/// <summary>
/// Creates a User Auth Token
/// </summary>
public string CreateUserAuthToken(string emailAddress)
{
var userId = this.Repository.GetSet <User>()
.Where(x => x.EmailAddress == emailAddress)
.Select(x => x.UserId)
.Cast <int?>()
.FirstOrDefault();
if (userId == null)
{
return(null);
}
// Random Characters (3 Guids with no dashes)
// TODO: User true Random generator here
var token = string.Concat(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString()).Replace("-", "");
var userAuthToken = new UserAuthToken
{
UserId = userId.Value,
AuthToken = token,
ExpiryDate = DateTime.Now.AddHours(8)
};
this.Repository.Add(userAuthToken);
return(token);
}
static public Membership.UserAuthenticateResults Login(string Email, string Password, bool GenerateRememberMeCookie)
{
Int64 UserId;
Membership.UserAuthenticateResults results = Membership.AuthenticateUser(Email, Password, out UserId);
if (results != Membership.UserAuthenticateResults.Success)
{
return(results);
}
UserAuthToken token = AuthTokens.GenerateAuthTokenForUserId(UserId, GenerateRememberMeCookie ? AuthTokenTimeSpan : 0);
if (token == null)
{
return(Membership.UserAuthenticateResults.LoginError);
}
if (GenerateRememberMeCookie)
{
HttpCookie cookie = new HttpCookie(@"auth-token", TeaEncryptor.Encrypt(token.Secret.ToString(@"N") + @":" + token.Key, RememberMeCookieEncryptionKey));
cookie.Expires = token.Expiry;
HttpContext.Current.Response.Cookies.Add(cookie);
}
HttpContext.Current.Session[@"Authenticated"] = true;
HttpContext.Current.Session[@"AuthTokenId"] = token.UserAuthTokenId;
HttpContext.Current.Session[@"UserId"] = UserId;
HttpContext.Current.Session[@"LangCode"] = dg.Sql.Query.New <UserProfile>().Select(UserProfile.Columns.DefaultLangCode).Where(UserProfile.Columns.UserId, UserId).ExecuteScalar() as string;
return(results);
}
/// <summary>
/// Retrieve the user name from the given auth token.
/// </summary>
/// <remarks>
/// Extract the User's Name from a valid auth token. If the auth token has expired or
/// can't be decrypted for some reason, then NULL is returned.
/// </remarks>
/// <param name="auth">The authentication token to exract the user name from.</param>
public static string GetUserNameFromAuthToken(string auth)
{
// If this has expired, this operation will return NULL.
UserAuthToken CurrentToken = null;
try { CurrentToken = UserAuthToken.FromAuthTokenKey(auth); }
catch (Exception ex) { ex.Log(); }
return((CurrentToken != null) ? CurrentToken.UserName : null);
}
public ActionResult Index()
{
if (User.Identity.IsAuthenticated)
{
User userID = new User();
userID = db.Users.FirstOrDefault(u => u.Username == User.Identity.Name);
UserAuthToken uat = new UserAuthToken();
uat = db.UserAuthTokens.First(u => u.UserID == userID.UserID);
ViewBag.uat = uat.AuthToken;
}
return(View());
}
public static UserAuthToken LoginByAuthToken(string auth, TimeSpan ttl)
{
// If this has expired, this operation will return NULL.
UserAuthToken CurrentToken = null;
try { CurrentToken = UserAuthToken.FromAuthTokenKey(auth); }
catch (Exception ex) { ex.Log(); }
if (CurrentToken != null)
{
return(LoginUsingAD(CurrentToken.UserName, CurrentToken.Password, ttl));
}
return(null);
}
/// <summary>
/// Envía la solicitud al servicio Aspen.
/// </summary>
/// <param name="request">Información de la solicitud.</param>
/// <param name="apiVersion">Número de versión del API para incluir en la cabecera.</param>
/// <exception cref="AspenException">Se presentó un error al procesar la solicitud. La excepción contiene los detalles del error.</exception>
private void Execute(IRestRequest request, string apiVersion = null)
{
UserAuthToken userAuthToken = (UserAuthToken)this.AuthToken;
ServiceLocator.Instance.HeadersManager.AddApiKeyHeader(request, this.AppIdentity.ApiKey);
ServiceLocator.Instance.HeadersManager.AddSignedPayloadHeader(
request,
this.JwtEncoder,
this.AppIdentity.ApiSecret,
userAuthToken.Token,
userAuthToken.Username);
ServiceLocator.Instance.HeadersManager.AddApiVersionHeader(request, apiVersion);
base.Execute(request);
}
public static string GetUserName(string auth)
{
// If this has expired, this operation will return "".
UserAuthToken CurrentToken = null;
try { CurrentToken = UserAuthToken.FromAuthTokenKey(auth); }
catch (Exception ex) { ex.Log(); }
if (CurrentToken != null)
{
// Else we're going to use Windows Domain Auth.
return(CurrentToken.UserName);
}
return("");
}
public void PostFromPlugin(string url, string authtoken, string comment)
{
if (url.Length > 0)
{
Bookmark bookmark = new Bookmark();
bookmark.URL = url;
UserAuthToken uat = new UserAuthToken();
uat = db.UserAuthTokens.FirstOrDefault(u => u.AuthToken == authtoken);
bookmark.UserID = uat.UserID;
bookmark.Comment = comment;
db.Bookmarks.Add(bookmark);
db.SaveChanges();
}
}
public void NotFoundValidTokenWhenUserSignedRequestThrows()
{
IDelegatedApp client = this.GetDelegatedClient();
UserAuthToken authToken = client.AuthToken as UserAuthToken;
Assert.That(authToken, Is.Not.Null);
IAppIdentity appIdentity = DelegatedAppIdentity.Master;
IUserIdentity userIdentity = RecognizedUserIdentity.Master;
TestContext.CurrentContext.DatabaseHelper().RemoveUserAuthToken(appIdentity.ApiKey, userIdentity.DocType, userIdentity.DocNumber, authToken.DeviceId);
AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes());
Assert.That(exception.EventId, Is.EqualTo("15847"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("No hay un token de autenticación vigente", exception.Message);
}
/// <summary>
/// Envía la solicitud al servicio Aspen.
/// </summary>
/// <typeparam name="TResponse">Tipo al que se convierte la respuesta del servicio Aspen.</typeparam>
/// <param name="request">Información de la solicitud.</param>
/// <param name="apiVersion">Número de versión del API para incluir en la cabecera.</param>
/// <returns>Instancia de <typeparamref name="TResponse"/> con la información de respuesta del servicio Aspen.</returns>
/// <exception cref="AspenException">Se presentó un error al procesar la solicitud. La excepción contiene los detalles del error.</exception>
private TResponse Execute <TResponse>(IRestRequest request, string apiVersion = null) where TResponse : class, new()
{
UserAuthToken userAuthToken = (UserAuthToken)this.AuthToken;
ServiceLocator.Instance.HeadersManager.AddApiKeyHeader(request, this.AppIdentity.ApiKey);
ServiceLocator.Instance.HeadersManager.AddSignedPayloadHeader(
request,
this.JwtEncoder,
this.AppIdentity.ApiSecret,
userAuthToken.Token,
userAuthToken.Username);
ServiceLocator.Instance.HeadersManager.AddApiVersionHeader(request, apiVersion);
IRestResponse response = base.Execute(request);
return(response.StatusCode == HttpStatusCode.NoContent
? default
: JsonConvert.DeserializeObject <TResponse>(response.Content));
}
static public bool ValidateAuthToken(string Secret, string Key, out Int64 UserId, out Int64 AuthTokenId)
{
try
{
Query qry = new Query(UserAuthToken.TableSchema).Where(UserAuthToken.Columns.Secret, Secret).AND(UserAuthToken.Columns.Key, Key);
UserAuthTokenCollection coll = UserAuthTokenCollection.FetchByQuery(qry);
if (coll.Count == 1)
{
UserAuthToken token = coll[0];
if (token.Expiry < DateTime.UtcNow || token.Key != EncodeKey(token.UserId, AuthTokenKeySalt_UserId))
{
UserAuthToken.Delete(token.UserAuthTokenId);
UserId = 0;
AuthTokenId = 0;
return(false);
}
else
{
UserId = token.UserId;
AuthTokenId = token.UserAuthTokenId;
DateTime newExpiry = DateTime.UtcNow.AddHours(AuthTokenLifeSpan_UserId);
if (newExpiry > token.Expiry)
{
token.Expiry = newExpiry;
}
token.Save();
return(true);
}
}
else
{
UserId = 0;
AuthTokenId = 0;
return(false);
}
}
catch
{
UserId = 0;
AuthTokenId = 0;
return(false);
}
}
public void TokenProvidedExpiredWhenUserSignedRequestThrows()
{
IDelegatedApp client = this.GetDelegatedClient();
UserAuthToken authToken = client.AuthToken as UserAuthToken;
Assert.That(authToken, Is.Not.Null);
Assert.That(authToken.DeviceId, Is.Not.Empty);
Assert.That(authToken.Expired, Is.False);
IAppIdentity appIdentity = DelegatedAppIdentity.Master;
IUserIdentity userIdentity = RecognizedUserIdentity.Master;
TestContext.CurrentContext.DatabaseHelper().EnsureExpireUserAuthToken(appIdentity.ApiKey, userIdentity.DocType, userIdentity.DocNumber, authToken.DeviceId);
AspenException exception = Assert.Throws <AspenException>(() => client.Settings.GetDocTypes());
Assert.That(exception.EventId, Is.EqualTo("15848"));
Assert.That(exception.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
StringAssert.IsMatch("El token de autenticación proporcionado ya venció", exception.Message);
}
static public bool IsAuthenticated()
{
if (HttpContext.Current.Session[@"Authenticated"] != null && (bool)HttpContext.Current.Session[@"Authenticated"])
{
return(!(IsLockOrDelete()));
}
else
{
HttpCookie cookie = HttpContext.Current.Request.Cookies[@"auth-token"];
if (cookie != null)
{
string[] auth = TeaEncryptor.Decrypt(cookie.Value, RememberMeCookieEncryptionKey).Split(':');
if (auth.Length == 2)
{
Int64 UserId;
Int64 AuthTokenId;
if (AuthTokens.ValidateAuthToken(auth[0], auth[1], out UserId, out AuthTokenId))
{
Membership.UserAuthenticateResults results = Membership.UserLoggedInAction(UserId);
if (results == Membership.UserAuthenticateResults.Success)
{
HttpContext.Current.Session[@"Authenticated"] = true;
HttpContext.Current.Session[@"AuthTokenId"] = AuthTokenId;
HttpContext.Current.Session[@"UserId"] = UserId;
HttpContext.Current.Session[@"LangCode"] = dg.Sql.Query.New <UserProfile>().Select(UserProfile.Columns.DefaultLangCode).Where(UserProfile.Columns.UserId, UserId).ExecuteScalar() as string;
return(true);
}
else
{
UserAuthToken.Delete(AuthTokenId);
HttpContext.Current.Response.Cookies.Set(new HttpCookie(@"auth-token", @""));
}
}
else
{
HttpContext.Current.Response.Cookies.Set(new HttpCookie(@"auth-token", @""));
}
}
}
}
return(false);
}
public static UserAuthToken CheckAuthToken(string auth)
{
const string LOG_TITLE = "CheckAuthToken";
UserAuthToken TR = null;
try { TR = UserAuthToken.FromAuthTokenKey(auth); }
catch (Exception ex) { ex.Log(LogSeverity.Warning); }
if (TR != null)
{
// Else we're going to use Windows Domain Auth.
if (LoginUsingAD(TR.UserName, TR.Password, TimeSpan.Zero) != null)
{
var AI = EXSLogger.CreateAdditionalItemList("UserName", TR.UserName);
AI["ExpDateUTC"] = TR.ExpiresUTC.ToString();
EXSLogger.Log("Auth Token Valid", LOG_TITLE, LogSeverity.Verbose, AI);
return(TR);
}
}
EXSLogger.Log("Auth Token is invalid", LOG_TITLE, LogSeverity.Warning);
return(null);
}
static public UserAuthToken GenerateAuthTokenForUserId(Int64 UserId, int LifeTimeInHours)
{
int tries = 3;
UserAuthToken token = new UserAuthToken();
token.UserId = UserId;
token.CreatedOn = DateTime.UtcNow;
token.Expiry = token.CreatedOn.AddHours(LifeTimeInHours > 0 ? LifeTimeInHours : AuthTokenLifeSpan_UserId);
token.Key = EncodeKey(UserId, AuthTokenKeySalt_UserId);
while (tries > 0)
{
try
{
token.Secret = Guid.NewGuid();
token.Save();
return(token);
}
catch (System.Data.Common.DbException)
{
tries--;
}
}
return(null);
}
//public ActionResult Create([Bind(Include = "UserID,Username,Password,Salt,Email,IsEmailVerified,IsActive")] User user)
public ActionResult Create([Bind(Include = "Username,Password,ConfirmPassword, Email")] UserCreateViewModel userVM)
{
if (db.Users.Any(u => u.Email == userVM.Email))
{
ModelState.AddModelError("Email", "Email in use");
}
if (db.Users.Any(u => u.Username == userVM.Username))
{
ModelState.AddModelError("Username", "Username in use");
}
//UserID,Salt,IsEmailVerified,IsActive;
if (ModelState.IsValid)
{
User user = new User();
user.Username = userVM.Username;
//user.Password = userVM.Password;
user.Email = userVM.Email;
//user.Salt = BCryptHelper.GenerateSalt();
string pwdToHash = userVM.Password + "*)&h9";
user.Password = BCryptHelper.HashPassword(pwdToHash, BCryptHelper.GenerateSalt());
//db.Users.Add(user);
//db.SaveChanges();
//try
//{
// db.SaveChanges();
//}
//catch (DbUpdateException e)
//{
// //if(e.InnerException.ToString().Contains("Cannot insert duplicate key row in object 'redxadmin.Users' with unique index 'IX_Email'"))
// if(db.Users.Any(u => u.Email == userVM.Email))
// {
// ModelState.AddModelError("Email", "Email in use");
// }
// //if (e.InnerException.ToString().Contains("Cannot insert duplicate key row in object 'redxadmin.Users' with unique index 'IX_Username'"))
// if(db.Users.Any(u => u.Username == userVM.Username))
// {
// ModelState.AddModelError("Username", "Username in use");
// }
// return View(userVM);
//}
FormsAuthentication.SetAuthCookie(userVM.Username, false);
//MailMessage mMsg = new MailMessage("*****@*****.**", user.Email);
//mMsg.Subject = "Account created";
//mMsg.Body = "An account with username " + user.Username + " has been created on bookmarky.redx.rocks";
//SmtpClient smtpClient = new SmtpClient();
//smtpClient.Send(mMsg);
//smtpClient.Dispose();
db.Users.Add(user);
db.SaveChanges();
UserAuthToken uat = new UserAuthToken();
uat.UserID = user.UserID;
uat.AuthToken = BCryptHelper.GenerateSalt();
uat.ExpireDate = DateTime.Now;
db.UserAuthTokens.Add(uat);
db.SaveChanges();
return(RedirectToAction("Index", "Home"));
}
return(View(userVM));
}
static public string AccessToken(UserAuthToken authToken)
{
return(AccessToken(authToken.Secret.ToString(), authToken.Key));
}
public void DeletSecuirtyToken(UserAuthToken userSecurityToken)
{
_userSecuirtyToken.Remove(userSecurityToken);
}
public void AddSecuirtyToken(UserAuthToken userSecurityToken)
{
_userSecuirtyToken.Add(userSecurityToken);
}
private static UserAuthToken LoginUsingAD(string userName, string password, TimeSpan ttl)
{
const string LOG_TITLE = "LoginUsingAD";
string CacheKey = "RTS.Service.Business.AuthController.LoginUsingAD:UserAuthToken:" + userName + ":" + password;
var AI = EXSLogger.CreateAdditionalItemList("UserName", userName);
//AI["UserName"] = userName;
AI["Password"] = string.IsNullOrEmpty(password) ? "" :
password.Length < 2 ? "*" :
password.Substring(0, 1) + "**********" + password.Substring(password.Length - 1, 1);
AI["TimeToLive"] = ttl;
// Look in the cache first. The process of going into AD takes forever (sometimes)!
var URFromCache = ApplicationCache.CacheManagerGet <UserAuthToken>(CacheKey);
if (URFromCache != null)
{
// If it's in the cache but is expired, then we go through the entire
// AD auth process again. Otherwise lets work with this token.
if (URFromCache.ExpiresUTC > DateTime.UtcNow)
{
EXSLogger.Log("RTS.Service.Business.AuthService: Credentials found in my cache and were not expired.", LOG_TITLE, LogSeverity.Verbose, AI);
// If they passed us a TimeSpan of Zero, then they're just checking the Auth.
// Otherwise they're logging someone in so we need to apply their TimeSpan.
if (ttl != TimeSpan.Zero)
{
URFromCache.ExpiresUTC = DateTime.UtcNow.Add(ttl);
URFromCache.GenerateAuthTokenKey();
}
return(URFromCache);
}
// Clear item out of the cache - we're doing to go through the whole
// AD process again.
//ApplicationCache.CacheManagerSet(CacheKey, null, TimeSpan.Zero);
ApplicationCache.CacheManagerRemove(CacheKey);
EXSLogger.Log("RTS.Service.Business.AuthService: Credentials found in my cache, but were expired so we will check Active Directory again.", LOG_TITLE, LogSeverity.Verbose, AI);
}
// Else we have to go through this whole process.
var ConString = ConnectionManager.GetRegEntConnectionString();
bool adPassed = false;
string joinedName = null;
var adSetting = new ADSetting();
string[] username = userName.Split('\\');
if (username.Length > 1)
{
switch (username[0].ToLower())
{
case "expoexchange":
adSetting.ADServer = "expoexchange.com";
break;
case "exporeg":
adSetting.ADServer = "reg.expoexchange.com";
break;
case "conferon-inc":
adSetting.ADServer = "conferon.local";
break;
default:
adSetting.ADServer = "reg.expoexchange.com";
break;
}
adSetting.ADUser = username[1];
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, adSetting.ADServer))
{
adPassed = ctx.ValidateCredentials(adSetting.ADUser, password);
if (adPassed)
{
joinedName = userName;
}
}
}
else
{
// Try all 3?
adSetting.ADServer = "conferon.local|reg.expoexchange.com|expoexchange.com";
adSetting.ADUser = userName;
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "conferon.local"))
adPassed = ctx.ValidateCredentials(adSetting.ADUser, password);
if (adPassed)
{
joinedName = string.Format("conferon-inc\\{0}", adSetting.ADUser);
}
else
{
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "reg.expoexchange.com"))
adPassed = ctx.ValidateCredentials(adSetting.ADUser, password);
if (adPassed)
{
joinedName = string.Format("exporeg\\{0}", adSetting.ADUser);
}
else
{
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "expoexchange.com"))
adPassed = ctx.ValidateCredentials(adSetting.ADUser, password);
if (adPassed)
{
joinedName = string.Format("expoexchange\\{0}", adSetting.ADUser);
}
}
}
}
adSetting.ADPassword = password;
adSetting.ADPath = "LDAP://";
if (!adPassed)
{
EXSLogger.Log("RTS.Service.Business.AuthService: Active Directory login failed.", LOG_TITLE, LogSeverity.Verbose, AI);
return(null);
}
var Controller = new BusinessPrincipalController(ConString);
// Perform the AD authentication for this username and password.
//var UI = Controller.Login(adSetting);
var UI = Controller.GetUserIdentity(joinedName);
if (UI != null)
{
// AD authentication works. Now let's check to make sure this user has EXS_CRM
// application rights according to the EXS Framework/system.
DataTable ToFill = null;
new SecurityController().LoadApplicationUsers(out ToFill, CRMConfig.ApplicationCode);
if (ToFill.AsEnumerable().OfType <DataRow>().Any(R => R["UserID"] != DBNull.Value && Convert.ToInt32(R["UserID"]) == UI.UserID))
{
var TR = new UserAuthToken()
{
//UserName = adSetting.ADUser,
UserName = UI.UserName,
Password = adSetting.ADPassword,
ExpiresUTC = (ttl == TimeSpan.Zero) ? DateTime.MaxValue : DateTime.UtcNow.Add(ttl)
};
CacheKey = "RTS.Service.Business.AuthController.LoginUsingAD:UserAuthToken:" + UI.UserName + ":" + password;
TR.GenerateAuthTokenKey();
// Throw it in the cache.
ApplicationCache.CacheManagerSet(CacheKey, TR, TimeSpan.FromMinutes(60));
EXSLogger.Log("RTS.Service.Business.AuthService: Active Directory login succeeded.", LOG_TITLE, LogSeverity.Verbose, AI);
return(TR);
}
EXSLogger.Log("RTS.Service.Business.AuthService: Active Directory login succeeded, but user is not in the EXS CRM group.", LOG_TITLE, LogSeverity.Verbose, AI);
}
EXSLogger.Log("RTS.Service.Business.AuthService: Active Directory login failed.", LOG_TITLE, LogSeverity.Verbose, AI);
return(null);
}
