);
}
}
message.Content = body;
response = await client.SendAsync(message).ConfigureAwait(false);
var responseString = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
if (response.IsSuccessStatusCode)
{
try
{
return(JsonConvert.DeserializeObject <TClass>(responseString));
}
catch (Exception ex)
{
throw new Exception("Error when attempting to convert to json (see inner)", new Exception(ex.Message, new Exception(responseString)));
Console.WriteLine(responseString);
}
}
else
{
try
{
return(JsonConvert.DeserializeObject <TClass>(responseString));
}
catch (Exception ex)
{
throw new Exception("Remote Server did not return success status code (see inner)", new Exception(ex.Message, new Exception(responseString)));
}
}
}
}
public Request AuthToken(string token)
{
_auth = new AuthenticationHeaderValue("Token", token);
return(this);
}
public static void AddChallenge(AuthenticationHeaderValue challenge, OwinResponse response)
{
response.AddHeader("WWW-Authenticate", challenge.ToString());
}
public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request)
{
if (context.Request.Headers.TryGetValue("authorization", out var values) && values.Count == 1 && AuthenticationHeaderValue.TryParse(
values[0], out var authenticationHeader) &&
authenticationHeader.Scheme == "Basic" &&
TryDecodeCredential(authenticationHeader.Parameter, out var username, out var password))
{
request = new HttpAuthenticationRequest(context, username, password);
_internalAuthenticationProvider.Authenticate(request);
return(true);
}
request = null;
return(false);
}
public Task <AuthenticationHeaderValue> GetAuthenticationHeaderAsync(CancellationToken cancellationToken)
{
var authHeader = new AuthenticationHeaderValue("bearer", developmentToken);
return(Task.FromResult(authHeader));
}
public Builder WithAuth(string authToken)
{
AuthenticationHeaderValue = new AuthenticationHeaderValue("Bearer", authToken);
return(this);
}
protected TResponse SendRequest <TRequest, TResponse>(string uri, TRequest sentObjToApi, HttpMethod method, AuthenticationHeaderValue authenticationToken) where TResponse : class
{
try
{
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = authenticationToken;
var requestContent = JsonConvert.SerializeObject(sentObjToApi);
var requestMessage = new HttpRequestMessage()
{
Method = method, RequestUri = new Uri(uri)
};
if (method != HttpMethod.Get)
{
var content = new StringContent(requestContent, Encoding.UTF8, "application/json");
requestMessage.Content = content;
}
var httpResponseMessage = client.SendAsync(requestMessage).Result;
var responseContent = httpResponseMessage.Content.ReadAsStringAsync().Result;
httpResponseMessage.EnsureSuccessStatusCode();
if (string.IsNullOrEmpty(responseContent))
{
throw new Exception($"No response data.");
}
return(JsonConvert.DeserializeObject <TResponse>(responseContent));
}
}
catch (Exception ex)
{
throw new Exception($"URI: {uri}. Exception: {ex}");
}
}
private static void SetRequestAuthenticationHeaderValue(HttpRequestMessage request, AuthenticationHeaderValue headerValue, bool isProxyAuth)
{
if (isProxyAuth)
{
request.Headers.ProxyAuthorization = headerValue;
}
else
{
request.Headers.Authorization = headerValue;
}
}
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
// Look for credentials in request
HttpRequestMessage req = context.Request;
AuthenticationHeaderValue authHeader = req.Headers.Authorization;
// If there are no credentials, do nothing
if (authHeader == null)
{
return;
}
// If there are credentials, but the filter does not recognize the authentication scheme, do nothing
if (authHeader.Scheme != "JWT")
{
return;
}
try
{
// Attempt to parse user id from auth header
if (String.IsNullOrEmpty(authHeader.Parameter))
{
throw new InvalidCredentialsException();
}
string jwt = authHeader.Parameter;
Dictionary <string, string> jwtPayload = this.jwtService.ParseToken(jwt);
Guid userId;
try
{
userId = Guid.Parse(jwtPayload["sub"]);
}
catch (Exception e)
{
if (e is FormatException || e is OverflowException)
{
throw new InvalidCredentialsException();
}
else
{
throw e;
}
}
//Get user
UserDto user;
try
{
user = this.userService.Get(userId);
}
catch (DoesNotExistException)
{
throw new InvalidCredentialsException();
}
//Convert permissions to strings
List <PermissionDto> permissions = user.Permissions;
int numPermissions = permissions.Count();
string[] permissionStrings = new string[numPermissions];
for (int i = 0; i < numPermissions; i++)
{
permissionStrings[i] = permissions[i].Name;
}
//Set principal
context.Principal = new GenericPrincipal(new GenericIdentity(userId.ToString()), permissionStrings);
return;
}
catch (InvalidCredentialsException e)
{
context.ErrorResult = new AuthenticationFailureResult(e.Message, req);
return;
}
}
public static async Task <string> GetAccessToken(
string accessTokenUri,
string clientId,
string clientSecret,
int timeout = DEFAULT_GETACCESSTOKEN_TIMEOUT,
bool validateCertificates = DEFAULT_VALIDATE_CERTIFICATES,
ILogger logger = null)
{
if (string.IsNullOrEmpty(accessTokenUri))
{
throw new ArgumentException(nameof(accessTokenUri));
}
if (string.IsNullOrEmpty(clientId))
{
throw new ArgumentException(nameof(accessTokenUri));
}
if (string.IsNullOrEmpty(clientSecret))
{
throw new ArgumentException(nameof(accessTokenUri));
}
var request = new HttpRequestMessage(HttpMethod.Post, accessTokenUri);
HttpClient client = GetHttpClient(validateCertificates, timeout);
// If certificate validation is disabled, inject a callback to handle properly
HttpClientHelper.ConfigureCertificateValidation(validateCertificates, out SecurityProtocolType prevProtocols, out RemoteCertificateValidationCallback prevValidator);
AuthenticationHeaderValue auth = new AuthenticationHeaderValue("Basic", GetEncodedUserPassword(clientId, clientSecret));
request.Headers.Authorization = auth;
request.Content = new FormUrlEncodedContent(new Dictionary <string, string>
{
{ "grant_type", "client_credentials" }
});
try
{
using (client)
{
using (HttpResponseMessage response = await client.SendAsync(request).ConfigureAwait(false))
{
if (response.StatusCode != HttpStatusCode.OK)
{
logger?.LogInformation(
"GetAccessToken returned status: {0} while obtaining access token from: {1}",
response.StatusCode,
accessTokenUri);
return(null);
}
var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
var token = payload.Value <string>("access_token");
return(token);
}
}
}
catch (Exception e)
{
logger?.LogError("GetAccessToken exception: {0} ,obtaining access token from: {1}", e, WebUtility.UrlEncode(accessTokenUri));
}
finally
{
HttpClientHelper.RestoreCertificateValidation(validateCertificates, prevProtocols, prevValidator);
}
return(null);
}
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
HttpRequestMessage request = context.Request;
AuthenticationHeaderValue authorization = request.Headers.Authorization;
if (authorization == null)
{
return;
}
if (authorization.Scheme != "Basic")
{
return;
}
if (string.IsNullOrEmpty(authorization.Parameter))
{
context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request);
return;
}
Tuple <string, string> userNameAndPasword = ExtractUserNameAndPassword(authorization.Parameter);
if (userNameAndPasword == null)
{
context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request);
return;
}
string userName = userNameAndPasword.Item1;
string password = userNameAndPasword.Item2;
IPrincipal principal = null;
if (_checker.Check(userName, password))
{
IUser user = _userStore.GetUserByUsername(userName);
if (user == null)
{
return;
}
GenericIdentity identity = new GenericIdentity(user.Username);
identity.AddClaim(new Claim(ClaimTypes.Name, user.Username));
if (user.Roles != null)
{
foreach (string userRole in user.Roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, userRole));
}
}
principal = new ClaimsPrincipal(identity);
}
if (principal == null)
{
context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request);
return;
}
context.Principal = principal;
}
public static void ChallengeWith(this HttpAuthenticationChallengeContext context, AuthenticationHeaderValue challenge)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
context.Result = new AddChallengeOnUnauthorizedResult(challenge, context.Result);
}
/// <summary>
/// Constructor with all parameters set
/// </summary>
/// <param name="baseUrl"></param>
/// <param name="locale"></param>
/// <param name="collectionIdentifier"></param>
/// <param name="variation"></param>
/// <param name="authenticationHeader"></param>
/// <param name="minutesUntilCollectionRefresh"></param>
/// <param name="pagesMemCacheSize"></param>
/// <param name="archiveDownloads"></param>
public IonConfig(string baseUrl, string locale, string collectionIdentifier, string variation, AuthenticationHeaderValue authenticationHeader, int minutesUntilCollectionRefresh, int pagesMemCacheSize, bool archiveDownloads)
{
this.baseUrl = baseUrl;
this.collectionIdentifier = collectionIdentifier;
this.locale = locale;
this.variation = variation;
this.authenticationHeader = authenticationHeader;
this.minutesUntilCollectionRefresh = minutesUntilCollectionRefresh;
this.pagesMemCacheSize = pagesMemCacheSize;
this.archiveDownloads = archiveDownloads;
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
if (Request.Method != "POST" && Options.HttpPostMethodOnly)
{
if (Options.LogInformation)
{
Logger.LogError("HTTP Method Not Allowed");
}
return(AuthenticateResult.Fail(new CustomAuthException("HTTP Method Not Allowed", AuthenticationError.MethodNotAllowed)));
}
if (!AuthenticationHeaderValue.TryParse(Request.Headers[AuthorizationHeaderName],
out AuthenticationHeaderValue headerValue))
{
return(AuthenticateResult.NoResult());
}
if (!SchemeName.Equals(headerValue.Scheme, StringComparison.OrdinalIgnoreCase))
{
if (Options.LogInformation)
{
Logger.LogError("Not Basic authentication header");
}
return(AuthenticateResult.NoResult());
}
string[] userDetails;
try
{
var headerValueBytes = Convert.FromBase64String(headerValue.Parameter);
var userAndPassword = Options.HeaderEncoding.GetString(headerValueBytes);
userDetails = userAndPassword.Split(':');
}
catch (Exception exception)
{
var msg = $"Invalid Basic authentication header - {exception.Message}";
if (Options.LogInformation)
{
Logger.LogError(msg);
}
return(AuthenticateResult.Fail(msg));
}
if (userDetails.Length != 2)
{
var msg = "Invalid Basic authentication header - missing username or password. ";
if (Options.LogInformation)
{
Logger.LogError(msg);
}
return(AuthenticateResult.Fail(msg));
}
string user = userDetails[0];
string password = userDetails[1];
ValidationResult userValidationResult;
try
{
if (_basicValidationService != null)
{
userValidationResult = await _basicValidationService.ValidateUser(user, password, Options.Realm);
}
else
{
userValidationResult = await Options.ValidateUser(user, password, Options.Realm);
}
if (!userValidationResult.Success && userValidationResult.ErrorCode != 0)
{
return(AuthenticateResult.Fail(new CustomAuthException(userValidationResult.ErrorDescription,
userValidationResult.ErrorCode)));
}
}
catch (Exception ex)
{
var msg = $"Error validating user. Details: {ex.Message}";
if (Options.LogInformation)
{
Logger.LogError(msg);
}
return(AuthenticateResult.Fail(new CustomAuthException(msg, ex, AuthenticationError.OtherError)));
}
if (!userValidationResult.Success)
{
var msg = $"Invalid username or password. Username: {user}";
if (Options.LogInformation)
{
Logger.LogError(msg);
}
return(AuthenticateResult.Fail(new CustomAuthException(msg, AuthenticationError.AuthenticationFailed)));
}
if (Options.LogInformation)
{
Logger.LogWarning($"User authenticated: {user}");
}
var claims = userValidationResult.Claims;
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
/// <summary>
/// Constructor with all parameters except "variation"
/// </summary>
/// <param name="baseUrl"></param>
/// <param name="locale"></param>
/// <param name="collectionIdentifier"></param>
/// <param name="authenticationHeader"></param>
/// <param name="minutesUntilCollectionRefresh"></param>
/// <param name="pagesMemCacheSize"></param>
/// <param name="archiveDownloads"></param>
public IonConfig(string baseUrl, string locale, string collectionIdentifier, AuthenticationHeaderValue authenticationHeader, int minutesUntilCollectionRefresh, int pagesMemCacheSize, bool archiveDownloads)
: this(baseUrl, locale, collectionIdentifier, "default", authenticationHeader, minutesUntilCollectionRefresh, pagesMemCacheSize, archiveDownloads)
{
}
public Web3Quorum(QuorumAccount account, string privateUrl, string url = @"http://localhost:8545/", ILog log = null, AuthenticationHeaderValue authenticationHeader = null) : base(account, url, log, authenticationHeader)
{
((QuorumTransactionManager)TransactionManager).PrivateUrl = privateUrl;
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
string authHeaderValue = Request.Headers.TryGetAndReturn("Authorization").FirstOrDefault();
AuthenticationHeaderValue authHeader = null;
if (!String.IsNullOrEmpty(authHeaderValue) && !AuthenticationHeaderValue.TryParse(authHeaderValue, out authHeader))
{
return(AuthenticateResult.Fail("Unable to parse header"));
}
string scheme = authHeader?.Scheme.ToLower();
string token = null;
if (authHeader != null && (scheme == BearerScheme || scheme == TokenScheme))
{
token = authHeader.Parameter;
}
else if (authHeader != null && scheme == BasicScheme)
{
var authInfo = Request.GetBasicAuth();
if (authInfo != null)
{
if (authInfo.Username.ToLower() == "client")
{
token = authInfo.Password;
}
else if (authInfo.Password.ToLower() == "x-oauth-basic" || String.IsNullOrEmpty(authInfo.Password))
{
token = authInfo.Username;
}
else
{
User user;
try {
user = await _userRepository.GetByEmailAddressAsync(authInfo.Username);
} catch (Exception ex) {
return(AuthenticateResult.Fail(ex));
}
if (user == null || !user.IsActive)
{
return(AuthenticateResult.Fail("User is not valid"));
}
if (String.IsNullOrEmpty(user.Salt))
{
return(AuthenticateResult.Fail("User is not valid"));
}
string encodedPassword = authInfo.Password.ToSaltedHash(user.Salt);
if (!String.Equals(encodedPassword, user.Password))
{
return(AuthenticateResult.Fail("User is not valid"));
}
return(AuthenticateResult.Success(CreateUserAuthenticationTicket(user)));
}
}
}
else
{
token = Request.GetQueryString("access_token");
if (String.IsNullOrEmpty(token))
{
token = Request.GetQueryString("api_key");
}
if (String.IsNullOrEmpty(token))
{
token = Request.GetQueryString("apikey");
}
}
if (String.IsNullOrEmpty(token))
{
return(AuthenticateResult.NoResult());
}
var tokenRecord = await _tokenRepository.GetByIdAsync(token, o => o.Cache());
if (tokenRecord == null)
{
using (Logger.BeginScope(new ExceptionlessState().Property("Headers", Request.Headers)))
Logger.LogWarning("Token {Token} for {Path} not found.", token, Request.Path);
return(AuthenticateResult.Fail("Token is not valid"));
}
if (tokenRecord.ExpiresUtc.HasValue && tokenRecord.ExpiresUtc.Value < Foundatio.Utility.SystemClock.UtcNow)
{
using (Logger.BeginScope(new ExceptionlessState().Property("Headers", Request.Headers)))
Logger.LogWarning("Token {Token} for {Path} expired on {TokenExpiresUtc}.", token, Request.Path, tokenRecord.ExpiresUtc.Value);
return(AuthenticateResult.Fail("Token is not valid"));
}
if (!String.IsNullOrEmpty(tokenRecord.UserId))
{
var user = await _userRepository.GetByIdAsync(tokenRecord.UserId, o => o.Cache());
if (user == null)
{
using (Logger.BeginScope(new ExceptionlessState().Property("Headers", Request.Headers)))
Logger.LogWarning("Could not find user for token {Token} with user {user} for {Path}.", token, tokenRecord.UserId, Request.Path);
return(AuthenticateResult.Fail("Token is not valid"));
}
return(AuthenticateResult.Success(CreateUserAuthenticationTicket(user, tokenRecord)));
}
return(AuthenticateResult.Success(CreateTokenAuthenticationTicket(tokenRecord)));
}
public AddChallengeOnUnauthorizedResult(AuthenticationHeaderValue challenge, IHttpActionResult innerResult)
{
Challenge = challenge;
InnerResult = innerResult;
}
protected internal override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (_preAuthenticate)
{
AuthenticationHelper.TrySetBasicAuthToken(request, _credentials);
}
HttpResponseMessage response = await _innerHandler.SendAsync(request, cancellationToken).ConfigureAwait(false);
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
AuthenticationHeaderValue selectedAuth = GetSupportedAuthScheme(response.Headers.WwwAuthenticate);
if (selectedAuth != null)
{
switch (selectedAuth.Scheme)
{
case AuthenticationHelper.Digest:
// Update digest response with new parameter from WWWAuthenticate
var digestResponse = new AuthenticationHelper.DigestResponse(selectedAuth.Parameter);
if (await AuthenticationHelper.TrySetDigestAuthToken(request, _credentials, digestResponse, HttpKnownHeaderNames.Authorization).ConfigureAwait(false))
{
response.Dispose();
response = await _innerHandler.SendAsync(request, cancellationToken).ConfigureAwait(false);
// Retry in case of nonce timeout in server.
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
foreach (AuthenticationHeaderValue ahv in response.Headers.WwwAuthenticate)
{
if (ahv.Scheme == AuthenticationHelper.Digest)
{
digestResponse = new AuthenticationHelper.DigestResponse(ahv.Parameter);
if (AuthenticationHelper.IsServerNonceStale(digestResponse) &&
await AuthenticationHelper.TrySetDigestAuthToken(request, _credentials, digestResponse, HttpKnownHeaderNames.Authorization).ConfigureAwait(false))
{
response.Dispose();
response = await _innerHandler.SendAsync(request, cancellationToken).ConfigureAwait(false);
}
break;
}
}
}
}
break;
case AuthenticationHelper.Basic:
if (_preAuthenticate)
{
// We already tried these credentials via preauthentication, so no need to try again
break;
}
if (AuthenticationHelper.TrySetBasicAuthToken(request, _credentials))
{
response.Dispose();
response = await _innerHandler.SendAsync(request, cancellationToken).ConfigureAwait(false);
}
break;
}
}
}
return(response);
}
public void TestUpgradeMD5()
{
var store = database.Storage as SqliteCouchStore;
if (store == null)
{
Assert.Inconclusive("This test is only valid for a SQLite based store, since any others will be too new to see this issue");
}
var authorizationHeader = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.UTF8.GetBytes("jim:borden")));
using (var client = new HttpClient()) {
var couchDbUri = String.Format("http://{0}:5984/", GetReplicationServer());
try {
var request = new HttpRequestMessage(HttpMethod.Get, new Uri(couchDbUri));
client.SendAsync(request).Wait();
} catch (Exception) {
Assert.Inconclusive("Apache CouchDB not running");
}
var dbName = "a" + Guid.NewGuid();
var putRequest = new HttpRequestMessage(HttpMethod.Put, new Uri(couchDbUri + dbName));
putRequest.Headers.Authorization = authorizationHeader;
var response = client.SendAsync(putRequest).Result;
Assert.AreEqual(HttpStatusCode.Created, response.StatusCode);
// The API prevents new insertions with MD5 hashes, so we need to insert this bypassing the API
// to simulate a legacy document
var engine = store.StorageEngine;
var docName = "doc" + Convert.ToString(DateTime.UtcNow.MillisecondsSinceEpoch());
var contentVals = new ContentValues();
contentVals["docid"] = docName;
engine.Insert("docs", null, contentVals);
contentVals = new ContentValues();
contentVals["doc_id"] = 1;
contentVals["revid"] = "1-1153b140e4c8674e2e6425c94de860a0";
contentVals["current"] = false;
contentVals["deleted"] = false;
contentVals["no_attachments"] = true;
string json = "{\"foo\":false}";
contentVals["json"] = Encoding.UTF8.GetBytes(json);
engine.Insert("revs", null, contentVals);
contentVals = new ContentValues();
contentVals["doc_id"] = 1;
contentVals["revid"] = "2-bb71ce0da1de19f848177525c4ae5a8b";
contentVals["current"] = false;
contentVals["deleted"] = false;
contentVals["no_attachments"] = false;
contentVals["parent"] = 1;
json = "{\"foo\":false,\"_attachments\":{\"attachment\":{\"content_type\":\"image/png\",\"revpos\":2," +
"\"digest\":\"md5-ks1IBwCXbuY7VWAO9CkEjA==\",\"length\":519173,\"stub\":true}}}";
contentVals["json"] = Encoding.UTF8.GetBytes(json);
engine.Insert("revs", null, contentVals);
contentVals = new ContentValues();
contentVals["doc_id"] = 1;
contentVals["revid"] = "3-a020d6aae370ab5cbc136c477f4e5928";
contentVals["current"] = true;
contentVals["deleted"] = false;
contentVals["no_attachments"] = false;
contentVals["parent"] = 2;
json = "{\"foo\":true,\"_attachments\":{\"attachment\":{\"content_type\":\"image/png\",\"revpos\":2," +
"\"digest\":\"md5-ks1IBwCXbuY7VWAO9CkEjA==\",\"length\":519173,\"stub\":true}}}";
contentVals["json"] = Encoding.UTF8.GetBytes(json);
engine.Insert("revs", null, contentVals);
var attachmentStream = GetAsset("attachment.png");
var fileStream = File.OpenWrite(Path.Combine(database.AttachmentStorePath, "92CD480700976EE63B55600EF429048C.blob"));
attachmentStream.CopyTo(fileStream);
attachmentStream.Dispose();
fileStream.Dispose();
var baseEndpoint = String.Format("http://{0}:5984/{1}/{2}", GetReplicationServer(), dbName, docName);
var endpoint = baseEndpoint;
putRequest = new HttpRequestMessage(HttpMethod.Put, new Uri(endpoint));
putRequest.Headers.Authorization = authorizationHeader;
putRequest.Content = new StringContent("{\"foo\":false}");
putRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
response = client.SendAsync(putRequest).Result;
Assert.AreEqual(HttpStatusCode.Created, response.StatusCode);
attachmentStream = GetAsset("attachment.png");
var baos = new MemoryStream();
attachmentStream.CopyTo(baos);
attachmentStream.Dispose();
endpoint = baseEndpoint + "/attachment?rev=1-1153b140e4c8674e2e6425c94de860a0";
putRequest = new HttpRequestMessage(HttpMethod.Put, new Uri(endpoint));
putRequest.Content = new ByteArrayContent(baos.ToArray());
putRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("image/png");
putRequest.Headers.Authorization = authorizationHeader;
baos.Dispose();
response = client.SendAsync(putRequest).Result;
Assert.AreEqual(HttpStatusCode.Created, response.StatusCode);
endpoint = baseEndpoint + "?rev=2-bb71ce0da1de19f848177525c4ae5a8b";
putRequest = new HttpRequestMessage(HttpMethod.Put, new Uri(endpoint));
putRequest.Content = new StringContent("{\"foo\":true,\"_attachments\":{\"attachment\":{\"content_type\":\"image/png\",\"revpos\":2,\"digest\":\"md5-ks1IBwCXbuY7VWAO9CkEjA==\",\"length\":519173,\"stub\":true}}}");
putRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
putRequest.Headers.Authorization = authorizationHeader;
response = client.SendAsync(putRequest).Result;
Assert.AreEqual(HttpStatusCode.Created, response.StatusCode);
var pull = database.CreatePullReplication(new Uri(couchDbUri + dbName));
pull.Continuous = true;
pull.Start();
endpoint = baseEndpoint + "?rev=3-a020d6aae370ab5cbc136c477f4e5928";
putRequest = new HttpRequestMessage(HttpMethod.Put, new Uri(endpoint));
putRequest.Content = new StringContent("{\"foo\":false,\"_attachments\":{\"attachment\":{\"content_type\":\"image/png\",\"revpos\":2,\"digest\":\"md5-ks1IBwCXbuY7VWAO9CkEjA==\",\"length\":519173,\"stub\":true}}}");
putRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
putRequest.Headers.Authorization = authorizationHeader;
response = client.SendAsync(putRequest).Result;
Assert.AreEqual(HttpStatusCode.Created, response.StatusCode);
Sleep(1000);
while (pull.Status == ReplicationStatus.Active)
{
Sleep(500);
}
var doc = database.GetExistingDocument(docName);
Assert.AreEqual("4-a91f8875144c6162874371c07a08ea17", doc.CurrentRevisionId);
var attachment = doc.CurrentRevision.Attachments.ElementAtOrDefault(0);
Assert.IsNotNull(attachment);
var attachmentsDict = doc.GetProperty("_attachments").AsDictionary <string, object>();
var attachmentDict = attachmentsDict.Get("attachment").AsDictionary <string, object>();
Assert.AreEqual("md5-ks1IBwCXbuY7VWAO9CkEjA==", attachmentDict["digest"]);
var deleteRequest = new HttpRequestMessage(HttpMethod.Delete, baseEndpoint + "/attachment?rev=4-a91f8875144c6162874371c07a08ea17");
deleteRequest.Headers.Authorization = authorizationHeader;
response = client.SendAsync(deleteRequest).Result;
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
attachmentStream = GetAsset("attachment2.png");
baos = new MemoryStream();
attachmentStream.CopyTo(baos);
attachmentStream.Dispose();
endpoint = baseEndpoint + "/attachment?rev=5-4737cb66c6a7ef1b11e872cb6fa4d51a";
putRequest = new HttpRequestMessage(HttpMethod.Put, endpoint);
putRequest.Content = new ByteArrayContent(baos.ToArray());
putRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("image/png");
putRequest.Headers.Authorization = authorizationHeader;
baos.Dispose();
response = client.SendAsync(putRequest).Result;
Assert.AreEqual(HttpStatusCode.Created, response.StatusCode);
Sleep(1000);
while (pull.Status == ReplicationStatus.Active)
{
Sleep(500);
}
doc = database.GetExistingDocument(docName);
Assert.AreEqual("6-e3a7423a9a9de094a0d12d7f3b44634c", doc.CurrentRevisionId);
attachment = doc.CurrentRevision.Attachments.ElementAtOrDefault(0);
Assert.IsNotNull(attachment);
attachmentsDict = doc.GetProperty("_attachments").AsDictionary <string, object>();
attachmentDict = attachmentsDict.Get("attachment").AsDictionary <string, object>();
Assert.AreEqual("sha1-9ijdmMf0mK7c11WQPw7DBQcX5pE=", attachmentDict["digest"]);
deleteRequest = new HttpRequestMessage(HttpMethod.Delete, couchDbUri + dbName);
deleteRequest.Headers.Authorization = authorizationHeader;
response = client.SendAsync(deleteRequest).Result;
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
}
}
public override async Task Invoke(IOwinContext context)
{
var header = context.Request.Headers.Get("Authorization");
if (!string.IsNullOrWhiteSpace(header))
{
var authHeader = AuthenticationHeaderValue.Parse(header);
if ("Basic".Equals(authHeader.Scheme,
StringComparison.OrdinalIgnoreCase))
{
Logger.Debug("performing Basic authentication");
bool exceptionThrown = false;
string[] parameters = { "a", "b" };
App app = null;
try
{
parameters = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter)).Split(':');
var publicKey = parameters[0];
var privateKey = parameters[1];
app = await _dbContext.Apps.FirstOrDefaultAsync(
t => t.ClientId == publicKey && t.ClientSecret == privateKey);
}
catch (Exception exception)
{
Logger.Error(exception.Message);
exceptionThrown = true;
}
if (app != null)
{
if (!app.IsActive)
{
Logger.Debug("Unsuccessful authorization: your account is not active");
context.Response.StatusCode = 403;
//context.Response.Headers.Add("WWW-Authenticate",new []{"Basic realm=\"USP\""});
await
context.Response.WriteAsync(string.Format("Your account status is {0}",
app.IsActive));
}
else
{
var user = await _dbContext.Users.FirstOrDefaultAsync(u => u.UserName == app.Username);
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.Sid, user.Id),
new Claim(ClaimTypes.Email, user.Email),
new Claim(ClaimTypes.MobilePhone, user.PhoneNumber),
new Claim(ClaimTypes.GivenName, user.Fullname),
new Claim(ClaimTypes.SerialNumber,
app.Id.ToString()),
};
var identity = new ClaimsIdentity(claims, "Basic");
context.Request.User = new ClaimsPrincipal(identity);
Logger.Info("successfully authenticated basic auth");
await _nextMiddleware.Invoke(context);
}
}
else if (exceptionThrown)
{
context.Response.StatusCode = 401;
//context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" });
await context.Response.WriteAsync(string.Format("Invalid API credentials"));
}
else
{
Logger.Warn("Invalid API credential {0}", authHeader.Parameter);
context.Response.StatusCode = 401;
// context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" });
await context.Response.WriteAsync(string.Format("Invalid API credentials"));
}
}
else
{
await _nextMiddleware.Invoke(context);
}
}
else
{
if (context.Request.Uri.ToString().ToLower().Contains("ping") || context.Request.Uri.ToString().ToLower().Contains("signalr"))
{
await _nextMiddleware.Invoke(context);
}
else
{
Logger.Info("no authentication header detected...request will be failed!");
context.Response.StatusCode = 401;
//context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" });
await context.Response.WriteAsync(string.Format("no authorization header detected"));
}
}
}
public static bool TryParse (string input, out AuthenticationHeaderValue parsedValue)
{
throw new NotImplementedException ();
}
protected override Task <AuthenticateResult> HandleAuthenticateAsync()
{
//We are expecting a header such as Authorization: <Schema> <key>
//If this is not present, we will return NoResult and move on to the next authentication handler.
if (!Request.Headers.TryGetValue(HeaderNames.Authorization, out StringValues values) ||
!values.Any())
{
return(Task.FromResult(AuthenticateResult.NoResult()));
}
if (!AuthenticationHeaderValue.TryParse(values.First(), out AuthenticationHeaderValue authHeader))
{
return(Task.FromResult(AuthenticateResult.Fail("Invalid authentication header")));
}
if (!string.Equals(authHeader.Scheme, Scheme.Name, StringComparison.OrdinalIgnoreCase))
{
return(Task.FromResult(AuthenticateResult.NoResult()));
}
//The user is passing a base 64-encoded version of the secret
//We will be hash this and compare it to the secret in our configuration.
byte[] secret = new byte[32];
Span <byte> span = new Span <byte>(secret);
if (!Convert.TryFromBase64String(authHeader.Parameter, span, out int bytesWritten) || bytesWritten < 32)
{
return(Task.FromResult(AuthenticateResult.Fail("Invalid Api Key format")));
}
//HACK IOptionsMonitor and similiar do not properly update here even though the underlying
//configuration is updated. We get the value directly from IConfiguration.
var authenticationOptions = new ApiAuthenticationOptions();
IConfiguration configService = Context.RequestServices.GetRequiredService <IConfiguration>();
configService.Bind(ConfigurationKeys.ApiAuthentication, authenticationOptions);
string apiKeyHash = authenticationOptions.ApiKeyHash;
if (apiKeyHash == null)
{
return(Task.FromResult(AuthenticateResult.Fail("Server does not contain Api Key")));
}
if (string.IsNullOrEmpty(authenticationOptions.ApiKeyHashType))
{
return(Task.FromResult(AuthenticateResult.Fail("Missing hash algorithm")));
}
if (DisallowedHashAlgorithms.Contains(authenticationOptions.ApiKeyHashType, StringComparer.OrdinalIgnoreCase))
{
return(Task.FromResult(AuthenticateResult.Fail($"Disallowed hash algorithm {authenticationOptions.ApiKeyHashType}")));
}
using HashAlgorithm algorithm = HashAlgorithm.Create(authenticationOptions.ApiKeyHashType);
if (algorithm == null)
{
return(Task.FromResult(AuthenticateResult.Fail($"Invalid hash algorithm {authenticationOptions.ApiKeyHashType}")));
}
byte[] hashedSecret = algorithm.ComputeHash(secret);
//ApiKeyHash is represented as a hex string. e.g. AABBCCDDEEFF
byte[] apiKeyHashBytes = new byte[apiKeyHash.Length / 2];
for (int i = 0; i < apiKeyHash.Length; i += 2)
{
if (!byte.TryParse(apiKeyHash.AsSpan(i, 2), NumberStyles.HexNumber, provider: NumberFormatInfo.InvariantInfo, result: out byte resultByte))
{
return(Task.FromResult(AuthenticateResult.Fail("Invalid Api Key hash")));
}
apiKeyHashBytes[i / 2] = resultByte;
}
if (hashedSecret.SequenceEqual(apiKeyHashBytes))
{
return(Task.FromResult(AuthenticateResult.Success(
new AuthenticationTicket(
new ClaimsPrincipal(new[] { new ClaimsIdentity(AuthConstants.ApiKeySchema) }),
AuthConstants.ApiKeySchema))));
}
else
{
return(Task.FromResult(AuthenticateResult.Fail("Invalid Api Key")));
}
}
