Beispiel #1
0
 /// <summary>
 /// Drops the given long term login entry.
 /// </summary>
 /// <returns>An awaitable task.</returns>
 /// <param name="record">Record.</param>
 public virtual Task DropLongTermLoginAsync(LongTermToken record)
 {
     return(ExecuteCommandAsync(
                m_dropLongTermLoginCommand,
                record.UserID,
                record.Series,
                record.Token
                ));
 }
 /// <summary>
 /// Drops the given long term login entry.
 /// </summary>
 /// <returns>An awaitable task.</returns>
 /// <param name="record">The record indentifying the login to drop.</param>
 public virtual Task DropLongTermLoginAsync(LongTermToken record)
 {
     return(m_lock.LockedAsync(() =>
                               m_connection.Delete <LongTermToken>(x =>
                                                                   x.UserID == record.UserID &&
                                                                   x.Series == record.Series &&
                                                                   x.Token == record.Token
                                                                   )));
 }
Beispiel #3
0
 /// <summary>
 /// Adds a long term login entry
 /// </summary>
 /// <returns>An awaitable task.</returns>
 /// <param name="record">The record to add.</param>
 public virtual Task AddOrUpdateLongTermLoginAsync(LongTermToken record)
 {
     return(ExecuteCommandAsync(
                m_addLongTermLoginCommand,
                record.Series,
                record.UserID,
                record.Series,
                record.Token,
                record.Expires
                ));
 }
 /// <summary>
 /// Adds a long term login entry
 /// </summary>
 /// <returns>An awaitable task.</returns>
 /// <param name="record">The record to add.</param>
 public virtual Task AddOrUpdateLongTermLoginAsync(LongTermToken record)
 {
     return(m_lock.LockedAsync(() => {
         using (var con = new TransactionConnection(m_connection, m_connection.BeginTransaction()))
         {
             con.Delete <LongTermToken>(x => x.Series == record.Series);
             con.InsertItem(record);
             con.Commit();
         }
     }));
 }
Beispiel #5
0
 /// <summary>
 /// Gets a value indicating if the session is valid
 /// </summary>
 /// <returns><c>true</c>, if the session is valid, <c>false</c> otherwise.</returns>
 /// <param name="token">The token to validate.</param>
 public static bool IsNullOrExpired(this LongTermToken token)
 {
     return(token == null || token.Expires < DateTime.Now);
 }
Beispiel #6
0
        /// <summary>
        /// Performs all steps required to do a login
        /// </summary>
        /// <returns>An awaitable task.</returns>
        /// <param name="context">The http context.</param>
        /// <param name="userid">The user ID.</param>
        /// <param name="series">The long-term series</param>
        /// <param name="withlongterm">A value indicating if a long-term session should be created</param>
        protected virtual async Task PerformLoginAsync(IHttpContext context, string userid, string series, bool withlongterm)
        {
            var session = new SessionRecord();

            // Re-use the XSRF if possible
            if (UseXSRFTokens)
            {
                var xsrf = context.Request.Headers[XSRFHeaderName];
                if (!string.IsNullOrWhiteSpace(xsrf))
                {
                    var prev = await ShortTermStorage.GetSessionFromXSRFAsync(xsrf);

                    if (!Utility.IsNullOrExpired(prev) && prev.UserID == userid && !string.IsNullOrWhiteSpace(userid))
                    {
                        session = prev;
                    }
                }
            }

            session.UserID  = userid;
            session.Expires = DateTime.Now.AddSeconds(ShortTermExpirationSeconds);

            // If the connection is using SSL, require SSL for the cookie
            var usingssl = context.Request.SslProtocol != System.Security.Authentication.SslProtocols.None;

            if (UseXSRFTokens)
            {
                session.XSRFToken = session.XSRFToken ?? PRNG.GetRandomString(32);
                context.Response.AddCookie(XSRFCookieName, session.XSRFToken, expires: session.Expires, httponly: false, path: CookiePath, secure: usingssl);
            }

            if (UseLongTermCookieStorage && LongTermStorage != null && (!string.IsNullOrWhiteSpace(series) || withlongterm))
            {
                var cookie = new LongTermCookie();
                if (!string.IsNullOrWhiteSpace(series))
                {
                    cookie.Series = series;
                }

                var st = new LongTermToken()
                {
                    UserID  = userid,
                    Expires = DateTime.Now.AddSeconds(LongTermDurationSeconds),
                    Series  = cookie.Series,
                    Token   = PBKDF2.CreatePBKDF2(cookie.Token)
                };

                await LongTermStorage.AddOrUpdateLongTermLoginAsync(st);

                context.Response.AddCookie(AuthCookieName, cookie.ToString(), expires: st.Expires, httponly: true, path: CookiePath, secure: usingssl);
            }

            session.Cookie = PRNG.GetRandomString(32);
            context.Response.AddCookie(AuthSessionCookieName, session.Cookie, expires: session.Expires, httponly: true, path: CookiePath, secure: usingssl);

            await ShortTermStorage.AddSessionAsync(session);

            SetLoginSuccess(context);

            context.Request.UserID = userid;
        }
Beispiel #7
0
        /// <summary>
        /// Performs all steps required to do a login
        /// </summary>
        /// <returns>An awaitable task.</returns>
        /// <param name="context">The http context.</param>
        /// <param name="userid">The user ID.</param>
        /// <param name="series">The long-term series</param>
        /// <param name="withlongterm">A value indicating if a long-term session should be created</param>
        protected virtual async Task PerformLoginAsync(IHttpContext context, string userid, string series, bool withlongterm)
        {
            var session = new SessionRecord();

            // Re-use the XSRF if possible
            if (UseXSRFTokens)
            {
                var xsrf = context.Request.Headers[XSRFHeaderName];
                if (!string.IsNullOrWhiteSpace(xsrf))
                {
                    var prev = await ShortTermStorage.GetSessionFromXSRFAsync(xsrf);

                    if (prev != null)
                    {
                        // Remove the previous entry to avoid conflicts
                        await ShortTermStorage.DropSessionAsync(prev);

                        // Re-use the XSRF token
                        session.XSRFToken = prev.XSRFToken;
                    }
                }
            }

            session.UserID  = userid;
            session.Expires = DateTime.Now.AddSeconds(ShortTermExpirationSeconds);

            // If the connection is using SSL, require SSL for the cookie
            var usingssl = context.Request.SslProtocol != System.Security.Authentication.SslProtocols.None;

            if (UseXSRFTokens)
            {
                session.XSRFToken = session.XSRFToken ?? PRNG.GetRandomString(32);
                context.Response.AddCookie(XSRFCookieName, session.XSRFToken, expires: session.Expires, httponly: false, path: CookiePath, secure: usingssl);
            }

            if (UseLongTermCookieStorage && LongTermStorage != null && (!string.IsNullOrWhiteSpace(series) || withlongterm))
            {
                var cookie = new LongTermCookie();
                if (!string.IsNullOrWhiteSpace(series))
                {
                    cookie.Series = series;
                }

                var st = new LongTermToken()
                {
                    UserID  = userid,
                    Expires = DateTime.Now.AddSeconds(LongTermDurationSeconds),
                    Series  = cookie.Series,
                    Token   = PBKDF2.CreatePBKDF2(cookie.Token)
                };

                await LongTermStorage.AddOrUpdateLongTermLoginAsync(st);

                context.Response.AddCookie(AuthCookieName, cookie.ToString(), expires: st.Expires, httponly: true, path: CookiePath, secure: usingssl);
            }

            session.Cookie = PRNG.GetRandomString(32);
            context.Response.AddCookie(AuthSessionCookieName, session.Cookie, expires: session.Expires, httponly: true, path: CookiePath, secure: usingssl);

            if (ShortTermStorage == null)
            {
                Console.WriteLine("Missing short term storage module, make sure you load Ceen.Security.Login.DatabaseStorageModule or manually set a storage module");
            }
            await ShortTermStorage.AddSessionAsync(session);

            SetLoginSuccess(context);

            context.Request.UserID = userid;
        }