public static bool AuthenticateMe(string cookie)
{
if (!string.IsNullOrEmpty(cookie))
{
int tenant;
Guid userid;
int indexTenant;
DateTime expire;
int indexUser;
if (cookie.Equals("Bearer", StringComparison.InvariantCulture))
{
var ipFrom = string.Empty;
var address = string.Empty;
if (HttpContext.Current != null)
{
var request = HttpContext.Current.Request;
ipFrom = "from " + (request.Headers["X-Forwarded-For"] ?? request.UserHostAddress);
address = "for " + request.GetUrlRewriter();
}
log.InfoFormat("Empty Bearer cookie: {0} {1}", ipFrom, address);
}
else if (CookieStorage.DecryptCookie(cookie, out tenant, out userid, out indexTenant, out expire, out indexUser))
{
if (tenant != CoreContext.TenantManager.GetCurrentTenant().TenantId)
{
return(false);
}
var settingsTenant = TenantCookieSettings.GetForTenant(tenant);
if (indexTenant != settingsTenant.Index)
{
return(false);
}
if (expire != DateTime.MaxValue && expire < DateTime.UtcNow)
{
return(false);
}
try
{
var settingsUser = TenantCookieSettings.GetForUser(userid);
if (indexUser != settingsUser.Index)
{
return(false);
}
AuthenticateMe(new UserAccount(new UserInfo {
ID = userid
}, tenant));
return(true);
}
catch (InvalidCredentialException ice)
{
log.DebugFormat("{0}: cookie {1}, tenant {2}, userid {3}",
ice.Message, cookie, tenant, userid);
}
catch (SecurityException se)
{
log.DebugFormat("{0}: cookie {1}, tenant {2}, userid {3}",
se.Message, cookie, tenant, userid);
}
catch (Exception err)
{
log.ErrorFormat("Authenticate error: cookie {0}, tenant {1}, userid {2}: {5}",
cookie, tenant, userid, err);
}
}
else
{
var ipFrom = string.Empty;
var address = string.Empty;
if (HttpContext.Current != null)
{
var request = HttpContext.Current.Request;
address = "for " + request.GetUrlRewriter();
ipFrom = "from " + (request.Headers["X-Forwarded-For"] ?? request.UserHostAddress);
}
log.WarnFormat("Can not decrypt cookie: {0} {1} {2}", cookie, ipFrom, address);
}
}
return(false);
}
[Create(@"", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!!
public AuthenticationTokenData AuthenticateMe(string userName, string password, string provider, string accessToken)
{
bool viaEmail;
var user = GetUser(userName, password, provider, accessToken, out viaEmail);
if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable)
{
if (string.IsNullOrEmpty(user.MobilePhone) || user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated)
{
return new AuthenticationTokenData
{
Sms = true
}
}
;
SmsManager.PutAuthCode(user, false);
return(new AuthenticationTokenData
{
Sms = true,
PhoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone),
Expires = new ApiDateTime(DateTime.UtcNow.Add(SmsKeyStorage.StoreInterval))
});
}
if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable)
{
if (!TfaAppUserSettings.EnableForUser(user.ID))
{
return new AuthenticationTokenData
{
Tfa = true,
TfaKey = user.GenerateSetupCode(300).ManualEntryKey
}
}
;
return(new AuthenticationTokenData
{
Tfa = true
});
}
try
{
var token = SecurityContext.AuthenticateMe(user.ID);
MessageService.Send(Request, viaEmail ? MessageAction.LoginSuccessViaApi : MessageAction.LoginSuccessViaApiSocialAccount);
var tenant = CoreContext.TenantManager.GetCurrentTenant().TenantId;
var expires = TenantCookieSettings.GetExpiresTime(tenant);
return(new AuthenticationTokenData
{
Token = token,
Expires = new ApiDateTime(expires)
});
}
catch
{
MessageService.Send(Request, user.DisplayUserName(false), viaEmail ? MessageAction.LoginFailViaApi : MessageAction.LoginFailViaApiSocialAccount);
throw new AuthenticationException("User authentication failed");
}
finally
{
SecurityContext.Logout();
}
}
public static int GetLifeTime()
{
return(TenantCookieSettings.GetForTenant(TenantProvider.CurrentTenantID).LifeTime);
}
[Create(@"{code}", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!!
public AuthenticationTokenData AuthenticateMe(string userName, string password, string provider, string accessToken, string code)
{
bool viaEmail;
var user = GetUser(userName, password, provider, accessToken, out viaEmail);
var sms = false;
try
{
if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable)
{
sms = true;
SmsManager.ValidateSmsCode(user, code);
}
else if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable)
{
if (user.ValidateAuthCode(code))
{
MessageService.Send(HttpContext.Current.Request, MessageAction.UserConnectedTfaApp, MessageTarget.Create(user.ID));
}
}
else
{
throw new SecurityException("Auth code is not available");
}
var token = SecurityContext.AuthenticateMe(user.ID);
MessageService.Send(Request, sms ? MessageAction.LoginSuccessViaApiSms : MessageAction.LoginSuccessViaApiTfa);
var tenant = CoreContext.TenantManager.GetCurrentTenant().TenantId;
var expires = TenantCookieSettings.GetExpiresTime(tenant);
var result = new AuthenticationTokenData
{
Token = token,
Expires = new ApiDateTime(expires)
};
if (sms)
{
result.Sms = true;
result.PhoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone);
}
else
{
result.Tfa = true;
}
return(result);
}
catch
{
MessageService.Send(Request, user.DisplayUserName(false), sms
? MessageAction.LoginFailViaApiSms
: MessageAction.LoginFailViaApiTfa,
MessageTarget.Create(user.ID));
throw new AuthenticationException("User authentication failed");
}
finally
{
SecurityContext.Logout();
}
}
