private static UserValidationResult GetUserViaSessionToken(bool requirePin)
{
var sessionToken = HttpContext.Current.Request.Headers["SessionToken"];
if (string.IsNullOrEmpty(sessionToken))
{
//DbUtil.LogActivity("GetUserViaSession==null");
return(null);
}
var result = ApiSessionModel.DetermineApiSessionStatus(Guid.Parse(sessionToken), requirePin, HttpContext.Current.Request.Headers["PIN"].ToInt2());
//DbUtil.LogActivity("GetUserViaSession==" + result.Status.ToString());
switch (result.Status)
{
case ApiSessionStatus.SessionTokenNotFound:
return(UserValidationResult.Invalid(UserValidationStatus.SessionTokenNotFound));
case ApiSessionStatus.SessionTokenExpired:
return(UserValidationResult.Invalid(UserValidationStatus.SessionTokenExpired, user: result.User));
case ApiSessionStatus.PinExpired:
return(UserValidationResult.Invalid(UserValidationStatus.PinExpired, user: result.User));
case ApiSessionStatus.PinInvalid:
return(UserValidationResult.Invalid(UserValidationStatus.PinInvalid));
}
return(ValidateUserBeforeLogin(result.User.Username, HttpContext.Current.Request.Url.OriginalString, result.User, userExists: true));
}
public static UserValidationResult ResetSessionExpiration(string sessionToken)
{
if (string.IsNullOrEmpty(sessionToken))
{
return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null));
}
//throw new ArgumentNullException("sessionToken");
var userStatus = AuthenticateMobile(requirePin: true);
if (userStatus.Status == UserValidationStatus.Success ||
userStatus.Status == UserValidationStatus.PinExpired ||
userStatus.Status == UserValidationStatus.SessionTokenExpired)
{
var result = ApiSessionModel.ResetSessionExpiration(userStatus.User, HttpContext.Current.Request.Headers["PIN"].ToInt2());
if (!result)
{
return(UserValidationResult.Invalid(UserValidationStatus.PinInvalid));
}
userStatus.Status = UserValidationStatus.Success;
}
return(userStatus);
}
/// <summary>
/// When user is not authenticated look for magic key in the header and log user in.
/// </summary>
/// <param name="filterContext"></param>
public void OnAuthorization(AuthorizationFilterContext filterContext)
{
// See if the AllowAnonymous attribute has been used for the action and skip over.
if (IsAllowAnonymous(filterContext.Filters) == false)
{
IdentityService identityService = BLL.Startup.IdentityService;
// see if the user is already authenticated.
if (filterContext.HttpContext.User.Identity.IsAuthenticated == true)
{
if (identityService.IsInRoles(filterContext.HttpContext.User, this.Roles) == false)
{
// The already logged in user is not allowed to access this page.
filterContext.Result = new StatusCodeResult(StatusCodes.Status403Forbidden);
}
}
else
{
// Check for the header token.
string token = filterContext.HttpContext.Request.Headers[ApiAuthorizationController.HeaderTokenName].ToString();
if (token.IsNullOrEmpty() == false)
{
ApiLoginRepository loginRepo = (ApiLoginRepository)DAL.Startup.ApiLoginRepository;
loginRepo.ClearExpiredLogins(ApiAuthorizationController.TimeoutHours);
ApiSessionModel model = loginRepo.Fetch(token);
if (model != null)
{
Microsoft.AspNetCore.Identity.SignInResult signInResult = (identityService.LoginAsync(new ApiLoginModel()
{
Email = model.Email, Password = model.Password
}, mustBeInRole: "Api")).Result;
if (signInResult.Succeeded == false)
{
filterContext.Result = new StatusCodeResult(StatusCodes.Status403Forbidden);
}
signInResult = null;
}
else
{
filterContext.Result = new StatusCodeResult(StatusCodes.Status403Forbidden);
}
model = null;
loginRepo = null;
}
else
{
filterContext.Result = new StatusCodeResult(StatusCodes.Status403Forbidden);
}
}
identityService = null;
}
}
public override string ResetPassword(string username, string answer)
{
username = Util.GetUserName(username);
if (!EnablePasswordReset)
{
throw new NotSupportedException("Password reset is not enabled.");
}
var db = GetDb();
var user = db.Users.SingleOrDefault(u => u.Username == username);
if (user == null)
{
throw new MembershipPasswordException("The supplied user name is not found.");
}
if (answer == null && RequiresQuestionAndAnswer)
{
UpdateFailureCount(db, user, "passwordAnswer");
throw new ProviderException("Password answer required for password reset.");
}
var newPassword = Membership.GeneratePassword(newPasswordLength, MinRequiredNonAlphanumericCharacters);
var args = new ValidatePasswordEventArgs(username, newPassword, true);
OnValidatingPassword(args);
if (args.Cancel)
{
if (args.FailureInformation != null)
{
throw args.FailureInformation;
}
else
{
throw new MembershipPasswordException("Reset password canceled due to password validation failure.");
}
}
if (user.IsLockedOut)
{
throw new MembershipPasswordException("The supplied user is locked out.");
}
if (RequiresQuestionAndAnswer && !CheckPassword(answer, user.PasswordAnswer))
{
UpdateFailureCount(db, user, "passwordAnswer");
throw new MembershipPasswordException("Incorrect password answer.");
}
user.Password = EncodePassword(newPassword);
user.LastPasswordChangedDate = Util.Now;
ApiSessionModel.DeleteSession(db, user);
db.SubmitChanges();
return(newPassword);
}
public static UserValidationResult AuthenticateMobile(string role = null, bool checkOrgLeadersOnly = false, bool requirePin = false)
{
var userStatus = GetUserViaCredentials() ?? GetUserViaSessionToken(requirePin);
if (userStatus == null)
{
return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null));
}
//throw new Exception("Could not authenticate user, Authorization or SessionToken headers likely missing.");
if (!userStatus.IsValid)
{
return(userStatus);
}
var user = userStatus.User;
var roleProvider = CMSRoleProvider.provider;
if (role == null)
{
role = "Access";
}
if (roleProvider.RoleExists(role))
{
if (!roleProvider.IsUserInRole(user.Username, role))
{
userStatus.Status = UserValidationStatus.UserNotInRole;
return(userStatus);
}
}
UserName2 = user.Username;
SetUserInfo(user.Username, HttpContext.Current.Session, deleteSpecialTags: false);
//DbUtil.LogActivity("iphone auth " + user.Username);
if (checkOrgLeadersOnly && !Util2.OrgLeadersOnlyChecked)
{
DbUtil.LogActivity("iphone leadersonly check " + user.Username);
if (!Util2.OrgLeadersOnly && roleProvider.IsUserInRole(user.Username, "OrgLeadersOnly"))
{
Util2.OrgLeadersOnly = true;
DbUtil.Db.SetOrgLeadersOnly();
DbUtil.LogActivity("SetOrgLeadersOnly");
}
Util2.OrgLeadersOnlyChecked = true;
}
ApiSessionModel.SaveApiSession(userStatus.User, requirePin, HttpContext.Current.Request.Headers["PIN"].ToInt2());
return(userStatus);
}
public async Task <ActionResult> Login([FromBody] ApiLoginModel model)
{
Repository.ClearExpiredLogins(TimeoutHours);
if (ModelState.IsValid == true)
{
Microsoft.AspNetCore.Identity.SignInResult signInResult = await this.IdentityService.LoginAsync(model, mustBeInRole : "Api");
if (signInResult != null)
{
if (signInResult.Succeeded == true)
{
ApiSessionModel apiSessionModel = Repository.FetchByLogin(model);
if (apiSessionModel != null)
{
apiSessionModel.SessionStarted = DateTime.Now;
}
else
{
// store username, password and email for later in in memory repo
apiSessionModel = new ApiSessionModel()
{
Email = model.Email,
Password = model.Password,
Token = Guid.NewGuid().ToString().Replace("-", string.Empty),
SessionStarted = DateTime.Now
};
Repository.Create(apiSessionModel);
}
Repository.Save();
// return magic key
Response.Headers.Add(new KeyValuePair <string, StringValues>(HeaderTokenName, apiSessionModel.Token));
return(Ok());
}
else
{
return(new StatusCodeResult(403)); // forbidden
}
}
else
{
return(new StatusCodeResult(403)); // forbidden
}
}
else
{
return(new StatusCodeResult(403)); // forbidden
}
}
public async Task <ActionResult> Logout()
{
string apiToken = Request.Headers["ApiToken"];
// Delete magic key
ApiSessionModel model = Repository.Fetch(apiToken);
if (model != null)
{
Repository.Delete(model);
Repository.Save();
}
await this.IdentityService.LogoutAsync();
return(Ok());
}
public static UserValidationResult AuthenticateMobile2(CMSDataContext cmsdb, CMSImageDataContext cmsidb, bool checkOrgLeadersOnly = false, bool requirePin = false)
{
var userStatus = GetUserViaCredentials() ?? GetUserViaSessionToken(cmsdb, requirePin);
if (userStatus == null)
{
//DbUtil.LogActivity("userStatus==null");
return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null));
//throw new Exception("Could not authenticate user, Authorization or SessionToken headers likely missing.");
}
if (!userStatus.IsValid)
{
return(userStatus);
}
var user = userStatus.User;
var roleProvider = CMSRoleProvider.provider;
UserName2 = user.Username;
SetUserInfo(cmsdb, cmsidb, user.Username, deleteSpecialTags: false);
if (checkOrgLeadersOnly && !Util2.OrgLeadersOnlyChecked)
{
if (!Util2.OrgLeadersOnly && roleProvider.IsUserInRole(user.Username, "OrgLeadersOnly"))
{
Util2.OrgLeadersOnly = true;
cmsdb.SetOrgLeadersOnly();
CmsData.DbUtil.LogActivity("SetOrgLeadersOnly");
}
Util2.OrgLeadersOnlyChecked = true;
}
CMSMembershipProvider.provider.SetAuthCookie(user.Username, false);
ApiSessionModel.SaveApiSession(cmsdb, userStatus.User, requirePin, HttpContextFactory.Current.Request.Headers["PIN"].ToInt2());
return(userStatus);
}
public static UserValidationResult ResetSessionExpiration(CMSDataContext cmsdb, CMSImageDataContext cmsidb, string sessionToken)
{
if (string.IsNullOrEmpty(sessionToken))
{
return(UserValidationResult.Invalid(UserValidationStatus.ImproperHeaderStructure, "Could not authenticate user, Authorization or SessionToken headers likely missing.", null));
}
var userStatus = AuthenticateMobile(cmsdb, cmsidb, requirePin: true);
if (userStatus.Status == UserValidationStatus.Success ||
userStatus.Status == UserValidationStatus.PinExpired ||
userStatus.Status == UserValidationStatus.SessionTokenExpired)
{
var result = ApiSessionModel.ResetSessionExpiration(cmsdb, userStatus.User, HttpContextFactory.Current.Request.Headers["PIN"].ToInt2());
if (!result)
{
return(UserValidationResult.Invalid(UserValidationStatus.PinInvalid));
}
userStatus.Status = UserValidationStatus.Success;
}
return(userStatus);
}
public override bool ChangePassword(string username, string oldPwd, string newPwd)
{
username = Util.GetUserName(username);
if (!ValidateUser(username, oldPwd))
{
return(false);
}
var args = new ValidatePasswordEventArgs(username, newPwd, true);
OnValidatingPassword(args);
if (args.Cancel)
{
if (args.FailureInformation != null)
{
throw args.FailureInformation;
}
else
{
throw new MembershipPasswordException("Change password canceled due to new password validation failure.");
}
}
if (!AdminOverride)
{
if (newPwd.Length < MinRequiredPasswordLength)
{
throw new ArgumentException("Password must contain at least {0} chars".Fmt(MinRequiredPasswordLength));
}
if (MembershipService.RequireSpecialCharacter)
{
if (newPwd.All(char.IsLetterOrDigit))
{
throw new ArgumentException("Password needs at least 1 non-alphanumeric chars");
}
}
if (MembershipService.RequireOneNumber)
{
if (!newPwd.Any(char.IsDigit))
{
throw new ArgumentException("Password needs at least 1 number");
}
}
if (MembershipService.RequireOneUpper)
{
if (!newPwd.Any(char.IsUpper))
{
throw new ArgumentException("Password needs at least 1 uppercase letter");
}
}
}
var db = GetDb();
var user = db.Users.Single(u => u.Username == username);
user.Password = EncodePassword(newPwd);
user.MustChangePassword = false;
user.LastPasswordChangedDate = Util.Now;
ApiSessionModel.DeleteSession(db, user);
db.SubmitChanges();
return(true);
}
public static void ExpireSessionToken(string sessionToken)
{
ApiSessionModel.ExpireSession(Guid.Parse(sessionToken));
}
public static void ExpireSessionToken(CMSDataContext db, string sessionToken)
{
ApiSessionModel.ExpireSession(db, Guid.Parse(sessionToken));
}
