public static void AddCoockie(Page page, CASTicketResult ticket)
{
//Salva o token no cookie
try
{
page.Response.Cookies.Remove("TGC-SafeID");
page.Response.Cookies.Remove("TGT-SafeID");
}
catch { }
try
{
//Adiciona o cookie do TGC
HttpCookie cookie = new HttpCookie("TGC-SafeID");
//cookie.Domain = page.Request.Url.Host;
cookie.Path = "/cas";
cookie.Value = ticket.GrantTicket;
DateTime dtNow = DateTime.Now;
TimeSpan tsMinute = new TimeSpan(30, 0, 0, 0);
cookie.Expires = dtNow + tsMinute;
//Adiciona o cookie
page.Response.Cookies.Add(cookie);
}
catch { }
try
{
//Adiciona o cookie do TGC
HttpCookie cookie = new HttpCookie("TGT-SafeID");
//cookie.Domain = page.Request.Url.Host;
cookie.Path = "/cas";
cookie.Value = ticket.LongTicket;
DateTime dtNow = DateTime.Now;
TimeSpan tsMinute = new TimeSpan(30, 0, 0, 0);
cookie.Expires = dtNow + tsMinute;
//Adiciona o cookie
page.Response.Cookies.Add(cookie);
}
catch { }
}
protected void Page_Load(object sender, EventArgs e)
{
Boolean renew = (!String.IsNullOrEmpty(Request["renew"]) && (Request["renew"].ToString().ToLower() == "true"));
Boolean gateway = (!String.IsNullOrEmpty(Request["gateway"]) && (Request["gateway"].ToString().ToLower() == "true"));
Boolean warn = (!String.IsNullOrEmpty(Request["warn"]) && (Request["warn"].ToString().ToLower() == "true"));
if (renew || warn)
{
gateway = false;
}
if (warn)
{
renew = true;
}
String html = "";
String error = "";
html += "<form id=\"serviceLogin\" name=\"serviceLogin\" method=\"post\" action=\"/cas/login/?" + Request.QueryString + "\"><div class=\"login_form\">";
try
{
Session.Remove("cas_ticket");
}
catch { }
Uri svc = null;
try
{
svc = new Uri(Request.QueryString["service"]);
}
catch { }
using (DbBase db = DbBase.InstanceFromConfig(ConfigurationManager.ConnectionStrings["CASDatabase"]))
{
CASConnectorBase connector = CASUtils.GetService(db, this, svc);
if ((connector == null) || (connector is EmptyPlugin))
{
//Serviço não informado ou não encontrado
html += " <ul>";
html += " <li><div class=\"error-box\">" + MessageResource.GetMessage("service_invalid_uri") + "</div>";
html += " </ul>";
}
else
{
if (Request.HttpMethod == "GET")
{
//Serviço encontrado
//verifica se há cookie com token
HttpCookie tgc = Request.Cookies["TGC-SafeID"];
if (tgc != null)
{
//Verifica autenticação através do cookie
if (connector.Grant(tgc, renew, warn).Success)
{
Redirect(tgc.Value);//Autenticado redireciona
return;
}
}
else if (gateway)//é Gateway, ou seja não mostra opção do usuário digitar a senha
{
Redirect("");
return;
}
}
else
{
//Valida usuário e senha
try
{
if (String.IsNullOrEmpty(Request["username"]) || String.IsNullOrEmpty(Request["password"]))
{
error = MessageResource.GetMessage("valid_username_pwd");
}
else
{
CASTicketResult casTicket = connector.Grant(Request["username"], Request["password"]);
CASUtils.ClearCookie(Page);
if ((casTicket.Success) && (casTicket.ChangePasswordNextLogon))
{
//Cria a sessão com as informações necessárias e redireciona
Session["cas_ticket"] = casTicket;
Response.Redirect(Session["ApplicationVirtualPath"] + "cas/changepassword/", false);
return;
}
else if (casTicket.Success)
{
connector.SaveTicket(casTicket);//Salva o token recebido
//Salva o token no cookie
CASUtils.AddCoockie(this, casTicket);
Redirect(casTicket.GrantTicket);//Autenticação OK redireciona
return;
}
else
{
error = casTicket.ErrorText;
}
}
}
catch (Exception ex)
{
throw ex;
Tools.Tool.notifyException(ex);
error = MessageResource.GetMessage("internal_error");
}
}
html += " <ul>";
html += " <li>";
html += " <span class=\"inputWrap\">";
html += " <input type=\"text\" id=\"username\" tabindex=\"1\" name=\"username\" value=\""+ Request["username"] + "\" style=\"\" placeholder=\"" + MessageResource.GetMessage("login_user_name") + "\" onfocus=\"$('#username').addClass('focus');\" onblur=\"$('#username').removeClass('focus');\" />";
html += " <span id=\"ph_usernameIcon\" onclick=\"$('#username').focus();\"></span>";
html += " </span>";
html += " </li>";
html += " <li>";
html += " <span class=\"inputWrap\">";
html += " <input type=\"password\" id=\"password\" tabindex=\"2\" name=\"password\" value=\"\" style=\"\" placeholder=\""+ MessageResource.GetMessage("login_password") + "\" onfocus=\"$('#password').addClass('focus');\" onblur=\"$('#password').removeClass('focus');\" />";
html += " <span id=\"ph_passwordIcon\" onclick=\"$('#password').focus();\"></span>";
html += " </span>";
html += " </li>";
if (error != "")
{
html += " <li><div class=\"error-box\">" + error + "</div>";
}
html += " </li>";
html += " <li>";
html += " <span class=\"forgot\"> <a href=\"" + Session["ApplicationVirtualPath"] + "cas/recover/?service=" + HttpUtility.UrlEncode(connector.Service.AbsoluteUri) + "\">" + MessageResource.GetMessage("login_forgot") + "</a> </span>";
html += " <button tabindex=\"4\" id=\"submitBtn\" class=\"action button floatright\">" + MessageResource.GetMessage("login_log") + "</button>";
html += " </li>";
html += " </ul> ";
}
html += "</div></form>";
}
holderContent.Controls.Add(new LiteralControl(html));
}
protected override CASTicketResult iGrant(CASTicketResult oldToken, String username, String password)
{
CASTicketResult ret = new CASTicketResult();
ret.BuildTokenCodes();
ret.CreateByCredentials = true;
ret.Service = this.Service;
ret.UserName = username;
ret.Success = false;
String lastStep = "Starting";
try
{
this.urlAPI = new Uri(Config["api"].ToString());
lastStep = "Get token";
//APIAccessToken accessToken = GetToken(username, password);
APIAccessToken accessToken = GetToken(base.Config);
lastStep = "Token check";
if ((accessToken != null) && (accessToken.IsValid))
{
var loginRequest = new
{
jsonrpc = "1.0",
method = "user.auth",
parameters = new
{
user = username,
md5_password = MD5Checksum(password)
},
auth = accessToken.Authorization,
id = 1
};
lastStep = "Serialize";
JavaScriptSerializer _ser = new JavaScriptSerializer();
String jData = _ser.Serialize(loginRequest);
lastStep = "Auth";
APIUserAuthResult jRet = JSON.JsonWebRequest <APIUserAuthResult>(urlAPI, jData, "application/json", null, "POST");
lastStep = "Trata auth";
if (jRet == null)
{
ret.ErrorText = "Please enter a valid username and password";
}
else if (jRet.error != null)
{
if (jRet.error.data.ToLower().IndexOf("not found") != -1)
{
ret.ErrorText = "Please enter a valid username and password";
}
else if (jRet.error.data.ToLower().IndexOf("locked") != -1)
{
ret.ErrorText = "Please enter a valid username and password";
}
else if (jRet.error.data.ToLower().IndexOf("incorrect") != -1)
{
ret.ErrorText = "Please enter a valid username and password";
}
}
else if (jRet.result == null)
{
//Nda
ret.ErrorText = "Please enter a valid username and password";
}
else if (jRet.result.userid != 0)
{
lastStep = "Trata OK";
ret.UserName = jRet.result.login;
ret.ChangePasswordNextLogon = jRet.result.must_change;
//New
if (ret.Attributes == null)
{
ret.Attributes = new Dictionary <string, string>();
}
//Copia os atributos to token antigo
if ((oldToken != null) && (oldToken.Attributes != null))
{
foreach (String key in oldToken.Attributes.Keys)
{
if (ret.Attributes.ContainsKey(key))
{
ret.Attributes[key] = oldToken.Attributes[key];
}
else
{
ret.Attributes.Add(key, oldToken.Attributes[key]);
}
}
}
lastStep = "Trata OK attr";
//Define os novos atributos ou substitui os antigos
if (ret.Attributes.ContainsKey("userid"))
{
ret.Attributes["userid"] = jRet.result.userid.ToString();
}
else
{
ret.Attributes.Add("userid", jRet.result.userid.ToString());
}
try
{
ret.UserId = ret.Attributes["userid"];
}
catch
{
ret.UserId = ret.UserName;
}
/*
* List<String> grp = new List<String>();
* if (jRet.result.roles != null)
* foreach (APIRoleData r in jRet.result.roles)
* if (!grp.Contains(r.name))
* grp.Add(r.name);*/
ret.Success = true;
}
}
else
{
ret.ErrorText = "Invalid token - API integration error" + (((accessToken != null) && (!String.IsNullOrEmpty(accessToken.error))) ? ": " + accessToken.error : "");
}
}
catch (Exception ex)
{
throw new Exception("Execution error. Last step = " + lastStep, ex);
}
return(ret);
}
/*
* protected CASTicketResult iGrant_old(CASTicketResult oldToken, String username, String password)
* {
*
* CASTicketResult ret = new CASTicketResult();
* ret.BuildTokenCodes();
* ret.CreateByCredentials = true;
* ret.Service = this.Service;
* ret.UserName = username;
* ret.Success = false;
*
* String lastStep = "Starting";
*
* try
* {
* this.urlAPI = new Uri(Config["api"].ToString());
*
* lastStep = "Get token";
* APIAccessToken accessToken = GetToken(base.Config);
*
* lastStep = "Token check";
* if ((accessToken != null) && (accessToken.IsValid))
* {
*
* var loginRequest = new
* {
* jsonrpc = "1.0",
* method = "user.auth",
* parameters = new
* {
* user = username,
* md5_password = MD5Checksum(password)
* },
* auth = accessToken.Authorization,
* id = 1
* };
*
* lastStep = "Serialize";
* JavaScriptSerializer _ser = new JavaScriptSerializer();
* String jData = _ser.Serialize(loginRequest);
*
* lastStep = "Auth";
* APIUserAuthResult jRet = JSON.JsonWebRequest<APIUserAuthResult>(urlAPI, jData, "application/json", null, "POST");
*
* lastStep = "Trata auth";
* if (jRet == null)
* {
* ret.ErrorText = "Please enter a valid username and password";
* }
* else if (jRet.error != null)
* {
* if (jRet.error.data.ToLower().IndexOf("not found") != -1)
* ret.ErrorText = "Please enter a valid username and password";
* else if (jRet.error.data.ToLower().IndexOf("locked") != -1)
* ret.ErrorText = "Please enter a valid username and password";
* else if (jRet.error.data.ToLower().IndexOf("incorrect") != -1)
* ret.ErrorText = "Please enter a valid username and password";
*
* }
* else if (jRet.result == null)
* {
* //Nda
* ret.ErrorText = "Please enter a valid username and password";
* }
* else if (jRet.result.userid != 0)
* {
*
* lastStep = "Trata OK";
*
* ret.UserName = jRet.result.login;
*
* //New
* if (ret.Attributes == null)
* ret.Attributes = new Dictionary<string, string>();
*
* //Copia os atributos to token antigo
* if ((oldToken != null) && (oldToken.Attributes != null))
* foreach (String key in oldToken.Attributes.Keys)
* if (ret.Attributes.ContainsKey(key))
* ret.Attributes[key] = oldToken.Attributes[key];
* else
* ret.Attributes.Add(key, oldToken.Attributes[key]);
*
* lastStep = "Trata OK attr";
*
*
* //Define os novos atributos ou substitui os antigos
* if (ret.Attributes.ContainsKey("userid"))
* ret.Attributes["userid"] = jRet.result.userid.ToString();
* else
* ret.Attributes.Add("userid", jRet.result.userid.ToString());
*
* /*
* List<String> grp = new List<String>();
* if (jRet.result.roles != null)
* foreach (APIRoleData r in jRet.result.roles)
* if (!grp.Contains(r.name))
* grp.Add(r.name);
*
* ret.Success = true;
* }
*
*
* }
* else
* {
* ret.ErrorText = "Invalid token - API integration error" + (((accessToken != null) && (!String.IsNullOrEmpty(accessToken.error))) ? ": " + accessToken.error : "");
* }
* }
* catch(Exception ex) {
* throw new Exception("Execution error. Last step = " + lastStep, ex);
* }
* return ret;
* }*/
public override CASChangePasswordResult ChangePassword(CASTicketResult ticket, String password)
{
return(iChangePassword(ticket.UserId, password));
}
protected void Page_Load(object sender, EventArgs e)
{
/*2.5. /serviceValidate [CAS 2.0]
*
* /serviceValidate checks the validity of a service ticket and returns an XML-fragment response. /serviceValidate MUST also generate and issue proxy-granting tickets when requested. /serviceValidate MUST NOT return a successful authentication if it receives a proxy ticket. It is RECOMMENDED that if /serviceValidate receives a proxy ticket, the error message in the XML response SHOULD explain that validation failed because a proxy ticket was passed to /serviceValidate.
*
* 2.5.1. parameters
* The following HTTP request parameters MAY be specified to /serviceValidate. They are case sensitive and MUST all be handled by /serviceValidate.
* service [REQUIRED] - the identifier of the service for which the ticket was issued, as discussed in Section 2.2.1. As a HTTP request parameter, the "service" value MUST be URL-encoded as described in Section 2.2 of RFC 1738 [4].
* ticket [REQUIRED] - the service ticket issued by /login. Service tickets are described in Section 3.1.
* pgtUrl [OPTIONAL] - the URL of the proxy callback. Discussed in Section 2.5.4. As a HTTP request parameter, the "pgtUrl" value MUST be URL-encoded as described in Section 2.2 of RFC 1738 [4].
* renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed if the service ticket was issued from the presentation of the user's primary credentials. It will fail if the ticket was issued from a single sign-on session.
*
* 2.5.2. response
* /serviceValidate will return an XML-formatted CAS serviceResponse as described in the XML schema in Appendix A. Below are example responses:
*
* On ticket validation success:
* <cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
* <cas:authenticationSuccess>
* <cas:user>username</cas:user>
* <cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket>
* </cas:authenticationSuccess>
* </cas:serviceResponse>
*
* On ticket validation failure:
* <cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
* <cas:authenticationFailure code="INVALID_TICKET">
* Ticket ST-1856339-aA5Yuvrxzpv8Tau1cYQ7 not recognized`
* </cas:authenticationFailure>
* </cas:serviceResponse>
*
* For proxy responses, see section 2.6.2.
*
* 2.5.3. error codes
* The following values MAY be used as the "code" attribute of authentication failure responses. The following is the minimum set of error codes that all CAS servers MUST implement. Implementations MAY include others.
* INVALID_REQUEST - not all of the required request parameters were present
* INVALID_TICKET_SPEC - failure to meet the requirements of validation specification
* UNAUTHORIZED_SERVICE_PROXY - the service is not authorized to perform proxy authentication
* INVALID_PROXY_CALLBACK - The proxy callback specified is invalid. The credentials specified for proxy authentication do not meet the security requirements
* INVALID_TICKET - the ticket provided was not valid, or the ticket did not come from an initial login and "renew" was set on validation. The body of the <cas:authenticationFailure> block of the XML response SHOULD describe the exact details.
* INVALID_SERVICE - the ticket provided was valid, but the service specified did not match the service associated with the ticket. CAS MUST invalidate the ticket and disallow future validation of that same ticket.
* INTERNAL_ERROR - an internal error occurred during ticket validation
*
* For all error codes, it is RECOMMENDED that CAS provide a more detailed message as the body of the <cas:authenticationFailure> block of the XML response.
*/
Boolean renew = (!String.IsNullOrEmpty(Request["renew"]) && (Request["renew"].ToString().ToLower() == "true"));
String ticket = (!String.IsNullOrEmpty(Request.QueryString["ticket"]) ? Request.QueryString["ticket"].ToString() : "");
Page.Response.ContentType = "application/xml; charset=UTF-8";
Page.Response.ContentEncoding = Encoding.UTF8;
try
{
Uri svc = null;
try
{
svc = new Uri(Request.QueryString["service"]);
}
catch { }
using (DbBase db = DbBase.InstanceFromConfig(ConfigurationManager.ConnectionStrings["CASDatabase"]))
{
CASConnectorBase connector = CASUtils.GetService(db, this, svc);
if (svc == null)
{
//Serviço não informado ou não encontrado
Response.Write(getError(retCode.INVALID_REQUEST, "Service"));
}
else if ((connector == null) || (connector is EmptyPlugin))
{
//Serviço não informado ou não encontrado
Response.Write(getError(retCode.INVALID_SERVICE, svc.AbsoluteUri));
}
else if (ticket == "")
{
//Ticket não informado
Response.Write(getError(retCode.INVALID_REQUEST, "Ticket"));
}
else
{
CASTicketResult loginRes = connector.Grant(ticket, renew, false);
if (loginRes.Success)
{
StringBuilder xml = new StringBuilder();
xml.AppendLine("<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">");
xml.AppendLine(" <cas:authenticationSuccess>");
xml.AppendLine(" <cas:user>" + loginRes.UserName + "</cas:user>");
if ((loginRes.Attributes != null) && (loginRes.Attributes.Count > 0))
{
xml.AppendLine(" <cas:attributes>");
foreach (String key in loginRes.Attributes.Keys)
{
xml.AppendLine(" <cas:" + key + ">" + loginRes.Attributes[key] + "</cas:" + key + ">");
}
xml.AppendLine(" </cas:attributes>");
}
xml.AppendLine(" <cas:proxyGrantingTicket>" + ticket + "</cas:proxyGrantingTicket>");
xml.AppendLine(" </cas:authenticationSuccess>");
xml.AppendLine("</cas:serviceResponse>");
Response.Write(xml.ToString());
}
else
{
Response.Write(getError(retCode.INVALID_TICKET, ticket));
}
}
}
}
catch (Exception ex)
{
getError(retCode.INTERNAL_ERROR, "");
}
Page.Response.Status = "200 OK";
Page.Response.StatusCode = 200;
//Page.Response.OutputStream.Write(bRet, 0, bRet.Length);
//Page.Response.OutputStream.Flush();
}
protected void Page_Load(object sender, EventArgs e)
{
String html = "";
String error = "";
html += "<div id=\"recover_container\"><form id=\"pwdChange\" name=\"pwdChange\" method=\"post\"><div class=\"login_form\">";
if ((Session["cas_ticket"] == null) || !(Session["cas_ticket"] is CASTicketResult))
{
//Serviço não informado ou não encontrado
html += " <ul>";
html += " <li><div class=\"error-box\">" + MessageResource.GetMessage("invalid_session") + "</div>";
html += " </ul>";
}
else
{
CASTicketResult ticket = (CASTicketResult)Session["cas_ticket"];
using (DbBase db = DbBase.InstanceFromConfig(ConfigurationManager.ConnectionStrings["CASDatabase"]))
{
CASConnectorBase connector = CASUtils.GetService(db, this, ticket.Service);
if ((connector == null) || (connector is EmptyPlugin))
{
//Serviço não informado ou não encontrado
html += " <ul>";
html += " <li><div class=\"error-box\">" + MessageResource.GetMessage("service_invalid_uri") + "</div>";
html += " </ul>";
}
else if ((connector.State != null) && (connector.State is CASPluginService) && !(((CASPluginService)connector.State).Config.PermitChangePassword))
{
CASPluginService p = (CASPluginService)connector.State;
//Serviço não informado ou não encontrado
html += " <ul>";
html += " <li><div class=\"error-box\">" + MessageResource.GetMessage("service_not_permit_change_pwd") + (!String.IsNullOrEmpty(p.Config.Admin) ? "<br /><br />" + p.Config.Admin : "") + "</div>";
html += " </ul>";
}
else
{
if (Request.HttpMethod == "POST")
{
try
{
String password = Tools.Tool.TrataInjection(Request["password"]);
String password2 = Request["password2"];
if ((password == null) || (password == ""))
{
error = MessageResource.GetMessage("type_password");
}
else if ((password2 == null) || (password2 == ""))
{
error = MessageResource.GetMessage("type_password_confirm");
}
else if (password != password2)
{
error = MessageResource.GetMessage("password_not_equal");
}
else
{
CASChangePasswordResult res = connector.ChangePassword(ticket, password);
if (res.Success)
{
connector.SaveTicket(ticket);
CASUtils.AddCoockie(this, ticket);
Session["user_info"] = new CASUserInfo(ticket);
Response.Redirect(Session["ApplicationVirtualPath"] + "cas/passwordchanged/", false);
return;
}
else
{
if (res.ErrorText == null)
{
throw new Exception("");
}
error = res.ErrorText;
}
}
}
catch (Exception ex)
{
Tools.Tool.notifyException(ex);
error = MessageResource.GetMessage("internal_error");
}
}
html += " <ul>";
html += " <li>";
html += " <p style=\"width:270px;padding:0 0 20px 0;color:#000;\">" + MessageResource.GetMessage("password_expired_text") + "</p>";
html += " </li>";
html += " <li>";
html += " <span class=\"inputWrap\">";
html += " <input type=\"password\" id=\"password\" tabindex=\"1\" name=\"password\" value=\"\" style=\"\" placeholder=\""+ MessageResource.GetMessage("new_password") + "\" onkeyup=\"cas.passwordStrength('#password');\" onfocus=\"$('#password').addClass('focus');\" onblur=\"$('#password').removeClass('focus');\" />";
html += " <span id=\"ph_passwordIcon\" onclick=\"$('#password').focus();\"></span>";
html += " </span>";
html += " </li>";
html += " <li>";
html += " <span class=\"inputWrap\">";
html += " <input type=\"password\" id=\"password2\" tabindex=\"1\" name=\"password2\" value=\"\" style=\"\" placeholder=\""+ MessageResource.GetMessage("new_password_confirm") + "\" onfocus=\"$('#password2').addClass('focus');\" onblur=\"$('#password2').removeClass('focus');\" />";
html += " <span id=\"ph_passwordIcon\" onclick=\"$('#password2').focus();\"></span>";
html += " </span>";
html += " </li>";
html += " <li>";
html += " <div id=\"passwordStrength\"><span>" + MessageResource.GetMessage("password_strength") + ": " + MessageResource.GetMessage("unknow") + "</span><div class=\"bar\"></div></div>";
html += " </li>";
if (error != "")
{
html += " <li><div class=\"error-box\">" + error + "</div>";
}
html += " <li>";
html += " <span class=\"forgot\"> <a href=\"" + Session["ApplicationVirtualPath"] + "cas/login/?service=" + HttpUtility.UrlEncode(connector.Service.AbsoluteUri) + "\">" + MessageResource.GetMessage("cancel") + "</a> </span>";
html += " <button tabindex=\"4\" id=\"submitBtn\" class=\"action button floatright\">" + MessageResource.GetMessage("change_password") + "</button>";
html += " </li>";
html += " </ul>";
}
}
html += "</div>";
html += "</form>";
html += "</div>";
}
holderContent.Controls.Add(new LiteralControl(html));
}
