private void GetAuthCookie()
{
if (Request.Cookies != null)
{
var httpCookie = Request.Cookies["token"];
if (httpCookie != null)
{
try
{
token = new TradelrSecurityToken(httpCookie.Value);
}
catch (Exception ex)
{
// expired, clear cookie
ClearAuthCookie();
ClearOldCookie();
}
}
}
}
protected void SetAuthCookie(user usr, bool rememberme)
{
DateTime expires;
if (rememberme)
{
expires = DateTime.UtcNow.AddSeconds(COOKIE_LIFETIME);
}
else
{
expires = DateTime.UtcNow.AddSeconds(COOKIE_LIFETIME_MIN);
}
///// handle permissions
if (usr.permissions.HasValue)
{
permission = (UserPermission)usr.permissions.Value;
}
else
{
permission = ((UserRole)usr.role).HasFlag(UserRole.CREATOR) ? UserPermission.ADMIN : UserPermission.USER;
}
token = new TradelrSecurityToken(usr.id.ToString(), usr.role.ToString(), permission.ToInt().ToString(), expires);
Response.Cookies["token"].Value = token.Serialize();
Response.Cookies["token"].Expires = expires;
Response.Cookies["token"].HttpOnly = true;
#if SUPPORT_HTTPS
Response.Cookies["token"].Secure = true;
#endif
// can't log out if the following is set
//Response.Cookies["token"].Domain = accountHostname;
// update last login
usr.lastLogin = DateTime.UtcNow;
repository.Save();
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
accountHostname = Request.Headers["Host"];
#if DEBUG
if (accountHostname == "local")
{
filterContext.Result = new RedirectResult(GeneralConstants.HTTP_HOST + Request.Url.PathAndQuery);
return;
}
#else
if (accountHostname == null || accountHostname == "tradelr.com" || accountHostname == "98.126.29.28")
{
filterContext.Result = new RedirectResult(GeneralConstants.HTTP_HOST + Request.Url.PathAndQuery);
return;
}
#endif
////////////////////// subdomain check ///////////////////////////////
#if DEBUG
if (accountHostname.EndsWith("localhost"))
#else
if (accountHostname.EndsWith("tradelr.com"))
#endif
{
////////////// handles case for subdomains
string[] host = accountHostname.Split('.');
string hostSegment = "";
// not on a subdomain
if (!Utility.IsOnSubdomain(host, out hostSegment))
{
return;
}
MASTERdomain = db.GetSubDomain(hostSegment);
// ensure that incoming host name matches x.tradelr.com.
// this is to handle www.x.tradelr.com returning www.tradelr.com
if (MASTERdomain != null)
{
#if DEBUG
var validHost = string.Format("{0}.localhost", hostSegment);
#else
var validHost = string.Format("{0}.tradelr.com", hostSegment);
#endif
if (validHost != accountHostname)
{
filterContext.Result = new RedirectResult(string.Format("{0}://{1}", Request.Url.Scheme, validHost));
return;
}
}
}
else
{
////////////////// handles case for custom subdomains
MASTERdomain = db.GetCustomHostname(accountHostname);
}
if (MASTERdomain == null)
{
// subdomain does not exist
filterContext.RequestContext.HttpContext.Response.StatusCode = HttpStatusCode.NotFound.ToInt();
filterContext.Result = new RedirectResult(GeneralConstants.HTTP_HOST);
return;
}
/////////// SUBDOMAIN EXISTS
accountLimits = MASTERdomain.accountType.ToEnum<AccountPlanType>().ToAccountLimit();
accountSubdomainName = MASTERdomain.name;
subdomainid = MASTERdomain.id;
stats = MASTERdomain.ToSubdomainStats();
IsStoreEnabled = MASTERdomain.IsStoreEnabled();
baseviewmodel.storeEnabled = IsStoreEnabled;
subdomainFlags = (SubdomainFlags) MASTERdomain.flags;
if ((MASTERdomain.flags & (int)SubdomainFlags.OFFLINE_ENABLED) != 0)
{
var browsertype = Request.Browser.Type.ToLower();
if (browsertype.Contains("safari") || browsertype.Contains("chrome"))
{
baseviewmodel.manifestFile = "manifest=\"/manifest\"";
}
}
baseviewmodel.orgName = MASTERdomain.organisation.name;
baseviewmodel.shopUrl = accountHostname;
/////////////////////// session check ///////////////////////////////
token = Request.RequestContext.HttpContext.Items["token"] as TradelrSecurityToken;
if (token == null)
{
GetAuthCookie();
}
if (token != null)
{
Request.RequestContext.HttpContext.Items["token"] = token;
sessionid = token.UserID;
var usr = db.GetUserById(sessionid.Value, subdomainid.Value);
if (usr != null)
{
baseviewmodel.notifications = usr.ToNotification(MASTERdomain.trialExpired).ToJson();
}
role = token.UserRole.ToEnum<UserRole>();
baseviewmodel.role = role;
permission = token.Permission.ToEnum<UserPermission>();
baseviewmodel.permission = permission;
}
base.OnActionExecuting(filterContext);
}
