/// <summary>
/// Create a Login resource.
/// </summary>
/// <param name="user">the user to log in</param>
/// <param name="baseAddress">the host to log into</param>
/// <param name="lang">the culture to retrieve login info into (fr-FR or en-US)</param>
/// <returns>a login object with credential headers and a User with its Clients</returns>
public async static Task <object> Login(User user, string baseAddress, string lang)
{
if (user == null || user.Password == null)
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
CulturalEnumStringConverter.Culture = new CultureInfo(lang);
string hashedPassword = HashManager.GetHash(user.Password);
user.Password = hashedPassword;
User seekedUser = await _findUser(user.Login);
if (seekedUser == null || hashedPassword != seekedUser.Password)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
await _removeLogout(seekedUser.Login);
Random r1 = new Random(159736545);
Random r2 = new Random(1892344171);
seekedUser.Password = null;
return(new
{
a2un = string.Format("{0}.{1}.{2}", string.Format("{0:X12}", r1.Next(0x5F4A2C3)), string.Format("{0:X18}", r1.Next(0x5FDA6C1)), string.Format("{0:X22}", r1.Next(0x5F1C2C3))),
az4s = JsonWebTokenManager.CreateToken(user.Login, "user", baseAddress),
e7gu = string.Format("{0}.{1}.{2}", string.Format("{0:X12}", r2.Next(0x5F4A2C3)), string.Format("{0:X18}", r2.Next(0x5FDA6C1)), string.Format("{0:X22}", r2.Next(0x5F1C2C3))),
user = seekedUser,
ranges = await RangeService.GetAllRanges(lang)
});
}
/// <summary>
/// Check the request's token, and if it's a valid jwt token, send the request through next handler down to the controller.
/// </summary>
/// <param name="request">the http request</param>
/// <param name="cancellationToken">a token to cancel the request from another thread</param>
/// <returns></returns>
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
string requestRouteTemplate = request.RequestUri.PathAndQuery.Substring(1);
string key = "az4s";
string key2 = "a2un";
string key3 = "e7gu";
string unauthorizedMessage = "Unauthorized request";
string [] freeRoutes = { "api/login", "api/registration" };
if (Array.Find <string>(freeRoutes, s => s == requestRouteTemplate) != null)
{
return(await base.SendAsync(request, cancellationToken));
}
if (!request.Headers.Contains(key) || !request.Headers.Contains(key2) || !request.Headers.Contains(key3))
{
return(request.CreateErrorResponse(HttpStatusCode.Unauthorized, unauthorizedMessage));
}
try
{
ClaimsPrincipal identifiedUser = JsonWebTokenManager.ValidateToken(request.Headers.GetValues(key).ElementAt(0), request.RequestUri.Scheme + "://" + request.RequestUri.Host);
if (identifiedUser == null)
{
return(request.CreateErrorResponse(HttpStatusCode.Unauthorized, unauthorizedMessage));
}
if (await UserService.HasLoggedOut(identifiedUser))
{
// we do not throw a SecurityTokenExpiredException as Exception catching is time consumming
return(request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Timeout"));
}
User currentUser = await UserService.GetUser(identifiedUser);
request.GetRequestContext().Principal = identifiedUser;
request.Properties.Add("User", currentUser);
return(await base.SendAsync(request, cancellationToken));
}
catch (SecurityTokenExpiredException)
{
return(request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Timeout"));
}
catch (SecurityTokenValidationException)
{
return(request.CreateErrorResponse(HttpStatusCode.Unauthorized, unauthorizedMessage));
}
}
