/// <summary> /// 登录 /// </summary> /// <returns></returns> public async Task Login() { var login = new LoginRequestBody { UserID = Convert.ToUInt32(Extension.ReadInput("请输入用户Id: ", true, "001")), Password = Extension.ReadPassword("请输入密码: "), Msg_GnsscenterID = Convert.ToUInt32(Extension.ReadInput("请输入下级平台接入码: ", true, Config.GnsscenterID.ToString())), Down_link_IP = Extension.ReadInput("请输入下级平台提供对应的从链路服务端IP地址: ", true, "127.0.0.1"), Down_link_Port = Convert.ToUInt16(Extension.ReadInput("请输入下级平台提供对应的从链路服务端口号: ", true, "4040")) }; try { Logger.Log( NLog.LogLevel.Trace, LogType.系统跟踪, $"发送登录信息, " + $"\r\t\nServer: {Config.ServerHost}:{Config.ServerPort}."); await SendAsync(login); } catch (Exception ex) { Logger.Log( NLog.LogLevel.Error, LogType.系统异常, $"发送登录信息时异常, " + $"\r\t\nServer: {Config.ServerHost}:{Config.ServerPort}.", null, ex); } }
public JsonResult Login(LoginRequestBody body) { User user = new User(); ResponseTemplate response = null; if (!user.CheckIfEmailExist(body.Email)) { response = new ResponseTemplate { Status = "404", Message = "No User is registered with the email given." }; return(Json(response)); } user.RetrieveUserByEmail(body.Email); if (SingletonObjects.Hasher.CompareHash(user.Password.ToString(), Encoding.UTF8.GetBytes(body.Password.ToString()))) { response = new ResponseTemplate { Status = "200", Message = "Success" }; Session.Add("User", user.UserGUID.ToString()); } else { response = new ResponseTemplate { Status = "400", Message = "Password is Incorrect" }; } return(Json(response)); }
public TyphenApi.WebApiRequest <TyphenApi.Type.Submarine.LoginObject, TyphenApi.Type.Submarine.Error> Login(string auth_token) { var requestBody = new LoginRequestBody(); requestBody.AuthToken = auth_token; var request = new TyphenApi.WebApiRequest <TyphenApi.Type.Submarine.LoginObject, TyphenApi.Type.Submarine.Error>(this); request.Uri = new Uri(BaseUri, "login"); request.Method = HttpMethod.Post; request.Body = requestBody; request.NoAuthenticationRequired = true; return(request); }
public async Task <IActionResult> Login([EmailAddress, MaxLength(100)] string email_address, [Required, MaxLength(20)] string client, [FromBody] LoginRequestBody body) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } // Get the entities. Alias alias = await ef.Aliases .Include(a => a.Being).ThenInclude(b => b.Clients) .FirstOrDefaultAsync(a => a.EmailAddress == email_address); Being being = alias?.Being; if (being == null || !being.Clients.Any(c => c.ClientName == client)) { return(NotFound()); } // Check the number of consecutive failures. DateTime period_start = now.UtcNow.AddMinutes(-1 * config.GetValue <double>("LockoutPeriodMins")); int consecutive_failures = await ef.LoginAttempts .Where(a => a.Alias.BeingID == being.BeingID && a.DateCreated >= period_start && !a.Success && !ef.LoginAttempts.Any(a2 => a2.Alias.BeingID == being.BeingID && a2.LoginAttemptID > a.LoginAttemptID && a2.Success)) .CountAsync(); if (consecutive_failures >= config.GetValue <int>("MaxFailedLoginsBeforeLockout")) { return(StatusCode(StatusCodes.Status503ServiceUnavailable)); } // Check the password. bool password_ok = Sha512Util.TestPassword(body.password, being.SaltedHashedPassword); // Log the attempt. ef.LoginAttempts.Add(new LoginAttempt { AliasID = alias.AliasID, Success = password_ok, ClientName = client }); await ef.SaveChangesAsync(); return(password_ok ? (IActionResult)NoContent() : Unauthorized()); }
public SaveSessionResults SaveSession(LoginRequestBody login, IPAddress clientIp) { if (login != null && login.SessionId != null && login.SessionId.Length > 0) { var session = GetSession(login.SessionId, clientIp); if (session != null && session.Data != null) { byte[] key = null; byte[] mPwd = null; try { key = generateSessionKey(session); try { mPwd = AES256.DecryptToByteArray(login.Password, key); } catch (CryptographicException) { return(SaveSessionResults.InvalidPassword); } if (session.Data.IsOriginalPassword(mPwd)) { saveSessionData(session, mPwd, key); return(SaveSessionResults.Success); } else { return(SaveSessionResults.OriginalPasswordDiffers); } } finally { // The byte array might already be cleared but it // doesn't hurt to do it more than one time. if (mPwd != null) { Array.Clear(mPwd, 0, mPwd.Length); } if (key != null) { Array.Clear(key, 0, key.Length); } } } } // Could also mean invalid IP address in this case. return(SaveSessionResults.InvalidSession); }
public async Task <string> Login(LoginRequestBody requestBody) { var request = new LoginRequest { Body = requestBody }; var client = await Connect(); var responseResult = (await client.LoginAsync(request))?.Body.LoginResult ?? (await client.LoginAsync(request))?.Body.userID; if (!string.IsNullOrEmpty(responseResult)) { ((IClientChannel)client).Close(); } return(responseResult); }
public JsonResult Save([FromBody] LoginRequestBody login) { // Attempt to save the password data file opened for // the session to disk. // This is very similar to logging in as we got the // master password in the request. // Check if the password is the original one, return // a 401 if not. // At some point things got crazy and most of this // method got moved to SessionManager.SaveSession. if (login != null && login.Password != null && login.Password.Length > 0) { try { var result = _sessionManager.SaveSession( login, Request.HttpContext.Connection.RemoteIpAddress ); switch (result) { case SaveSessionResults.OriginalPasswordDiffers: var res = new JsonResult(new { result = "Original password differs" }); res.StatusCode = 401; return(res); case SaveSessionResults.Success: return(ApiController.success()); } } catch (Exception ex) { Console.Error.WriteLine("Error when saving session"); Console.Error.WriteLine(ex.StackTrace); Console.Error.WriteLine(ex.ToString()); return(ApiController.serverError()); } } return(ApiController.nonAuthorized()); }
public JsonResult Login([FromBody] LoginRequestBody login) { // - Check that the session exists // - Check that it's valid for current IP address // -> We then need to call something that will decrypt the file and // re-encrypt it in the session memory - Try catch that appropriately // See JS function postLogin in api.js as to what is going // to use this endpoint. var res = new JsonResult(null); try { // Check if the request body is valid: if (login != null) { var result = _sessionManager.OpenSession( login, Request.HttpContext.Connection.RemoteIpAddress ); // We should consider invalid IP address and invalid session to be // the same thing as far as the result status goes. switch (result) { case OpenSessionResult.DataFileError: case OpenSessionResult.InvalidPasswordOrFSError: res.Value = new { result = "Invalid password or data file error" }; res.StatusCode = 403; break; case OpenSessionResult.InvalidSessionId: res.Value = new { result = "Invalid session ID" }; res.StatusCode = 401; break; case OpenSessionResult.Success: res.Value = new { result = "Success" }; res.StatusCode = 200; break; default: res.Value = new { result = "Unknown error" }; res.StatusCode = 403; break; } } else { res.Value = new { result = "Invalid arguments" }; res.StatusCode = 400; } } catch (Exception ex) { Console.Error.WriteLine("Error when opening session"); Console.Error.WriteLine(ex.StackTrace); Console.Error.WriteLine(ex.ToString()); res.Value = new { result = "Server error" }; res.StatusCode = 500; } return(res); }
public IHttpActionResult Login([FromBody] LoginRequestBody login) { using (var db = new NovaStudyModel()) { } }
public OpenSessionResult OpenSession(LoginRequestBody login, IPAddress clientIp) { // Check if we got that session. // Trying to get something that doesn't exist from // a dictionnary throws exceptions. We should actually // do that to be completely thread safe. if (Sessions.ContainsKey(login.SessionId)) { var sess = Sessions[login.SessionId]; // Check if the IP address is correct: if (sess.ClientIp.Equals(clientIp)) { // Now try to load the file into the session with // the decrypted password from it: if (login.DataFile >= 0 && _dataFiles.Count >= login.DataFile) { sess.Data = new PasswordManagerData(getFullDataPath(_dataFiles[login.DataFile])); byte[] mPwd = null; byte[] dKey = null; try { dKey = generateSessionKey(sess); mPwd = AES256.DecryptToByteArray(login.Password, dKey); sess.Data.ReadFromFile(mPwd, dKey); _notificationManager.NotifyMostChannels( NotificationManager.CauseLoginSuccess, "Successful login", null, clientIp ); return(OpenSessionResult.Success); } catch (Exception ex) { Console.Error.WriteLine($"Password Data File processing error: {ex.ToString()}"); sess.Data = null; _notificationManager.NotifyMostChannels( NotificationManager.CauseLoginFailure, "Failed login attempt", null, clientIp ); return(OpenSessionResult.InvalidPasswordOrFSError); } finally { // This is a little redundant. if (mPwd != null) { HashUtils.ClearByteArray(mPwd); } if (dKey != null) { HashUtils.ClearByteArray(dKey); } } } else { return(OpenSessionResult.DataFileError); } } else { _notificationManager.NotifyMostChannels( NotificationManager.CauseLoginFailure, "Login attempt with IP address different from session", null, clientIp ); return(OpenSessionResult.IpAddressNotAllowed); } } else { _notificationManager.NotifyMostChannels( NotificationManager.CauseLoginFailure, "Login attempt with wrong session ID or sequence", login.SessionId, clientIp ); return(OpenSessionResult.InvalidSessionId); } }