public HttpResponseMessage OAuthRequestToken()
{
var identity = KmsIdentity.GetCurrentPrincipalIdentity();
// --- Evitar doble Login ---
if (identity.IsAuthenticated)
{
throw new HttpAlreadyLoggedInException(
"100" + ControllerStrings.Warning100_CannotLoginAgain
);
}
// --- Generar nuevo Token OAuth ---
Token token = new Token {
ApiKey = OAuth.ConsumerKey,
Guid = Guid.NewGuid(),
Secret = Guid.NewGuid(),
CallbackUri
= OAuth.CallbackUri == null
? "oob"
: OAuth.CallbackUri.AbsoluteUri,
ExpirationDate = DateTime.UtcNow.AddMinutes(10)
};
Database.TokenStore.Add(token);
Database.SaveChanges();
// --- Preparar y devolver detalles de Token OAuth ---
return(new HttpResponseMessage {
RequestMessage
= Request,
StatusCode
= HttpStatusCode.OK,
Content
= new StringContent(
string.Format(
CultureInfo.InvariantCulture,
"oauth_token={0}"
+ "&oauth_token_secret={1}"
+ "&oauth_callback_confirmed={2}"
+ "&x_token_expires={3}",
token.Guid.ToString("N"),
token.Secret.ToString("N"),
identity.OAuth.CallbackUri == null
? "false"
: "true",
10 * 60
)
)
});
}
public HttpResponseMessage DeleteToken()
{
var identity = KmsIdentity.GetCurrentPrincipalIdentity();
var token = identity.OAuth.Token;
Database.TokenStore.Delete(token.Guid);
Database.SaveChanges();
return(new HttpResponseMessage(
HttpStatusCode.NoContent
));
}
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
Database = (WorkUnit)HttpContext.Current.Items["Database"];
#if !DEBUG
// --- Validar que la peitición venga de HTTPS
if (request.RequestUri.Scheme != Uri.UriSchemeHttps)
{
HttpResponseMessage response
= new HttpResponseMessage(HttpStatusCode.Forbidden);
response.Headers.TryAddWithoutValidation(
"Warning",
"000 " + MessageHandlerStrings.Warning000_HttpsRequired
);
return(await response.NewHttpResponseTask());
}
#endif
// --- Validar que no ésta URI no esté en lista de ByPass ---
var comparableUri = request.RequestUri.AbsolutePath.TrimStart(
new char[] {
'/'
});
if (
WebApiConfig.KmsOAuthConfig.BypassOAuthAbsoluteUris.Any(a =>
a == comparableUri ||
(
a.EndsWith("*") &&
comparableUri.StartsWith(a.Remove(a.Length - 1))
)
)
)
{
// Crear Principal Anónimo y continuar ejecución
new KmsPrincipal(new KmsIdentity()).SetAsCurrent();
return(await base.SendAsync(
request,
cancellationToken
));
}
// --- Validar que se recibió cabecera Authorization correctamente ---
if (request.Headers.Authorization == null || request.Headers.Authorization.Scheme != "OAuth")
{
HttpResponseMessage response
= new HttpResponseMessage(HttpStatusCode.Unauthorized);
response.Headers.TryAddWithoutValidation(
"Warning",
"101 " + MessageHandlerStrings.Warning101_AuthorizationNotFound
);
response.Headers.TryAddWithoutValidation(
"WWW-Authenticate",
"OAuth realm=\"" + WebApiConfig.KmsOAuthConfig.ApiRealm + "\""
);
return(await response.NewHttpResponseTask());
}
// --- Extraer información de OAuth de la cabecera Authorize ---
var httpOAuth = HttpOAuthAuthorization.FromAuthenticationHeader(
request.Headers.Authorization
);
var httpOAuthValidRequest = await httpOAuth.ValidateRequestAsync(request);
if (httpOAuthValidRequest)
{
// Actualizar LastUseDate de Token
if (httpOAuth.Token != null && httpOAuth.Token.LastUseDate < DateTime.UtcNow.AddMinutes(-1))
{
httpOAuth.Token.IPAddress = request.GetClientIpAddress();
Database.TokenStore.Update(httpOAuth.Token);
}
}
else
{
HttpResponseMessage response
= new HttpResponseMessage(HttpStatusCode.Unauthorized);
response.Headers.TryAddWithoutValidation(
"Warning",
"100 " + MessageHandlerStrings.Warning100_OAuthAuthorizationInvalid
);
response.Headers.TryAddWithoutValidation(
"WWW-Authenticate",
"OAuth realm=\"" + WebApiConfig.KmsOAuthConfig.ApiRealm + "\""
);
return(await response.NewHttpResponseTask());
}
// --- Establecer contexto de seguridad ---
var identity = new KmsIdentity(httpOAuth);
new KmsPrincipal(identity).SetAsCurrent();
// --- Continuar con la ejecución ---
return(await base.SendAsync(
request,
cancellationToken
));
}
