/// <summary>
/// 登录
/// </summary>
/// <returns></returns>
public async Task Login()
{
var login = new LoginRequestBody
{
UserID = Convert.ToUInt32(Extension.ReadInput("请输入用户Id: ", true, "001")),
Password = Extension.ReadPassword("请输入密码: "),
Msg_GnsscenterID = Convert.ToUInt32(Extension.ReadInput("请输入下级平台接入码: ", true, Config.GnsscenterID.ToString())),
Down_link_IP = Extension.ReadInput("请输入下级平台提供对应的从链路服务端IP地址: ", true, "127.0.0.1"),
Down_link_Port = Convert.ToUInt16(Extension.ReadInput("请输入下级平台提供对应的从链路服务端口号: ", true, "4040"))
};
try
{
Logger.Log(
NLog.LogLevel.Trace,
LogType.系统跟踪,
$"发送登录信息, " +
$"\r\t\nServer: {Config.ServerHost}:{Config.ServerPort}.");
await SendAsync(login);
}
catch (Exception ex)
{
Logger.Log(
NLog.LogLevel.Error,
LogType.系统异常,
$"发送登录信息时异常, " +
$"\r\t\nServer: {Config.ServerHost}:{Config.ServerPort}.",
null,
ex);
}
}
public JsonResult Login(LoginRequestBody body)
{
User user = new User();
ResponseTemplate response = null;
if (!user.CheckIfEmailExist(body.Email))
{
response = new ResponseTemplate
{
Status = "404",
Message = "No User is registered with the email given."
};
return(Json(response));
}
user.RetrieveUserByEmail(body.Email);
if (SingletonObjects.Hasher.CompareHash(user.Password.ToString(), Encoding.UTF8.GetBytes(body.Password.ToString())))
{
response = new ResponseTemplate
{
Status = "200",
Message = "Success"
};
Session.Add("User", user.UserGUID.ToString());
}
else
{
response = new ResponseTemplate
{
Status = "400",
Message = "Password is Incorrect"
};
}
return(Json(response));
}
public TyphenApi.WebApiRequest <TyphenApi.Type.Submarine.LoginObject, TyphenApi.Type.Submarine.Error> Login(string auth_token)
{
var requestBody = new LoginRequestBody();
requestBody.AuthToken = auth_token;
var request = new TyphenApi.WebApiRequest <TyphenApi.Type.Submarine.LoginObject, TyphenApi.Type.Submarine.Error>(this);
request.Uri = new Uri(BaseUri, "login");
request.Method = HttpMethod.Post;
request.Body = requestBody;
request.NoAuthenticationRequired = true;
return(request);
}
public async Task <IActionResult> Login([EmailAddress, MaxLength(100)] string email_address, [Required, MaxLength(20)] string client,
[FromBody] LoginRequestBody body)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
// Get the entities.
Alias alias = await ef.Aliases
.Include(a => a.Being).ThenInclude(b => b.Clients)
.FirstOrDefaultAsync(a => a.EmailAddress == email_address);
Being being = alias?.Being;
if (being == null || !being.Clients.Any(c => c.ClientName == client))
{
return(NotFound());
}
// Check the number of consecutive failures.
DateTime period_start = now.UtcNow.AddMinutes(-1 * config.GetValue <double>("LockoutPeriodMins"));
int consecutive_failures = await ef.LoginAttempts
.Where(a => a.Alias.BeingID == being.BeingID &&
a.DateCreated >= period_start &&
!a.Success &&
!ef.LoginAttempts.Any(a2 => a2.Alias.BeingID == being.BeingID &&
a2.LoginAttemptID > a.LoginAttemptID &&
a2.Success))
.CountAsync();
if (consecutive_failures >= config.GetValue <int>("MaxFailedLoginsBeforeLockout"))
{
return(StatusCode(StatusCodes.Status503ServiceUnavailable));
}
// Check the password.
bool password_ok = Sha512Util.TestPassword(body.password, being.SaltedHashedPassword);
// Log the attempt.
ef.LoginAttempts.Add(new LoginAttempt
{
AliasID = alias.AliasID,
Success = password_ok,
ClientName = client
});
await ef.SaveChangesAsync();
return(password_ok ? (IActionResult)NoContent() : Unauthorized());
}
public SaveSessionResults SaveSession(LoginRequestBody login, IPAddress clientIp)
{
if (login != null && login.SessionId != null && login.SessionId.Length > 0)
{
var session = GetSession(login.SessionId, clientIp);
if (session != null && session.Data != null)
{
byte[] key = null;
byte[] mPwd = null;
try
{
key = generateSessionKey(session);
try
{
mPwd = AES256.DecryptToByteArray(login.Password, key);
}
catch (CryptographicException)
{
return(SaveSessionResults.InvalidPassword);
}
if (session.Data.IsOriginalPassword(mPwd))
{
saveSessionData(session, mPwd, key);
return(SaveSessionResults.Success);
}
else
{
return(SaveSessionResults.OriginalPasswordDiffers);
}
}
finally
{
// The byte array might already be cleared but it
// doesn't hurt to do it more than one time.
if (mPwd != null)
{
Array.Clear(mPwd, 0, mPwd.Length);
}
if (key != null)
{
Array.Clear(key, 0, key.Length);
}
}
}
}
// Could also mean invalid IP address in this case.
return(SaveSessionResults.InvalidSession);
}
public async Task <string> Login(LoginRequestBody requestBody)
{
var request = new LoginRequest
{
Body = requestBody
};
var client = await Connect();
var responseResult = (await client.LoginAsync(request))?.Body.LoginResult ??
(await client.LoginAsync(request))?.Body.userID;
if (!string.IsNullOrEmpty(responseResult))
{
((IClientChannel)client).Close();
}
return(responseResult);
}
public JsonResult Save([FromBody] LoginRequestBody login)
{
// Attempt to save the password data file opened for
// the session to disk.
// This is very similar to logging in as we got the
// master password in the request.
// Check if the password is the original one, return
// a 401 if not.
// At some point things got crazy and most of this
// method got moved to SessionManager.SaveSession.
if (login != null && login.Password != null && login.Password.Length > 0)
{
try
{
var result = _sessionManager.SaveSession(
login,
Request.HttpContext.Connection.RemoteIpAddress
);
switch (result)
{
case SaveSessionResults.OriginalPasswordDiffers:
var res = new JsonResult(new { result = "Original password differs" });
res.StatusCode = 401;
return(res);
case SaveSessionResults.Success:
return(ApiController.success());
}
}
catch (Exception ex)
{
Console.Error.WriteLine("Error when saving session");
Console.Error.WriteLine(ex.StackTrace);
Console.Error.WriteLine(ex.ToString());
return(ApiController.serverError());
}
}
return(ApiController.nonAuthorized());
}
public JsonResult Login([FromBody] LoginRequestBody login)
{
// - Check that the session exists
// - Check that it's valid for current IP address
// -> We then need to call something that will decrypt the file and
// re-encrypt it in the session memory - Try catch that appropriately
// See JS function postLogin in api.js as to what is going
// to use this endpoint.
var res = new JsonResult(null);
try
{
// Check if the request body is valid:
if (login != null)
{
var result = _sessionManager.OpenSession(
login,
Request.HttpContext.Connection.RemoteIpAddress
);
// We should consider invalid IP address and invalid session to be
// the same thing as far as the result status goes.
switch (result)
{
case OpenSessionResult.DataFileError:
case OpenSessionResult.InvalidPasswordOrFSError:
res.Value = new { result = "Invalid password or data file error" };
res.StatusCode = 403;
break;
case OpenSessionResult.InvalidSessionId:
res.Value = new { result = "Invalid session ID" };
res.StatusCode = 401;
break;
case OpenSessionResult.Success:
res.Value = new { result = "Success" };
res.StatusCode = 200;
break;
default:
res.Value = new { result = "Unknown error" };
res.StatusCode = 403;
break;
}
}
else
{
res.Value = new { result = "Invalid arguments" };
res.StatusCode = 400;
}
}
catch (Exception ex)
{
Console.Error.WriteLine("Error when opening session");
Console.Error.WriteLine(ex.StackTrace);
Console.Error.WriteLine(ex.ToString());
res.Value = new { result = "Server error" };
res.StatusCode = 500;
}
return(res);
}
public IHttpActionResult Login([FromBody] LoginRequestBody login)
{
using (var db = new NovaStudyModel())
{
}
}
public OpenSessionResult OpenSession(LoginRequestBody login, IPAddress clientIp)
{
// Check if we got that session.
// Trying to get something that doesn't exist from
// a dictionnary throws exceptions. We should actually
// do that to be completely thread safe.
if (Sessions.ContainsKey(login.SessionId))
{
var sess = Sessions[login.SessionId];
// Check if the IP address is correct:
if (sess.ClientIp.Equals(clientIp))
{
// Now try to load the file into the session with
// the decrypted password from it:
if (login.DataFile >= 0 && _dataFiles.Count >= login.DataFile)
{
sess.Data = new PasswordManagerData(getFullDataPath(_dataFiles[login.DataFile]));
byte[] mPwd = null;
byte[] dKey = null;
try
{
dKey = generateSessionKey(sess);
mPwd = AES256.DecryptToByteArray(login.Password, dKey);
sess.Data.ReadFromFile(mPwd, dKey);
_notificationManager.NotifyMostChannels(
NotificationManager.CauseLoginSuccess,
"Successful login",
null,
clientIp
);
return(OpenSessionResult.Success);
}
catch (Exception ex)
{
Console.Error.WriteLine($"Password Data File processing error: {ex.ToString()}");
sess.Data = null;
_notificationManager.NotifyMostChannels(
NotificationManager.CauseLoginFailure,
"Failed login attempt",
null,
clientIp
);
return(OpenSessionResult.InvalidPasswordOrFSError);
}
finally
{
// This is a little redundant.
if (mPwd != null)
{
HashUtils.ClearByteArray(mPwd);
}
if (dKey != null)
{
HashUtils.ClearByteArray(dKey);
}
}
}
else
{
return(OpenSessionResult.DataFileError);
}
}
else
{
_notificationManager.NotifyMostChannels(
NotificationManager.CauseLoginFailure,
"Login attempt with IP address different from session",
null,
clientIp
);
return(OpenSessionResult.IpAddressNotAllowed);
}
}
else
{
_notificationManager.NotifyMostChannels(
NotificationManager.CauseLoginFailure,
"Login attempt with wrong session ID or sequence",
login.SessionId,
clientIp
);
return(OpenSessionResult.InvalidSessionId);
}
}
