private async Task <IHttpActionResult> RequestSessionTokenAsync(AuthenticationUser user, bool force = false, bool isSso = false)
{
try
{
var http = _httpClientProvider.Create(new Uri(WebApiConfig.AccessControl));
if (!force)
{
var result2 = await http.GetAsync("sessions/" + user.Id);
if (result2.IsSuccessStatusCode) // session exists
{
throw new ApplicationException("Conflict");
}
}
var queryParams = HttpUtility.ParseQueryString(string.Empty);
queryParams.Add("userName", user.Login);
queryParams.Add("licenseLevel", user.LicenseType.ToString());
queryParams.Add("isSso", isSso.ToString());
var result = await http.PostAsJsonAsync("sessions/" + user.Id + "?" + queryParams, user.Id);
if (!result.IsSuccessStatusCode)
{
throw new ServerException();
}
var token = result.Headers.GetValues("Session-Token").FirstOrDefault();
var response = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(token),
StatusCode = HttpStatusCode.OK
};
response.Headers.Add("Session-Token", token);
return(ResponseMessage(response));
}
catch (ApplicationException)
{
throw;
}
catch (Exception ex)
{
await _log.LogError(WebApiConfig.LogSourceSessions, ex);
return(InternalServerError());
}
}
public HttpClientRequest(Uri uri)
{
RequestUri = uri;
Provider = DependencyInjector.Get <IHttpClientProvider> ();
Handler = Provider.Create();
Client = Handler.CreateHttpClient();
}
public async Task <GifObject> Translate(string search, CancellationToken cancellationToken)
{
GifObject output;
var queryBuilder = new QueryBuilder(_baseUri + "v1/gifs/translate");
queryBuilder.AddParameter("api_key", _apiKey);
queryBuilder.AddParameter("s", search);
var url = queryBuilder.ToString();
var client = _httpClientProvider.Create();
var response = await client.GetAsync(url, cancellationToken);
response.EnsureSuccessStatusCode();
var stream = await response.Content.ReadAsStreamAsync();
using (var sr = new StreamReader(stream))
using (var reader = new JsonTextReader(sr))
{
var serializer = new JsonSerializer();
output = serializer.Deserialize <GifObject>(reader);
}
return(output);
}
/// <summary>
/// LogInformation
/// </summary>
/// <param name="source">source</param>
/// <param name="message">message</param>
/// <param name="methodName">Do not pass a value - compiler will fill this in</param>
/// <param name="filePath">Do not pass a value - compiler will fill this in</param>
/// <param name="lineNumber">Do not pass a value - compiler will fill this in</param>
/// <example>
/// var servicelog = new ServiceLogRepository();
/// await servicelog.LogInformation("FileStore API", "Hello World");
/// </example>
public async Task LogInformation(
string source,
string message,
[CallerMemberName] string methodName = "",
[CallerFilePath] string filePath = "",
[CallerLineNumber] int lineNumber = 0)
{
try
{
var uri = _configControlUri;
if (string.IsNullOrWhiteSpace(uri))
{
throw new ApplicationException("Application setting not set: ConfigControl");
}
var http = _httpClientProvider.Create(new Uri(uri));
// create the log entry
var logEntry = new ServiceLogModel
{
LogLevel = LogLevelEnum.Informational,
Source = source,
Message = message,
OccurredAt = DateTime.Now,
MethodName = methodName,
FilePath = filePath,
LineNumber = lineNumber,
StackTrace = ""
};
// Convert Object to JSON
var requestMessage = JsonConvert.SerializeObject(logEntry);
var content = new StringContent(requestMessage, Encoding.UTF8, "application/json");
HttpResponseMessage response = await http.PostAsync("log", content);
response.EnsureSuccessStatusCode();
}
catch (Exception ex)
{
_localLog.LogErrorFormat("Problem with ConfigControl Log service: {0}", ex.Message);
}
}
public async Task <IHttpActionResult> GetLicenseTransactions(int days)
{
try
{
var uri = new Uri(WebApiConfig.AccessControl);
var http = _httpClientProvider.Create(uri);
if (!Request.Headers.Contains("Session-Token"))
{
throw new ArgumentNullException();
}
var request = new HttpRequestMessage
{
RequestUri = new Uri(uri, "licenses/transactions?days=" + days + "&consumerType=1"), // LicenseConsumerType.Client
Method = HttpMethod.Get
};
request.Headers.Add("Session-Token", Request.Headers.GetValues("Session-Token").First());
var result = await http.SendAsync(request);
var transactions = (await result.Content.ReadAsAsync <IEnumerable <LicenseTransaction> >()).ToArray();
var users = (await _userRepository.GetLicenseTransactionUserInfoAsync(transactions.Select(t => t.UserId).Distinct())).ToDictionary(u => u.Id);
foreach (var transaction in transactions.Where(t => users.ContainsKey(t.UserId)))
{
var user = users[transaction.UserId];
transaction.Username = user.Login;
transaction.Department = user.Department;
}
var response = Request.CreateResponse(HttpStatusCode.OK, transactions);
return(ResponseMessage(response));
}
catch (ArgumentNullException)
{
return(Unauthorized());
}
catch (Exception ex)
{
await _log.LogError(WebApiConfig.LogSourceLicenses, ex);
return(InternalServerError());
}
}
public async Task <IHttpActionResult> GetConfigSettings()
{
var uri = new Uri(WebApiConfig.ConfigControl);
var http = _httpClientProvider.Create(uri);
var request = new HttpRequestMessage {
RequestUri = new Uri(uri, "settings/false"), Method = HttpMethod.Get
};
request.Headers.Add("Session-Token", Request.Headers.GetValues("Session-Token").FirstOrDefault());
var result = await http.SendAsync(request);
result.EnsureSuccessStatusCode();
var response = Request.CreateResponse(HttpStatusCode.OK);
response.Content = result.Content;
return(ResponseMessage(response));
}
private async Task <Session> GetSessionFromAccessControl(string sessionToken)
{
var uri = new Uri(ConfigurationManager.AppSettings[AccessControl]);
var http = _httpClientProvider.Create(uri);
var request2 = new HttpRequestMessage {
RequestUri = new Uri(uri, "sessions"), Method = HttpMethod.Put
};
request2.Headers.Add(BlueprintSessionToken, sessionToken);
var result = await http.SendAsync(request2);
result.EnsureSuccessStatusCode();
var content = await result.Content.ReadAsStringAsync();
var session = JsonConvert.DeserializeObject <Session>(content);
session.SessionId = Session.Convert(sessionToken);
return(session);
}
public async Task <IHttpActionResult> PostPasswordResetAsync([FromBody] ResetPasswordContent content)
{
// the deserializer creates a zero filled guid when none provided
if (content.Token == Guid.Empty || content.Token.GetHashCode() == 0)
{
throw new BadRequestException("Password reset failed, token not provided", ErrorCodes.PasswordResetEmptyToken);
}
var tokens = (await _userRepository.GetPasswordRecoveryTokensAsync(content.Token)).ToList();
if (!tokens.Any())
{
// user did not request password reset
throw new ConflictException("Password reset failed, recovery token not found.", ErrorCodes.PasswordResetTokenNotFound);
}
if (tokens.First().RecoveryToken != content.Token)
{
// provided token doesn't match last requested
throw new ConflictException("Password reset failed, a more recent recovery token exists.", ErrorCodes.PasswordResetTokenNotLatest);
}
var tokenLifespan = await _applicationSettingsRepository.GetValue(PasswordResetTokenExpirationInHoursKey, DefaultPasswordResetTokenExpirationInHours);
if (tokens.First().CreationTime.AddHours(tokenLifespan) < DateTime.Now)
{
// token expired
throw new ConflictException("Password reset failed, recovery token expired.", ErrorCodes.PasswordResetTokenExpired);
}
var userLogin = tokens.First().Login;
var user = await _userRepository.GetUserByLoginAsync(userLogin);
if (user == null)
{
// user does not exist
throw new ConflictException("Password reset failed, the user does not exist.", ErrorCodes.PasswordResetUserNotFound);
}
if (!user.IsEnabled)
{
// user is disabled
throw new ConflictException("Password reset failed, the login for this user is disabled.", ErrorCodes.PasswordResetUserDisabled);
}
string decodedNewPassword;
try
{
decodedNewPassword = SystemEncryptions.Decode(content.Password);
}
catch (Exception)
{
throw new BadRequestException("Password reset failed, the provided password was not encoded correctly", ErrorCodes.PasswordDecodingError);
}
if (decodedNewPassword != null && user.Password == HashingUtilities.GenerateSaltedHash(decodedNewPassword, user.UserSalt))
{
throw new BadRequestException("Password reset failed, new password cannot be equal to the old one", ErrorCodes.SamePassword);
}
// reset password
await _authenticationRepository.ResetPassword(user, null, decodedNewPassword);
// drop user session
var uri = new Uri(WebApiConfig.AccessControl);
var http = _httpClientProvider.Create(uri);
var request = new HttpRequestMessage {
RequestUri = new Uri(uri, $"sessions/{user.Id}"), Method = HttpMethod.Delete
};
await http.SendAsync(request);
return(Ok());
}
