private bool TryAuthorizeSingleUseAuthToken(RavenBaseApiController controller, string token, out HttpResponseMessage msg)
{
if (controller.WasAlreadyAuthorizedUsingSingleAuthToken)
{
msg = controller.GetEmptyMessage();
return(true);
}
object result;
HttpStatusCode statusCode;
IPrincipal user;
var success = TryAuthorizeSingleUseAuthToken(token, controller.TenantName, out result, out statusCode, out user);
controller.User = user;
if (success == false)
{
msg = controller.GetMessageWithObject(result, statusCode);
}
else
{
msg = controller.GetEmptyMessage();
}
controller.WasAlreadyAuthorizedUsingSingleAuthToken = success;
return(success);
}
private bool TryAuthorizeSingleUseAuthToken(RavenBaseApiController controller, string token, out HttpResponseMessage msg)
{
OneTimeToken value;
if (singleUseAuthTokens.TryRemove(token, out value) == false)
{
msg = controller.GetMessageWithObject(
new
{
Error = "Unknown single use token, maybe it was already used?"
}, HttpStatusCode.Forbidden);
return(false);
}
if (string.Equals(value.DatabaseName, controller.TenantName, StringComparison.InvariantCultureIgnoreCase) == false &&
(value.DatabaseName == "<system>" && controller.TenantName == null) == false)
{
msg = controller.GetMessageWithObject(
new
{
Error = "This single use token cannot be used for this database"
}, HttpStatusCode.Forbidden);
return(false);
}
if ((SystemTime.UtcNow - value.GeneratedAt).TotalMinutes > 2.5)
{
msg = controller.GetMessageWithObject(
new
{
Error = "This single use token has expired"
}, HttpStatusCode.Forbidden);
return(false);
}
if (value.User != null)
{
CurrentOperationContext.Headers.Value[Constants.RavenAuthenticatedUser] = value.User.Identity.Name;
}
CurrentOperationContext.User.Value = value.User;
controller.User = value.User;
msg = controller.GetEmptyMessage();
return(true);
}
private static HttpResponseMessage ProvideDebugAuthInfo(RavenBaseApiController controller, object msg)
{
string debugAuth = controller.GetQueryStringValue("debug-auth");
if (debugAuth == null)
{
return(controller.GetEmptyMessage());
}
bool shouldProvideDebugAuthInformation;
if (bool.TryParse(debugAuth, out shouldProvideDebugAuthInformation) && shouldProvideDebugAuthInformation)
{
return(controller.GetMessageWithObject(msg));
}
return(controller.GetEmptyMessage());
}
private bool TryAuthorizeSingleUseAuthToken(RavenBaseApiController controller, string token, out HttpResponseMessage msg)
{
if (controller.WasAlreadyAuthorizedUsingSingleAuthToken)
{
msg = controller.GetEmptyMessage();
return(true);
}
object result;
HttpStatusCode statusCode;
IPrincipal user;
var resourceName = controller.ResourceName == null ? null : controller.ResourcePrefix + controller.ResourceName;
var success = TryAuthorizeSingleUseAuthToken(token, resourceName, out result, out statusCode, out user);
controller.User = user;
msg = success == false?controller.GetMessageWithObject(result, statusCode) : controller.GetEmptyMessage();
controller.WasAlreadyAuthorizedUsingSingleAuthToken = success;
return(success);
}
private static HttpResponseMessage ProvideDebugAuthInfo(RavenBaseApiController controller, object msg)
{
string debugAuth = controller.GetQueryStringValue("debug-auth");
if (debugAuth == null)
return controller.GetEmptyMessage();
bool shouldProvideDebugAuthInformation;
if (bool.TryParse(debugAuth, out shouldProvideDebugAuthInformation) && shouldProvideDebugAuthInformation)
{
return controller.GetMessageWithObject(msg);
}
return controller.GetEmptyMessage();
}
private bool TryAuthorizeSingleUseAuthToken(RavenBaseApiController controller, string token, out HttpResponseMessage msg)
{
if (controller.WasAlreadyAuthorizedUsingSingleAuthToken)
{
msg = controller.GetEmptyMessage();
return true;
}
object result;
HttpStatusCode statusCode;
IPrincipal user;
var success = TryAuthorizeSingleUseAuthToken(token, controller.TenantName, out result, out statusCode, out user);
controller.User = user;
if (success == false)
msg = controller.GetMessageWithObject(result, statusCode);
else
msg = controller.GetEmptyMessage();
controller.WasAlreadyAuthorizedUsingSingleAuthToken = success;
return success;
}
private bool TryAuthorizeSingleUseAuthToken(RavenBaseApiController controller, string token, out HttpResponseMessage msg)
{
OneTimeToken value;
if (singleUseAuthTokens.TryRemove(token, out value) == false)
{
msg = controller.GetMessageWithObject(
new
{
Error = "Unknown single use token, maybe it was already used?"
}, HttpStatusCode.Forbidden);
return false;
}
if (string.Equals(value.DatabaseName, controller.TenantName, StringComparison.InvariantCultureIgnoreCase) == false &&
(value.DatabaseName == "<system>" && controller.TenantName == null) == false)
{
msg = controller.GetMessageWithObject(
new
{
Error = "This single use token cannot be used for this database"
}, HttpStatusCode.Forbidden);
return false;
}
if ((SystemTime.UtcNow - value.GeneratedAt).TotalMinutes > 2.5)
{
msg = controller.GetMessageWithObject(
new
{
Error = "This single use token has expired"
}, HttpStatusCode.Forbidden);
return false;
}
if (value.User != null)
{
CurrentOperationContext.Headers.Value[Constants.RavenAuthenticatedUser] = value.User.Identity.Name;
}
CurrentOperationContext.User.Value = value.User;
controller.User = value.User;
msg = controller.GetEmptyMessage();
return true;
}
