public object Post(LoginRequestWithCredentials LoginDetails) { Uri referrerURI = Request.GetReferrerURI(); Uri current = new Uri(Request.AbsoluteUri); string userPassword = LoginDetails.password; //unset the password so we can use the LoginDetails in the resulting display if there is an error LoginDetails.password = null; Request.Items.Add("Model", LoginDetails); //CRSF protection if (!referrerURI.SchemeHostPathMatch(current)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", LoginDetails); } if (string.IsNullOrWhiteSpace(LoginDetails.username) || string.IsNullOrWhiteSpace(userPassword)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Missing Username or Password", LoginDetails); } OAuth2.DataModels.ResourceOwner owner = null; List <SWGEmuAPI.Model.Account.AccountResponse> accounts = AccountModel.GetAccount(LoginDetails.username, userPassword); if (accounts == null || accounts.Count == 0) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Username or Password", LoginDetails); } try { owner = ResourceOwnerModel.CreateOrUpdateFromAccountModel(accounts.FirstOrDefault()); } catch (System.Data.Common.DbException dbex) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error Storing Resource Owner Details", LoginDetails, null, dbex); } Session.Set <OAuth2.DataModels.ResourceOwner>("AuthResourceOwner", owner); Uri redirectURI = null; bool valid = Uri.TryCreate(LoginDetails.redirect, UriKind.RelativeOrAbsolute, out redirectURI); if (!valid || (redirectURI.IsAbsoluteUri && current.Host != redirectURI.Host)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", LoginDetails); } return(new HttpResult(LoginDetails) { StatusCode = System.Net.HttpStatusCode.Redirect, Headers = { { HttpHeaders.Location, LoginDetails.redirect } }, }); }
public object Get(ApprovalRequest ApprovalRequest) { Uri redirectURI = null; Uri current = new Uri(Request.AbsoluteUri); ApprovalData data = new ApprovalData(); if (!Uri.TryCreate(ApprovalRequest.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data); } data.Redirect = ApprovalRequest.redirect; DataModels.ResourceOwner user = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); if (user == null) { UriBuilder bldr = new UriBuilder(Request.GetApplicationUrl()); bldr.Path += "/auth/login"; bldr.Query = "redirect=" + Request.AbsoluteUri.UrlEncode(); return(new HttpResult(data) { Headers = { { "Location", bldr.ToString() } }, StatusCode = System.Net.HttpStatusCode.Redirect, }); } data.User = user; DataModels.Client client = ClientModel.GetClientByID(ApprovalRequest.client_id); if (client == null) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data); } if (!string.IsNullOrWhiteSpace(client.owned_by)) { data.Owner = ResourceOwnerModel.GetByID(client.owned_by); } data.Client = client; string[] scopes = ApprovalRequest.scope == null ? new string[] {} : ApprovalRequest.scope.Split(new char[] { ' ', ';', ',' }, StringSplitOptions.RemoveEmptyEntries); List <DataModels.Scope> scopeDetails = ScopeModel.GetScopeDetails(scopes).ToList(); if (scopeDetails.Count != scopes.Length) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_scope, "Invalid Scope(s) requested", data); } data.RequestedScopes = scopeDetails; return((IApprovalData)data); }
public void RequestFilter(IHttpRequest req, IHttpResponse res, object requestDto) { string auth = req.Headers.Get("Authorization"); bool validUser = false; if (!string.IsNullOrWhiteSpace(auth)) { Match rawToken = MATCH_TOKEN.Match(auth); if (rawToken.Success && rawToken.Groups["token_type"].Success && rawToken.Groups["token"].Success) { DataModels.Token token = TokenModel.GetToken <DataModels.Token>(rawToken.Groups["token"].Value); req.Items.Add("auth:rawtoken", rawToken); if (SetToken) { req.Items.Add("auth:token", token); } if (SetClient) { req.Items.Add("auth:client", ClientModel.GetClientByID(token.client_id)); } if (!string.IsNullOrWhiteSpace(token.resource_owner_id) && SetUser) { DataModels.ResourceOwner owner = ResourceOwnerModel.GetByID(token.resource_owner_id); if (owner != null) { req.Items.Add("auth:user", owner); validUser = true; } } } } if (RequireValidUser && !validUser) { res.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized; res.StatusDescription = "Valid bearer token required"; res.AddHeader("WWW-Authenticate", "OAuth2 realm=\"{0}\"".Fmt(req.GetApplicationUrl())); res.Close(); } }