public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
IAuthTokens tokens = Init(authService, ref session, request);
IRequest httpRequest = authService.Request;
string error = httpRequest.QueryString["error"]
?? httpRequest.QueryString["error_uri"]
?? httpRequest.QueryString["error_description"];
bool hasError = !error.IsNullOrEmpty();
if (hasError)
{
Log.Error($"Yandex error callback. {httpRequest.QueryString}");
return authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", error)));
}
string code = httpRequest.QueryString["code"];
bool isPreAuthCallback = !code.IsNullOrEmpty();
if (!isPreAuthCallback)
{
string preAuthUrl = $"{PreAuthUrl}?response_type=code&client_id={ApplicationId}&redirect_uri={CallbackUrl.UrlEncode()}&display=popup&state={Guid.NewGuid().ToString("N")}";
this.SaveSession(authService, session, SessionExpiry);
return authService.Redirect(PreAuthUrlFilter(this, preAuthUrl));
}
try
{
string payload = $"grant_type=authorization_code&code={code}&client_id={ApplicationId}&client_secret={ApplicationPassword}";
string contents = AccessTokenUrl.PostStringToUrl(payload);
var authInfo = JsonObject.Parse(contents);
//Yandex does not throw exception, but returns error property in JSON response
// http://api.yandex.ru/oauth/doc/dg/reference/obtain-access-token.xml
string accessTokenError = authInfo.Get("error");
if (!accessTokenError.IsNullOrEmpty())
{
Log.Error($"Yandex access_token error callback. {authInfo}");
return authService.Redirect(session.ReferrerUrl.SetParam("f", "AccessTokenFailed"));
}
tokens.AccessTokenSecret = authInfo.Get("access_token");
session.IsAuthenticated = true;
return OnAuthenticated(authService, session, tokens, authInfo.ToDictionary())
?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")));
}
catch (WebException webException)
{
//just in case Yandex will start throwing exceptions
var statusCode = ((HttpWebResponse)webException.Response).StatusCode;
if (statusCode == HttpStatusCode.BadRequest)
{
return authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed")));
}
}
return authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "Unknown")));
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var user = authService.Request.GetUser();
var userName = user.GetUserName();
if (!LoginMatchesSession(session, userName))
{
authService.RemoveSession();
session = authService.GetSession();
}
if (IsAuthorized(user))
{
session.IsAuthenticated = true;
if (session.UserAuthName == null)
{
session.UserAuthName = userName;
}
var aspReq = (HttpRequestBase)authService.Request.OriginalRequest;
var loginUser = aspReq.ServerVariables["LOGON_USER"].ToNullIfEmpty();
var remoteUser = aspReq.ServerVariables["REMOTE_USER"].ToNullIfEmpty();
var identityName = aspReq.LogonUserIdentity != null ? aspReq.LogonUserIdentity.Name : null;
session.DisplayName = loginUser
?? remoteUser
?? identityName;
var tokens = new AuthTokens {
Provider = Name,
UserName = userName,
DisplayName = session.DisplayName,
Items = new Dictionary<string, string> {
{"LOGON_USER", loginUser},
{"REMOTE_USER", remoteUser},
{"LogonUserIdentityName", identityName},
}
};
if (session.Roles == null)
session.Roles = new List<string>();
foreach (var role in AllRoles.Safe())
{
if (user.IsInRole(role))
session.Roles.AddIfNotExists(role);
}
OnAuthenticated(authService, session, tokens, new Dictionary<string, string>());
return new AuthenticateResponse
{
UserName = userName,
SessionId = session.Id,
DisplayName = session.DisplayName,
ReferrerUrl = request.Continue
};
}
throw HttpError.Unauthorized("Windows Auth failed");
}
/// <summary>
/// Remove the Users Session
/// </summary>
/// <param name="service"></param>
/// <param name="request"></param>
/// <returns></returns>
public virtual object Logout(IServiceBase service, Authenticate request)
{
var feature = HostContext.GetPlugin<AuthFeature>();
var session = service.GetSession();
var referrerUrl = (request != null ? request.Continue : null)
?? (feature.HtmlLogoutRedirect != null ? service.Request.ResolveAbsoluteUrl(feature.HtmlLogoutRedirect) : null)
?? session.ReferrerUrl
?? service.Request.GetHeader("Referer")
?? this.CallbackUrl;
session.OnLogout(service);
AuthEvents.OnLogout(service.Request, session, service);
service.RemoveSession();
if (feature != null && feature.DeleteSessionCookiesOnLogout)
{
service.Request.Response.DeleteSessionCookies();
}
if (service.Request.ResponseContentType == MimeTypes.Html && !string.IsNullOrEmpty(referrerUrl))
return service.Redirect(LogoutUrlFilter(this, referrerUrl.SetParam("s", "-1")));
return new AuthenticateResponse();
}
public override string ToString()
{
a = (Authenticate)base.Tag;
Binding myBinding = new Binding("password");
myBinding.Mode = BindingMode.TwoWay;
myBinding.Source = a;
txtpass.SetBinding(TextBox.TextProperty, myBinding);
Binding myBinding2 = new Binding("options");
myBinding2.Mode = BindingMode.TwoWay;
myBinding2.Source = a;
txtopt.SetBinding(TextBox.TextProperty, myBinding2);
Binding myBinding3 = new Binding("maxdigits");
myBinding3.Mode = BindingMode.TwoWay;
myBinding3.Source = a;
txtmax.SetBinding(TextBox.TextProperty, myBinding3);
Binding myBinding4 = new Binding("prompt");
myBinding4.Mode = BindingMode.TwoWay;
myBinding4.Source = a;
txtprompt.SetBinding(TextBox.TextProperty, myBinding4);
Binding descbinding = new Binding("Description");
descbinding.Mode = BindingMode.TwoWay;
descbinding.Source = a;
txtdesc.SetBinding(TextBox.TextProperty, descbinding);
return base.ToString();
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
IAuthTokens tokens = Init(authService, ref session, request);
IRequest httpRequest = authService.Request;
string error = httpRequest.QueryString["error"];
bool hasError = !error.IsNullOrEmpty();
if (hasError)
{
Log.Error($"Odnoklassniki error callback. {httpRequest.QueryString}");
return authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", error)));
}
string code = httpRequest.QueryString["code"];
bool isPreAuthCallback = !code.IsNullOrEmpty();
if (!isPreAuthCallback)
{
string preAuthUrl = $"{PreAuthUrl}?client_id={ApplicationId}&redirect_uri={CallbackUrl.UrlEncode()}&response_type=code&layout=m";
this.SaveSession(authService, session, SessionExpiry);
return authService.Redirect(PreAuthUrlFilter(this, preAuthUrl));
}
try
{
string payload = $"client_id={ApplicationId}&client_secret={SecretKey}&code={code}&redirect_uri={CallbackUrl.UrlEncode()}&grant_type=authorization_code";
string contents = AccessTokenUrlFilter(this, AccessTokenUrl).PostToUrl(payload, "*/*", RequestFilter);
var authInfo = JsonObject.Parse(contents);
//ok.ru does not throw exception, but returns error property in JSON response
string accessTokenError = authInfo.Get("error");
if (!accessTokenError.IsNullOrEmpty())
{
Log.Error($"Odnoklassniki access_token error callback. {authInfo}");
return authService.Redirect(session.ReferrerUrl.SetParam("f", "AccessTokenFailed"));
}
tokens.AccessTokenSecret = authInfo.Get("access_token");
tokens.UserId = authInfo.Get("user_id");
session.IsAuthenticated = true;
return OnAuthenticated(authService, session, tokens, authInfo.ToDictionary())
?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")));
}
catch (WebException webException)
{
//just in case it starts throwing exceptions
HttpStatusCode statusCode = ((HttpWebResponse)webException.Response).StatusCode;
if (statusCode == HttpStatusCode.BadRequest)
{
return authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed")));
}
}
return authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "Unknown")));
}
protected IAuthTokens Init(IServiceBase authService, ref IAuthSession session, Authenticate request)
{
Logger.Debug("SamlAuthProvider::Init:ENTER");
if (this.CallbackUrl.IsNullOrEmpty())
{
this.CallbackUrl = authService.Request.AbsoluteUri;
Logger.Debug("CallbackUrl was null, setting to: {0}".Fmt(this.CallbackUrl));
}
if (session.ReferrerUrl.IsNullOrEmpty() && authService.Request != null && authService.Request.Verb == "POST")
{
session.ReferrerUrl = this.IdpInitiatedRedirect;
}
else {
session.ReferrerUrl = GetReferrerUrl(authService, session, request);
}
Logger.Debug("Session ReferrerUrl Set to: {0}".Fmt(session.ReferrerUrl));
var tokens = session.ProviderOAuthAccess.FirstOrDefault(x => x.Provider == this.Provider);
if (tokens == null)
{
Logger.Debug("Tokens were null, initializing");
session.ProviderOAuthAccess.Add(tokens = new AuthTokens { Provider = this.Provider });
}
Logger.Debug("Tokens contains");
Logger.Debug(tokens.ToJson());
Logger.Debug("SamlAuthProvider::Init:RETURN");
return tokens;
}
/// <summary>
/// Parse a message value.
/// </summary>
/// <param name="name">Name of header being parsed.</param>
/// <param name="reader">Reader containing the string that should be parsed.</param>
/// <returns>Newly created header.</returns>
/// <exception cref="ParseException">Header value is malformed.</exception>
/// <example>
/// Digest realm="atlanta.com",
/// domain="sip:boxesbybob.com", qop="auth",
/// nonce="f84f1cec41e6cbe5aea9c8e88d359",
/// opaque="", stale=FALSE, algorithm=MD5
/// </example>
public IHeader Parse(string name, ITextReader reader)
{
reader.ConsumeWhiteSpaces();
string digest = reader.ReadWord().ToLower();
if (digest != "digest")
throw new ParseException("Authorization header is not digest authentication");
reader.ConsumeWhiteSpaces();
var parameters = new KeyValueCollection();
UriParser.ParseParameters(parameters, reader, ',');
var header = new Authenticate(name)
{
Algortihm = parameters["algorithm"],
Domain = UriParser.Parse(parameters["domain"]),
Realm = parameters["realm"],
Nonce = parameters["nonce"],
Qop = parameters["qop"],
Opaque = parameters["opaque"]
};
try
{
header.Stale = bool.Parse(parameters["stale"]);
}
catch (Exception err)
{
throw new ParseException("Failed to parse 'stale' in WWW-Authenticate header.", err);
}
return header;
}
public void doLogin()
{
// TODO: add loading while processing
// authenticate
Authenticate auth = new Authenticate ();
auth.login (_username.text, _password.text);
// TODO: show error if failed
}
public override bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null)
{
if (request != null)
{
if (!LoginMatchesSession(session, request.UserName)) return false;
}
return tokens != null && !string.IsNullOrEmpty(tokens.AccessTokenSecret);
}
public override bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null)
{
if (request != null) {
if (!LoginMatchesSession(session, request.UserName)) {
return false;
}
}
return !session.UserAuthName.IsNullOrEmpty();
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var tokens = Init(authService, ref session, request);
var httpRequest = authService.Request;
var error = httpRequest.QueryString["error_reason"]
?? httpRequest.QueryString["error"]
?? httpRequest.QueryString["error_code"]
?? httpRequest.QueryString["error_description"];
var hasError = !error.IsNullOrEmpty();
if (hasError)
{
Log.Error("Facebook error callback. {0}".Fmt(httpRequest.QueryString));
return authService.Redirect(session.ReferrerUrl);
}
var code = httpRequest.QueryString["code"];
var isPreAuthCallback = !code.IsNullOrEmpty();
if (!isPreAuthCallback)
{
var preAuthUrl = PreAuthUrl + "?client_id={0}&redirect_uri={1}&scope={2}"
.Fmt(AppId, this.CallbackUrl.UrlEncode(), string.Join(",", Permissions));
authService.SaveSession(session, SessionExpiry);
return authService.Redirect(preAuthUrl);
}
var accessTokenUrl = this.AccessTokenUrl + "?client_id={0}&redirect_uri={1}&client_secret={2}&code={3}"
.Fmt(AppId, this.CallbackUrl.UrlEncode(), AppSecret, code);
try
{
var contents = accessTokenUrl.GetStringFromUrl();
var authInfo = HttpUtility.ParseQueryString(contents);
tokens.AccessTokenSecret = authInfo["access_token"];
session.IsAuthenticated = true;
authService.SaveSession(session, SessionExpiry);
OnAuthenticated(authService, session, tokens, authInfo.ToDictionary());
//Haz access!
return authService.Redirect(session.ReferrerUrl.AddHashParam("s", "1"));
}
catch (WebException we)
{
var statusCode = ((HttpWebResponse)we.Response).StatusCode;
if (statusCode == HttpStatusCode.BadRequest)
{
return authService.Redirect(session.ReferrerUrl.AddHashParam("f", "AccessTokenFailed"));
}
}
//Shouldn't get here
return authService.Redirect(session.ReferrerUrl.AddHashParam("f", "Unknown"));
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var httpReq = authService.RequestContext.Get<IHttpRequest>();
var basicAuth = httpReq.GetBasicAuthUserAndPassword();
if (basicAuth == null)
throw HttpError.Unauthorized("Invalid BasicAuth credentials");
var userName = basicAuth.Value.Key;
var password = basicAuth.Value.Value;
return Authenticate(authService, session, userName, password, request.Continue);
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var tokens = Init(authService, ref session, request);
var httpRequest = authService.Request;
var error = httpRequest.QueryString["error_reason"]
?? httpRequest.QueryString["error"]
?? httpRequest.QueryString["error_code"]
?? httpRequest.QueryString["error_description"];
var hasError = !error.IsNullOrEmpty();
if (hasError)
{
Log.Error($"Facebook error callback. {httpRequest.QueryString}");
return authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", error)));
}
var code = httpRequest.QueryString["code"];
var isPreAuthCallback = !code.IsNullOrEmpty();
if (!isPreAuthCallback)
{
var preAuthUrl = $"{PreAuthUrl}?client_id={AppId}&redirect_uri={this.CallbackUrl.UrlEncode()}&scope={string.Join(",", Permissions)}";
this.SaveSession(authService, session, SessionExpiry);
return authService.Redirect(PreAuthUrlFilter(this, preAuthUrl));
}
var accessTokenUrl = $"{AccessTokenUrl}?client_id={AppId}&redirect_uri={this.CallbackUrl.UrlEncode()}&client_secret={AppSecret}&code={code}";
try
{
var contents = AccessTokenUrlFilter(this, accessTokenUrl).GetJsonFromUrl();
var authInfo = JsonObject.Parse(contents);
tokens.AccessTokenSecret = authInfo["access_token"];
session.IsAuthenticated = true;
return OnAuthenticated(authService, session, tokens, authInfo.ToDictionary())
?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1"))); //Haz access!
}
catch (WebException we)
{
var statusCode = ((HttpWebResponse)we.Response).StatusCode;
if (statusCode == HttpStatusCode.BadRequest)
{
return authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed")));
}
}
//Shouldn't get here
return authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "Unknown")));
}
public override bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null)
{
if (request != null)
{
//if (!LoginMatchesSession(session, request.UserName))
//{
// return false;
//}
throw new NotImplementedException();
}
return session != null && session.IsAuthenticated && !session.UserAuthName.IsNullOrEmpty();
}
/// <summary>
/// Remove the Users Session
/// </summary>
/// <param name="service"></param>
/// <param name="request"></param>
/// <returns></returns>
public virtual object Logout(IServiceBase service, Authenticate request)
{
var session = service.GetSession();
var referrerUrl = (request != null ? request.Continue : null)
?? session.ReferrerUrl
?? service.RequestContext.GetHeader("Referer")
?? this.CallbackUrl;
session.OnLogout(service);
service.RemoveSession();
if (service.RequestContext.ResponseContentType == MimeTypes.Html && !String.IsNullOrEmpty(referrerUrl))
return service.Redirect(referrerUrl.AddHashParam("s", "-1"));
return new AuthenticateResponse();
}
/// <summary>
/// The entry point for all AuthProvider providers. Runs inside the AuthService so exceptions are treated normally.
/// Overridable so you can provide your own Auth implementation.
/// </summary>
/// <param name="authService"></param>
/// <param name="session"></param>
/// <param name="request"></param>
/// <returns></returns>
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var tokens = Init(authService, ref session, request);
//Default OAuth logic based on Twitter's OAuth workflow
if (!tokens.RequestToken.IsNullOrEmpty() && !request.oauth_token.IsNullOrEmpty())
{
OAuthUtils.RequestToken = tokens.RequestToken;
OAuthUtils.RequestTokenSecret = tokens.RequestTokenSecret;
OAuthUtils.AuthorizationToken = request.oauth_token;
OAuthUtils.AuthorizationVerifier = request.oauth_verifier;
if (OAuthUtils.AcquireAccessToken())
{
tokens.AccessToken = OAuthUtils.AccessToken;
tokens.AccessTokenSecret = OAuthUtils.AccessTokenSecret;
session.IsAuthenticated = true;
OnAuthenticated(authService, session, tokens, OAuthUtils.AuthInfo);
authService.SaveSession(session, SessionExpiry);
//Haz access!
return authService.Redirect(session.ReferrerUrl.AddHashParam("s", "1"));
}
//No Joy :(
tokens.RequestToken = null;
tokens.RequestTokenSecret = null;
authService.SaveSession(session, SessionExpiry);
return authService.Redirect(session.ReferrerUrl.AddHashParam("f", "AccessTokenFailed"));
}
if (OAuthUtils.AcquireRequestToken())
{
tokens.RequestToken = OAuthUtils.RequestToken;
tokens.RequestTokenSecret = OAuthUtils.RequestTokenSecret;
authService.SaveSession(session, SessionExpiry);
//Redirect to OAuth provider to approve access
return authService.Redirect(this.AuthorizeUrl
.AddQueryParam("oauth_token", tokens.RequestToken)
.AddQueryParam("oauth_callback", session.ReferrerUrl));
}
return authService.Redirect(session.ReferrerUrl.AddHashParam("f", "RequestTokenFailed"));
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var header = request.oauth_token;
// if no auth header, 401
if (string.IsNullOrEmpty(header))
{
throw HttpError.Unauthorized(MissingAuthHeader);
}
var headerData = header.Split(' ');
// if header is missing bearer portion, 401
if (string.Compare(headerData[0], "BEARER", StringComparison.OrdinalIgnoreCase) != 0)
{
throw HttpError.Unauthorized(InvalidAuthHeader);
}
try
{
// set current principal to the validated token principal
Thread.CurrentPrincipal = JsonWebToken.ValidateToken(headerData[1], Certificate, Audience, Issuer);
if (HttpContext.Current != null)
{
// set the current request's user the the decoded principal
HttpContext.Current.User = Thread.CurrentPrincipal;
}
// set the session's username to the logged in user
session.UserName = Thread.CurrentPrincipal.Identity.Name;
return OnAuthenticated(authService, session, new AuthTokens(), new Dictionary<string, string>());
}
catch (Exception ex)
{
throw new HttpError(HttpStatusCode.Unauthorized, ex);
}
}
protected virtual string GetReferrerUrl(IServiceBase authService, IAuthSession session, Authenticate request = null)
{
if (request == null)
{
request = authService.Request.Dto as Authenticate;
}
var referrerUrl = session.ReferrerUrl;
if (referrerUrl.IsNullOrEmpty())
{
referrerUrl = (request != null ? request.Continue : null)
?? authService.Request.GetHeader("Referer");
}
var requestUri = authService.Request.AbsoluteUri;
if (referrerUrl.IsNullOrEmpty() ||
referrerUrl.IndexOf("/auth", StringComparison.OrdinalIgnoreCase) >= 0)
{
referrerUrl = this.RedirectUrl
?? authService.Request.GetBaseUrl()
?? requestUri.InferBaseUrl();
}
return(referrerUrl);
}
/// <summary>
///is Valid Login
/// <param name="Program_Code"></param>
/// <param name="Domain_Name"></param>
/// <param name="User_EmailID"></param>
/// <param name="User_Password"></param>
/// </summary>
private Authenticate isValidLogin(string Program_Code, string Domain_Name, string User_EmailID, string User_Password)
{
MySqlCommand cmd = new MySqlCommand();
DataSet ds = new DataSet();
Authenticate authenticate = new Authenticate();
try
{
conn.Open();
cmd.Connection = conn;
MySqlCommand cmd1 = new MySqlCommand("SP_ValidateStoreUserLogin", conn);
cmd1.CommandType = CommandType.StoredProcedure;
cmd1.Parameters.AddWithValue("@Program_Code", Program_Code);
cmd1.Parameters.AddWithValue("@Domain_Name", Domain_Name);
cmd1.Parameters.AddWithValue("@User_EmailID", User_EmailID);
cmd1.Parameters.AddWithValue("@User_Password", User_Password);
MySqlDataAdapter da = new MySqlDataAdapter(cmd1)
{
SelectCommand = cmd1
};
da.Fill(ds);
if (ds != null && ds.Tables[0] != null)
{
if (ds.Tables[0].Rows.Count > 0)
{
bool status = Convert.ToBoolean(ds.Tables[0].Rows[0]["Status"]);
if (status)
{
authenticate.AppID = Convert.ToString(ds.Tables[0].Rows[0]["ApplicationId"]);
authenticate.ProgramCode = Program_Code;
authenticate.Domain_Name = Domain_Name;
authenticate.UserMasterID = Convert.ToInt32(ds.Tables[0].Rows[0]["UserID"]);
authenticate.TenantId = Convert.ToInt32(ds.Tables[0].Rows[0]["Tenant_Id"]);
authenticate.FirstName = Convert.ToString(ds.Tables[0].Rows[0]["FirstName"]);
authenticate.LastName = Convert.ToString(ds.Tables[0].Rows[0]["LastName"]);
authenticate.Message = "Valid user";
authenticate.UserEmailID = User_EmailID;
}
else
{
authenticate.AppID = "";
authenticate.ProgramCode = "";
authenticate.Domain_Name = "";
authenticate.Message = "In-valid username or passowrd";
authenticate.Token = "";
authenticate.UserMasterID = 0;
authenticate.TenantId = 0;
}
}
}
}
catch (Exception)
{
throw;
}
finally
{
if (conn != null)
{
conn.Close();
}
if (ds != null)
{
ds.Dispose();
}
}
return(authenticate);
}
/// <param name='provider'>
/// </param>
/// <param name='state'>
/// </param>
/// <param name='oauthToken'>
/// </param>
/// <param name='oauthVerifier'>
/// </param>
/// <param name='userName'>
/// </param>
/// <param name='password'>
/// </param>
/// <param name='rememberMe'>
/// </param>
/// <param name='continueParameter'>
/// </param>
/// <param name='nonce'>
/// </param>
/// <param name='uri'>
/// </param>
/// <param name='response'>
/// </param>
/// <param name='qop'>
/// </param>
/// <param name='nc'>
/// </param>
/// <param name='cnonce'>
/// </param>
/// <param name='useTokenCookie'>
/// </param>
/// <param name='meta'>
/// </param>
/// <param name='body'>
/// </param>
/// <param name='customHeaders'>
/// Headers that will be added to request.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
/// <exception cref="AuthenticateResponseException">
/// Thrown when the operation returned an invalid status code
/// </exception>
/// <return>
/// A response object containing the response body and response headers.
/// </return>
public async Task <HttpOperationResponse <AuthenticateResponse> > PostWithHttpMessagesAsync(string provider = default(string), string state = default(string), string oauthToken = default(string), string oauthVerifier = default(string), string userName = default(string), string password = default(string), bool?rememberMe = default(bool?), string continueParameter = default(string), string nonce = default(string), string uri = default(string), string response = default(string), string qop = default(string), string nc = default(string), string cnonce = default(string), bool?useTokenCookie = default(bool?), string meta = default(string), Authenticate body = default(Authenticate), Dictionary <string, List <string> > customHeaders = null, CancellationToken cancellationToken = default(CancellationToken))
{
// Tracing
bool _shouldTrace = ServiceClientTracing.IsEnabled;
string _invocationId = null;
if (_shouldTrace)
{
_invocationId = ServiceClientTracing.NextInvocationId.ToString();
Dictionary <string, object> tracingParameters = new Dictionary <string, object>();
tracingParameters.Add("provider", provider);
tracingParameters.Add("state", state);
tracingParameters.Add("oauthToken", oauthToken);
tracingParameters.Add("oauthVerifier", oauthVerifier);
tracingParameters.Add("userName", userName);
tracingParameters.Add("password", password);
tracingParameters.Add("rememberMe", rememberMe);
tracingParameters.Add("continueParameter", continueParameter);
tracingParameters.Add("nonce", nonce);
tracingParameters.Add("uri", uri);
tracingParameters.Add("response", response);
tracingParameters.Add("qop", qop);
tracingParameters.Add("nc", nc);
tracingParameters.Add("cnonce", cnonce);
tracingParameters.Add("useTokenCookie", useTokenCookie);
tracingParameters.Add("meta", meta);
tracingParameters.Add("body", body);
tracingParameters.Add("cancellationToken", cancellationToken);
ServiceClientTracing.Enter(_invocationId, this, "Post", tracingParameters);
}
// Construct URL
var _baseUrl = Client.BaseUri.AbsoluteUri;
var _url = new System.Uri(new System.Uri(_baseUrl + (_baseUrl.EndsWith("/") ? "" : "/")), "auth").ToString();
// Create HTTP transport objects
var _httpRequest = new HttpRequestMessage();
HttpResponseMessage _httpResponse = null;
_httpRequest.Method = new HttpMethod("POST");
_httpRequest.RequestUri = new System.Uri(_url);
// Set Headers
if (Client.Accept != null)
{
if (_httpRequest.Headers.Contains("Accept"))
{
_httpRequest.Headers.Remove("Accept");
}
_httpRequest.Headers.TryAddWithoutValidation("Accept", Client.Accept);
}
if (customHeaders != null)
{
foreach (var _header in customHeaders)
{
if (_httpRequest.Headers.Contains(_header.Key))
{
_httpRequest.Headers.Remove(_header.Key);
}
_httpRequest.Headers.TryAddWithoutValidation(_header.Key, _header.Value);
}
}
// Serialize Request
string _requestContent = null;
if (body != null)
{
_requestContent = Microsoft.Rest.Serialization.SafeJsonConvert.SerializeObject(body, Client.SerializationSettings);
_httpRequest.Content = new StringContent(_requestContent, System.Text.Encoding.UTF8);
_httpRequest.Content.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json; charset=utf-8");
}
// Send Request
if (_shouldTrace)
{
ServiceClientTracing.SendRequest(_invocationId, _httpRequest);
}
cancellationToken.ThrowIfCancellationRequested();
_httpResponse = await Client.HttpClient.SendAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
if (_shouldTrace)
{
ServiceClientTracing.ReceiveResponse(_invocationId, _httpResponse);
}
HttpStatusCode _statusCode = _httpResponse.StatusCode;
cancellationToken.ThrowIfCancellationRequested();
string _responseContent = null;
if (!_httpResponse.IsSuccessStatusCode)
{
var ex = new AuthenticateResponseException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
AuthenticateResponse _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject <AuthenticateResponse>(_responseContent, Client.DeserializationSettings);
if (_errorBody != null)
{
ex.Body = _errorBody;
}
}
catch (JsonException)
{
// Ignore the exception
}
ex.Request = new HttpRequestMessageWrapper(_httpRequest, _requestContent);
ex.Response = new HttpResponseMessageWrapper(_httpResponse, _responseContent);
if (_shouldTrace)
{
ServiceClientTracing.Error(_invocationId, ex);
}
_httpRequest.Dispose();
if (_httpResponse != null)
{
_httpResponse.Dispose();
}
throw ex;
}
// Create Result
var _result = new HttpOperationResponse <AuthenticateResponse>();
_result.Request = _httpRequest;
_result.Response = _httpResponse;
string _defaultResponseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
try
{
_result.Body = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject <AuthenticateResponse>(_defaultResponseContent, Client.DeserializationSettings);
}
catch (JsonException ex)
{
_httpRequest.Dispose();
if (_httpResponse != null)
{
_httpResponse.Dispose();
}
throw new SerializationException("Unable to deserialize the response.", _defaultResponseContent, ex);
}
if (_shouldTrace)
{
ServiceClientTracing.Exit(_invocationId, _result);
}
return(_result);
}
///<summary>
///Get campaign content
///</summary>
internal async Task <RootContent> GetCampaignContentAsync(string campaign_id)
{
string endpoint = Authenticate.EndPoint(TargetTypes.campaigns, SubTargetType.content, SubTargetType.not_applicable, campaign_id);
return(await BaseOperation.GetAsync <RootContent>(endpoint));
}
private void ProcessTcpData()
{
// This thread is aborted in Close()
while (true)
{
try
{
var messageType = (MessageType)IPAddress.NetworkToHostOrder(_reader.ReadInt16());
//Debug.Log("Processing data of type: " + messageType);
switch (messageType)
{
case MessageType.Version:
_mumbleClient.RemoteVersion = Serializer.DeserializeWithLengthPrefix <Version>(_ssl,
PrefixStyle.Fixed32BigEndian);
//Debug.Log("Server version: " + _mc.RemoteVersion.release);
var authenticate = new Authenticate
{
Username = _username,
Password = _password,
Opus = true
};
SendMessage(MessageType.Authenticate, authenticate);
break;
case MessageType.CryptSetup:
var cryptSetup = Serializer.DeserializeWithLengthPrefix <CryptSetup>(_ssl,
PrefixStyle.Fixed32BigEndian);
ProcessCryptSetup(cryptSetup);
//Debug.Log("Got crypt");
break;
case MessageType.CodecVersion:
_mumbleClient.CodecVersion = Serializer.DeserializeWithLengthPrefix <CodecVersion>(_ssl,
PrefixStyle.Fixed32BigEndian);
//Debug.Log("Got codec version");
break;
case MessageType.ChannelState:
ChannelState ChannelState = Serializer.DeserializeWithLengthPrefix <ChannelState>(_ssl,
PrefixStyle.Fixed32BigEndian);
/*
* Debug.Log("Channel state Name = " + ChannelState.name);
* Debug.Log("Channel state ID = " + ChannelState.channel_id);
* Debug.Log("Channel state Position = " + ChannelState.position);
* Debug.Log("Channel state Temporary = " + ChannelState.temporary);
* Debug.Log("Channel state Parent = " + ChannelState.parent);
* Debug.Log("Channel state Description = " + ChannelState.description);
*/
_mumbleClient.AddChannel(ChannelState);
break;
case MessageType.PermissionQuery:
_mumbleClient.PermissionQuery = Serializer.DeserializeWithLengthPrefix <PermissionQuery>(_ssl,
PrefixStyle.Fixed32BigEndian);
//Debug.Log("Permission Query = " + _mumbleClient.PermissionQuery.permissions);
//Debug.Log("Permission Channel = " + _mumbleClient.PermissionQuery.channel_id);
break;
case MessageType.UserState:
//This is called for every user in the room, including us
UserState user = Serializer.DeserializeWithLengthPrefix <UserState>(_ssl,
PrefixStyle.Fixed32BigEndian);
//Debug.Log("Name: " + user.Name);
//Debug.Log("Session: " + user.Session);
//Debug.Log("actor: " + user.Actor);
//Debug.Log("Chan: " + user.ChannelId);
//Debug.Log("ID: " + user.UserId);
_mumbleClient.AddOrUpdateUser(user);
break;
case MessageType.ServerSync:
//This is where we get our session Id
//Debug.Log("Will server sync!");
_mumbleClient.SetServerSync(Serializer.DeserializeWithLengthPrefix <ServerSync>(_ssl,
PrefixStyle.Fixed32BigEndian));
//Debug.Log("Server Sync Session= " + _mumbleClient.ServerSync.session);
break;
case MessageType.ServerConfig:
_mumbleClient.ServerConfig = Serializer.DeserializeWithLengthPrefix <ServerConfig>(_ssl,
PrefixStyle.Fixed32BigEndian);
//Debug.Log("Sever config = " + _mumbleClient.ServerConfig);
Debug.Log("Mumble is Connected");
_validConnection = true; // handshake complete
break;
case MessageType.SuggestConfig:
//Contains suggested configuratio options from the server
//like whether to send positional data, client version, etc.
Serializer.DeserializeWithLengthPrefix <SuggestConfig>(_ssl,
PrefixStyle.Fixed32BigEndian);
break;
case MessageType.TextMessage:
TextMessage textMessage = Serializer.DeserializeWithLengthPrefix <TextMessage>(_ssl,
PrefixStyle.Fixed32BigEndian);
Debug.Log("Text message = " + textMessage.Message);
Debug.Log("Text actor = " + textMessage.Actor);
//Debug.Log("Text channel = " + textMessage.channel_id[0]);
//Debug.Log("Text session Length = " + textMessage.Sessions.Length);
//Debug.Log("Text Tree Length = " + textMessage.TreeIds.Length);
break;
case MessageType.UDPTunnel:
var length = IPAddress.NetworkToHostOrder(_reader.ReadInt32());
//Debug.Log("Received UDP tunnel of length: " + length);
//At this point the message is already decrypted
_udpConnection.UnpackOpusVoicePacket(_reader.ReadBytes(length), false);
/*
* //var udpTunnel = Serializer.DeserializeWithLengthPrefix<UDPTunnel>(_ssl,
* PrefixStyle.Fixed32BigEndian);
*/
break;
case MessageType.Ping:
Serializer.DeserializeWithLengthPrefix <MumbleProto.Ping>(_ssl,
PrefixStyle.Fixed32BigEndian);
break;
case MessageType.Reject:
// This is called, for example, when the max number of users has been hit
var reject = Serializer.DeserializeWithLengthPrefix <Reject>(_ssl,
PrefixStyle.Fixed32BigEndian);
_validConnection = false;
Debug.LogError("Mumble server reject: " + reject.Reason);
_mumbleClient.OnConnectionDisconnect();
// The server connection is over, so we return
return;
case MessageType.UserRemove:
var removal = Serializer.DeserializeWithLengthPrefix <UserRemove>(_ssl,
PrefixStyle.Fixed32BigEndian);
Debug.Log("Removing " + removal.Session);
_mumbleClient.RemoveUser(removal.Session);
break;
case MessageType.ChannelRemove:
var removedChan = Serializer.DeserializeWithLengthPrefix <ChannelRemove>(_ssl,
PrefixStyle.Fixed32BigEndian);
_mumbleClient.RemoveChannel(removedChan.ChannelId);
Debug.Log("Removing channel " + removedChan.ChannelId);
break;
case MessageType.PermissionDenied:
var denial = Serializer.DeserializeWithLengthPrefix <PermissionDenied>(_ssl,
PrefixStyle.Fixed32BigEndian);
Debug.LogError("Permission denied with fields Name: " + denial.Name + ", Type: " + denial.Type + ", Reason: " + denial.Reason);
break;
default:
Debug.LogError("Message type " + messageType + " not implemented");
break;
}
}
catch (Exception ex)
{
if (ex is EndOfStreamException)
{
Debug.LogError("EOS Exception: " + ex);//This happens when we connect again with the same username
_mumbleClient.OnConnectionDisconnect();
}
else if (ex is IOException)
{
Debug.LogError("IO Exception: " + ex);
_mumbleClient.OnConnectionDisconnect();
}
//These just means the app stopped, it's ok
else if (ex is ObjectDisposedException)
{
}
else if (ex is ThreadAbortException)
{
}
else
{
Debug.LogError("Unhandled error: " + ex);
}
return;
}
}
}
public async Task <Int32> Authenticateuser(Authenticate authenticate)
{
Int32 i = await _httpClient.PostJsonAsync <Int32>("api/Login/AuthenticateUser", authenticate);
return(i);
}
public override bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null)
{
return(session != null && session.IsAuthenticated &&
LoginMatchesSession(session, HttpContext.Current.GetUser().GetUserName()));
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var user = authService.Request.GetUser();
var userName = user.GetUserName();
if (!LoginMatchesSession(session, userName))
{
authService.RemoveSession();
session = authService.GetSession();
}
if (IsAuthorized(user))
{
session.IsAuthenticated = true;
if (session.UserAuthName == null)
{
session.UserAuthName = userName;
}
var aspReq = (HttpRequestBase)authService.Request.OriginalRequest;
var loginUser = aspReq.ServerVariables["LOGON_USER"].ToNullIfEmpty();
var remoteUser = aspReq.ServerVariables["REMOTE_USER"].ToNullIfEmpty();
var identityName = aspReq.LogonUserIdentity != null ? aspReq.LogonUserIdentity.Name : null;
session.DisplayName = loginUser
?? remoteUser
?? identityName;
var tokens = new AuthTokens {
Provider = Name,
UserName = userName,
DisplayName = session.DisplayName,
Items = new Dictionary <string, string> {
{ "LOGON_USER", loginUser },
{ "REMOTE_USER", remoteUser },
{ "LogonUserIdentityName", identityName },
}
};
if (session.Roles == null)
{
session.Roles = new List <string>();
}
foreach (var role in AllRoles.Safe())
{
if (user.IsInRole(role))
{
session.Roles.AddIfNotExists(role);
}
}
OnAuthenticated(authService, session, tokens, new Dictionary <string, string>());
return(new AuthenticateResponse
{
UserName = userName,
SessionId = session.Id,
DisplayName = session.DisplayName,
ReferrerUrl = request.Continue
});
}
throw HttpError.Unauthorized("Windows Auth failed");
}
/// <summary>
/// Sets the CallbackUrl and session.ReferrerUrl if not set and initializes the session tokens for this AuthProvider
/// </summary>
/// <param name="authService"></param>
/// <param name="session"></param>
/// <param name="request"> </param>
/// <returns></returns>
protected IAuthTokens Init(IServiceBase authService, ref IAuthSession session, Authenticate request)
{
AssertValidState();
if (this.CallbackUrl.IsNullOrEmpty())
{
this.CallbackUrl = authService.Request.AbsoluteUri;
}
if (HostContext.Config?.UseSameSiteCookies == true)
{
var state = authService.Request.QueryString[Keywords.State];
if (!string.IsNullOrEmpty(state))
{
(authService.Request.Response as IHttpResponse)?.ClearCookies();
authService.Request.CreateTemporarySessionId(state);
session = authService.Request.GetSession(reload: true);
}
}
session.ReferrerUrl = GetReferrerUrl(authService, session, request);
var tokens = session.GetAuthTokens(Provider);
if (tokens == null)
{
session.AddAuthToken(tokens = new AuthTokens {
Provider = Provider
});
}
return(tokens);
}
/// <summary> /// The entry point for all AuthProvider providers. Runs inside the AuthService so exceptions are treated normally. /// Overridable so you can provide your own Auth implementation. /// </summary> /// <param name="authService"></param> /// <param name="session"></param> /// <param name="request"></param> /// <returns></returns> public abstract override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request);
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
try
{
return(base.Authenticate(authService, session, request));
}
catch (Exception ex)
{
return(ex);
}
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var tokens = Init(authService, ref session, request);
var httpReq = authService.RequestContext.Get<IHttpRequest>();
var isOpenIdRequest = !httpReq.GetParam("openid.mode").IsNullOrEmpty();
if (!isOpenIdRequest)
{
var openIdUrl = httpReq.GetParam("OpenIdUrl") ?? base.AuthRealm;
if (openIdUrl.IsNullOrEmpty())
throw new ArgumentException("'OpenIdUrl' is required a required field");
try
{
using (var openid = CreateOpenIdRelyingParty(OpenIdApplicationStore))
{
var openIdRequest = openid.CreateRequest(openIdUrl);
AddAttributeExchangeExtensions(openIdRequest);
// This is where you would add any OpenID extensions you wanted
// to include in the authentication request.
openIdRequest.AddExtension(CreateClaimsRequest(httpReq));
// Send your visitor to their Provider for authentication.
var openIdResponse = openIdRequest.RedirectingResponse;
var contentType = openIdResponse.Headers[HttpHeaders.ContentType];
var httpResult = new HttpResult(openIdResponse.ResponseStream, contentType) {
StatusCode = openIdResponse.Status,
StatusDescription = "Moved Temporarily",
};
foreach (string header in openIdResponse.Headers)
{
httpResult.Headers[header] = openIdResponse.Headers[header];
}
// Save the current session to keep the ReferrerUrl available (similar to Facebook provider)
authService.SaveSession(session, SessionExpiry);
return httpResult;
}
}
catch (ProtocolException ex)
{
Log.Error("Failed to login to {0}".Fmt(openIdUrl), ex);
return authService.Redirect(session.ReferrerUrl.AddHashParam("f", "Unknown"));
}
}
if (isOpenIdRequest)
{
using (var openid = CreateOpenIdRelyingParty(OpenIdApplicationStore))
{
var response = openid.GetResponse();
if (response != null)
{
switch (response.Status)
{
case AuthenticationStatus.Authenticated:
var authInfo = CreateAuthInfo(response);
// Use FormsAuthentication to tell ASP.NET that the user is now logged in,
// with the OpenID Claimed Identifier as their username.
session.IsAuthenticated = true;
authService.SaveSession(session, SessionExpiry);
OnAuthenticated(authService, session, tokens, authInfo);
//Haz access!
return authService.Redirect(session.ReferrerUrl.AddHashParam("s", "1"));
case AuthenticationStatus.Canceled:
return authService.Redirect(session.ReferrerUrl.AddHashParam("f", "ProviderCancelled"));
case AuthenticationStatus.Failed:
return authService.Redirect(session.ReferrerUrl.AddHashParam("f", "Unknown"));
}
}
}
}
//Shouldn't get here
return authService.Redirect(session.ReferrerUrl.AddHashParam("f", "Unknown"));
}
public override async Task <object> AuthenticateAsync(IServiceBase authService, IAuthSession session, Authenticate request, CancellationToken token = default)
{
var tokens = this.Init(authService, ref session, request);
var authServer = new AuthorizationServerDescription {
AuthorizationEndpoint = new Uri(this.AuthorizeUrl), TokenEndpoint = new Uri(this.AccessTokenUrl)
};
var authClient = new WebServerClient(authServer, this.ConsumerKey)
{
ClientCredentialApplicator = ClientCredentialApplicator.PostParameter(this.ConsumerSecret),
};
/*
* Because we are exceeding the default max depth (2) we need to increase the quota.
* http://stackoverflow.com/questions/14691358/how-do-i-set-jsonreaderquotas-property-on-the-dotnetopenauth-oauth2clientchan
* */
authClient.JsonReaderQuotas.MaxDepth = 10;
var authState = authClient.ProcessUserAuthorization();
if (authState == null)
{
try
{
var authReq = authClient.PrepareRequestUserAuthorization(this.Scopes, new Uri(this.CallbackUrl));
var authContentType = authReq.Headers[HttpHeaders.ContentType];
var httpResult = new HttpResult(authReq.ResponseStream, authContentType)
{
StatusCode = authReq.Status, StatusDescription = "Moved Temporarily"
};
foreach (string header in authReq.Headers)
{
httpResult.Headers[header] = authReq.Headers[header];
}
foreach (string name in authReq.Cookies)
{
var cookie = authReq.Cookies[name];
if (cookie != null)
{
httpResult.SetSessionCookie(name, cookie.Value, cookie.Path);
}
}
await this.SaveSessionAsync(authService, session, SessionExpiry, token).ConfigAwait();
return(httpResult);
}
catch (ProtocolException ex)
{
Log.Error("Failed to login to {0}".Fmt(this.Provider), ex);
return(authService.Redirect(session.ReferrerUrl.AddHashParam("f", "Unknown")));
}
}
var accessToken = authState.AccessToken;
if (accessToken != null)
{
try
{
tokens.AccessToken = accessToken;
tokens.RefreshToken = authState.RefreshToken;
tokens.RefreshTokenExpiry = authState.AccessTokenExpirationUtc;
session.IsAuthenticated = true;
var authInfo = this.CreateAuthInfo(accessToken);
await this.OnAuthenticatedAsync(authService, session, tokens, authInfo, token).ConfigAwait();
return(authService.Redirect(session.ReferrerUrl.AddHashParam("s", "1")));
}
catch (WebException we)
{
var statusCode = ((HttpWebResponse)we.Response).StatusCode;
if (statusCode == HttpStatusCode.BadRequest)
{
return(authService.Redirect(session.ReferrerUrl.AddHashParam("f", "AccessTokenFailed")));
}
}
}
return(authService.Redirect(session.ReferrerUrl.AddHashParam("f", "RequestTokenFailed")));
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
throw new NotImplementedException("JWT Authenticate() should not be called directly");
}
public void Options(Authenticate request)
{
}
/// <summary>
/// Authenticate against Yammer OAuth endpoint.
/// </summary>
/// <param name="authService">
/// The auth service.
/// </param>
/// <param name="session">
/// The session.
/// </param>
/// <param name="request">
/// The request.
/// </param>
/// <returns>
/// The <see cref="object"/>.
/// </returns>
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var tokens = this.Init(authService, ref session, request);
// Check if this is a callback from Yammer OAuth,
// if not, get the code.
var code = authService.Request.QueryString["code"];
var isPreAuthCallback = !code.IsNullOrEmpty();
if (!isPreAuthCallback)
{
var preAuthUrl = $"{this.PreAuthUrl}?client_id={this.ClientId}&redirect_uri={this.RedirectUrl.UrlEncode()}";
this.SaveSession(authService, session, SessionExpiry);
return(authService.Redirect(PreAuthUrlFilter(this, preAuthUrl)));
}
// If access code exists, get access token to be able to call APIs.
var accessTokenUrl = $"{this.AccessTokenUrl}?client_id={this.ClientId}&client_secret={this.ClientSecret}&code={code}";
try
{
// Get access response object
var contents = AccessTokenUrlFilter(this, accessTokenUrl).GetStringFromUrl();
var authInfo = PclExportClient.Instance.ParseQueryString(contents);
var authObj = JsonObject.Parse(contents);
var accessToken = authObj.Object("access_token");
var userInfo = authObj.Object("user");
// Save info into user session
tokens.AccessToken = accessToken.Get("token");
tokens.UserId = accessToken.Get("user_id");
tokens.UserName = userInfo.Get("name");
tokens.DisplayName = userInfo.Get("full_name");
tokens.FullName = userInfo.Get("full_name");
tokens.FirstName = userInfo.Get("first_name");
tokens.LastName = userInfo.Get("last_name");
var emails = userInfo.Object("contact").ArrayObjects("email_addresses").ConvertAll(x =>
new EmailAddresses
{
Type = x.Get("type"),
Address = x.Get("address")
});
var email = emails.FirstOrDefault(q => q.Type == "primary");
if (email != null)
{
tokens.Email = email.Address;
}
// Save session info incl. login state
session.UserName = tokens.UserName;
session.Email = tokens.Email;
session.FirstName = tokens.FirstName;
session.LastName = tokens.LastName;
session.IsAuthenticated = true;
// Pass along
var response = this.OnAuthenticated(authService, session, tokens, authInfo.ToDictionary());
if (response != null)
{
return(response);
}
// Has access!
return(authService.Redirect(SuccessRedirectUrlFilter(this, this.CallbackUrl.SetParam("s", "1"))));
}
catch (WebException webEx)
{
var statusCode = ((HttpWebResponse)webEx.Response).StatusCode;
if (statusCode == HttpStatusCode.BadRequest)
{
return(authService.Redirect(FailedRedirectUrlFilter(this, this.CallbackUrl.SetParam("f", "AccessTokenFailed"))));
}
}
// Unknown error, shouldn't get here.
return(authService.Redirect(FailedRedirectUrlFilter(this, this.CallbackUrl.SetParam("f", "Unknown"))));
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
//new CredentialsAuthValidator().ValidateAndThrow(request);
return Authenticate(authService, session, request.UserName, request.Password);
}
public object Post(Authenticate request)
{
AssertAuthProviders();
if (ValidateFn != null)
{
var validationResponse = ValidateFn(this, Request.Verb, request);
if (validationResponse != null)
{
return(validationResponse);
}
}
if (request.RememberMe.HasValue)
{
var opt = request.RememberMe.GetValueOrDefault(false)
? SessionOptions.Permanent
: SessionOptions.Temporary;
base.Request.AddSessionOptions(opt);
}
var provider = request.provider ?? AuthProviders[0].Provider;
if (provider == CredentialsAliasProvider)
{
provider = CredentialsProvider;
}
var oAuthConfig = GetAuthProvider(provider);
if (oAuthConfig == null)
{
throw HttpError.NotFound(ErrorMessages.UnknownAuthProviderFmt.Fmt(provider));
}
if (LogoutAction.EqualsIgnoreCase(request.provider))
{
return(oAuthConfig.Logout(this, request));
}
var session = this.GetSession();
var isHtml = base.Request.ResponseContentType.MatchesContentType(MimeTypes.Html);
try
{
var response = Authenticate(request, provider, session, oAuthConfig);
// The above Authenticate call may end an existing session and create a new one so we need
// to refresh the current session reference.
session = this.GetSession();
if (request.provider == null && !session.IsAuthenticated)
{
throw HttpError.Unauthorized(ErrorMessages.NotAuthenticated);
}
var referrerUrl = request.Continue
?? session.ReferrerUrl
?? this.Request.GetHeader("Referer")
?? oAuthConfig.CallbackUrl;
var alreadyAuthenticated = response == null;
response = response ?? new AuthenticateResponse {
UserId = session.UserAuthId,
UserName = session.UserAuthName,
DisplayName = session.DisplayName
?? session.UserName
?? "{0} {1}".Fmt(session.FirstName, session.LastName).Trim(),
SessionId = session.Id,
ReferrerUrl = referrerUrl,
};
if (isHtml && request.provider != null)
{
if (alreadyAuthenticated)
{
return(this.Redirect(referrerUrl.AddHashParam("s", "0")));
}
if (!(response is IHttpResult) && !string.IsNullOrEmpty(referrerUrl))
{
return(new HttpResult(response)
{
Location = referrerUrl
});
}
}
return(response);
}
catch (HttpError ex)
{
var errorReferrerUrl = this.Request.GetHeader("Referer");
if (isHtml && errorReferrerUrl != null)
{
errorReferrerUrl = errorReferrerUrl.AddHashParam("f", ex.Message.Localize(Request));
return(HttpResult.Redirect(errorReferrerUrl));
}
throw;
}
}
public abstract object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request);
public CommentController(Authenticate auth, ICommentRepository repo)
{
_repo = repo;
_auth = auth;
}
/// <summary>
/// Public API entry point to authenticate via code
/// </summary>
/// <param name="request"></param>
/// <returns>null; if already autenticated otherwise a populated instance of AuthResponse</returns>
public AuthenticateResponse Authenticate(Authenticate request)
{
//Remove HTML Content-Type to avoid auth providers issuing browser re-directs
this.Request.ResponseContentType = MimeTypes.PlainText;
var provider = request.provider ?? AuthProviders[0].Provider;
var oAuthConfig = GetAuthProvider(provider);
if (oAuthConfig == null)
throw HttpError.NotFound("No configuration was added for OAuth provider '{0}'".Fmt(provider));
if (request.provider == LogoutAction)
return oAuthConfig.Logout(this, request) as AuthenticateResponse;
var result = Authenticate(request, provider, this.GetSession(), oAuthConfig);
var httpError = result as HttpError;
if (httpError != null)
throw httpError;
return result as AuthenticateResponse;
}
public object Get(Authenticate request)
{
return(Post(request));
}
public object Delete(Authenticate request)
{
if (ValidateFn != null)
{
var response = ValidateFn(this, HttpMethods.Delete, request);
if (response != null) return response;
}
this.RemoveSession();
return new AuthenticateResponse();
}
/// <summary>
/// Return click details for a specific link
/// <param name="campaignId">Campaign Id</param>
/// <param name="linkId">The id for the link</param>
/// </summary>
internal async Task <ClickReports> GetAlllSubscribersInfoAsync(string campaignId, string linkId)
{
string endpoint = Authenticate.EndPoint(TargetTypes.reports, SubTargetType.click_details, SubTargetType.members, campaignId, linkId);
return(await BaseOperation.GetAsync <ClickReports>(endpoint));
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var tokens = Init(authService, ref session, request);
var httpRequest = authService.Request;
//https://developer.github.com/v3/oauth/#common-errors-for-the-authorization-request
var error = httpRequest.QueryString["error"]
?? httpRequest.QueryString["error_uri"]
?? httpRequest.QueryString["error_description"];
var hasError = !error.IsNullOrEmpty();
if (hasError)
{
Log.Error("GitHub error callback. {0}".Fmt(httpRequest.QueryString));
return authService.Redirect(session.ReferrerUrl);
}
var code = httpRequest.QueryString["code"];
var isPreAuthCallback = !code.IsNullOrEmpty();
if (!isPreAuthCallback)
{
string url = PreAuthUrl + "?client_id={0}&redirect_uri={1}&scope={2}&state={3}"
.Fmt(ClientId, CallbackUrl.UrlEncode(), Scopes.Join(","), Guid.NewGuid().ToString("N"));
authService.SaveSession(session, SessionExpiry);
return authService.Redirect(url);
}
string accessTokenUrl = AccessTokenUrl + "?client_id={0}&redirect_uri={1}&client_secret={2}&code={3}"
.Fmt(ClientId, CallbackUrl.UrlEncode(), ClientSecret, code);
try
{
var contents = accessTokenUrl.GetStringFromUrl();
var authInfo = HttpUtility.ParseQueryString(contents);
//GitHub does not throw exception, but just return error with descriptions
//https://developer.github.com/v3/oauth/#common-errors-for-the-access-token-request
var accessTokenError = authInfo["error"]
?? authInfo["error_uri"]
?? authInfo["error_description"];
if (!accessTokenError.IsNullOrEmpty())
{
Log.Error("GitHub access_token error callback. {0}".Fmt(authInfo.ToString()));
return authService.Redirect(session.ReferrerUrl.AddHashParam("f", "AccessTokenFailed"));
}
tokens.AccessTokenSecret = authInfo["access_token"];
session.IsAuthenticated = true;
return OnAuthenticated(authService, session, tokens, authInfo.ToDictionary())
?? authService.Redirect(session.ReferrerUrl.AddHashParam("s", "1")); //Haz Access!
}
catch (WebException webException)
{
//just in case GitHub will start throwing exceptions
var statusCode = ((HttpWebResponse)webException.Response).StatusCode;
if (statusCode == HttpStatusCode.BadRequest)
{
return authService.Redirect(session.ReferrerUrl.AddHashParam("f", "AccessTokenFailed"));
}
}
return authService.Redirect(session.ReferrerUrl.AddHashParam("f", "Unknown"));
}
/// <summary>
/// Return click details for a specific link
/// <param name="campaignId">Campaign Id</param>
/// <param name="linkId">The id for the link.</param>
/// </summary>
internal async Task <ClickReports> GetLinkSpecificClickDetailsAsync(string campaignId, string linkId)
{
string endpoint = Authenticate.EndPoint(TargetTypes.reports, SubTargetType.click_details, SubTargetType.not_applicable, campaignId, linkId);
return(await BaseOperation.GetAsync <ClickReports>(endpoint));
}
public abstract bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null);
public override bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null)
{
if (request != null)
{
if (!LoginMatchesSession(session, request.UserName)) return false;
}
// For OpenId, AccessTokenSecret is null/empty, but UserId is populated w/ authenticated url from openId providers
return tokens != null && !string.IsNullOrEmpty(tokens.UserId);
}
/// <summary>
/// Used by the client to send the authentication credentials to the server.
/// </summary>
/// <param name="authenticate"></param>
public void SendAuthenticate(Authenticate authenticate)
{
Connection.SendControl(PacketType.Authenticate, authenticate);
}
public object Get(Authenticate request)
{
return Post(request);
}
public override bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null)
{
return(session.FromToken && session.IsAuthenticated);
}
public object Post(Authenticate request)
{
AssertAuthProviders();
if (ValidateFn != null)
{
var validationResponse = ValidateFn(this, Request.Verb, request);
if (validationResponse != null)
{
return(validationResponse);
}
}
var authFeature = GetPlugin <AuthFeature>();
if (request.RememberMe.HasValue)
{
var opt = request.RememberMe.GetValueOrDefault(false)
? SessionOptions.Permanent
: SessionOptions.Temporary;
base.Request.AddSessionOptions(opt);
}
var provider = request.provider ?? AuthProviders[0].Provider;
if (provider == CredentialsAliasProvider)
{
provider = CredentialsProvider;
}
var authProvider = GetAuthProvider(provider);
if (authProvider == null)
{
throw HttpError.NotFound(ErrorMessages.UnknownAuthProviderFmt.Fmt(provider.SafeInput()));
}
if (LogoutAction.EqualsIgnoreCase(request.provider))
{
return(authProvider.Logout(this, request));
}
if (authProvider is IAuthWithRequest && !base.Request.IsInProcessRequest())
{
//IAuthWithRequest normally doesn't call Authenticate directly, but they can to return Auth Info
//But as AuthenticateService doesn't have [Authenticate] we need to call it manually
new AuthenticateAttribute().ExecuteAsync(base.Request, base.Response, request).Wait();
if (base.Response.IsClosed)
{
return(null);
}
}
var session = this.GetSession();
var isHtml = base.Request.ResponseContentType.MatchesContentType(MimeTypes.Html);
try
{
var response = Authenticate(request, provider, session, authProvider);
// The above Authenticate call may end an existing session and create a new one so we need
// to refresh the current session reference.
session = this.GetSession();
if (request.provider == null && !session.IsAuthenticated)
{
throw HttpError.Unauthorized(ErrorMessages.NotAuthenticated.Localize(Request));
}
var returnUrl = Request.GetReturnUrl();
var referrerUrl = returnUrl
?? session.ReferrerUrl
?? base.Request.GetQueryStringOrForm(Keywords.ReturnUrl)
?? this.Request.GetHeader(HttpHeaders.Referer)
?? authProvider.CallbackUrl;
if (authFeature != null)
{
if (!string.IsNullOrEmpty(returnUrl))
{
authFeature.ValidateRedirectLinks(Request, referrerUrl);
}
}
var manageRoles = AuthRepository as IManageRoles;
var alreadyAuthenticated = response == null;
response ??= new AuthenticateResponse {
UserId = session.UserAuthId,
UserName = session.UserAuthName,
DisplayName = session.DisplayName
?? session.UserName
?? $"{session.FirstName} {session.LastName}".Trim(),
SessionId = session.Id,
ReferrerUrl = referrerUrl,
};
if (response is AuthenticateResponse authResponse)
{
authResponse.ProfileUrl ??= session.GetProfileUrl();
if (authFeature?.IncludeRolesInAuthenticateResponse == true && session.UserAuthId != null)
{
authResponse.Roles ??= (manageRoles != null
? manageRoles.GetRoles(session.UserAuthId)?.ToList()
: session.Roles);
authResponse.Permissions ??= (manageRoles != null
? manageRoles.GetPermissions(session.UserAuthId)?.ToList()
: session.Permissions);
}
var authCtx = new AuthFilterContext {
AuthService = this,
AuthProvider = authProvider,
AuthRequest = request,
AuthResponse = authResponse,
ReferrerUrl = referrerUrl,
Session = session,
AlreadyAuthenticated = alreadyAuthenticated,
DidAuthenticate = Request.Items.ContainsKey(Keywords.DidAuthenticate),
};
foreach (var responseFilter in AuthResponseFilters)
{
responseFilter.Execute(authCtx);
}
if (AuthResponseDecorator != null)
{
var authDecoratorResponse = AuthResponseDecorator(authCtx);
if (authDecoratorResponse != response)
{
return(authDecoratorResponse);
}
}
}
if (isHtml && request.provider != null)
{
if (alreadyAuthenticated)
{
return(this.Redirect(referrerUrl.SetParam("s", "0")));
}
if (!(response is IHttpResult) && !string.IsNullOrEmpty(referrerUrl))
{
return(new HttpResult(response)
{
Location = referrerUrl
});
}
}
return(response);
}
catch (Exception ex)
{
if (isHtml && Request.GetErrorView() != null)
{
return(ex);
}
if (ex is HttpError)
{
var errorReferrerUrl = this.Request.GetHeader(HttpHeaders.Referer);
if (isHtml && errorReferrerUrl != null)
{
errorReferrerUrl = errorReferrerUrl.SetParam("f", ex.Message.Localize(Request));
return(HttpResult.Redirect(errorReferrerUrl));
}
}
throw;
}
}
/// <summary>
/// Get conversation messages
/// <param name="conversation_id">Unique id for the campaign</param>
/// <param name="message_id">The unique id for the conversation message</param>
/// </summary>
internal async Task <ConversationMessage> GetMessageByIdAsync(string conversation_id, string message_id)
{
string endpoint = Authenticate.EndPoint(TargetTypes.conversations, SubTargetType.messages, SubTargetType.not_applicable, conversation_id, message_id);
return(await BaseOperation.GetAsync <ConversationMessage>(endpoint));
}
public abstract bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null);
public override bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null)
{
return(base.IsAuthorized(session, tokens, request));
}
protected virtual string GetReferrerUrl(IServiceBase authService, IAuthSession session, Authenticate request = null)
{
if (request == null)
request = authService.Request.Dto as Authenticate;
var referrerUrl = session.ReferrerUrl;
if (referrerUrl.IsNullOrEmpty())
referrerUrl = (request != null ? request.Continue : null)
?? authService.Request.GetHeader("Referer");
var requestUri = authService.Request.AbsoluteUri;
if (referrerUrl.IsNullOrEmpty()
|| referrerUrl.IndexOf("/auth", StringComparison.OrdinalIgnoreCase) >= 0)
referrerUrl = this.RedirectUrl
?? authService.Request.GetBaseUrl()
?? requestUri.InferBaseUrl();
return referrerUrl;
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var httpRequest = authService.Request;
var code = httpRequest.QueryString[Keywords.Code];
if (code == null)
{
return(base.Authenticate(authService, session, request));
}
var tokens = Init(authService, ref session, request);
try
{
var accessTokenUrl = $"{AccessTokenUrl}?code={code}&client_id={ConsumerKey}&client_secret={ConsumerSecret}&redirect_uri={this.CallbackUrl.UrlEncode()}&grant_type=authorization_code";
var contents = AccessTokenUrlFilter(this, accessTokenUrl).PostToUrl("");
var authInfo = JsonObject.Parse(contents);
var accessToken = authInfo["access_token"];
return(AuthenticateWithAccessToken(authService, session, tokens, accessToken)
?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))); //Haz Access!
}
catch (WebException we)
{
string errorBody = we.GetResponseBody();
var statusCode = ((HttpWebResponse)we.Response).StatusCode;
if (statusCode == HttpStatusCode.BadRequest)
{
return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed"))));
}
}
//Shouldn't get here
return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "Unknown"))));
}
/// <summary>
/// The specified <paramref name="session"/> may change as a side-effect of this method. If
/// subsequent code relies on current <see cref="IAuthSession"/> data be sure to reload
/// the session istance via <see cref="ServiceExtensions.GetSession(IServiceBase,bool)"/>.
/// </summary>
private object Authenticate(Authenticate request, string provider, IAuthSession session, IAuthProvider oAuthConfig)
{
object response = null;
if (!oAuthConfig.IsAuthorized(session, session.GetOAuthTokens(provider), request))
{
response = oAuthConfig.Authenticate(this, session, request);
}
return response;
}
public override bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null)
{
return(session != null && session.IsAuthenticated && !session.UserAuthName.IsNullOrEmpty());
}
public void Options(Authenticate request) { }
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
var authRepo = HostContext.AppHost.GetAuthRepository(authService.Request);
using (authRepo as IDisposable)
{
var apiKey = GetApiKey(authService.Request, request.Password);
ValidateApiKey(apiKey);
var userAuth = authRepo.GetUserAuth(apiKey.UserAuthId);
if (userAuth == null)
{
throw HttpError.Unauthorized("User for ApiKey does not exist");
}
if (IsAccountLocked(authRepo, userAuth))
{
throw new AuthenticationException(ErrorMessages.UserAccountLocked.Localize(authService.Request));
}
PopulateSession(authRepo as IUserAuthRepository, userAuth, session);
if (session.UserAuthName == null)
{
session.UserAuthName = userAuth.UserName ?? userAuth.Email;
}
var response = OnAuthenticated(authService, session, null, null);
if (response != null)
{
return(response);
}
authService.Request.Items[Keywords.ApiKey] = apiKey;
return(new AuthenticateResponse
{
UserId = session.UserAuthId,
UserName = session.UserName,
SessionId = session.Id,
DisplayName = session.DisplayName
?? session.UserName
?? $"{session.FirstName} {session.LastName}".Trim(),
ReferrerUrl = request.Continue,
});
}
}
public object Post(Authenticate request)
{
AssertAuthProviders();
if (ValidateFn != null)
{
var validationResponse = ValidateFn(this, HttpMethods.Get, request);
if (validationResponse != null) return validationResponse;
}
if (request.RememberMe.HasValue)
{
var opt = request.RememberMe.GetValueOrDefault(false)
? SessionOptions.Permanent
: SessionOptions.Temporary;
base.Request.AddSessionOptions(opt);
}
var provider = request.provider ?? AuthProviders[0].Provider;
var oAuthConfig = GetAuthProvider(provider);
if (oAuthConfig == null)
throw HttpError.NotFound("No configuration was added for OAuth provider '{0}'".Fmt(provider));
if (request.provider == LogoutAction)
return oAuthConfig.Logout(this, request);
var session = this.GetSession();
var isHtml = base.Request.ResponseContentType.MatchesContentType(MimeTypes.Html);
try
{
var response = Authenticate(request, provider, session, oAuthConfig);
// The above Authenticate call may end an existing session and create a new one so we need
// to refresh the current session reference.
session = this.GetSession();
var referrerUrl = request.Continue
?? session.ReferrerUrl
?? this.Request.GetHeader("Referer")
?? oAuthConfig.CallbackUrl;
var alreadyAuthenticated = response == null;
response = response ?? new AuthenticateResponse {
UserId = session.UserAuthId,
UserName = session.UserAuthName,
SessionId = session.Id,
ReferrerUrl = referrerUrl,
};
if (isHtml)
{
if (alreadyAuthenticated)
return this.Redirect(referrerUrl.AddHashParam("s", "0"));
if (!(response is IHttpResult) && !String.IsNullOrEmpty(referrerUrl))
{
return new HttpResult(response) {
Location = referrerUrl
};
}
}
return response;
}
catch (HttpError ex)
{
var errorReferrerUrl = this.Request.GetHeader("Referer");
if (isHtml && errorReferrerUrl != null)
{
errorReferrerUrl = errorReferrerUrl.SetQueryParam("error", ex.Message);
return HttpResult.Redirect(errorReferrerUrl);
}
throw;
}
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
new CredentialsAuthValidator().ValidateAndThrow(request);
return(Authenticate(authService, session, request.UserName, request.Password, request.Continue));
}
