public async Task <IActionResult> login([FromQuery] string username, [FromQuery] string password)
{
Response.Headers.Add("Content-Type", "application/octet-stream");
List <FerrousIdentity> identities = LoadJson <FerrousIdentity>(IDENTITIES_JSON_FILE);
FerrousIdentity id = identities.FirstOrDefault(m => m.username.ToLowerInvariant() == username.ToLowerInvariant());
if (PasswordMatches(id, password))
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, id.username)
};
var claimsIdentity = new ClaimsIdentity(
claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTime.UtcNow.AddDays(4)
};
await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity),
authProperties);
return(NoContent());
}
return(Unauthorized());
}
public static bool hasBuildingAuth(string username, string buildingShortName)
{
if (staticIdentities == null)
{
reloadIdentities();
}
if (username == String.Empty)
{
return(false);
}
FerrousIdentity id = staticIdentities.FirstOrDefault(m => m.username == username);
if (id == null)
{
return(false);
}
if (id.elevation == (int)ElevationLevels.SuperUser)
{
return(true);
}
return(id.locations != null && id.locations.Contains(buildingShortName));
}
public static bool hasPrivilege(string username, ElevationLevels minElevation, PrivilegeList priv = PrivilegeList.NONE)
{
if (staticIdentities == null)
{
reloadIdentities();
}
if (username == String.Empty)
{
return(false);
}
FerrousIdentity id = staticIdentities.FirstOrDefault(m => m.username == username);
if (id == null)
{
return(false);
}
if (id.elevation <= (int)minElevation)
{
return(true);
}
if (priv != PrivilegeList.NONE &&
id.privileges.Contains((int)priv))
{
return(true);
}
return(false);
}
public IActionResult GetUser()
{
if (!User.Identity.IsAuthenticated)
{
return(Unauthorized());
}
List <FerrousIdentity> identities = LoadJson <FerrousIdentity>(IDENTITIES_JSON_FILE);
FerrousIdentity id = identities.FirstOrDefault(m => m.username.ToLower() == User.Identity.Name.ToLower());
id.password = null;
id.salt = null;
return(new JsonResult(id));
}
public IActionResult PostAllUsers([FromBody] List <FerrousIdentity> users, [FromQuery] String password)
{
List <FerrousIdentity> identities = LoadJson <FerrousIdentity>(IDENTITIES_JSON_FILE);
FerrousIdentity id = identities.FirstOrDefault(
m => m.username.ToLowerInvariant() == HttpContext.User.Identity.Name.ToLowerInvariant());
/* Check password */
if (!PasswordMatches(id, password))
{
return(Unauthorized());
}
/* Form new identities json */
foreach (var i in users)
{
if (i.username == null || i.username == String.Empty)
{
return(BadRequest(new { message = "Blank username not allowed" }));
}
if (i.password != null && i.password != HIDDEN_FIELD && i.password != String.Empty)
{
i.salt = Utilities.RandomString(2);
i.password = Misc.Utilities.SHA.GenerateSHA256String(i.salt + i.password);
}
else
{
var cid = identities.FirstOrDefault(m => m.username == i.username);
if (cid != null)
{
i.salt = cid.salt;
i.password = cid.password;
}
else
{
return(BadRequest(new { message = $"Blank password not allowed for new user {i.username}" }));
}
}
}
Utilities.WriteJson(IDENTITIES_JSON_FILE, users);
Authorization.reloadIdentities();
return(NoContent());
}
public static bool PasswordMatches(FerrousIdentity id, String password)
{
return(id != null && id.password == Misc.Utilities.SHA.GenerateSHA256String(id.salt + password));
}
