Example #1
0
        private bool IsAuthenticateUserWithToken(HttpContextBase context, out int UserId)
        {
            UserId = -1;
            if (!context.Request.Headers.AllKeys.Contains("VpnAuthToken", StringComparer.OrdinalIgnoreCase))
            {
                return(false);
            }
            if (!context.Request.Headers.AllKeys.Contains("VpnUserId", StringComparer.OrdinalIgnoreCase))
            {
                return(false);
            }

            string token = context.Request.Headers["VpnAuthToken"];
            int    uid   = -1;

            int.TryParse(context.Request.Headers["VpnUserId"], out uid);
            var api  = new LibLogic.Accounts.UserApiTokens();
            var data = api.Retrieve(uid);

            if (data.Token1 != token)
            {
                LibLogic.Helpers.Logging.Log("data.Token1 != token", false);
                return(false);
            }

            if (data.Token1ExpireTime <= DateTime.UtcNow)
            {
                LibLogic.Helpers.Logging.Log("data.Token1ExpireTime <= DateTime.UtcNow", false);
                return(false);
            }

            UserId = uid;
            return(true);
        }
Example #2
0
        public ContentResult Auth()
        {
            // LibLogic.DTO.ApiAuthResponse results;

            try
            {
                if (!HttpContext.Request.Headers.AllKeys.Contains("Authorization", StringComparer.OrdinalIgnoreCase))
                {
                    HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.Forbidden;
                    return(Content("Authorization not sent"));
                }

                string authHeader = HttpContext.Request.Headers["Authorization"];
                var    creds      = ParseAuthHeader(authHeader);


                var login = new LibLogic.Login(creds[0], creds[1]);


                try
                {
                    login.Execute();
                }
                catch (LibLogic.Exceptions.InvalidDataException ex)
                {
                    HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.InternalServerError;
                    LibLogic.Helpers.Logging.Log(ex);
                    return(Content("InternalServerError"));
                }


                if (!login.LoggedIn)
                {
                    HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.Forbidden;
                    return(Content("Unauthorized"));
                }
                sessionVars.LoggedIn = login.LoggedIn;
                sessionVars.IsAdmin  = login.IsAdmin;
                sessionVars.UserId   = login.UserId;
                sessionVars.Username = login.Username;



                var toks    = new LibLogic.Accounts.UserApiTokens();
                var tokData = toks.Retrieve(login.UserId);

                var results = new LibLogic.DTO.ApiAuthResponse()
                {
                    Token1          = tokData.Token1,
                    Token2          = tokData.Token2,
                    Token1ExpireUtc = tokData.Token1ExpireTime,
                    Token2ExpireUtc = tokData.Token2ExpireTime,
                    UserId          = sessionVars.UserId
                };

                var json = Newtonsoft.Json.JsonConvert.SerializeObject(results);

                HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.OK;
                return(Content(json));
            }
            catch (Exception ex)
            {
                Response.StatusCode = (int)System.Net.HttpStatusCode.InternalServerError;
                LibLogic.Helpers.Logging.Log(ex);
                return(Content("InternalServerError"));
            }
        }