public IHttpActionResult unlock()
{
if (!IsAdmin())
{
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Unauthorized, Messages.ActionIsUnauthorized)));
}
Durados.Web.Mvc.Controllers.AccountMembershipService accountMembershipService = new Durados.Web.Mvc.Controllers.AccountMembershipService();
string json = System.Web.HttpContext.Current.Server.UrlDecode(Request.Content.ReadAsStringAsync().Result);
if (string.IsNullOrEmpty(json))
{
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.NotFound, Messages.FieldNameIsMissing)));
}
Dictionary <string, object> data = Durados.Web.Mvc.UI.Json.JsonSerializer.Deserialize(json);
if (!data.ContainsKey("username"))
{
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.NotFound, Messages.FieldNameIsMissing)));
}
string username = data["username"].ToString();
bool success = accountMembershipService.UnlockUser(username);
return(Ok(new { success = success }));
}
// public override async Task GrantRefreshToken(
//OAuthGrantRefreshTokenContext context)
// {
// var originalClient = context.Ticket.Properties.Dictionary["as:client_id"];
// var currentClient = context.OwinContext.Get<string>("as:client_id");
// // enforce client binding of refresh token
// if (originalClient != currentClient)
// {
// context.Rejected();
// return;
// }
// // chance to change authentication ticket for refresh token requests
// var newId = new ClaimsIdentity(context.Ticket.Identity);
// newId.AddClaim(new Claim("newClaim", "refreshToken"));
// var newTicket = new Microsoft.Owin.Security.AuthenticationTicket(newId, context.Ticket.Properties);
// context.Validated(newTicket);
// }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
if (System.Web.HttpContext.Current.Request.Form["username"] == null && System.Web.HttpContext.Current.Request.Form["userid"] != null)
{
ValidateById(context);
return;
}
else if (System.Web.HttpContext.Current.Request.Form["username"] == null && System.Web.HttpContext.Current.Request.Form["accessToken"] != null)
{
ValidateByOneTimeAccessToken(context);
return;
}
else if (System.Web.HttpContext.Current.Request.Form["refreshToken"] != null)
{
if (System.Web.HttpContext.Current.Request.Form["username"] == null)
{
throw new DuradosException("username is missing.");
}
if (System.Web.HttpContext.Current.Request.Form[Database.AppName] == null)
{
throw new DuradosException(Database.AppName + " is missing.");
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName))
{
System.Web.HttpContext.Current.Items.Add(Database.AppName, System.Web.HttpContext.Current.Request.Form[Database.AppName]);
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.Username))
{
System.Web.HttpContext.Current.Items.Add(Database.Username, System.Web.HttpContext.Current.Request.Form["username"]);
}
ValidateByRefreshToken(context, System.Web.HttpContext.Current.Request.Form["username"], System.Web.HttpContext.Current.Request.Form[Database.AppName], System.Web.HttpContext.Current.Request.Form["refreshToken"]);
return;
}
string appname = null;
appname = System.Web.HttpContext.Current.Request.Form[Database.AppName];
if (SharedMemorySingeltone.Instance.Contains(appname, Durados.Data.SharedMemoryKey.DebugMode))
{
System.Web.HttpContext.Current.Items[Durados.Workflow.JavaScript.Debug] = true;
}
if (string.IsNullOrEmpty(appname))
{
context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.AppNameNotSupplied);
return;
}
if (!IsAppExists(appname))
{
context.SetError(UserValidationErrorMessages.InvalidGrant, string.Format(UserValidationErrorMessages.AppNameNotExists, appname));
return;
}
System.Collections.Specialized.NameValueCollection form = GetFixedForm();
string username = context.UserName;
try
{
username = form["username"];
}
catch { }
string password = context.Password;
try
{
password = form["password"];
}
catch { }
if (!Durados.Web.Mvc.Maps.IsDevUser(username) && IsAppLocked(appname))
{
context.SetError(UserValidationErrorMessages.InvalidGrant, string.Format(UserValidationErrorMessages.AppLocked, appname));
return;
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName))
{
System.Web.HttpContext.Current.Items.Add(Database.AppName, appname);
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.Username))
{
System.Web.HttpContext.Current.Items.Add(Database.Username, username);
}
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-start", appname, username, null, 3, string.Empty);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-start", appname, username, null, 3, string.Empty);
}
UserValidationError userValidationError = UserValidationError.Valid;
string customError = null;
bool hasCustomValidation = false;
bool customValid = false;
try
{
if (!IsValid(appname, username, password, out userValidationError, out customError, out hasCustomValidation, out customValid))
{
Durados.Web.Mvc.Controllers.AccountMembershipService accountMembershipService = new Durados.Web.Mvc.Controllers.AccountMembershipService();
string message = UserValidationErrorMessages.Unknown;
switch (userValidationError)
{
case UserValidationError.IncorrectUsernameOrPassword:
message = UserValidationErrorMessages.IncorrectUsernameOrPassword;
break;
case UserValidationError.LockedOut:
message = UserValidationErrorMessages.LockedOut;
break;
case UserValidationError.NotApproved:
message = UserValidationErrorMessages.NotApproved;
break;
case UserValidationError.NotRegistered:
message = UserValidationErrorMessages.NotRegistered;
break;
case UserValidationError.UserDoesNotBelongToApp:
message = UserValidationErrorMessages.UserDoesNotBelongToApp;
break;
case UserValidationError.Custom:
if (customError != null)
{
message = customError;
}
else
{
message = UserValidationErrorMessages.Unknown;
}
break;
default:
message = UserValidationErrorMessages.Unknown;
break;
}
context.SetError(UserValidationErrorMessages.InvalidGrant, message);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, message);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-start", appname, username, null, 3, message);
}
return;
}
}
catch (System.Exception exception)
{
context.SetError(UserValidationErrorMessages.InvalidGrant, exception.Message);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 1, exception.Message);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 1, exception.Message);
}
return;
}
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appname);
Durados.Web.Mvc.Controllers.AccountMembershipService account = new Durados.Web.Mvc.Controllers.AccountMembershipService();
if (!hasCustomValidation || !customValid)
{
if (map.Database.SecureLevel == SecureLevel.AllUsers)
{
try
{
if (!(account.AuthenticateUser(map, username, password)))
{
context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.IncorrectUsernameOrPassword);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.IncorrectUsernameOrPassword);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.IncorrectUsernameOrPassword);
}
return;
}
else if (!(account.IsApproved(username)))
{
if (map.HasAuthApp && account.IsApproved(username, map.AuthAppName))
{
userController uc = new userController();
var userRow = map.GetAuthAppMap().Database.GetUserRow(username);
var signUpResults = uc.SignUp(appname, null, null, true, GetFirstName(userRow), username, GetLastName(userRow), password, password, new Dictionary <string, object>());
}
else
{
context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.NotApproved);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.NotApproved);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.NotApproved);
}
return;
}
}
}
catch (System.Exception exception)
{
context.SetError(UserValidationErrorMessages.Unknown, exception.Message);
return;
}
}
}
if (!string.IsNullOrEmpty(map.Database.LogOnUrlAuth) && !new DuradosAuthorizationHelper().ValidateLogOnAuthUrl(map, System.Web.HttpContext.Current.Request.Form))
{
string message = "External authentication failer";
context.SetError(UserValidationErrorMessages.InvalidGrant, message);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, message);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, message);
}
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(Database.Username, username));
identity.AddClaim(new Claim(Database.AppName, appname));
// create metadata to pass on to refresh token provider
//var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary<string, string>
//{
// { "as:client_id", context.ClientId }
//});
//var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props);
//context.Validated(ticket);
context.Validated(identity);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end", appname, username, null, 3, string.Empty);
if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end", appname, username, null, 3, string.Empty);
}
}
private void ValidateByOneTimeAccessToken(OAuthGrantResourceOwnerCredentialsContext context)
{
if (System.Web.HttpContext.Current.Request.Form["accessToken"] == null)
{
context.SetError(UserValidationErrorMessages.MissingAccessToken, UserValidationErrorMessages.MissingAccessToken);
return;
}
string accessToken = System.Web.HttpContext.Current.Request.Form["accessToken"];
string appName = System.Web.HttpContext.Current.Request.Form["appName"];
if (appName == null)
{
context.SetError(UserValidationErrorMessages.AppNameNotSupplied, UserValidationErrorMessages.AppNameNotSupplied);
return;
}
Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appName);
if (map == null || (appName != Durados.Web.Mvc.Maps.DuradosAppName && map == Durados.Web.Mvc.Maps.Instance.DuradosMap))
{
context.SetError(UserValidationErrorMessages.WrongAppName, UserValidationErrorMessages.WrongAppName);
return;
}
string userGuid = Durados.Web.Mvc.UI.Helpers.SecurityHelper.GetUserGuidFromTmpGuid(accessToken);
string username = Durados.Web.Mvc.Maps.Instance.DuradosMap.Database.GetUsernameByGuid(userGuid);
if (username == null)
{
context.SetError(UserValidationErrorMessages.InvalidAccessToken, UserValidationErrorMessages.InvalidAccessToken);
return;
}
Durados.Web.Mvc.Controllers.AccountMembershipService accountMembershipService = new Durados.Web.Mvc.Controllers.AccountMembershipService();
if (map.Database.GetUserRow(username) == null)
{
context.SetError(UserValidationErrorMessages.UserDoesNotBelongToApp, UserValidationErrorMessages.UserDoesNotBelongToApp);
return;
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName))
{
System.Web.HttpContext.Current.Items.Add(Database.AppName, appName);
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.Username))
{
System.Web.HttpContext.Current.Items.Add(Database.Username, username);
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(Database.Username, username));
identity.AddClaim(new Claim(Database.AppName, appName));
if (!System.Web.HttpContext.Current.Items.Contains(Durados.Database.CustomTokenAttrKey))
{
string tokenInfo;
var profile = GetProfileFromSharedMemoryToModulateInAccessToken(accessToken, out tokenInfo);
if (profile != null)
{
if (profile.ContainsKey(AdditionalValues) && profile[AdditionalValues] is IDictionary <string, object> )
{
System.Web.HttpContext.Current.Items.Add(Durados.Database.CustomTokenAttrKey, (IDictionary <string, object>)profile[AdditionalValues]);
}
identity.AddClaim(new Claim(Database.TokenInfo, tokenInfo));
}
}
context.Validated(identity);
Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end", appName, username, null, 3, string.Empty);
}
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (IsBasicAuthorized(actionContext))
{
((apiController)actionContext.ControllerContext.Controller).Init();
return;
}
if (IsServerAuthorized(actionContext))
{
return;
}
if (IsAnonymous(actionContext))
{
return;
}
base.OnAuthorization(actionContext);
ClaimsPrincipal principal = actionContext.Request.GetRequestContext().Principal as ClaimsPrincipal;
var ci = principal.Identity as ClaimsIdentity;
if (!ci.IsAuthenticated)
{
AuthorizationTokenExpiredException authorizationTokenExpiredException = new AuthorizationTokenExpiredException();
actionContext.Response = actionContext.Request.CreateErrorResponse(
HttpStatusCode.Unauthorized,
authorizationTokenExpiredException.Message,
authorizationTokenExpiredException);
return;
}
try
{
var usernameObj = principal.Claims.Where(c => c.Type == Database.Username).Single();
var appnameObj = principal.Claims.Where(c => c.Type == Database.AppName).Single();
var infoObj = principal.Claims.Where(c => c.Type == Database.TokenInfo).SingleOrDefault();
if (usernameObj == null)
{
HandleUnauthorized(actionContext, null, null);
return;
}
if (appnameObj == null)
{
HandleUnauthorized(actionContext, null, null);
return;
}
string username = usernameObj.Value;
string appname = appnameObj.Value;
string appNameFromToken = appnameObj.Value;
bool mainAppFromToken = appNameFromToken == Maps.DuradosAppName;
string appNameInHeader = null;
if (actionContext.Request.Headers.Contains("AppName"))
{
appNameInHeader = actionContext.Request.Headers.GetValues("AppName").FirstOrDefault();
}
else if (actionContext.Request.Headers.Contains("appName"))
{
appNameInHeader = actionContext.Request.Headers.GetValues("appName").FirstOrDefault();
}
else if (actionContext.Request.Headers.Contains("appname"))
{
appNameInHeader = actionContext.Request.Headers.GetValues("appname").FirstOrDefault();
}
Durados.Web.Mvc.Controllers.AccountMembershipService accountMembershipService = new Durados.Web.Mvc.Controllers.AccountMembershipService();
if (appNameInHeader != null)
{
if (appname.ToLower() == Maps.DuradosAppName)
{
appname = appNameInHeader;
}
else
{
if (appname != appNameInHeader)
{
// BackandSSO
if (!IsSso(appname, appNameInHeader))
{
actionContext.Response = actionContext.Request.CreateErrorResponse(
HttpStatusCode.Unauthorized,
string.Format(Durados.Web.Mvc.UI.Helpers.UserValidationErrorMessages.AccessTokenNotAllowedToApp, appNameInHeader));
return;
}
else
{
appname = appNameInHeader;
if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName))
{
System.Web.HttpContext.Current.Items.Add(Database.AppName, appname);
}
else
{
System.Web.HttpContext.Current.Items[Database.AppName] = appname;
}
if (!accountMembershipService.IsApproved(username))
{
try
{
userController uc = new userController();
string provider = GetDomainControllerProvider(appname);
var userRow = (DataRow)GetUserRow(appnameObj.Value, username);
string socialId = GetSocialId(provider, username, appnameObj.Value);
bool hasSocialId = socialId != null;
string password = GetPassword();
System.Web.HttpContext.Current.Items.Add(Database.SignupInProcess, true);
if (hasSocialId)
{
uc.SignUpCommand(appname, username, provider, socialId, GetValues(userRow, username), GetFirstName(userRow), GetLastName(userRow), password, true);
}
else
{
bool hasMembership = Maps.Instance.GetMap(appname).GetMembershipProvider().GetUser(username, false) != null;
if (hasMembership)
{
var signUpResults = uc.SignUp(appname, null, null, true, GetFirstName(userRow), username, GetLastName(userRow), password, password, new Dictionary <string, object>());
}
else
{
actionContext.Response = actionContext.Request.CreateErrorResponse(
HttpStatusCode.Unauthorized,
string.Format(Durados.Web.Mvc.UI.Helpers.UserValidationErrorMessages.AccessTokenNotAllowedToApp, appNameInHeader));
return;
}
}
}
catch (Exception exception)
{
actionContext.Response = actionContext.Request.CreateErrorResponse(
HttpStatusCode.Unauthorized,
exception.Message,
exception);
}
}
string key = appname + "_userRow_" + username;
System.Web.HttpContext.Current.Items.Remove(key);
}
}
}
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.Username))
{
System.Web.HttpContext.Current.Items.Add(Database.Username, username);
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName))
{
System.Web.HttpContext.Current.Items.Add(Database.AppName, appname);
}
else
{
System.Web.HttpContext.Current.Items[Database.AppName] = appname;
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.MainAppFromToken))
{
System.Web.HttpContext.Current.Items.Add(Database.MainAppFromToken, mainAppFromToken);
}
string infoJson = null;
object info = null;
if (infoObj != null)
{
infoJson = infoObj.Value;
var jss = new System.Web.Script.Serialization.JavaScriptSerializer();
info = jss.Deserialize <Dictionary <string, object> >(infoJson);
}
const string ForToken = "forToken";
IDictionary <string, object> tokenInfo = new Dictionary <string, object>();
if (info != null && info is IDictionary <string, object> && ((IDictionary <string, object>)info).ContainsKey(ForToken) && ((IDictionary <string, object>)info)[ForToken] is IDictionary <string, object> )
{
tokenInfo = (IDictionary <string, object>)((IDictionary <string, object>)info)[ForToken];
}
if (!System.Web.HttpContext.Current.Items.Contains(Database.TokenInfo))
{
System.Web.HttpContext.Current.Items.Add(Database.TokenInfo, tokenInfo);
}
try
{
if (SharedMemorySingeltone.Instance.Contains(appname, SharedMemoryKey.DebugMode))
{
System.Web.HttpContext.Current.Items[Durados.Workflow.JavaScript.Debug] = true;
}
}
catch { }
if (!System.Web.HttpContext.Current.Items.Contains(Database.RequestId))
{
System.Web.HttpContext.Current.Items.Add(Database.RequestId, Guid.NewGuid().ToString());
}
//NewRelic.Api.Agent.NewRelic.AddCustomParameter(Durados.Database.RequestId, System.Web.HttpContext.Current.Items[Database.RequestId].ToString());
//if (actionContext.Request.Headers.Contains("AppName"))
//{
try
{
//if (!IsAppReady())
//{
// throw new Durados.DuradosException("App is not ready yet");
//}
//if (!accountMembershipService.ValidateUser(username) || !accountMembershipService.IsApproved(username) || Revoked(appname, GetAuthToken(actionContext)))
if (!accountMembershipService.IsApproved(username) || Revoked(appname, GetAuthToken(actionContext)))
{
HandleUnauthorized(actionContext, appname, username);
return;
}
if (!(Maps.IsDevUser(username) || System.Web.HttpContext.Current.Request.Url.Segments.Contains("general/")) && (new Durados.Web.Mvc.UI.Helpers.DuradosAuthorizationHelper().IsAppLocked(appname) || IsAdminLocked(appname, appNameFromToken, username)))
{
actionContext.Response = actionContext.Request.CreateErrorResponse(
HttpStatusCode.Unauthorized,
string.Format(Durados.Web.Mvc.UI.Helpers.UserValidationErrorMessages.AppLocked, appname));
return;
}
}
catch (Durados.Web.Mvc.UI.Helpers.AppNotReadyException exception)
{
actionContext.Response = actionContext.Request.CreateResponse(
HttpStatusCode.NoContent,
exception.Message);
return;
}
catch (Exception exception)
{
actionContext.Response = actionContext.Request.CreateErrorResponse(
HttpStatusCode.InternalServerError,
string.Format(Messages.Unexpected, exception.Message));
try
{
Maps.Instance.DuradosMap.Logger.Log(actionContext.ControllerContext.Controller.GetType().Name, actionContext.Request.RequestUri.ToString(), "BackAndAuthorizeAttribute", exception, 1, "authorization failure");
}
catch { }
try
{
if (Maps.Instance.AppInCach(appname))
{
Durados.Web.Mvc.UI.Helpers.RestHelper.Refresh(appname);
}
}
catch { }
return;
}
//}
if (_allowedRoles == "Admin")
{
string userRole = Maps.Instance.GetMap(appname).Database.GetUserRole();
if (!(userRole == "Admin" || userRole == "Developer"))
{
actionContext.ActionArguments.Add(Database.backand_serverAuthorizationAttempt, true);
actionContext.ActionArguments.Add(UserRoleNotSufficient, true);
HandleUnauthorized(actionContext, appname, username);
return;
}
}
if (_allowedRoles == "Developer")
{
string userRole = Maps.Instance.GetMap(appname).Database.GetUserRole();
if (userRole != "Developer")
{
actionContext.ActionArguments.Add(Database.backand_serverAuthorizationAttempt, true);
actionContext.ActionArguments.Add(UserRoleNotSufficient, true);
HandleUnauthorized(actionContext, appname, username);
return;
}
}
try
{
string message = null;
if (!mainAppFromToken && IsCustomDeny(appname, username, out message))
{
HandleUnauthorized(actionContext, appname, username, message);
return;
}
}
catch (Exception exception)
{
HandleUnauthorized(actionContext, appname, username, "Unexpected error: " + exception.Message);
return;
}
((apiController)actionContext.ControllerContext.Controller).Init();
}
catch
{
HandleUnauthorized(actionContext, null, null);
return;
}
}
