private static void SetCSRF() { Debug.WriteLine("Getting CSRF Token"); String url = GetURL("/simplecsrf/token.json"); String json = GetPage(url); Debug.WriteLine(json); if (json.Contains("\"error\":")) { csrfToken = ""; // Block rest of CSRF calls System.Windows.Forms.MessageBox.Show("Error hooking Spotify. Please restart SpotBlocker after restarting Spotify.", "Error"); System.Windows.Forms.Application.Exit(); } CSRF res = JsonConvert.DeserializeObject <CSRF>(json); csrfToken = res.token; }
public static void ProcessRequest(HttpContext context, QueryParameter queryParameter, AuthenUtil.AuthenMode authenMode) { //Set Encoding. context.Response.ContentEncoding = Encoding.UTF8; // Security checks string errorMessage = ""; if (!AuthenUtil.IsValidAuthen(context.Request, context.Session, authenMode, out errorMessage)) { //message can be "DUPLICATE_LOGIN", "NOT_AUTHORIZED" throw new Exception(errorMessage); } if (!CSRF.IsCSRFTokenMatch(context.Session, queryParameter)) { throw new Exception("CSRF_TOKEN_MISMATCH"); } }
public async Task <IActionResult> AddOAuthToken([FromQuery(Name = "code")] string code, [FromQuery(Name = "state")] string state) { //ObjectId currentUser = ObjectId.Parse(User.FindFirst(ClaimTypes.NameIdentifier).Value); var db = _mongoService.GetDb; var csrfCollection = db.GetCollection <CSRF>(_mongoService.GetDBSettings.OGitAuthCollectionName); var csrfFilter = Builders <CSRF> .Filter.Eq(c => c.Csrf, state); CSRF currentUser = (await csrfCollection.FindAsync <CSRF>(csrfFilter)).FirstOrDefault(); var gitHubClient = _githubClientService.GetGitHubClient(currentUser.Id); var userCollection = db.GetCollection <Models.User>("Users"); var filter = Builders <Models.User> .Filter.Eq(u => u.Id, currentUser.UserId); var user = (await userCollection.FindAsync <Models.User>(filter)).FirstOrDefault(); if (!user.CSRF.Equals(state)) { throw new InvalidOperationException("SECURITY FAIL!"); } //Session["CSRF:State"] var token = await gitHubClient.Oauth.CreateAccessToken( new OauthTokenRequest(_configuration.GetSection("GithubOAuth:ClientId").Value, _configuration.GetSection("GithubOAuth:ClientSecret").Value, code)); gitHubClient.Credentials = new Credentials(token.AccessToken); Octokit.User githubProfile = await gitHubClient.User.Current(); var update = Builders <Models.User> .Update.Set("OAuthToken", token.AccessToken) .Set("GithubLogin", githubProfile.Login) .Set("GithubFullName", githubProfile.Name); await userCollection.UpdateOneAsync(filter, update); return(Ok()); }