public object Get(OAuthAuthorizeRequest request)
{
if (!string.IsNullOrEmpty(request.Username) &&
!string.IsNullOrEmpty(request.Password))
{
// unattended authentication, immediately perform token exchange
// and use data from the querystring
bool is_allowed = RainyStandaloneServer.OAuth.Authenticator(request.Username, request.Password);
if (!is_allowed)
{
throw new UnauthorizedException();
}
var auth_service = new OAuthAuthenticateService();
var resp = (OAuthAuthenticateResponse)auth_service.TokenExchangeAfterAuthentication(
request.Username,
request.Password,
Request.QueryString["oauth_token"]
);
Response.Redirect(resp.RedirectUrl);
return(null);
}
else
{
TextReader reader = new StreamReader("/Users/td/gateway.html");
string resp = reader.ReadToEnd();
reader.Close();
return(resp);
}
}
public object Any(OAuthAuthorizeRequest request)
{
if (!string.IsNullOrEmpty(request.Username) &&
!string.IsNullOrEmpty(request.Password))
{
// unattended authentication, immediately perform token exchange
// and use data from the querystring
bool is_allowed = authenticator.VerifyCredentials(request.Username, request.Password);
if (!is_allowed)
{
throw new UnauthorizedException();
}
var auth_service = new OAuthAuthenticateService(connFactory, oauthHandler, authenticator);
var resp = (OAuthAuthenticateResponse)auth_service.TokenExchangeAfterAuthentication(
request.Username,
request.Password,
Request.QueryString["oauth_token"]
);
Response.Redirect(resp.RedirectUrl);
return(null);
}
else
{
// take all url parameters and redirect to the login page
string prams = new Uri(Request.RawUrl).PathAndQuery.Split(new char[] { '?' })[1];
Response.Redirect("/admin/#/login?" + prams);
Response.EndServiceStackRequest();
return(null);
}
}
public object Get(OAuthAuthorizeRequest request)
{
if (!string.IsNullOrEmpty (request.Username) &&
!string.IsNullOrEmpty (request.Password)) {
// unattended authentication, immediately perform token exchange
// and use data from the querystring
bool is_allowed = RainyStandaloneServer.OAuth.Authenticator (request.Username, request.Password);
if (!is_allowed) {
throw new UnauthorizedException ();
}
var auth_service = new OAuthAuthenticateService ();
var resp = (OAuthAuthenticateResponse) auth_service.TokenExchangeAfterAuthentication (
request.Username,
request.Password,
Request.QueryString["oauth_token"]
);
Response.Redirect (resp.RedirectUrl);
return null;
} else {
TextReader reader = new StreamReader ("/Users/td/gateway.html");
string resp = reader.ReadToEnd ();
reader.Close ();
return resp;
}
}
public object Any(OAuthAuthorizeRequest request)
{
if (!string.IsNullOrEmpty (request.Username) &&
!string.IsNullOrEmpty (request.Password)) {
// unattended authentication, immediately perform token exchange
// and use data from the querystring
bool is_allowed = authenticator.VerifyCredentials (request.Username, request.Password);
if (!is_allowed) {
throw new UnauthorizedException ();
}
var auth_service = new OAuthAuthenticateService (connFactory, oauthHandler, authenticator);
var resp = (OAuthAuthenticateResponse) auth_service.TokenExchangeAfterAuthentication (
request.Username,
request.Password,
Request.QueryString["oauth_token"]
);
Response.Redirect (resp.RedirectUrl);
return null;
} else {
// take all url parameters and redirect to the login page
string prams = new Uri (Request.RawUrl).PathAndQuery.Split (new char[] { '?' })[1];
Response.Redirect ("/admin/#/login?" + prams);
Response.EndServiceStackRequest ();
return null;
}
}
public object Any(OAuthAuthorizeRequest request)
{
// keep this line to inspect the Request in monodevelop's debugger
// really helps debugging API calls
var servicestack_http_request = Request;
// TODO the OAuth spec allows other ways of specifying the parameters besides the query string
// (i.e. the authorization header, form-encoded POST values, etc. We have to handle those
// in the future.
var original_request = (HttpListenerRequest)Request.OriginalRequest;
var context = new OAuthContextBuilder ().FromUri (Request.HttpMethod, original_request.Url);
// check if the user is authorized
// TODO this is just a basic hack to enable authorization
if (!userIsAllowed (request.Username, request.Password)) {
// unauthorized
Logger.WarnFormat ("Failed to authorize user {0}", request.Username);
Response.StatusCode = 403;
Response.StatusDescription ="Authorization failed";
Response.Write (
"<html><h1 style='margin-top: 1em'>Authorization failed for user "
+ "<b>" + request.Username + "</b>"
+ " (maybe wrong password?).</h1></html>"
);
Response.Close ();
return null;
}
// authorization succeeded, continue
Logger.InfoFormat ("Successfully authorized user: {0}", request.Username);
var request_token = Rainy.RainyStandaloneServer.OAuth.RequestTokens.GetToken (context.Token);
request_token.Verifier = Guid.NewGuid ().ToString ();
request_token.AccessDenied = false;
request_token.AccessToken = new AccessToken () {
ConsumerKey = request_token.ConsumerKey,
Realm = request_token.Realm,
Token = Guid.NewGuid ().ToString (),
TokenSecret = Guid.NewGuid ().ToString (),
UserName = request.Username,
ExpiryDate = DateTime.Now.AddYears (99)
};
RainyStandaloneServer.OAuth.RequestTokens.SaveToken (request_token);
Logger.DebugFormat ("created an access token for user {0}: {1}", request.Username, request_token);
// redirect to the provded callback
var redirect_url = request_token.CallbackUrl + "?oauth_verifier=" + request_token.Verifier + "&oauth_token=" + request_token.Token;
Logger.DebugFormat ("redirecting user to consumer at: {1}", request.Username, redirect_url);
Response.Redirect (redirect_url);
return null;
}