static public Membership.UserAuthenticateResults Login(string Email, string Password, bool GenerateRememberMeCookie)
{
Int64 SupplierId;
Membership.UserAuthenticateResults results = Membership.AuthenticateSupplier(Email, Password, out SupplierId);
if (results != Membership.UserAuthenticateResults.Success)
{
return(results);
}
AppSupplierAuthToken token = AuthTokens.GenerateAuthTokenForAppSupplierId(SupplierId, GenerateRememberMeCookie ? AuthTokenTimeSpan : 0);
if (token == null)
{
return(Membership.UserAuthenticateResults.LoginError);
}
if (GenerateRememberMeCookie)
{
HttpCookie cookie = new HttpCookie(@"auth-token", TeaEncryptor.Encrypt(token.Secret.ToString(@"N") + @":" + token.Key, RememberMeCookieEncryptionKey));
cookie.Expires = token.Expiry;
HttpContext.Current.Response.Cookies.Add(cookie);
}
HttpContext.Current.Session[@"Authenticated"] = true;
HttpContext.Current.Session[@"AuthTokenId"] = token.AppSupplierAuthTokenId;
HttpContext.Current.Session[@"SupplierId"] = SupplierId;
AppSupplier supplier = AppSupplier.FetchByID(SupplierId);
HttpContext.Current.Session[@"IsProductSupplier"] = (supplier != null ? supplier.IsProduct : false);
//HttpContext.Current.Session[@"LangCode"] = dg.Sql.Query.New<AppSupplier>().Select(AppSupplier.Columns.LangCode).Where(AppSupplier.Columns.SupplierId, SupplierId).ExecuteScalar() as string;
return(results);
}
static public bool ValidateAppSupplierAuthToken(string secret, string key, bool slideExpiration, out Int64 AppSupplierId, out Int64 AppSupplierAuthTokenId)
{
try
{
List <object> token = new Query(AppSupplierAuthToken.TableSchema)
.Select(AppSupplierAuthToken.Columns.AppSupplierAuthTokenId)
.AddSelect(AppSupplierAuthToken.Columns.SupplierId)
.AddSelect(AppSupplierAuthToken.Columns.Expiry)
.Where(AppSupplierAuthToken.Columns.Secret, secret)
.AND(AppSupplierAuthToken.Columns.Key, key)
.LimitRows(1)
.ExecuteOneRowToList();
if (token != null)
{
DateTime expiry = Convert.ToDateTime(token[2]);
if (expiry < DateTime.UtcNow || key != EncodeKey(Convert.ToInt64(token[1]), AuthTokenKeySalt_AppUserId))
{
AppSupplierAuthToken.Delete(Convert.ToInt64(token[0]));
AppSupplierId = AppSupplierAuthTokenId = 0;
return(false);
}
else
{
AppSupplierId = Convert.ToInt64(token[1]);
AppSupplierAuthTokenId = Convert.ToInt64(token[0]);
if (slideExpiration && AuthTokenSlidingExpiration_AppUserId)
{
DateTime newExpiry = DateTime.UtcNow.AddHours(AuthTokenLifeSpan_AppUserId);
if (newExpiry > expiry)
{
Query.New <AppSupplierAuthToken>()
.Update(AppSupplierAuthToken.Columns.Expiry, newExpiry)
.Where(AppSupplierAuthToken.Columns.AppSupplierAuthTokenId, AppSupplierAuthTokenId)
.Execute();
}
}
return(true);
}
}
else
{
AppSupplierId = AppSupplierAuthTokenId = 0;
return(false);
}
}
catch
{
AppSupplierId = AppSupplierAuthTokenId = 0;
return(false);
}
}
static public bool IsAuthenticated()
{
if (HttpContext.Current.Session[@"Authenticated"] != null && (bool)HttpContext.Current.Session[@"Authenticated"])
{
return(true);
}
else
{
HttpCookie cookie = HttpContext.Current.Request.Cookies[@"auth-token"];
if (cookie != null)
{
string[] auth = TeaEncryptor.Decrypt(cookie.Value, RememberMeCookieEncryptionKey).Split(':');
if (auth.Length == 2)
{
Int64 SupplierId;
Int64 AuthTokenId;
if (AuthTokens.ValidateAppSupplierAuthToken(auth[0], auth[1], false, out SupplierId, out AuthTokenId))//TODO
{
Membership.UserAuthenticateResults results = Membership.SupplierLoggedInAction(SupplierId);
if (results == Membership.UserAuthenticateResults.Success)
{
HttpContext.Current.Session[@"Authenticated"] = true;
HttpContext.Current.Session[@"AuthTokenId"] = AuthTokenId;
HttpContext.Current.Session[@"SupplierId"] = SupplierId;
AppSupplier supplier = AppSupplier.FetchByID(SupplierId);
HttpContext.Current.Session[@"IsProductSupplier"] = (supplier != null ? supplier.IsProduct : false);
//HttpContext.Current.Session[@"LangCode"] = dg.Sql.Query.New<AppSupplier>().Select(AppSupplier.Columns.LangCode).Where(AppSupplier.Columns.SupplierId, SupplierId).ExecuteScalar() as string;
return(true);
}
else
{
AppSupplierAuthToken.Delete(AuthTokenId);
HttpContext.Current.Response.Cookies.Set(new HttpCookie(@"auth-token", @""));
}
}
else
{
HttpContext.Current.Response.Cookies.Set(new HttpCookie(@"auth-token", @""));
}
}
}
}
return(false);
}
static public bool ValidateAppSupplierAuthToken(string Secret, string Key, out Int64 AppSupplierId, out Int64 AppSupplierAuthTokenId)
{
try
{
Query qry = new Query(AppSupplierAuthToken.TableSchema).Where(AppSupplierAuthToken.Columns.Secret, Secret).AND(AppSupplierAuthToken.Columns.Key, Key);
AppSupplierAuthTokenCollection coll = AppSupplierAuthTokenCollection.FetchByQuery(qry);
if (coll.Count == 1)
{
AppSupplierAuthToken token = coll[0];
if (token.Expiry < DateTime.UtcNow || token.Key != EncodeKey(token.SupplierId, AuthTokenKeySalt_AppUserId))
{
AppSupplierAuthToken.Delete(token.AppSupplierAuthTokenId);
AppSupplierId = AppSupplierAuthTokenId = 0;
return(false);
}
else
{
AppSupplierId = token.SupplierId;
AppSupplierAuthTokenId = token.AppSupplierAuthTokenId;
DateTime newExpiry = DateTime.UtcNow.AddHours(AuthTokenLifeSpan_AppUserId);
if (newExpiry > token.Expiry)
{
token.Expiry = newExpiry;
}
token.Save();
return(true);
}
}
else
{
AppSupplierId = AppSupplierAuthTokenId = 0;
return(false);
}
}
catch
{
AppSupplierId = AppSupplierAuthTokenId = 0;
return(false);
}
}
static public AppSupplierAuthToken GenerateAuthTokenForAppSupplierId(Int64 AppSupplierId, int LifeTimeInHours)
{
int tries = 3;
AppSupplierAuthToken token = new AppSupplierAuthToken();
token.SupplierId = AppSupplierId;
token.CreatedDate = DateTime.UtcNow;
token.Expiry = token.CreatedDate.AddHours(AuthTokenLifeSpan_AppUserId);
token.Key = EncodeKey(AppSupplierId, AuthTokenKeySalt_AppUserId);
while (tries > 0)
{
try
{
token.Secret = Guid.NewGuid();
token.Save();
return(token);
}
catch (System.Data.Common.DbException)
{
tries--;
}
}
return(null);
}
static public string AccessToken(AppSupplierAuthToken authToken)
{
return(AccessToken(authToken.Secret.ToString(), authToken.Key));
}
public override void Post(HttpRequest Request, HttpResponse Response, params string[] PathParams)
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetMaxAge(TimeSpan.Zero);
JObject inputData = null;
try
{
using (StreamReader reader = new StreamReader(Request.InputStream))
{
using (JsonTextReader jsonReader = new JsonTextReader(reader))
{
inputData = JObject.Load(jsonReader);
}
}
}
catch
{
RespondBadRequest(Response);
}
string email = inputData.Value<string>(@"email") ?? "";
string password = inputData.Value<string>(@"password") ?? "";
Response.ContentType = @"application/json";
Int64 SupplierId;
AppMembership.AppUserAuthenticateResults res = AppMembership.AuthenticateAppSupplier(email, password, out SupplierId);
switch (res)
{
case AppMembership.AppUserAuthenticateResults.Success:
{
List<object> SupplierStatus = new List<object>();
AppSupplierAuthToken at = AuthTokens.GenerateAuthTokenForAppSupplierId(SupplierId, 0);
try
{
AppMembership.AppSupplierLoggedInAction(SupplierId, out SupplierStatus);
}
catch { }
using (StreamWriter streamWriter = new StreamWriter(Response.OutputStream))
{
using (JsonTextWriter jsonWriter = new JsonTextWriter(streamWriter))
{
jsonWriter.WriteStartObject();
jsonWriter.WritePropertyName(@"access_token");
jsonWriter.WriteValue(AuthTokens.AccessToken(at));
jsonWriter.WritePropertyName(@"user_id");
jsonWriter.WriteValue(SupplierId);
jsonWriter.WritePropertyName(@"status");
jsonWriter.WriteValue(SupplierStatus.Count > 0 ? SupplierStatus[0] : false);
jsonWriter.WritePropertyName(@"allow_change_status_join_bids");
jsonWriter.WriteValue(SupplierStatus.Count > 0 ? SupplierStatus[1] : false);
jsonWriter.WritePropertyName(@"is_auto_join_bid");
jsonWriter.WriteValue(SupplierStatus.Count > 0 ? SupplierStatus[2] : false);
jsonWriter.WritePropertyName(@"is_service_supplier");
jsonWriter.WriteValue(SupplierStatus.Count > 0 ? SupplierStatus[4] : false);
jsonWriter.WritePropertyName(@"max_winning_num");
jsonWriter.WriteValue(SupplierStatus.Count > 0 ? SupplierStatus[3] : 0);
jsonWriter.WriteEndObject();
}
}
}
break;
default:
case AppMembership.AppUserAuthenticateResults.LoginError:
{
RespondBadRequest(Response);
}
break;
case AppMembership.AppUserAuthenticateResults.NotVerified:
{
RespondError(Response, HttpStatusCode.Forbidden, @"not-verified");
}
break;
case AppMembership.AppUserAuthenticateResults.NoMatch:
{
RespondError(Response, HttpStatusCode.Forbidden, @"no-match");
}
break;
case AppMembership.AppUserAuthenticateResults.Locked:
{
RespondError(Response, HttpStatusCode.Forbidden, @"locked");
}
break;
}
}
