public static bool isSessionGuid_valid(
string sessionGuid_in,
string ip_forLogPurposes_in,
out Guid sessionGuid_out,
out Sessionuser sessionUser_out,
out List <int> errorlist_out
)
{
if (!isSessionGuid_valid(
sessionGuid_in,
out sessionGuid_out,
out errorlist_out
))
{
sessionUser_out = null;
return(false);
}
if (!UserSession.TryGetValue(sessionGuid_out, out sessionUser_out))
{
SBO_LOG_Log.log(
null,
LogType.error,
ErrorType.authentication__expired_guid,
-1L,
-1,
"IP:{0};",
ip_forLogPurposes_in
);
errorlist_out.Add(ErrorType.authentication__expired_guid);
return(false);
}
return(true);
}
internal static void login(
SO_CRD_User user_in,
Guid sessionGuid_in,
string login_forLogPurposes_in,
string ip_forLogPurposes_in,
bool andCheckPassword_in,
string password_in,
out long idUser_out,
out string login_out,
out long[] idPermissions_out,
ref List <int> errorlist_ref
)
{
//// NOTES:
//// - this method allows login without password (if andCheckPassword_in == false),
//// hence MUST NEVER be distributed (at least not directly)
idPermissions_out = null;
idUser_out = -1L;
login_out = "";
if (
(user_in != null)
&&
(
!andCheckPassword_in
||
SimpleHash.VerifyHash(
password_in,
SimpleHash.HashAlgotithm.SHA256,
user_in.Password
)
)
)
{
login_out = user_in.Login;
#region login...
#region idPermissions_out = ...;
long _count;
SO_CRD_Permission[] _so_permissions
= DO_CRD_Permission.getRecord_byUser(
user_in.IDUser,
-1, -1, -1, out _count,
null
);
idPermissions_out = new long[_so_permissions.Length];
for (int i = 0; i < _so_permissions.Length; i++)
{
idPermissions_out[i] = _so_permissions[i].IDPermission;
}
#endregion
if (UserSession.ContainsKey(sessionGuid_in))
{
Sessionuser _usersession = UserSession[sessionGuid_in];
if (_usersession.IDUser == user_in.IDUser)
{
_usersession.Sessionstart = DateTime.Now;
_usersession.IDUser = user_in.IDUser;
_usersession.IDPermissions = idPermissions_out;
}
else
{
errorlist_ref.Add(ErrorType.authentication__guid_not_yours);
UserSession.Remove(sessionGuid_in);
return;
}
}
else
{
UserSession.Add(
sessionGuid_in,
new Sessionuser(
user_in.IDUser,
idPermissions_out,
user_in.IFApplication,
DateTime.Now
)
);
}
idUser_out = user_in.IDUser;
#endregion
}
else
{
errorlist_ref.Add(ErrorType.authentication__invalid_login);
#region SBO_LOG_Log.log(...);
SBO_LOG_Log.log(
null,
LogType.error,
ErrorType.authentication,
-1L,
(user_in == null) ? -1 : user_in.IFApplication,
"login:{0};password[0]:{1};ip:{2};",
new string[] {
login_forLogPurposes_in,
password_in.Length > 0 ? password_in.Substring(0, 1) : "",
ip_forLogPurposes_in
}
);
#endregion
}
}
