Ejemplo n.º 1
0
        public ReplyData user_tokens(IPAddress remoteIP, int remotePort, List <string> arguments, string body, string method, Dictionary <string, string> Headers)
        {
            if (Headers.ContainsKey("Authorization") == false)
            {
                ReplyData rd = new ReplyData();
                rd.Status = 401;
                rd.Body   = "";
                Session.Instance.TemporaryStackData.Add(remoteIP.ToString());
                rd.CustomOutputHeaders.Add("WWW-Authenticate", "Basic realm='Tokens'");
                rd.Body = "<h2>You are not logged in!";
                rd.CustomOutputHeaders.Add("Content-Type", "text/html");
                return(rd);
            }
            else
            {
                // Validate login!
                string[] req        = arguments[0].Split(new[] { '?', '&', '=' });
                string[] authHeader = Headers["Authorization"].Split(new[] { ' ' });

                if (authHeader[0] == "Basic" && Session.Instance.TemporaryStackData.Contains(remoteIP.ToString()))
                {
                    // Validate credentials!
                    UserAccounts ua = UserAccounts.GetAccounts();

                    string[] auth = Tools.Base64Decode(authHeader[1]).Split(new[] { ':' });

                    if (ua.Login(auth[0], auth[1], "web"))
                    {
                        // Continue to generate the token!
                        UserAccounts.Account act = ua.AllAccounts[auth[0]];
                        for (int i = 0; i < req.Length; i++)
                        {
                            if (req[i] == "for_domain_server" && req[i + 1] == "true")
                            {
                                // Generate the domain server token!
                                int    expiry     = 1 * 24 * 60 * 60;
                                int    time       = Tools.getTimestamp();
                                string token_type = "domain";

                                string Token = Tools.MD5Hash(expiry.ToString() + ":" + time.ToString() + "::" + token_type + ":" + act.name);
                                // Token has now been issued!
                                // Because you can obviously have more than 1 domain, this will save the token as : domain-timestamp

                                act.ActiveTokens.Add(Token, "domain");
                                ua.AllAccounts[auth[0]] = act;
                                ua.save();

                                // Exit this loop, and reply to the user!

                                Session.Instance.TemporaryStackData.Remove(remoteIP.ToString());
                                ReplyData rd1 = new ReplyData();
                                rd1.Status = 200;
                                rd1.Body   = $"<center><h2>Your domain's access token is: {Token}</h2></center>";
                                rd1.CustomOutputHeaders.Add("Content-Type", "text/html");

                                return(rd1);
                            }
                        }
                    }
                }

                ReplyData rd = new ReplyData();
                rd.Body   = "Invalid authorization header was provided!<br/>If you were not prompted for credentials again, close the tab or the browser and try again";
                rd.Status = 401;
                if (Session.Instance.TemporaryStackData.Contains(remoteIP.ToString()) == false)
                {
                    Session.Instance.TemporaryStackData.Add(remoteIP.ToString());
                }
                rd.CustomOutputHeaders.Add("WWW-Authenticate", "Basic realm='Tokens'");
                return(rd);
            }
        }