public SmtActionResult TenantLogin(string user, string pass)
{
if (string.IsNullOrEmpty(user) || string.IsNullOrEmpty(pass))
{
return(CreateObjectResult("user/pass cannot empty", System.Net.HttpStatusCode.BadRequest));
}
var tenantEntity = _context.SmtTenant.FirstOrDefault(p => p.Email == user);
if (tenantEntity == null)
{
return(CreateObjectResult(null, System.Net.HttpStatusCode.NotFound));
}
if (tenantEntity.IsLocked == true)
{
return(CreateObjectResult("User is locked", System.Net.HttpStatusCode.BadRequest));
}
var result = Crypto.PasswordHash.VerifyHashedPassword(tenantEntity.PasswordHash, pass);
if (result == false)
{
return(CreateObjectResult("wrong password", System.Net.HttpStatusCode.BadRequest));
}
var token = new TokenManager.LoginToken()
{
TenantName = tenantEntity.TenantName, TenantID = tenantEntity.ID
};
token.Claims.Add("*", new List <string>());
return(CreateObjectResult(TokenManager.LoginToken.CreateTokenString(token)));
}
private bool CheckActionPermission(string controllerName, string actionName, TokenManager.LoginToken token)
{
if (token.Claims.ContainsKey("*") == true)
{
return(true);
}
if (ControllerAction.Smt.ControllerName == controllerName)
{
if (SmtControllerActionPermissions.Contains(actionName) == true)
{
return(true);
}
}
List <string> actions;
if (token.Claims.TryGetValue(controllerName, out actions) == true)
{
if (actions.Contains(actionName) == true || actions.Contains("*") == true)
{
return(true);
}
}
return(false);
}
private TokenManager.LoginToken CheckLogin(
string tokenText, HttpContext context,
string controllerName, string actionName, out SmtActionResult result)
{
result = null;
TokenManager.LoginToken token = null;
token = TokenManager.LoginToken.VerifyTokenString(tokenText);
if (token == null)
{
result = new SmtActionResult
{
StatusCode = System.Net.HttpStatusCode.Unauthorized,
ResultValue = "VerifyTokenString"
};
}
else if (CheckTokenValid(token, context) == false)
{
result = new SmtActionResult
{
StatusCode = System.Net.HttpStatusCode.Unauthorized,
ResultValue = "CheckTokenValid"
};
}
else if (CheckActionPermission(controllerName, actionName, token) == false)
{
result = new SmtActionResult
{
StatusCode = System.Net.HttpStatusCode.Unauthorized,
ResultValue = "CheckActionPermission"
};
}
return(token);
}
public virtual void Init(TokenManager.LoginToken token, IApplicationBuilder app, HttpContext context, string requestType)
{
TokenModel = token;
App = app;
Context = context;
RequestObjectType = requestType;
Logger = context.RequestServices.GetRequiredService <ILoggerFactory>().CreateLogger(GetControllerName());
}
private SmtActionResult RequestExecutor(
string controller, string action, Dictionary <string, object> parameter,
HttpContext context, string requestType)
{
SmtActionResult result = null;
var request = context.Request;
try
{
if (ControllerAction.Smt.ControllerName == controller &&
SmtControllerAnonymousActions.Contains(action) == true)
{
result = ControllerInvoker(controller, action, parameter, requestType, context, null);
}
else if (SmtSettings.Instance.AllowAnonymousActions.Contains(string.Format("{0}.{1}", controller, action)))
{
result = ControllerInvoker(controller, action, parameter, requestType, context, null);
}
else
{
var tokenText = request.Headers["token"][0];
TokenManager.LoginToken token = CheckLogin(tokenText, context, controller, action, out SmtActionResult checkLoginResult);
if (checkLoginResult != null)// check login failed.
{
result = checkLoginResult;
}
else
{
result = ControllerInvoker(controller, action, parameter, requestType, context, token);
}
}
}
catch (System.Security.Cryptography.CryptographicException ex)
{
_logger.LogError(ex.ToString());
result = new SmtActionResult
{
StatusCode = System.Net.HttpStatusCode.Unauthorized,
ResultValue = ex.Message
};
}
catch (Exception ex)
{
_logger.LogError(ex.ToString());
result = new SmtActionResult
{
StatusCode = System.Net.HttpStatusCode.BadRequest,
ResultType = SmtActionResult.ActionResultType.Object,
ResultValue = ex.Message
};
}
return(result);
}
private bool CheckTokenValid(TokenManager.LoginToken token, HttpContext context)
{
var dbContext = (ContextType)context.RequestServices.GetService(typeof(ContextType));
if (token.IsTenant)
{
if (dbContext.SmtTenant.Any(p => p.ID == token.TenantID && p.TokenValidTime <= token.CreateTime) == false)
{
return(false);
}
}
else
{
if (dbContext.SmtUser.Any(p => p.ID == token.UserID && p.TokenValidTime <= token.CreateTime) == false)
{
return(false);
}
}
return(true);
}
public override void Init(TokenManager.LoginToken token, IApplicationBuilder app, HttpContext context, string requestType)
{
base.Init(token, app, context, requestType);
_context = (ContextType)Context.RequestServices.GetService(typeof(ContextType));
}
public SmtActionResult UserLogin(string tenant, string user, string pass)
{
if (string.IsNullOrEmpty(tenant) || string.IsNullOrEmpty(user) || string.IsNullOrEmpty(pass))
{
return(CreateObjectResult("user/tenantName/pass cannot empty", System.Net.HttpStatusCode.BadRequest));
}
var tenantEntity = _context.SmtTenant.FirstOrDefault(p => p.TenantName == tenant);
if (tenantEntity == null)
{
return(CreateObjectResult("Tenant not found", System.Net.HttpStatusCode.NotFound));
}
if (tenantEntity.IsLocked == true)
{
return(CreateObjectResult("User is locked", System.Net.HttpStatusCode.BadRequest));
}
var userEntity = _context.SmtUser.FirstOrDefault(p => p.Email == user && p.TenantID == tenantEntity.ID);
if (userEntity == null)
{
return(CreateObjectResult("user not found", System.Net.HttpStatusCode.NotFound));
}
if (userEntity.IsLocked == true)
{
return(CreateObjectResult("User is locked", System.Net.HttpStatusCode.BadRequest));
}
var result = Crypto.PasswordHash.VerifyHashedPassword(userEntity.PasswordHash, pass);
if (result == false)
{
return(CreateObjectResult("wrong pass", System.Net.HttpStatusCode.BadRequest));
}
var token = new TokenManager.LoginToken()
{
UserName = userEntity.UserName, TenantName = tenantEntity.TenantName, TenantID = userEntity.TenantID, UserID = userEntity.ID
};
foreach (var uc in _context.SmtUserClaim.Where(p => p.UserID == userEntity.ID))
{
var temp = uc.Claim.Split('.');
if (temp.Length != 2)
{
continue;
}
var controllerName = temp[0];
var actionName = temp[1];
List <string> actions;
if (token.Claims.TryGetValue(controllerName, out actions) == false)
{
actions = new List <string>();
token.Claims.Add(controllerName, actions);
}
actions.Add(actionName);
}
return(CreateObjectResult(TokenManager.LoginToken.CreateTokenString(token)));
}
public async System.Threading.Tasks.Task <SmtActionResult> TenantLoginWithIdTokenAsync(Dictionary <string, object> parameter)
{
var idToken = parameter["idtoken"].ToString();
var provider = parameter["provider"].ToString();
if (string.IsNullOrEmpty(idToken) || string.IsNullOrEmpty(provider))
{
return(CreateObjectResult("idToken/provider cannot empty", System.Net.HttpStatusCode.BadRequest));
}
string user = "";
switch (provider)
{
case "google":
{
var validPayload = await GoogleJsonWebSignature.ValidateAsync(idToken);
if (SmtSettings.Instance.GoogleClientIDs.Contains(validPayload.Audience.ToString()) == false)
{
return(CreateObjectResult("invalid token", System.Net.HttpStatusCode.BadRequest));
}
user = validPayload.Email;
}
break;
case "facebook":
{
using (var algorithm = new HMACSHA256(Encoding.ASCII.GetBytes(SmtSettings.Instance.FacebookAppSecret)))
{
var hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(idToken));
var builder = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
builder.Append(hash[i].ToString("x2", CultureInfo.InvariantCulture));
}
var appsecret_proof = builder.ToString();
using (HttpClient client = new HttpClient())
{
var response = await client.GetAsync(SmtSettings.Instance.FacebookUserInfoEndPoint + "?fields=email&access_token=" + idToken + "&appsecret_proof=" + appsecret_proof);
if (response.IsSuccessStatusCode == true)
{
user = Newtonsoft.Json.JsonConvert.DeserializeObject <Dictionary <string, string> >(await response.Content.ReadAsStringAsync())["email"];
}
}
}
}
break;
}
var tenantEntity = _context.SmtTenant.FirstOrDefault(p => p.Email == user);
if (tenantEntity == null)
{
tenantEntity = new TenantEntityType()
{
Email = user,
PasswordHash = string.Empty,
CreateDate = DateTime.UtcNow,
TenantName = user,
TokenValidTime = DateTime.UtcNow.Ticks
};
_context.SmtTenant.Add(tenantEntity);
_context.SaveChanges();
}
if (tenantEntity.IsLocked == true)
{
return(CreateObjectResult("User is locked", System.Net.HttpStatusCode.BadRequest));
}
var token = new TokenManager.LoginToken()
{
TenantName = tenantEntity.TenantName, TenantID = tenantEntity.ID
};
token.Claims.Add("*", new List <string>());
return(CreateObjectResult(TokenManager.LoginToken.CreateTokenString(token)));
}
private SmtActionResult ControllerInvoker(
string controllerName, string actionName, Dictionary <string, object> parameter, string requestType, HttpContext context, TokenManager.LoginToken token)
{
var controllerType = Type.GetType(
string.Format(_controllerNamespacePattern, controllerName), true, true);
var controller = Activator.CreateInstance(controllerType) as SmtAbstractController;
controller.Init(token, _app, context, requestType);
return(controller.ActionInvoker(actionName, parameter));
}
