public IActionResult Manage(string id)
{
int newId = _dataProtector.Unprotect(id);
ResponseDetails response = _apiHelper.SendApiRequest("", "slot/parkinglot/" + newId, HttpMethod.Get);
if (response.Success)
{
List <SlotViewModel> model = JsonConvert.DeserializeObject <List <SlotViewModel> > (response.Data.ToString());
PopulateHelperProperties(model);
_dataProtector.ProtectSlotRouteValues(model);
ResponseDetails slotTypeResponse = _apiHelper.SendApiRequest("", "slot-type/get-all", HttpMethod.Get);
ManageSlotModel slotModel = new ManageSlotModel
{
Slots = model,
SlotTypes = JsonConvert.DeserializeObject <List <SlotTypeViewModel> > (slotTypeResponse.Data.ToString())
};
return(View(slotModel));
}
else
{
ErrorViewModel model = new ErrorViewModel
{
Message = response.Data.ToString()
};
return(View("Error", model));
}
}
public IActionResult Details(string id)
{
int newId = _dataProtector.Unprotect(id);
ResponseDetails response = _apiHelper.SendApiRequest("", "parkinglot/get/" + newId, HttpMethod.Get);
if (response.Success)
{
ParkingLotViewModel model = JsonConvert.DeserializeObject <ParkingLotViewModel> (response.Data.ToString());
model = CalculateHourlyRate(model);
_dataProtector.ProtectParkingLotRouteValues(model);
return(View(model));
}
else
{
ErrorViewModel model = new ErrorViewModel
{
Message = response.Data.ToString()
};
return(View("Error", model));
}
}
public IActionResult Details(string id)
{
int newId = _dataProtector.Unprotect(id);
ResponseDetails response = _apiHelper.SendApiRequest("", "parkinglot/get/" + newId, HttpMethod.Get);
if (response.Success)
{
ParkingLotViewModel parkingLotViewModel = JsonConvert.DeserializeObject <ParkingLotViewModel>
(response.Data.ToString());
_dataProtector.ProtectParkingLotRouteValues(parkingLotViewModel);
ParkingLotRequestdetailsModel model = new ParkingLotRequestdetailsModel()
{
ParkingLot = parkingLotViewModel
};
if (model.ParkingLot.ParkingLotImageViewModels.Any())
{
response = _apiHelper.SendApiRequest("", "parkinglot/all-images/" + newId, HttpMethod.Get);
if (response.Success)
{
model.Images = JsonConvert.DeserializeObject <List <string> > (response.Data.ToString());
return(View(model));
}
else
{
ErrorViewModel errorModel = new ErrorViewModel
{
Message = response.Data.ToString()
};
return(View("Error", errorModel));
}
}
else
{
return(View(model));
}
}
else
{
ErrorViewModel model = new ErrorViewModel
{
Message = response.Data.ToString()
};
return(View("Error", model));
}
}
// Wraps the common logic of working with a DataProtector instance.
// 'protect' is TRUE if we're calling Protect, FALSE if we're calling Unprotect.
private byte[] PerformOperation(byte[] data, bool protect)
{
// Since the DataProtector might depend on the impersonated context, we must
// work with it only under app-level impersonation. The idea behind this is
// that if the cryptographic routine is provided by an OS-level implementation
// (like DPAPI), any keys will be locked to the account of the web application
// itself.
//SOURCE_CHANGED
DataProtector dataProtector = null;
try
{
dataProtector = _dataProtectorFactory.GetDataProtector(_purpose);
return((protect) ? dataProtector.Protect(data) : dataProtector.Unprotect(data));
}
finally
{
// These instances are transient
IDisposable disposable = dataProtector as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
private static void TestEncryption()
{
byte[] salt = new byte[] { 65, 61, 53, 222, 105, 5, 199, 241, 213, 56, 19, 120, 251, 37, 66, 185 };
byte[] data = new byte[255];
for (int i = 0; i < data.Length; i++)
{
data[i] = (byte)i;
}
byte[] password = new byte[16];
for (int i = password.Length - 1; i >= 0; i--)
{
password[i] = (byte)i;
}
byte[] encrypted = CryptoUtility.AesEncryption(data, password, salt);
byte[] decrypted = CryptoUtility.AesDecryption(encrypted, password, salt);
if (!decrypted.SequenceEqual(data))
{
throw new ApplicationException("AES encryption test fail");
}
byte[] protectedData = DataProtector.Protect(salt);
byte[] unprotectedData = DataProtector.Unprotect(protectedData);
if (!unprotectedData.SequenceEqual(salt))
{
throw new ApplicationException("Protected data API fail");
}
}
public void DataProtectorWithDifferentEntropy_CannotDecrypt()
{
var entropy2 = new byte[] {7, 8, 9, 10};
var protector2 = new DataProtector(entropy2);
var cypher = _sut.Protect(_userData);
Assert.Throws<CryptographicException>(() => protector2.Unprotect(cypher));
}
public void CanUnprotectValue()
{
var protector = new DataProtector();
var protectedValue = protector.Protect("a value");
var unprotectedValue = protector.Unprotect(protectedValue);
Assert.NotNull(protectedValue);
Assert.That(unprotectedValue, Is.EqualTo("a value"));
}
public IActionResult Index(string userId, string parkingLotId)
{
ErrorViewModel errorModel = new ErrorViewModel();
if (string.IsNullOrEmpty(userId) && string.IsNullOrEmpty(parkingLotId))
{
ResponseDetails response = _apiHelper.SendApiRequest("", "booking/get-all", HttpMethod.Get);
List <BookingViewModel> model = JsonConvert.DeserializeObject <List <BookingViewModel> > (response.Data.ToString());
_dataProtector.ProtectBookingRouteValues(model);
return(View(model));
}
if (!string.IsNullOrEmpty(parkingLotId))
{
int newParkingLotId = _dataProtector.Unprotect(parkingLotId);
ResponseDetails response = _apiHelper.SendApiRequest("", "booking/get/parkingLot/" + newParkingLotId, HttpMethod.Get);
List <BookingViewModel> model = JsonConvert.DeserializeObject <List <BookingViewModel> > (response.Data.ToString());
_dataProtector.ProtectBookingRouteValues(model);
return(View(model));
}
else if (!string.IsNullOrEmpty(userId))
{
int newUserId = _dataProtector.Unprotect(userId);
ResponseDetails response = _apiHelper.SendApiRequest("", "booking/get/user/" + newUserId, HttpMethod.Get);
List <BookingViewModel> model = JsonConvert.DeserializeObject <List <BookingViewModel> > (response.Data.ToString());
_dataProtector.ProtectBookingRouteValues(model);
return(View(model));
}
return(View("Error", errorModel));
}
public IActionResult RemovePost(string roleId)
{
int newId = _dataProtector.Unprotect(roleId);
ResponseDetails response = _apiHelper.SendApiRequest("", "role/remove/" + newId, HttpMethod.Delete);
if (response.Success)
{
return(RedirectToAction("Index"));
}
else
{
ErrorViewModel ErrorModel = new ErrorViewModel()
{
Message = response.Data.ToString()
};
return(View("Error", ErrorModel));
}
}
static string ManuallyDecrypt(string encryptedString, IEnumerable <string> purposes = null)
{
var entropyCreator = new EntropyCreator();
var entropy = entropyCreator.CreateEntropy(purposes);
var protector = new DataProtector(entropy);
var cypher = Convert.FromBase64String(encryptedString);
var userData = protector.Unprotect(cypher);
return(Encoding.UTF8.GetString(userData));
}
public IActionResult ParkingLot(string id)
{
int newId = _dataProtector.Unprotect(id);
ResponseDetails response = _apiHelper.SendApiRequest("", "parkinglot/get/" + newId, HttpMethod.Get);
if (response.Success)
{
ParkingLotViewModel model = JsonConvert.DeserializeObject <ParkingLotViewModel>
(response.Data.ToString());
_dataProtector.ProtectParkingLotRouteValues(model);
model.SlotViewModels = model.SlotViewModels.Select(x =>
{
// populate can book property logic
x.CanBook = CanBookSlot(x);
_dataProtector.ProtectSlotRouteValues(x);
return(x);
}).ToList();
return(View(model));
}
else
{
ErrorViewModel model = new ErrorViewModel
{
Message = response.Data.ToString()
};
return(View("Error", model));
}
}
public IActionResult UpdatePassword(UpdatePasswordViewModel model)
{
if (ModelState.IsValid)
{
string OTP = HttpContext.Session.GetString("OTP");
int plainOTP = _dataProtector.Unprotect(OTP);
HttpContext.Session.Remove("OTP");
if (plainOTP != Convert.ToInt32(model.OTP))
{
ModelState.AddModelError("", "Invalid OTP.");
return(View(model));
}
ChangePasswordModel changePasswordModel = new ChangePasswordModel
{
Email = TempData["Email"].ToString(),
Password = model.Password
};
ResponseDetails response = _apiHelper.SendApiRequest(changePasswordModel, "user/change-password", HttpMethod.Post);
if (response.Success)
{
return(RedirectToAction("Index", "Home"));
}
else
{
ErrorViewModel errorModel = new ErrorViewModel
{
Message = response.Data.ToString()
};
return(View("Error", errorModel));
}
}
else
{
ModelState.AddModelError("", "Validation error.");
}
return(View(model));
}
public void AESEncryption()
{
byte[] salt = new byte[] { 65, 61, 53, 222, 105, 5, 199, 241, 213, 56, 19, 120, 251, 37, 66, 185 };
byte[] data = new byte[255];
for (int i = 0; i < data.Length; i++)
{
data[i] = (byte)i;
}
byte[] password = new byte[16];
for (int i = password.Length - 1; i >= 0; i--)
{
password[i] = (byte)i;
}
byte[] encrypted = CryptoUtility.AesEncryption(data, password, salt);
byte[] decrypted = CryptoUtility.AesDecryption(encrypted, password, salt);
Assert.IsTrue(decrypted.SequenceEqual(data));
byte[] protectedData = DataProtector.Protect(salt);
byte[] unprotectedData = DataProtector.Unprotect(protectedData);
Assert.IsTrue(unprotectedData.SequenceEqual(salt));
}
private byte[] PerformOperation(byte[] data, bool protect)
{
byte[] result;
//using (new ApplicationImpersonationContext())
{
DataProtector dataProtector = null;
try
{
dataProtector = this._dataProtectorFactory.GetDataProtector(this._purpose);
result = (protect ? dataProtector.Protect(data) : dataProtector.Unprotect(data));
}
finally
{
IDisposable disposable = dataProtector as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
return(result);
}
public IActionResult ConfirmEmail(ConfirmEmailModel model)
{
ErrorViewModel errorModel = new ErrorViewModel();
if (model.Id == _tokenDecoder.UserId)
{
string OTP = HttpContext.Session.GetString("OTP");
int plainOTP = _dataProtector.Unprotect(OTP);
HttpContext.Session.Remove("OTP");
if (plainOTP == Convert.ToInt32(model.OTP))
{
ResponseDetails response = _apiHelper.SendApiRequest("", "user/confirm-email/" + _tokenDecoder.UserId, HttpMethod.Post);
if (response.Success)
{
return(RedirectToAction("EmailConfirmed"));
}
else
{
errorModel.Message = response.Data.ToString();
}
}
else
{
errorModel.Message = "Invalid OTP.";
}
}
else
{
errorModel.Message = "It seems like someone is trying to bypass the security";
}
return(View("Error", model));
}
public async Task Register(string @event)
{
Logger.LogInformation(@event);
try
{
var httpContext = Context.GetHttpContext();
var query = httpContext.Request.Query;
if (!query.TryGetValue("api_key", out var values))
{
throw new ArgumentException("Не найден api_key");
}
var apiKey = values.First();
var tenantId = DataProtector.Unprotect(apiKey);
var message = new EventMessage
{
TenantId = Guid.Parse(tenantId),
Event = @event
};
var headers = new CapHeaders
{
MessageKey = tenantId,
EnableIdempotence = true
};
await CapPublisher.PublishAsync(KafkaTopics.Events, message, headers);
}
catch (Exception e)
{
Logger.LogError(e.Message);
throw new Exception("Не удалось обработать эвент", e);
}
}
public async Task <IActionResult> ConfirmCode(
ConfirmCodeViewModel confirmCodeViewModel,
CancellationToken cancellationToken)
{
if (confirmCodeViewModel == null)
{
throw new ArgumentNullException(nameof(confirmCodeViewModel));
}
var user = await SetUser().ConfigureAwait(false);
if (user?.Identity != null && user.Identity.IsAuthenticated)
{
return(RedirectToAction("Index", "User", new { Area = "pwd" }));
}
var authenticatedUser = await _authenticationService
.GetAuthenticatedUser(this, CookieNames.PasswordLessCookieName)
.ConfigureAwait(false);
if (authenticatedUser?.Identity == null || !authenticatedUser.Identity.IsAuthenticated)
{
var message = "SMS authentication cannot be performed";
_logger.LogError(message);
return(SetRedirection(message, Strings.InternalServerError, ErrorCodes.UnhandledExceptionCode));
}
var authenticatedUserClaims = authenticatedUser.Claims.ToArray();
var subject = authenticatedUserClaims.First(c => c.Type == OpenIdClaimTypes.Subject).Value;
var phoneNumber = authenticatedUserClaims.First(c => c.Type == OpenIdClaimTypes.PhoneNumber);
if (confirmCodeViewModel.Action == "resend") // Resend the confirmation code.
{
_ = await _generateAndSendSmsCodeOperation.Execute(phoneNumber.Value, cancellationToken)
.ConfigureAwait(false);
return(Ok(confirmCodeViewModel));
}
// Check the confirmation code.
if (confirmCodeViewModel.ConfirmationCode == null ||
!await _validateConfirmationCode
.Execute(confirmCodeViewModel.ConfirmationCode, subject, cancellationToken)
.ConfigureAwait(false))
{
ModelState.AddModelError("message_error", "Confirmation code is not valid");
return(Ok(confirmCodeViewModel));
}
await _authenticationService.SignOutAsync(
HttpContext,
CookieNames.PasswordLessCookieName,
new AuthenticationProperties())
.ConfigureAwait(false);
var resourceOwnerOption =
await _getUserOperation.Execute(authenticatedUser, cancellationToken).ConfigureAwait(false);
if (resourceOwnerOption is Option <ResourceOwner> .Error e)
{
return(SetRedirection(e.Details.Detail, e.Details.Status.ToString(), e.Details.Title));
}
var resourceOwner = (resourceOwnerOption as Option <ResourceOwner> .Result) !.Item;
if (!string.IsNullOrWhiteSpace(resourceOwner.TwoFactorAuthentication)) // Execute TWO Factor authentication
{
try
{
await SetTwoFactorCookie(authenticatedUserClaims).ConfigureAwait(false);
await _generateAndSendSmsCodeOperation.Execute(phoneNumber.Value, cancellationToken)
.ConfigureAwait(false);
return(RedirectToAction("SendCode", new { code = confirmCodeViewModel.Code }));
}
catch (ClaimRequiredException)
{
return(RedirectToAction("SendCode", new { code = confirmCodeViewModel.Code }));
}
catch (Exception)
{
ModelState.AddModelError("message_error", "Two factor authenticator is not properly configured");
return(Ok(confirmCodeViewModel));
}
}
if (!string.IsNullOrWhiteSpace(confirmCodeViewModel.Code)) // Execute OPENID workflow
{
var request = DataProtector.Unprotect <AuthorizationRequest>(confirmCodeViewModel.Code);
await SetLocalCookie(authenticatedUserClaims, request.session_id !).ConfigureAwait(false);
var issuerName = Request.GetAbsoluteUriWithVirtualPath();
var actionResult = await _authenticateHelper.ProcessRedirection(
request.ToParameter(),
confirmCodeViewModel.Code,
subject,
authenticatedUserClaims,
issuerName,
cancellationToken)
.ConfigureAwait(false);
var result = actionResult.CreateRedirectionFromActionResult(request, _logger);
if (result != null)
{
await LogAuthenticateUser(resourceOwner !.Subject !, actionResult.Amr !).ConfigureAwait(false);
return(result);
}
}
await SetLocalCookie(authenticatedUserClaims, Id.Create())
.ConfigureAwait(false); // Authenticate the resource owner
var modelCode = string.IsNullOrWhiteSpace(confirmCodeViewModel.Code)
? confirmCodeViewModel.ConfirmationCode
: confirmCodeViewModel.Code;
if (!string.IsNullOrWhiteSpace(modelCode))
{
await _confirmationCodeStore.Remove(modelCode, subject, cancellationToken).ConfigureAwait(false);
}
return(RedirectToAction("Index", "User", new { Area = "pwd" }));
}
public async Task <IActionResult> LocalLoginOpenId(
OpenidLocalAuthenticationViewModel viewModel,
CancellationToken cancellationToken)
{
if (viewModel == null)
{
throw new ArgumentNullException(nameof(viewModel));
}
if (string.IsNullOrWhiteSpace(viewModel.Code))
{
throw new ArgumentException(Strings.MissingValues, nameof(viewModel));
}
await SetUser().ConfigureAwait(false);
// 1. Decrypt the request
var request = DataProtector.Unprotect <AuthorizationRequest>(viewModel.Code);
// 3. Check the state of the view model
if (!ModelState.IsValid)
{
await SetIdProviders(viewModel).ConfigureAwait(false);
RouteData.Values["view"] = "OpenId";
return(Ok(viewModel));
}
// 4. Local authentication
var issuerName = Request.GetAbsoluteUriWithVirtualPath();
var actionResult = await _localOpenIdAuthentication.Execute(
new LocalAuthenticationParameter { UserName = viewModel.Login, Password = viewModel.Password },
request.ToParameter(),
viewModel.Code,
issuerName,
cancellationToken)
.ConfigureAwait(false);
if (actionResult.ErrorMessage == null)
{
var subject = actionResult.Claims.First(c => c.Type == OpenIdClaimTypes.Subject).Value;
// 5. Two factor authentication.
if (!string.IsNullOrWhiteSpace(actionResult.TwoFactor))
{
try
{
await SetTwoFactorCookie(actionResult.Claims).ConfigureAwait(false);
await SendCode(subject, cancellationToken).ConfigureAwait(false);
return(RedirectToAction("SendCode", new { code = viewModel.Code }));
}
catch (ClaimRequiredException cre)
{
await _eventPublisher.Publish(
new SimpleAuthError(
Id.Create(),
cre.Code,
cre.Message,
string.Empty,
DateTimeOffset.UtcNow))
.ConfigureAwait(false);
return(RedirectToAction("SendCode", new { code = viewModel.Code }));
}
catch (Exception ex)
{
await _eventPublisher.Publish(
new SimpleAuthError(
Id.Create(),
ex.Message,
ex.Message,
string.Empty,
DateTimeOffset.UtcNow))
.ConfigureAwait(false);
ModelState.AddModelError(
InvalidCredentials,
"Two factor authenticator is not properly configured");
}
}
else
{
// 6. Authenticate the user by adding a cookie
await SetLocalCookie(actionResult.Claims, request.session_id !).ConfigureAwait(false);
// 7. Redirect the user agent
var endpointResult = actionResult.EndpointResult !;
var result = endpointResult.CreateRedirectionFromActionResult(request, _logger);
if (result != null)
{
await LogAuthenticateUser(subject, endpointResult.Amr !).ConfigureAwait(false);
return(result);
}
}
}
else
{
await _eventPublisher.Publish(
new SimpleAuthError(
Id.Create(),
ErrorCodes.InvalidRequest,
actionResult.ErrorMessage,
string.Empty,
DateTimeOffset.UtcNow))
.ConfigureAwait(false);
ModelState.AddModelError(InvalidCredentials, actionResult.ErrorMessage);
}
await SetIdProviders(viewModel).ConfigureAwait(false);
RouteData.Values["view"] = "OpenId";
return(Ok(viewModel));
}
public void UnprotectNullValueReturnsNull()
{
var protector = new DataProtector();
Assert.IsNull(protector.Unprotect(null));
}
private string UnprotectString(string str)
{
return(Encoding.UTF8.GetString(DataProtector.Unprotect(Convert.FromBase64String(str))));
}
