private R <InvokerData, string> Authenticate(HttpListenerContext context)
{
var identity = GetIdentity(context);
if (identity == null)
{
return(InvokerData.Anonymous);
}
var result = TokenManager.GetToken(identity.Name);
if (!result.Ok)
{
return(ErrorNoUserOrToken);
}
var token = result.Value;
var invoker = new InvokerData(identity.Name,
token: token.Value);
switch (identity.AuthenticationType)
{
case "Basic":
var identityBasic = (HttpListenerBasicIdentity)identity;
if (token.Value != identityBasic.Password)
{
return(ErrorAuthFailure);
}
return(invoker);
case "Digest":
var identityDigest = (HttpListenerDigestIdentity)identity;
if (!identityDigest.IsAuthenticated)
{
var newNonce = token.CreateNonce();
context.Response.AddHeader("WWW-Authenticate", $"Digest realm=\"{WebServer.WebRealm}\", nonce=\"{newNonce.Value}\"");
return(InfoNonceAdded);
}
if (identityDigest.Realm != WebServer.WebRealm)
{
return(ErrorUnknownRealm);
}
if (identityDigest.Uri != context.Request.RawUrl)
{
return(ErrorAuthFailure);
}
//HA1=MD5(username:realm:password)
//HA2=MD5(method:digestURI)
//response=MD5(HA1:nonce:HA2)
var ha1 = HashString($"{identity.Name}:{identityDigest.Realm}:{token.Value}");
var ha2 = HashString($"{context.Request.HttpMethod}:{identityDigest.Uri}");
var response = HashString($"{ha1}:{identityDigest.Nonce}:{ha2}");
if (identityDigest.Hash != response)
{
return(ErrorAuthFailure);
}
ApiNonce nextNonce = token.UseNonce(identityDigest.Nonce);
if (nextNonce == null)
{
return(ErrorAuthFailure);
}
context.Response.AddHeader("WWW-Authenticate", $"Digest realm=\"{WebServer.WebRealm}\", nonce=\"{nextNonce.Value}\"");
return(invoker);
default:
return(ErrorUnsupportedScheme);
}
}
private InvokerData Authenticate(HttpListenerContext context)
{
IIdentity identity = GetIdentity(context);
if (identity == null)
{
return(null);
}
var result = MainBot.SessionManager.GetToken(identity.Name);
if (!result.Ok)
{
return(null);
}
var token = result.Value;
var invoker = new InvokerData(identity.Name)
{
IsApi = true,
Token = token.Value,
};
switch (identity.AuthenticationType)
{
case "Basic":
var identityBasic = (HttpListenerBasicIdentity)identity;
if (token.Value != identityBasic.Password)
{
return(null);
}
return(invoker);
case "Digest":
var identityDigest = (HttpListenerDigestIdentity)identity;
if (!identityDigest.IsAuthenticated)
{
var newNonce = token.CreateNonce();
context.Response.AddHeader("WWW-Authenticate", $"Digest realm=\"{WebManager.WebRealm}\", nonce=\"{newNonce.Value}\"");
return(null);
}
if (identityDigest.Realm != WebManager.WebRealm)
{
return(null);
}
if (identityDigest.Uri != context.Request.RawUrl)
{
return(null);
}
//HA1=MD5(username:realm:password)
//HA2=MD5(method:digestURI)
//response=MD5(HA1:nonce:HA2)
var HA1 = HashString($"{identity.Name}:{identityDigest.Realm}:{token.Value}");
var HA2 = HashString($"{context.Request.HttpMethod}:{identityDigest.Uri}");
var response = HashString($"{HA1}:{identityDigest.Nonce}:{HA2}");
if (identityDigest.Hash != response)
{
return(null);
}
ApiNonce nextNonce = token.UseNonce(identityDigest.Nonce);
if (nextNonce == null)
{
return(null);
}
context.Response.AddHeader("WWW-Authenticate", $"Digest realm=\"{WebManager.WebRealm}\", nonce=\"{nextNonce.Value}\"");
return(invoker);
default:
return(null);
}
}
