internal SshService RegisterService(string serviceName, UserAuthArgs auth = null)
{
Contract.Requires(serviceName != null);
SshService service = null;
switch (serviceName)
{
case "ssh-userauth":
if (GetService <UserAuthService>() == null)
{
service = new UserAuthService(this);
}
break;
case "ssh-connection":
if (auth != null && GetService <ConnectionService>() == null)
{
service = new ConnectionService(this, auth);
}
break;
}
if (service != null)
{
ServiceRegistered?.Invoke(this, service);
_services.Add(service);
}
return(service);
}
public async Task <IActionResult> Login([FromBody] UserAuthArgs userAuthArgs)
{
try
{
return(Tools.CreateResult(true, "", await _monicaAuthorizeDataAdapter.LoginAsync(userAuthArgs)));
}
catch (Exception e)
{
if (e is UserMessageException)
{
return(Unauthorized());
}
throw;
}
}
/// <summary>
/// Авторизация пользователя в системе. При успешном входе пользователю будет отправлятся авторизационной ключ
/// </summary>
/// <param name="userAuthArgs">Модель параметров для входа</param>
/// <returns>JWT Token</returns>
public async Task <TokenDto> LoginAsync(UserAuthArgs userAuthArgs)
{
using (var httpClientHandler = new HttpClientHandler())
{
using (var client = new HttpClient(httpClientHandler))
{
httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => false;
var resultTokenResponse = await GetTokenResponse(userAuthArgs, client);
TokenResponse tokenResponse = resultTokenResponse;
return(new TokenDto {
AccessToken = tokenResponse.AccessToken, RefreshToken = tokenResponse.RefreshToken, ExpiresIn = tokenResponse.ExpiresIn
});
}
}
}
static void OnUserAuth(object sender, UserAuthArgs e)
{
switch (e.AuthenticationType)
{
case UserAuthArgs.AuthType.PublicKey:
{
Console.WriteLine($"Client {e.KeyAlgorithm} fingerprint: {e.Fingerprint}.");
break;
}
case UserAuthArgs.AuthType.Password:
{
Console.WriteLine($"Client {e.Username} password: {e.Password}");
break;
}
}
e.Result = true;
}
void OnUserAuth(object sender, UserAuthArgs e)
{
var user = settingsrepo.GetUser(e.Username);
if (user == null)
{
e.Result = false;
return;
}
e.Result = user.VerifyUserIpWhitelisted(e.Session.RemoteEndpoint);
if (!e.Result)
{
_logger.LogInformation("Client {0} IP-banned: {2}", e.Session.RemoteEndpoint);
return;
}
if (e is PKUserAuthArgs)
{
var pk = e as PKUserAuthArgs;
// verify key against user data
e.Result = user.VerifyUserKey(pk.Key, pk.Fingerprint, pk.KeyAlgorithm);
_logger.LogInformation("Client {0} fingerprint: {1}. Successful: {2}", pk.KeyAlgorithm, pk.Fingerprint, e.Result);
}
else if (e is PasswordUserAuthArgs)
{
var pw = e as PasswordUserAuthArgs;
// verify password against user data
e.Result = user.VerifyUserPassword(pw.Password);
//e.Password
_logger.LogInformation("Client {0} password length: {1}. Successful: {2}", pw.Username, pw.Password?.Length, e.Result);
}
}
/// <summary>
/// Возвращает TokenResponse, или описание ошибки
/// </summary>
/// <param name="userAuth">Логин и пароль пользователя</param>
/// <param name="client">HttpClient</param>
/// <returns></returns>
private async Task <TokenResponse> GetTokenResponse(UserAuthArgs userAuth, HttpClient client)
{
var hostIdentityServer4 = _configuration["IdentityServer4:Options:Authority"];
var disco = await client.GetDiscoveryDocumentAsync(new DiscoveryDocumentRequest
{
Address = hostIdentityServer4,
Policy =
{
RequireHttps = false
}
});
if (disco.IsError)
{
throw new UserMessageException(disco.Error);
}
// request token
TokenResponse tokenResponse = await client.RequestPasswordTokenAsync(new PasswordTokenRequest
{
Address = disco.TokenEndpoint,
ClientId = "MonicaCrmClient",
ClientSecret = "secret",
UserName = userAuth.Login,
Password = userAuth.Password,
Scope = "api1 offline_access"
});
if (tokenResponse.IsError)
{
throw new UserMessageException(tokenResponse.Error);
}
return(tokenResponse);
}
