/// <summary>
/// Returns a nullable int for convenience. It is the consumer's must know that the value
/// it is looking for in the payload can be parsed as an int.
/// </summary>
/// <param name="claim"></param>
/// <returns></returns>
public int?PayloadInt(string claim)
{
var val = TransactionSecurity.ReadTokenPayload(token, claim);
int result;
bool b = int.TryParse(val, out result);
if (b)
{
return(result);
}
return(null);
}
public static LoginResponse Authenticate(Login login)
{
// Ensure that we have what we need
if (login == null || string.IsNullOrEmpty(login.Email) || string.IsNullOrEmpty(login.Password))
{
return(null);
}
USERS loginUser = null;
// Read directly from the database; UserManager does not read password and salt, in order to keep them more private
using (var db = new CSET_Context())
{
loginUser = db.USERS.Where(x => x.PrimaryEmail == login.Email).FirstOrDefault();
if (loginUser == null)
{
return(null);
}
}
// Validate the supplied password against the hashed password and its salt
bool success = PasswordHash.ValidatePassword(login.Password, loginUser.Password, loginUser.Salt);
if (!success)
{
return(null);
}
// Generate a token for this user
string token = TransactionSecurity.GenerateToken(loginUser.UserId, login.TzOffset, -1, null, null, login.Scope);
// Build response object
LoginResponse resp = new LoginResponse
{
Token = token,
UserId = loginUser.UserId,
Email = login.Email,
UserFirstName = loginUser.FirstName,
UserLastName = loginUser.LastName,
IsSuperUser = loginUser.IsSuperUser,
ResetRequired = loginUser.PasswordResetRequired ?? true,
ExportExtension = IOHelper.GetExportFileExtension(login.Scope),
ImportExtensions = IOHelper.GetImportFileExtensions(login.Scope)
};
return(resp);
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization != null)
{
// The token will be either in the Scheme attribute,
// or if the Scheme is "Bearer" the token will be in the Parameter attribute.
string tokenString = actionContext.Request.Headers.Authorization.Scheme;
if (tokenString.Equals("Bearer", System.StringComparison.InvariantCultureIgnoreCase))
{
tokenString = actionContext.Request.Headers.Authorization.Parameter;
}
if (!TransactionSecurity.IsTokenValid(tokenString))
{
base.HandleUnauthorizedRequest(actionContext);
}
}
else
{
base.HandleUnauthorizedRequest(actionContext);
}
}
private void Init(String tokenString)
{
// If no token was provided, do nothing.
if (string.IsNullOrEmpty(tokenString))
{
return;
}
if (tokenString.StartsWith(bearerToken, StringComparison.InvariantCultureIgnoreCase))
{
tokenString = tokenString.Substring(bearerToken.Length);
}
if (!TransactionSecurity.IsTokenValid(tokenString))
{
throw new Exception("JWT invalid");
}
// Convert to token
var handler = new JwtSecurityTokenHandler();
token = handler.ReadJwtToken(tokenString);
}
/// <summary>
/// This just wraps the static method of the same name in TransactionSecurity.
/// To see a list of claims we build into the token, see TransactionSecurity.GenerateToken()
/// </summary>
/// <returns></returns>
public string Payload(string claim)
{
return(TransactionSecurity.ReadTokenPayload(token, claim));
}
/// <summary>
/// Emulates credential authentication without requiring credentials.
/// The Windows file system is consulted to see if a certain file was placed there
/// during the stand-alone install process.
/// </summary>
/// <param name="login"></param>
/// <returns></returns>
public static LoginResponse AuthenticateStandalone(Login login)
{
int userIdSO = 100;
string primaryEmailSO = "";
// Read the file system for the LOCAL-INSTALLATION file put there at install time
if (!IsLocalInstallation(login.Scope))
{
return(null);
}
String name = WindowsIdentity.GetCurrent().Name;
name = string.IsNullOrWhiteSpace(name) ? "Local" : name;
primaryEmailSO = name;
using (var db = new CSET_Context())
{
//check for legacy default email for local installation and set to new standard
var userOrg = db.USERS.Where(x => x.PrimaryEmail == primaryEmailSO + "@myorg.org").FirstOrDefault();
if (userOrg != null)
{
string tmp = userOrg.PrimaryEmail.Split('@')[0];
userOrg.PrimaryEmail = tmp;
if (db.USERS.Where(x => x.PrimaryEmail == tmp).FirstOrDefault() == null)
{
db.SaveChanges();
}
primaryEmailSO = userOrg.PrimaryEmail;
}
var user = db.USERS.Where(x => x.PrimaryEmail == primaryEmailSO).FirstOrDefault();
if (user == null)
{
UserManager um = new UserManager();
UserDetail ud = new UserDetail()
{
Email = primaryEmailSO,
FirstName = name,
LastName = ""
};
UserCreateResponse userCreateResponse = um.CreateUser(ud);
db.SaveChanges();
//update the userid 1 to the new user
var tempu = db.USERS.Where(x => x.PrimaryEmail == primaryEmailSO).FirstOrDefault();
if (tempu != null)
{
userIdSO = tempu.UserId;
}
determineIfUpgradedNeededAndDoSo(userIdSO);
}
else
{
userIdSO = user.UserId;
}
}
if (string.IsNullOrEmpty(primaryEmailSO))
{
return(null);
}
// Generate a token for this user
string token = TransactionSecurity.GenerateToken(userIdSO, login.TzOffset, -1, null, null, login.Scope);
// Build response object
LoginResponse resp = new LoginResponse
{
Token = token,
Email = primaryEmailSO,
UserFirstName = name,
UserLastName = "",
IsSuperUser = false,
ResetRequired = false,
ExportExtension = IOHelper.GetExportFileExtension(login.Scope),
ImportExtensions = IOHelper.GetImportFileExtensions(login.Scope)
};
return(resp);
}