public object Post(LoginRequestWithCredentials LoginDetails)
{
Uri referrerURI = Request.GetReferrerURI();
Uri current = new Uri(Request.AbsoluteUri);
string userPassword = LoginDetails.password;
//unset the password so we can use the LoginDetails in the resulting display if there is an error
LoginDetails.password = null;
Request.Items.Add("Model", LoginDetails);
//CRSF protection
if (!referrerURI.SchemeHostPathMatch(current))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", LoginDetails);
}
if (string.IsNullOrWhiteSpace(LoginDetails.username) || string.IsNullOrWhiteSpace(userPassword))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Missing Username or Password", LoginDetails);
}
OAuth2.DataModels.ResourceOwner owner = null;
List <SWGEmuAPI.Model.Account.AccountResponse> accounts = AccountModel.GetAccount(LoginDetails.username, userPassword);
if (accounts == null || accounts.Count == 0)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Username or Password", LoginDetails);
}
try
{
owner = ResourceOwnerModel.CreateOrUpdateFromAccountModel(accounts.FirstOrDefault());
}
catch (System.Data.Common.DbException dbex)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error Storing Resource Owner Details", LoginDetails, null, dbex);
}
Session.Set <OAuth2.DataModels.ResourceOwner>("AuthResourceOwner", owner);
Uri redirectURI = null;
bool valid = Uri.TryCreate(LoginDetails.redirect, UriKind.RelativeOrAbsolute, out redirectURI);
if (!valid || (redirectURI.IsAbsoluteUri && current.Host != redirectURI.Host))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", LoginDetails);
}
return(new HttpResult(LoginDetails)
{
StatusCode = System.Net.HttpStatusCode.Redirect,
Headers = { { HttpHeaders.Location, LoginDetails.redirect } },
});
}
public object Get(ApprovalRequest ApprovalRequest)
{
Uri redirectURI = null;
Uri current = new Uri(Request.AbsoluteUri);
ApprovalData data = new ApprovalData();
if (!Uri.TryCreate(ApprovalRequest.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data);
}
data.Redirect = ApprovalRequest.redirect;
DataModels.ResourceOwner user = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
if (user == null)
{
UriBuilder bldr = new UriBuilder(Request.GetApplicationUrl());
bldr.Path += "/auth/login";
bldr.Query = "redirect=" + Request.AbsoluteUri.UrlEncode();
return(new HttpResult(data)
{
Headers = { { "Location", bldr.ToString() } },
StatusCode = System.Net.HttpStatusCode.Redirect,
});
}
data.User = user;
DataModels.Client client = ClientModel.GetClientByID(ApprovalRequest.client_id);
if (client == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data);
}
if (!string.IsNullOrWhiteSpace(client.owned_by))
{
data.Owner = ResourceOwnerModel.GetByID(client.owned_by);
}
data.Client = client;
string[] scopes = ApprovalRequest.scope == null ? new string[] {} : ApprovalRequest.scope.Split(new char[] { ' ', ';', ',' }, StringSplitOptions.RemoveEmptyEntries);
List <DataModels.Scope> scopeDetails = ScopeModel.GetScopeDetails(scopes).ToList();
if (scopeDetails.Count != scopes.Length)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_scope, "Invalid Scope(s) requested", data);
}
data.RequestedScopes = scopeDetails;
return((IApprovalData)data);
}
public void RequestFilter(IHttpRequest req, IHttpResponse res, object requestDto)
{
string auth = req.Headers.Get("Authorization");
bool validUser = false;
if (!string.IsNullOrWhiteSpace(auth))
{
Match rawToken = MATCH_TOKEN.Match(auth);
if (rawToken.Success && rawToken.Groups["token_type"].Success && rawToken.Groups["token"].Success)
{
DataModels.Token token = TokenModel.GetToken <DataModels.Token>(rawToken.Groups["token"].Value);
req.Items.Add("auth:rawtoken", rawToken);
if (SetToken)
{
req.Items.Add("auth:token", token);
}
if (SetClient)
{
req.Items.Add("auth:client", ClientModel.GetClientByID(token.client_id));
}
if (!string.IsNullOrWhiteSpace(token.resource_owner_id) && SetUser)
{
DataModels.ResourceOwner owner = ResourceOwnerModel.GetByID(token.resource_owner_id);
if (owner != null)
{
req.Items.Add("auth:user", owner);
validUser = true;
}
}
}
}
if (RequireValidUser && !validUser)
{
res.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized;
res.StatusDescription = "Valid bearer token required";
res.AddHeader("WWW-Authenticate", "OAuth2 realm=\"{0}\"".Fmt(req.GetApplicationUrl()));
res.Close();
}
}
