Beispiel #1
0
        protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken)
        {
            Guid SessionToken = GetSessionToken(Request);

            if (!SessionToken.Equals(Guid.Empty))
            {
                UserDataStore Users     = new UserDataStore();
                IUser         FoundUser = (await Users.Get("SessionToken", SessionToken)).FirstOrDefault();
                if (null != FoundUser)
                {
                    if (DateTime.UtcNow < FoundUser.SessionExpires)
                    {
                        Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(FoundUser), null);
                        Request.GetRequestContext().Principal = Thread.CurrentPrincipal;
                    }
                    else
                    {
                        // We previously sent expired tokens back with a 401.
                        // This was causing errors with password retreval.
                        // So, just don't validate an expired token and let
                        // the Authorize attributes handle the 401
                        return(await base.SendAsync(Request, CancelToken));
                    }
                }

                HttpResponseMessage Response = await base.SendAsync(Request, CancelToken);

                await Users.UpdateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity);

                return(Response);
            }

            return(await base.SendAsync(Request, CancelToken));
        }
        protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken)
        {
            if (null != Request.Headers.Authorization)
            {
                if (Request.Headers.Authorization.Scheme.ToUpper() == "FORCE")
                {
                    Guid Token;
                    if (!Guid.TryParse(Request.Headers.Authorization.Parameter, out Token))
                    {
                        return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
                    }

                    AuthTokenDataStore Tokens = new AuthTokenDataStore();
                    await Tokens.Delete(0);

                    IAuthToken ValidToken = (await Tokens.Get("Token", Token)).FirstOrDefault();

                    if (null == ValidToken)
                    {
                        return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
                    }

                    UserDataStore Users = new UserDataStore();
                    IUser         User  = await Users.Get(ValidToken.UserId);

                    if (null == User)
                    {
                        return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
                    }

                    Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(User), null);
                    Request.GetRequestContext().Principal = Thread.CurrentPrincipal;

                    await Tokens.Update(ValidToken.UpdateExpires(DateTime.UtcNow.AddMinutes(-1)));

                    // Complete the request. We'll set the login cookie on the way out
                    HttpResponseMessage Response = await base.SendAsync(Request, CancelToken);

                    CookieHeaderValue SessionCookie = new CookieHeaderValue("SessionToken", (await Users.CreateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity)).SessionToken.ToString());
#if DEBUG == false
                    SessionCookie.Secure = true;
#endif
                    SessionCookie.HttpOnly = true;
                    Response.Headers.AddCookies(new CookieHeaderValue[] { SessionCookie });

                    return(Response);
                }
            }

            return(await base.SendAsync(Request, CancelToken));
        }
        protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken)
        {
            if (null != Request.Headers.Authorization)
            {
                // IF we have a "Basic" Authorization header, we need to login
                // ELSE we need to let the SessionToken cookie have a wack at it, so we do nothing
                if (Request.Headers.Authorization.Scheme.ToUpper() == "BASIC")
                {
                    string authData = Encoding.UTF8.GetString(Convert.FromBase64String(Request.Headers.Authorization.Parameter));

                    // Do Basic Auth
                    UserDataStore Users     = new UserDataStore();
                    IUser         FoundUser = (await Users.Get("EmailAddress", authData.Substring(0, authData.IndexOf(':')))).FirstOrDefault();

                    // EmailAddress is a unique key, so we can only find one
                    if (null != FoundUser)
                    {
                        ScryptEncoder scryptEncoder = new ScryptEncoder();

                        // IF Basic Auth Succeeds
                        if (scryptEncoder.Compare(Encoding.UTF8.GetString(Convert.FromBase64String(Request.Headers.Authorization.Parameter)), FoundUser.PasswordHash))
                        {
                            // Set Principle
                            Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(FoundUser), null);
                            Request.GetRequestContext().Principal = Thread.CurrentPrincipal;
                        }
                        // ELSE Basic Auth Fails
                        else
                        {
                            // return 401
                            return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
                        }
                    }

                    // Complete the request. We'll set the login cookie on the way out
                    HttpResponseMessage Response = await base.SendAsync(Request, CancelToken);

                    CookieHeaderValue SessionCookie = new CookieHeaderValue("SessionToken", (await Users.CreateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity)).SessionToken.ToString());
#if DEBUG == false
                    SessionCookie.Secure = true;
#endif
                    SessionCookie.HttpOnly = true;
                    Response.Headers.AddCookies(new CookieHeaderValue[] { SessionCookie });

                    return(Response);
                }
            }

            return(await base.SendAsync(Request, CancelToken));
        }
        public void Create(NewRequestFormDto requestFormDto)
        {
            // todo wrap to transaction
            var category = CategoryDataStore.Get(requestFormDto.CategoryId);

            var newRequest = new Request
            {
                Category     = category,
                Comment      = requestFormDto.Comment,
                Author       = UserDataStore.Get(requestFormDto.AuthorId),
                ConsumerName = requestFormDto.CustemerFio,
                Date         = DateTime.UtcNow,
                Phone        = requestFormDto.PhoneNumber,
                State        = EState.Registered
            };

            RequestDataStore.Save(newRequest);
        }