public async Task <AuthResponse> PreAuth([FromBody] AuthRequest request)
{
Dictionary <string, string> dict = await sessionRepository.decodeAuthToken(request.auth_token);
if (dict == null)
{
throw new AuthInvalidCredentialsException();
}
var response = new AuthResponse();
ProfileLookup profileLookup = new ProfileLookup();
UserLookup userLookup = new UserLookup();
int profileId;
int.TryParse(dict["profileId"], out profileId);
profileLookup.id = profileId;
User user = null;
if (dict.ContainsKey("userId"))
{
int.TryParse(dict["userId"], out profileId);
userLookup.id = profileId;
user = (await userRepository.Lookup(userLookup)).First();
}
response.profile = (await profileRepository.Lookup(profileLookup)).First();
if (user == null)
{
userLookup.id = response.profile.Userid;
user = (await userRepository.Lookup(userLookup)).First();
}
response.user = user;
var sesskey = gs_sesskey(request.session_key);
string challenge = dict["true_signature"] + sesskey.ToString();
using (MD5 md5 = MD5.Create())
{
StringBuilder sBuilder = new StringBuilder();
byte[] data = md5.ComputeHash(Encoding.UTF8.GetBytes(challenge));
for (int i = 0; i < data.Length; i++)
{
sBuilder.Append(data[i].ToString("x2"));
}
challenge = sBuilder.ToString().ToLower();
}
if (!challenge.Equals(request.client_response.ToLower()))
{
throw new AuthInvalidCredentialsException();
}
return(response);
}
public async Task <AuthResponse> PreAuth([FromBody] AuthRequest authRequest)
{
Dictionary <string, string> dict = await sessionRepository.decodeAuthToken(authRequest.auth_token);
if (dict == null)
{
throw new AuthInvalidCredentialsException();
}
DateTime expireTime;
AuthResponse response = new AuthResponse();
if (dict.Keys.Contains("expiresAt"))
{
long expiresAtTS;
if (!long.TryParse(dict["expiresAt"], out expiresAtTS))
{
throw new AuthInvalidCredentialsException();
}
System.DateTime dtDateTime = new DateTime(1970, 1, 1, 0, 0, 0, 0, System.DateTimeKind.Utc);
expireTime = dtDateTime.AddSeconds(expiresAtTS).ToLocalTime();
if (DateTime.UtcNow > expireTime)
{
throw new AuthInvalidCredentialsException();
}
}
ProfileLookup profileLookup = new ProfileLookup();
UserLookup userLookup = new UserLookup();
int profileId;
int.TryParse(dict["profileId"], out profileId);
profileLookup.id = profileId;
User user = null;
if (dict.ContainsKey("userId"))
{
int.TryParse(dict["userId"], out profileId);
userLookup.id = profileId;
user = (await userRepository.Lookup(userLookup)).First();
}
response.profile = (await profileRepository.Lookup(profileLookup)).First();
response.success = true;
if (user == null)
{
userLookup.id = response.profile.Userid;
user = (await userRepository.Lookup(userLookup)).First();
}
response.user = user;
//authRequest.client_response = authRequest.auth_token_challenge;
var client_response = authRequest.client_response;
authRequest.client_response = dict["true_signature"];
//test validity of auth token... confirm the users token is signed against "true_signature"
if (client_response.CompareTo(GetPasswordProof(response.profile, authRequest, ProofType.ProofType_PreAuth, true)) != 0)
{
throw new AuthInvalidCredentialsException();
}
response.server_response = GetPasswordProof(response.profile, authRequest, ProofType.ProofType_PreAuth, false);
response.session = await generateSessionKey(response.profile);
response.success = true;
return(response);
}