Example #1
0
        private async Task <Response> CreateUser()
        {
            var username = (string)Request.Form.Username;
            var userId   = Mapper.CreateUser(username, Request.Form.Password, EnumHelper <Permissions> .All() - (int)Permissions.ReadOnlyUser, 0);

            Analytics.TrackEventAsync(Category.Wizard, Action.Finish, "Finished the wizard", username, CookieHelper.GetAnalyticClientId(Cookies));
            Session[SessionKeys.UsernameKey] = username;

            // Destroy the Plex Auth Token
            Session.Delete(SessionKeys.UserWizardPlexAuth);

            // Update the settings so we know we have been through the wizard
            var settings = await PlexRequestSettings.GetSettingsAsync();

            settings.Wizard = true;
            await PlexRequestSettings.SaveSettingsAsync(settings);

            var baseUrl = string.IsNullOrEmpty(settings.BaseUrl) ? string.Empty : $"/{settings.BaseUrl}";

            return(CustomModuleExtensions.LoginAndRedirect(this, (Guid)userId, fallbackRedirectUrl: $"{baseUrl}/search"));
        }
Example #2
0
        public LoginModule(ISettingsService <PlexRequestSettings> pr, ICustomUserMapper m, IResourceLinker linker, IRepository <UserLogins> userLoginRepo, ISecurityExtensions security)
            : base(pr, security)
        {
            UserMapper = m;
            Get["LocalLogin", "/login"] = _ =>
            {
                if (LoggedIn)
                {
                    var url = linker.BuildRelativeUri(Context, "SearchIndex");
                    return(Response.AsRedirect(url.ToString()));
                }
                dynamic model = new ExpandoObject();
                model.Redirect = Request.Query.redirect.Value ?? string.Empty;
                model.Errored  = Request.Query.error.HasValue;
                var adminCreated = UserMapper.DoUsersExist();
                model.AdminExists = adminCreated;
                return(View["Index", model]);
            };

            Get["/logout"] = x =>
            {
                if (Session[SessionKeys.UsernameKey] != null)
                {
                    Session.Delete(SessionKeys.UsernameKey);
                }
                return(CustomModuleExtensions.LogoutAndRedirect(this, !string.IsNullOrEmpty(BaseUrl) ? $"~/{BaseUrl}/" : "~/"));
            };

            Post["/login"] = x =>
            {
                var username = (string)Request.Form.Username;
                var password = (string)Request.Form.Password;
                var dtOffset = (int)Request.Form.DateTimeOffset;
                var redirect = (string)Request.Form.Redirect;

                var userId = UserMapper.ValidateUser(username, password);

                if (userId == null)
                {
                    return
                        (Context.GetRedirect(!string.IsNullOrEmpty(BaseUrl)
                            ? $"~/{BaseUrl}/login?error=true&username="******"~/login?error=true&username="******"userlogin"))
                {
                    redirect = !string.IsNullOrEmpty(BaseUrl) ? $"/{BaseUrl}/search" : "/search";
                }

                userLoginRepo.Insert(new UserLogins
                {
                    LastLoggedIn = DateTime.UtcNow,
                    Type         = UserType.LocalUser,
                    UserId       = userId.ToString()
                });

                return(CustomModuleExtensions.LoginAndRedirect(this, userId.Value, expiry, redirect));
            };

            Get["/register"] = x =>
            {
                {
                    dynamic model = new ExpandoObject();
                    model.Errored = Request.Query.error.HasValue;

                    return(View["Register", model]);
                }
            };

            Post["/register"] = x =>
            {
                var username = (string)Request.Form.Username;
                var exists   = UserMapper.DoUsersExist();
                if (exists)
                {
                    return
                        (Context.GetRedirect(!string.IsNullOrEmpty(BaseUrl)
                            ? $"~/{BaseUrl}/register?error=true"
                            : "~/register?error=true"));
                }
                var userId = UserMapper.CreateUser(username, Request.Form.Password, EnumHelper <Permissions> .All(), 0);
                Session[SessionKeys.UsernameKey] = username;
                return(CustomModuleExtensions.LoginAndRedirect(this, (Guid)userId));
            };

            Get["/changepassword"]  = _ => ChangePassword();
            Post["/changepassword"] = _ => ChangePasswordPost();
        }
Example #3
0
        private async Task <Response> LoginUser()
        {
            var userId         = string.Empty;
            var loginGuid      = Guid.Empty;
            var dateTimeOffset = Request.Form.DateTimeOffset;
            var username       = Request.Form.username.Value;

            Log.Debug("Username \"{0}\" attempting to login", username);
            if (string.IsNullOrWhiteSpace(username))
            {
                Session["TempMessage"] = Resources.UI.UserLogin_IncorrectUserPass;
                var uri = Linker.BuildRelativeUri(Context, "UserLoginIndex");
                return(Response.AsRedirect(uri.ToString()));
            }

            var authenticated = false;
            var isOwner       = false;

            var settings = await AuthService.GetSettingsAsync();

            var plexSettings = await PlexSettings.GetSettingsAsync();

            if (IsUserInDeniedList(username, settings))
            {
                Log.Debug("User is in denied list, not allowing them to authenticate");
                Session["TempMessage"] = Resources.UI.UserLogin_IncorrectUserPass;
                var uri = Linker.BuildRelativeUri(Context, "UserLoginIndex");
                return(Response.AsRedirect(uri.ToString()));
            }

            var password = string.Empty;

            if (settings.UsePassword)
            {
                Log.Debug("Using password");
                password = Request.Form.password.Value;
            }

            var localUsers = await CustomUserMapper.GetUsersAsync();

            var plexLocalUsers = await PlexUserRepository.GetAllAsync();


            if (settings.UserAuthentication && settings.UsePassword) // Authenticate with Plex
            {
                Log.Debug("Need to auth and also provide pass");
                var signedIn = (PlexAuthentication)PlexApi.SignIn(username, password);
                if (signedIn.user?.authentication_token != null)
                {
                    Log.Debug("Correct credentials, checking if the user is account owner or in the friends list");
                    if (CheckIfUserIsOwner(plexSettings.PlexAuthToken, signedIn.user?.username))
                    {
                        Log.Debug("User is the account owner");
                        authenticated = true;
                        isOwner       = true;
                    }
                    else
                    {
                        authenticated = CheckIfUserIsInPlexFriends(username, plexSettings.PlexAuthToken);
                        Log.Debug("Friends list result = {0}", authenticated);
                    }
                    userId = signedIn.user.uuid;
                }
            }
            else if (settings.UserAuthentication) // Check against the users in Plex
            {
                Log.Debug("Need to auth");
                authenticated = CheckIfUserIsInPlexFriends(username, plexSettings.PlexAuthToken);
                if (authenticated)
                {
                    userId = GetUserIdIsInPlexFriends(username, plexSettings.PlexAuthToken);
                }
                if (CheckIfUserIsOwner(plexSettings.PlexAuthToken, username))
                {
                    Log.Debug("User is the account owner");
                    authenticated = true;
                    isOwner       = true;
                    userId        = GetOwnerId(plexSettings.PlexAuthToken, username);
                }
                Log.Debug("Friends list result = {0}", authenticated);
            }
            else if (!settings.UserAuthentication) // No auth, let them pass!
            {
                Log.Debug("No need to auth");
                authenticated = true;
            }

            if (authenticated)
            {
                UserLogins.Insert(new UserLogins {
                    UserId = userId, Type = UserType.PlexUser, LastLoggedIn = DateTime.UtcNow
                });
                Log.Debug("We are authenticated! Setting session.");
                // Add to the session (Used in the BaseModules)
                Session[SessionKeys.UsernameKey]             = (string)username;
                Session[SessionKeys.ClientDateTimeOffsetKey] = (int)dateTimeOffset;

                var plexLocal = plexLocalUsers.FirstOrDefault(x => x.Username == username);
                if (plexLocal != null)
                {
                    loginGuid = Guid.Parse(plexLocal.LoginId);
                }

                var dbUser = localUsers.FirstOrDefault(x => x.UserName == username);
                if (dbUser != null)
                {
                    loginGuid = Guid.Parse(dbUser.UserGuid);
                }

                if (loginGuid != Guid.Empty)
                {
                    if (!settings.UserAuthentication)// Do not need to auth make admin use login screen for now TODO remove this
                    {
                        if (dbUser != null)
                        {
                            var perms = (Permissions)dbUser.Permissions;
                            if (perms.HasFlag(Permissions.Administrator))
                            {
                                var uri = Linker.BuildRelativeUri(Context, "UserLoginIndex");
                                Session["TempMessage"] = Resources.UI.UserLogin_AdminUsePassword;
                                return(Response.AsRedirect(uri.ToString()));
                            }
                        }
                        if (plexLocal != null)
                        {
                            var perms = (Permissions)plexLocal.Permissions;
                            if (perms.HasFlag(Permissions.Administrator))
                            {
                                var uri = Linker.BuildRelativeUri(Context, "UserLoginIndex");
                                Session["TempMessage"] = Resources.UI.UserLogin_AdminUsePassword;
                                return(Response.AsRedirect(uri.ToString()));
                            }
                        }
                    }
                }

                if (loginGuid == Guid.Empty && settings.UserAuthentication)
                {
                    var defaultSettings = UserManagementSettings.GetSettings();
                    loginGuid = Guid.NewGuid();

                    var defaultPermissions = (Permissions)UserManagementHelper.GetPermissions(defaultSettings);
                    if (isOwner)
                    {
                        // If we are the owner, add the admin permission.
                        if (!defaultPermissions.HasFlag(Permissions.Administrator))
                        {
                            defaultPermissions += (int)Permissions.Administrator;
                        }
                    }

                    // Looks like we still don't have an entry, so this user does not exist
                    await PlexUserRepository.InsertAsync(new PlexUsers
                    {
                        PlexUserId   = userId,
                        UserAlias    = string.Empty,
                        Permissions  = (int)defaultPermissions,
                        Features     = UserManagementHelper.GetPermissions(defaultSettings),
                        Username     = username,
                        EmailAddress = string.Empty, // We don't have it, we will  get it on the next scheduled job run (in 30 mins)
                        LoginId      = loginGuid.ToString()
                    });
                }
            }

            if (!authenticated)
            {
                var uri = Linker.BuildRelativeUri(Context, "UserLoginIndex");
                Session["TempMessage"] = Resources.UI.UserLogin_IncorrectUserPass;
                return(Response.AsRedirect(uri.ToString()));
            }

            var landingSettings = await LandingPageSettings.GetSettingsAsync();

            if (landingSettings.Enabled)
            {
                if (!landingSettings.BeforeLogin)
                {
                    var uri = Linker.BuildRelativeUri(Context, "LandingPageIndex");
                    if (loginGuid != Guid.Empty)
                    {
                        return(CustomModuleExtensions.LoginAndRedirect(this, loginGuid, null, uri.ToString()));
                    }
                    return(Response.AsRedirect(uri.ToString()));
                }
            }


            var retVal = Linker.BuildRelativeUri(Context, "SearchIndex");

            if (loginGuid != Guid.Empty)
            {
                return(CustomModuleExtensions.LoginAndRedirect(this, loginGuid, null, retVal.ToString()));
            }
            return(Response.AsRedirect(retVal.ToString()));
        }
Example #4
0
        private async Task <Response> PasswordLogin()
        {
            var password = Request.Form.password.Value;

            if (string.IsNullOrEmpty(password))
            {
                return(Response.AsJson(new { result = false, message = Resources.UI.UserLogin_IncorrectUserPass }));
            }

            var dateTimeOffset = Request.Form.DateTimeOffset;
            var loginGuid      = Guid.Empty;
            var settings       = await AuthService.GetSettingsAsync();

            var username      = Session[SessionKeys.UserLoginName].ToString();
            var authenticated = false;
            var isOwner       = false;
            var userId        = string.Empty;

            var plexSettings = await PlexSettings.GetSettingsAsync();

            var embySettings = await EmbySettings.GetSettingsAsync();

            // attempt local login first as it has the least amount of overhead
            userId = CustomUserMapper.ValidateUser(username, password)?.ToString();
            if (userId != null)
            {
                authenticated = true;
            }
            else if (userId == null && plexSettings.Enable)
            {
                if (settings.UserAuthentication) // Authenticate with Plex
                {
                    Log.Debug("Need to auth and also provide pass");
                    var signedIn = (PlexAuthentication)PlexApi.SignIn(username, password);
                    if (signedIn.user?.authentication_token != null)
                    {
                        Log.Debug("Correct credentials, checking if the user is account owner or in the friends list");
                        if (CheckIfUserIsOwner(plexSettings.PlexAuthToken, signedIn.user?.username))
                        {
                            Log.Debug("User is the account owner");
                            authenticated = true;
                            isOwner       = true;
                        }
                        else
                        {
                            authenticated = CheckIfUserIsInPlexFriends(username, plexSettings.PlexAuthToken);
                            Log.Debug("Friends list result = {0}", authenticated);
                        }
                        userId = signedIn.user.uuid;
                    }
                }
            }
            else if (userId == null && embySettings.Enable)
            {
                if (settings.UserAuthentication) // Authenticate with Emby
                {
                    Log.Debug("Need to auth and also provide pass");
                    EmbyUser signedIn = null;
                    try
                    {
                        signedIn = (EmbyUser)EmbyApi.LogIn(username, password, embySettings.ApiKey, embySettings.FullUri);
                    }
                    catch (Exception e)
                    {
                        Log.Error(e);
                    }
                    if (signedIn != null)
                    {
                        Log.Debug("Correct credentials, checking if the user is account owner or in the friends list");
                        if (signedIn?.Policy?.IsAdministrator ?? false)
                        {
                            Log.Debug("User is the account owner");
                            authenticated = true;
                            isOwner       = true;
                        }
                        else
                        {
                            authenticated = CheckIfEmbyUser(username, embySettings);
                            Log.Debug("Friends list result = {0}", authenticated);
                        }
                        userId = signedIn?.Id;
                    }
                }
            }

            if (!authenticated)
            {
                return(Response.AsJson(new { result = false, message = Resources.UI.UserLogin_IncorrectUserPass }));
            }

            var m = await AuthenticationSetup(userId, username, dateTimeOffset, loginGuid, isOwner, plexSettings.Enable, embySettings.Enable);

            var landingSettings = await LandingPageSettings.GetSettingsAsync();

            if (landingSettings.Enabled)
            {
                if (!landingSettings.BeforeLogin) // After Login
                {
                    var uri = Linker.BuildRelativeUri(Context, "LandingPageIndex");
                    if (m.LoginGuid != Guid.Empty)
                    {
                        return(CustomModuleExtensions.LoginAndRedirect(this, m.LoginGuid, null, uri.ToString()));
                    }
                    return(Response.AsRedirect(uri.ToString()));
                }
            }

            var retVal = Linker.BuildRelativeUri(Context, "SearchIndex");

            if (m.LoginGuid != Guid.Empty)
            {
                return(CustomModuleExtensions.LoginAndRedirect(this, m.LoginGuid, null, retVal.ToString()));
            }
            return(Response.AsJson(new { result = true, url = retVal.ToString() }));
        }
Example #5
0
        private async Task <Response> UsernameLogin()
        {
            var username       = Request.Form.username.Value;
            var dateTimeOffset = Request.Form.DateTimeOffset;
            var loginGuid      = Guid.Empty;
            var settings       = await AuthService.GetSettingsAsync();

            if (string.IsNullOrWhiteSpace(username) || IsUserInDeniedList(username, settings))
            {
                return(Response.AsJson(new { result = false, message = Resources.UI.UserLogin_IncorrectUserPass }));
            }

            var plexSettings = await PlexSettings.GetSettingsAsync();

            var embySettings = await EmbySettings.GetSettingsAsync();

            var      authenticated = false;
            var      isOwner       = false;
            var      userId        = string.Empty;
            EmbyUser embyUser      = null;

            if (plexSettings.Enable)
            {
                if (settings.UserAuthentication) // Check against the users in Plex
                {
                    try
                    {
                        Log.Debug("Need to auth");
                        authenticated = CheckIfUserIsInPlexFriends(username, plexSettings.PlexAuthToken);
                        if (authenticated)
                        {
                            userId = GetUserIdIsInPlexFriends(username, plexSettings.PlexAuthToken);
                        }
                        if (CheckIfUserIsOwner(plexSettings.PlexAuthToken, username))
                        {
                            Log.Debug("User is the account owner");
                            authenticated = true;
                            isOwner       = true;
                            userId        = GetOwnerId(plexSettings.PlexAuthToken, username);
                        }
                        Log.Debug("Friends list result = {0}", authenticated);
                    }
                    catch (Exception)
                    {
                        return(Response.AsJson(new { result = false, message = Resources.UI.UserLogin_IncorrectUserPass }));
                    }
                }
                else if (!settings.UserAuthentication) // No auth, let them pass!
                {
                    authenticated = true;
                }
            }
            if (embySettings.Enable)
            {
                if (settings.UserAuthentication) // Check against the users in Plex
                {
                    Log.Debug("Need to auth");
                    authenticated = CheckIfEmbyUser(username, embySettings);
                    if (authenticated)
                    {
                        embyUser = GetEmbyUser(username, embySettings);
                        userId   = embyUser?.Id;
                    }
                    if (embyUser?.Policy?.IsAdministrator ?? false)
                    {
                        Log.Debug("User is the account owner");
                        authenticated = true;
                        isOwner       = true;
                    }
                    Log.Debug("Friends list result = {0}", authenticated);
                }
                else if (!settings.UserAuthentication) // No auth, let them pass!
                {
                    authenticated = true;
                }
            }

            UsersModel dbUser = await IsDbuser(username);

            if (dbUser != null) // in the db?
            {
                var perms = (Permissions)dbUser.Permissions;
                authenticated = true;
                isOwner       = perms.HasFlag(Permissions.Administrator);
                userId        = dbUser.UserGuid;
            }

            if (settings.UsePassword || isOwner || Security.HasPermissions(username, Permissions.Administrator))
            {
                Session[SessionKeys.UserLoginName] = username;

                var path = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), "Views", "UserLogin");
                var file = System.IO.Directory.GetFiles(path).FirstOrDefault(x => x.Contains("Password.cshtml"));
                var html = File.ReadAllText(file);

                return(Response.AsJson(new { result = true, usePassword = true, html }));
            }

            if (!authenticated)
            {
                return(Response.AsJson(new { result = false, message = Resources.UI.UserLogin_IncorrectUserPass }));
            }
            var result = await AuthenticationSetup(userId, username, dateTimeOffset, loginGuid, isOwner, plexSettings.Enable, embySettings.Enable);


            var landingSettings = await LandingPageSettings.GetSettingsAsync();

            if (landingSettings.Enabled)
            {
                if (!landingSettings.BeforeLogin) // After Login
                {
                    var uri = Linker.BuildRelativeUri(Context, "LandingPageIndex");
                    if (loginGuid != Guid.Empty)
                    {
                        return(CustomModuleExtensions.LoginAndRedirect(this, result.LoginGuid, null, uri.ToString()));
                    }
                    return(Response.AsRedirect(uri.ToString()));
                }
            }


            var retVal = Linker.BuildRelativeUri(Context, "SearchIndex");

            if (result.LoginGuid != Guid.Empty)
            {
                return(CustomModuleExtensions.LoginAndRedirect(this, result.LoginGuid, null, retVal.ToString()));
            }
            return(Response.AsJson(new { result = true, url = retVal.ToString() }));
        }
Example #6
0
        private async Task <Response> PasswordLogin()
        {
            var password = Request.Form.password.Value;

            if (string.IsNullOrEmpty(password))
            {
                return(Response.AsJson(new { result = false, message = Resources.UI.UserLogin_IncorrectUserPass }));
            }

            var dateTimeOffset = Request.Form.DateTimeOffset;
            var loginGuid      = Guid.Empty;
            var settings       = await AuthService.GetSettingsAsync();

            var username      = Session[SessionKeys.UserLoginName].ToString();
            var authenticated = false;
            var isOwner       = false;
            var userId        = string.Empty;

            var plexSettings = await PlexSettings.GetSettingsAsync();

            if (settings.UserAuthentication) // Authenticate with Plex
            {
                Log.Debug("Need to auth and also provide pass");
                var signedIn = (PlexAuthentication)Api.SignIn(username, password);
                if (signedIn.user?.authentication_token != null)
                {
                    Log.Debug("Correct credentials, checking if the user is account owner or in the friends list");
                    if (CheckIfUserIsOwner(plexSettings.PlexAuthToken, signedIn.user?.username))
                    {
                        Log.Debug("User is the account owner");
                        authenticated = true;
                        isOwner       = true;
                    }
                    else
                    {
                        authenticated = CheckIfUserIsInPlexFriends(username, plexSettings.PlexAuthToken);
                        Log.Debug("Friends list result = {0}", authenticated);
                    }
                    userId = signedIn.user.uuid;
                }
            }

            if (string.IsNullOrEmpty(userId))
            {
                // Local user?
                userId = CustomUserMapper.ValidateUser(username, password)?.ToString();
                if (userId != null)
                {
                    authenticated = true;
                }
            }

            if (!authenticated)
            {
                return(Response.AsJson(new { result = false, message = Resources.UI.UserLogin_IncorrectUserPass }));
            }


            var m = await AuthenticationSetup(userId, username, dateTimeOffset, loginGuid, isOwner);

            var retVal = Linker.BuildRelativeUri(Context, "SearchIndex");

            if (m.LoginGuid != Guid.Empty)
            {
                return(CustomModuleExtensions.LoginAndRedirect(this, m.LoginGuid, null, retVal.ToString()));
            }
            return(Response.AsJson(new { result = true, url = retVal.ToString() }));
        }