Beispiel #1
0
        public object Post(LoginRequestWithCredentials LoginDetails)
        {
            Uri referrerURI = Request.GetReferrerURI();
            Uri current     = new Uri(Request.AbsoluteUri);

            string userPassword = LoginDetails.password;

            //unset the password so we can use the LoginDetails in the resulting display if there is an error
            LoginDetails.password = null;

            Request.Items.Add("Model", LoginDetails);

            //CRSF protection
            if (!referrerURI.SchemeHostPathMatch(current))
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", LoginDetails);
            }


            if (string.IsNullOrWhiteSpace(LoginDetails.username) || string.IsNullOrWhiteSpace(userPassword))
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Missing Username or Password", LoginDetails);
            }


            OAuth2.DataModels.ResourceOwner owner = null;

            List <SWGEmuAPI.Model.Account.AccountResponse> accounts = AccountModel.GetAccount(LoginDetails.username, userPassword);


            if (accounts == null || accounts.Count == 0)
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Username or Password", LoginDetails);
            }

            try
            {
                owner = ResourceOwnerModel.CreateOrUpdateFromAccountModel(accounts.FirstOrDefault());
            }
            catch (System.Data.Common.DbException dbex)
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error Storing Resource Owner Details", LoginDetails, null, dbex);
            }

            Session.Set <OAuth2.DataModels.ResourceOwner>("AuthResourceOwner", owner);

            Uri  redirectURI = null;
            bool valid       = Uri.TryCreate(LoginDetails.redirect, UriKind.RelativeOrAbsolute, out redirectURI);

            if (!valid || (redirectURI.IsAbsoluteUri && current.Host != redirectURI.Host))
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", LoginDetails);
            }

            return(new HttpResult(LoginDetails)
            {
                StatusCode = System.Net.HttpStatusCode.Redirect,
                Headers = { { HttpHeaders.Location, LoginDetails.redirect } },
            });
        }
Beispiel #2
0
        }                                                                         //injected by IOC


        public T Authorize <T>(DataModels.ITokenRequest Request, OAuth2.DataModels.Client Client = null)
            where T : DataModels.Token, new()
        {
            var accounts = AccountModel.GetAccount(Request.username, Request.password);

            if (accounts == null || accounts.Count == 0)
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid username or password", Request);
            }

            DataModels.ResourceOwner owner = new DataModels.ResourceOwner()
            {
                id         = accounts[0].username,
                time       = DateTime.UtcNow.Millisecond,
                attributes = accounts[0].ToDictonary(),
            };

            ResourceOwnerModel.CreateOrUpdate(owner);
            T token =
                TokenModel.InsertToken <T>(
                    TokenHelper.CreateAccessToken(),
                    DataModels.TokenTypes.bearer,
                    3600,
                    DateTime.UtcNow.GetTotalSeconds(),
                    Client,
                    TokenHelper.IntersectScopes(Request.scope, Client.allowed_scope),
                    owner);

            if (token == null)
            {
                throw new OAuth2.DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Unable to store access token");
            }

            return(token);
        }
Beispiel #3
0
        public object Get(ApprovalRequest ApprovalRequest)
        {
            Uri          redirectURI = null;
            Uri          current     = new Uri(Request.AbsoluteUri);
            ApprovalData data        = new ApprovalData();

            if (!Uri.TryCreate(ApprovalRequest.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host))
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data);
            }

            data.Redirect = ApprovalRequest.redirect;

            DataModels.ResourceOwner user = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
            if (user == null)
            {
                UriBuilder bldr = new UriBuilder(Request.GetApplicationUrl());
                bldr.Path += "/auth/login";
                bldr.Query = "redirect=" + Request.AbsoluteUri.UrlEncode();

                return(new HttpResult(data)
                {
                    Headers = { { "Location", bldr.ToString() } },
                    StatusCode = System.Net.HttpStatusCode.Redirect,
                });
            }
            data.User = user;

            DataModels.Client client = ClientModel.GetClientByID(ApprovalRequest.client_id);
            if (client == null)
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data);
            }

            if (!string.IsNullOrWhiteSpace(client.owned_by))
            {
                data.Owner = ResourceOwnerModel.GetByID(client.owned_by);
            }
            data.Client = client;

            string[] scopes = ApprovalRequest.scope == null ? new string[] {} : ApprovalRequest.scope.Split(new char[] { ' ', ';', ',' }, StringSplitOptions.RemoveEmptyEntries);
            List <DataModels.Scope> scopeDetails = ScopeModel.GetScopeDetails(scopes).ToList();

            if (scopeDetails.Count != scopes.Length)
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_scope, "Invalid Scope(s) requested", data);
            }

            data.RequestedScopes = scopeDetails;

            return((IApprovalData)data);
        }
Beispiel #4
0
        public object Post(ApprovalResponse ApprovalResponse)
        {
            ApprovalData data = new ApprovalData();

            data.User = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
            Request.Items.Add("Model", data);
            data.Redirect = ApprovalResponse.redirect;

            Uri referrerURI = Request.GetReferrerURI();
            Uri current     = new Uri(Request.AbsoluteUri);

            //CRSF protection
            if (!referrerURI.SchemeHostPathMatch(current))
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", ApprovalResponse);
            }

            Uri redirectURI = null;

            if (!Uri.TryCreate(ApprovalResponse.redirect, UriKind.RelativeOrAbsolute, out redirectURI) ||
                (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host))
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data);
            }

            data.Redirect = redirectURI.ToString();

            DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
            if (owner == null)
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.access_denied, "Not Authenticated", data);
            }

            data.Owner = owner;

            DataModels.Client client = ClientModel.GetClientByID(ApprovalResponse.client_id);
            if (client == null)
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data);
            }

            data.Client = client;

            List <DataModels.Scope> scopes = ScopeModel.GetScopeDetails(ApprovalResponse.approved_scopes).ToList();

            string scope = "";

            if (scopes != null)
            {
                scopes.ForEach((cur) => scope += cur.scope_name + " ");
            }

            data.RequestedScopes = scopes;

            DataModels.Approval approval = new DataModels.Approval()
            {
                client_id         = client.id,
                resource_owner_id = owner.id,
                type  = DataModels.ApprovalTypes.user_granted,
                scope = scope,
            };


            if (!ApprovalModel.AddOrUpdateApproval(approval))
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error storing approval", data);
            }

            return(new HttpResult(data)
            {
                StatusCode = System.Net.HttpStatusCode.Redirect,
                Location = ApprovalResponse.redirect
            });
        }