public JsonResult RefreshAuthorizationToken(string token, string refreshToken, string authHash) { //Create the response model MobileAppValidationModel response = new MobileAppValidationModel() { Success = false, Message = "" }; /*---------------------------------Token Validation Begin-----------------------------------*/ #region Validate the Token //Get the current token from the database UnitOfWork work = new UnitOfWork(); external_token currentToken = work.SystemRepository.GetAuthorizationToken(token); //Invalid token if (currentToken == null || currentToken.refresh_token != refreshToken) { response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid); return(Json(response, JsonRequestBehavior.AllowGet)); } //Build the string to be hashed string salt = currentToken.refresh_token; string paramString = "token=" + token + "&refreshToken=" + refreshToken; string stringToHash = salt + "?" + paramString; //Invalid hash if (!ValidateHash(stringToHash, authHash)) { response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureHash); return(Json(response)); } #endregion /*----------------------------------Token Validation End------------------------------------*/ //Refresh the token currentToken = work.SystemRepository.RefreshAuthorizationToken(token, refreshToken); //Build the response and return if (currentToken != null) { response.Success = true; response.Message = GetTokenValidationResultMessage(TokenValidationResult.Success); response.Token = currentToken.token; response.Refresh = currentToken.refresh_token; return(Json(response)); } else { response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureOther); return(Json(response)); } }
public JsonResult RemoveAuthorizationToken(string refreshToken, string authHash) { //Create the response model MobileAppTokenErrorModel response = new MobileAppTokenErrorModel() { Success = false, Message = "" }; /*---------------------------------Token Validation Begin-----------------------------------*/ #region Validate the Token //Get the currentToken UnitOfWork work = new UnitOfWork(); external_token currentToken = work.SystemRepository.GetAuthorizationTokenByRefresh(refreshToken); //Invalid token if (currentToken == null) { response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid); return(Json(response)); } //Build the string to be hashed string salt = currentToken.refresh_token; string paramString = "refreshToken=" + refreshToken; string stringToHash = salt + "?" + paramString; //Invalid hash if (!ValidateHash(stringToHash, authHash)) { response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureHash); return(Json(response)); } #endregion /*----------------------------------Token Validation End------------------------------------*/ //Remove the token from the database bool removed = work.SystemRepository.RemoveAuthorizationToken(refreshToken); //Populate the model's message if (removed) { response.Message = "Token Removed"; } else { response.Message = "Unknown Error"; } //Return return(Json(response)); }
public bool RemoveAuthorizationToken(string refreshToken) { external_token tokenToRemove = _dbContext.external_token.SingleOrDefault(et => et.refresh_token.Equals(refreshToken)); if (tokenToRemove == null) { return(false); } _dbContext.external_token.Remove(tokenToRemove); Save(); return(true); }
public bool ExpireAuthorizationToken(string token) { external_token tokenToRemove = _dbContext.external_token.SingleOrDefault(et => et.token.Equals(token)); if (tokenToRemove == null) { return(false); } tokenToRemove.expiration_date = DateTime.Now; Save(); return(true); }
public JsonResult ExpireAuthorizationToken(string token, string authHash) { /*---------------------------------Token Validation Begin-----------------------------------*/ #region Validate the Token //Get the current token UnitOfWork work = new UnitOfWork(); external_token currentToken = work.SystemRepository.GetAuthorizationToken(token); //Invalid token if (currentToken == null) { return(Json(new MobileAppTokenErrorModel() { Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid) })); } //Build the string to be hashed string salt = currentToken.refresh_token; string paramString = "token=" + token; string stringToHash = salt + "?" + paramString; //Invalid hash if (!ValidateHash(stringToHash, authHash)) { return(Json(new MobileAppTokenErrorModel() { Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureHash) })); } #endregion /*----------------------------------Token Validation End------------------------------------*/ //Expire the token bool expired = work.SystemRepository.ExpireAuthorizationToken(token); //Build the response MobileAppTokenErrorModel response = new MobileAppTokenErrorModel() { Success = expired, Message = "Unknown Error" }; if (expired) { response.Message = "Token Expired"; } //Return return(Json(response)); }
public external_token RefreshAuthorizationToken(string token, string refreshToken) { external_token tokenToRefresh = _dbContext.external_token.SingleOrDefault(et => et.token.Equals(token) && et.refresh_token.Equals(refreshToken)); if (tokenToRefresh == null) { return(null); } tokenToRefresh.token = Guid.NewGuid().ToString(); tokenToRefresh.refresh_token = Guid.NewGuid().ToString(); tokenToRefresh.created_date = DateTime.Now; tokenToRefresh.expiration_date = DateTime.Now.AddMonths(3); Save(); return(tokenToRefresh); }
//TODO: SET CONSTANT FOR EXPIRE DATE public external_token GenerateAuthorizationToken(string username, string IPAddress) { /*var exisitingToken = _dbContext.external_token.SingleOrDefault(et => et.id == _unitOfWork.UserRepository.GetUser(username).id && et.source.Equals(IPAddress)); * if (exisitingToken != null) * _dbContext.external_token.Remove(exisitingToken);*/ external_token newToken = new external_token() { user_id = _unitOfWork.UserRepository.GetUser(username).id, source = IPAddress, created_date = DateTime.Now, expiration_date = DateTime.Now.AddMonths(3), token = Guid.NewGuid().ToString(), refresh_token = Guid.NewGuid().ToString() }; _dbContext.external_token.Add(newToken); Save(); return(newToken); }
public JsonResult ReportScan(int aID, bool hasCardToGive, string timeScanned, string token, int userID, string authHash) { /*---------------------------------Token Validation Begin-----------------------------------*/ #region Validate the Token //Get the current token UnitOfWork work = new UnitOfWork(); external_token currentToken = work.SystemRepository.GetAuthorizationToken(token); //Invalid token if (currentToken == null) { return(Json(new MobileAppTokenErrorModel() { Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid) })); } //Expired token if (DateTime.Now.CompareTo(currentToken.expiration_date) > 0) { return(Json(new MobileAppTokenErrorModel() { Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureExpired) })); } //Make sure the date passed in is valid DateTime dt = DateTime.Now; if (!DateTime.TryParse(timeScanned, out dt)) { return(Json(new MobileAppScanResultModel() { Success = false, Message = "DateTime was invalid", Code = 11 })); } //Build the string to be hashed string salt = currentToken.refresh_token; String paramString = ""; paramString += "aID=" + aID + "&hasCardToGive=" + hasCardToGive.ToString().ToLower() + "&timeScanned=" + timeScanned + "&token=" + token + "&userID=" + userID; string stringToHash = salt + "?" + paramString; //Invalid hash if (!ValidateHash(stringToHash, authHash)) { return(Json(new MobileAppTokenErrorModel() { Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureExpired) })); } #endregion /*----------------------------------Token Validation End------------------------------------*/ //Default AchievementResult is falilure JPPConstants.AssignAchievementResult assignAchievementResult = JPPConstants.AssignAchievementResult.FailureOther; //Assign the achievement and get the result assignAchievementResult = work.AchievementRepository.AssignAchievement(userID, aID, currentToken.user_id, true, dt, hasCardToGive); //Create the response model MobileAppScanResultModel response = GetAssignResultModel(assignAchievementResult); //Return return(Json(response)); }
public JsonResult GetAchievements(string token, string authHash) { /*---------------------------------Token Validation Begin-----------------------------------*/ #region Validate the Token //Get the current token from the database UnitOfWork work = new UnitOfWork(); external_token currentToken = work.SystemRepository.GetAuthorizationToken(token); //Invalid token if (currentToken == null) { return(Json(new MobileAppTokenErrorModel() { Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid) })); } //Expired token if (DateTime.Now.CompareTo(currentToken.expiration_date) > 0) { return(Json(new MobileAppTokenErrorModel() { Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureExpired) })); } //Build the string to be hashed string salt = currentToken.refresh_token; string paramString = "token=" + token; string stringToHash = salt + "?" + paramString; //Invalid hash if (!ValidateHash(stringToHash, authHash)) { return(Json(new MobileAppTokenErrorModel() { Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureHash) })); } #endregion /*----------------------------------Token Validation End------------------------------------*/ //If the user has full Admin permissions, return all active achievements //If not, return all active achievements they are a caretaker of bool isFullAdmin = Roles.IsUserInRole(currentToken.user.username, JPPConstants.Roles.FullAdmin); List <achievement_template> assignableAchievements = work.AchievementRepository.GetAssignableAchievements(currentToken.user_id, isFullAdmin); //Create the list of achievements to return if (assignableAchievements != null && assignableAchievements.Count >= 0) { List <MobileAppAchievementModel> mobileAppAchievements = new List <MobileAppAchievementModel>(); foreach (achievement_template achievement in assignableAchievements) { MobileAppAchievementModel mobileAchievement = new MobileAppAchievementModel() { AchievementID = achievement.id, Icon = achievement.icon, Title = achievement.title }; mobileAppAchievements.Add(mobileAchievement); } return(Json(mobileAppAchievements)); } //The user cannot assign any achievements return(Json(new MobileAppTokenErrorModel() { Success = false, Message = GetLoginResultMessage(LoginValidationResult.FailureNoAchievements) })); }
public JsonResult Login(string username, string password, string devPassword, string authHash) { //Create the response model MobileAppValidationModel response = new MobileAppValidationModel() { Success = false, Message = "" }; /*---------------------------------Hash Validation Begin-----------------------------------*/ #region Hash Validation //Build the string that will be hashed string salt = Request.Url.GetLeftPart(UriPartial.Authority).ToString() + username; string paramString = bool.Parse((JPPConstants.SiteSettings.GetValue(JPPConstants.SiteSettings.DevPasswordEnabled))) ? "devPassword="******"&": ""; paramString += "password="******"&username="******"?" + paramString; //Invalid hash if (!ValidateHash(stringToHash, authHash)) { response.Message = GetLoginResultMessage(LoginValidationResult.FailureHash); return(Json(response)); } #endregion /*----------------------------------Hash Validation End------------------------------------*/ //Attempt to validate the user if (Membership.ValidateUser(username, password)) { //Check the user's roles to see if they have permission to assign achievments if (!Roles.IsUserInRole(username, JPPConstants.Roles.AssignIndividualAchievements) && !Roles.IsUserInRole(username, JPPConstants.Roles.FullAdmin)) { response.Message = GetLoginResultMessage(LoginValidationResult.FailurePermissions); return(Json(response)); } //Create a new token for the user UnitOfWork work = new UnitOfWork(); external_token token = work.SystemRepository.GenerateAuthorizationToken(username, Request.UserHostAddress); //Make sure the token exists if (token == null) { response.Success = false; response.Message = GetLoginResultMessage(LoginValidationResult.FailureOther); } else { response.Success = true; response.Message = GetLoginResultMessage(LoginValidationResult.Success); response.Token = token.token; response.Refresh = token.refresh_token; } //Return Success if token exists or FailureOther if token was null return(Json(response)); } //Invalid username/password response.Message = GetLoginResultMessage(LoginValidationResult.FailureInvalid); return(Json(response)); }
//TODO: SET CONSTANT FOR EXPIRE DATE public external_token GenerateAuthorizationToken(string username, string IPAddress) { /*var exisitingToken = _dbContext.external_token.SingleOrDefault(et => et.id == _unitOfWork.UserRepository.GetUser(username).id && et.source.Equals(IPAddress)); if (exisitingToken != null) _dbContext.external_token.Remove(exisitingToken);*/ external_token newToken = new external_token() { user_id = _unitOfWork.UserRepository.GetUser(username).id, source = IPAddress, created_date = DateTime.Now, expiration_date = DateTime.Now.AddMonths(3), token = Guid.NewGuid().ToString(), refresh_token = Guid.NewGuid().ToString() }; _dbContext.external_token.Add(newToken); Save(); return newToken; }