public async Task <AuthenticationToken> CreateAccount(User user)
{
if (false == ModelState.IsValid)
{
throw new ModelValidationException(this.ModelState);
}
var ip = IPAddressHelper.GetIPAddress(this.Request);
var token = await DataLayer.Security.CreateUser(user.ToSecurityUser(), ip);
return(new AuthenticationToken(token));
}
public async Task <AuthenticationToken> LoginUser(UserPass userpass)
{
var ip = IPAddressHelper.GetIPAddress(this.Request);
try
{
var token = await DataLayer.Security.LoginUser(userpass.ToSecurityUserPass(), ip);
return(new AuthenticationToken(token));
}
catch (UnauthorizedAccessException)
{
var content = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
ReasonPhrase = "AUTH FAIL"
};
throw new HttpResponseException(content);
}
}
/// <summary>Executes the authorization filter to synchronize.</summary>
/// <returns>The authorization filter to synchronize.</returns>
/// <param name="actionContext">The action context.</param>
/// <param name="cancellationToken">The cancellation token associated with the filter.</param>
/// <param name="continuation">The continuation.</param>
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation)
{
//var isHttps = actionContext.Request.RequestUri.Scheme == Uri.UriSchemeHttps;
var isHttps = true;
// Get the custom auth header. YEA THATS RIGHT CUSTOM. SCREW THE SYSTEM
var containsAuth = actionContext.Request.Headers.Contains(RequireCredentialsAttribute.AuthorizationHeaderName);
// If they didnt include the header, clearly they cant touch stuff
if (false == containsAuth)
{
// If they didnt use https yell at them for being stupid
return(RequireCredentialsAttribute.UnauthorizedResponse());
}
// Get the header
var header = actionContext.Request.Headers.GetValues(RequireCredentialsAttribute.AuthorizationHeaderName).FirstOrDefault();
if (false == isHttps)
{
return(new HttpResponseMessage(HttpStatusCode.UpgradeRequired)
{
Content =
new StringContent(
$"HTTPS REQUIRED. THE TOKEN \'{header}\' HAS BEEN REVOKED BECAUSE WE CAN'T GUARANTEE SOMEONE WONT BE MESSING WITH YOUR STUFF NOW."),
ReasonPhrase = "HTTPS REQUIRED"
});
}
User user = null;
// Get ip to log
var ip = IPAddressHelper.GetIPAddress(actionContext.Request);
var token = new AccountToken(header);
try
{
user = await DataLayer.Security.GetUser(token, ip, TimeSpan.FromDays(5));
}
catch (UnauthorizedAccessException)
{
return(RequireCredentialsAttribute.UnauthorizedResponse());
}
var identity = new HubIdentity(user, token);
var principal = new HubPrincipal(identity);
// This is mostly here to screw with justin
if (principal.IsInRole(UserRoles.BLACKLISTED))
{
return
(RequireCredentialsAttribute.BlacklistedResponse(
"This account has been blacklisted. All requests will be rejected."));
}
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
return(await continuation());
}
