/// <summary> /// Create a Login resource. /// </summary> /// <param name="user">the user to log in</param> /// <param name="baseAddress">the host to log into</param> /// <param name="lang">the culture to retrieve login info into (fr-FR or en-US)</param> /// <returns>a login object with credential headers and a User with its Clients</returns> public async static Task <object> Login(User user, string baseAddress, string lang) { if (user == null || user.Password == null) { throw new HttpResponseException(HttpStatusCode.BadRequest); } CulturalEnumStringConverter.Culture = new CultureInfo(lang); string hashedPassword = HashManager.GetHash(user.Password); user.Password = hashedPassword; User seekedUser = await _findUser(user.Login); if (seekedUser == null || hashedPassword != seekedUser.Password) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } await _removeLogout(seekedUser.Login); Random r1 = new Random(159736545); Random r2 = new Random(1892344171); seekedUser.Password = null; return(new { a2un = string.Format("{0}.{1}.{2}", string.Format("{0:X12}", r1.Next(0x5F4A2C3)), string.Format("{0:X18}", r1.Next(0x5FDA6C1)), string.Format("{0:X22}", r1.Next(0x5F1C2C3))), az4s = JsonWebTokenManager.CreateToken(user.Login, "user", baseAddress), e7gu = string.Format("{0}.{1}.{2}", string.Format("{0:X12}", r2.Next(0x5F4A2C3)), string.Format("{0:X18}", r2.Next(0x5FDA6C1)), string.Format("{0:X22}", r2.Next(0x5F1C2C3))), user = seekedUser, ranges = await RangeService.GetAllRanges(lang) }); }
/// <summary> /// Check the request's token, and if it's a valid jwt token, send the request through next handler down to the controller. /// </summary> /// <param name="request">the http request</param> /// <param name="cancellationToken">a token to cancel the request from another thread</param> /// <returns></returns> protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { string requestRouteTemplate = request.RequestUri.PathAndQuery.Substring(1); string key = "az4s"; string key2 = "a2un"; string key3 = "e7gu"; string unauthorizedMessage = "Unauthorized request"; string [] freeRoutes = { "api/login", "api/registration" }; if (Array.Find <string>(freeRoutes, s => s == requestRouteTemplate) != null) { return(await base.SendAsync(request, cancellationToken)); } if (!request.Headers.Contains(key) || !request.Headers.Contains(key2) || !request.Headers.Contains(key3)) { return(request.CreateErrorResponse(HttpStatusCode.Unauthorized, unauthorizedMessage)); } try { ClaimsPrincipal identifiedUser = JsonWebTokenManager.ValidateToken(request.Headers.GetValues(key).ElementAt(0), request.RequestUri.Scheme + "://" + request.RequestUri.Host); if (identifiedUser == null) { return(request.CreateErrorResponse(HttpStatusCode.Unauthorized, unauthorizedMessage)); } if (await UserService.HasLoggedOut(identifiedUser)) { // we do not throw a SecurityTokenExpiredException as Exception catching is time consumming return(request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Timeout")); } User currentUser = await UserService.GetUser(identifiedUser); request.GetRequestContext().Principal = identifiedUser; request.Properties.Add("User", currentUser); return(await base.SendAsync(request, cancellationToken)); } catch (SecurityTokenExpiredException) { return(request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Timeout")); } catch (SecurityTokenValidationException) { return(request.CreateErrorResponse(HttpStatusCode.Unauthorized, unauthorizedMessage)); } }