public static bool SignUp(NameValueCollection Headers, ref Response response)
{
string uname = Headers["username"], pword = Headers["password"];
if (uname != null && pword != null)
{
if (Data.Objects.User.Find(uname) == null)
{
Data.Objects.User user = new Data.Objects.User(uname, pword);
MemoryHandler.Users.Insert(user);
response.AddCookie("authtoken", LoginTokens.CreateToken(user));
response.StatusCode = 200;
}
else
{
response.AddToData("Error", "User already exists");
response.StatusCode = 401;
}
}
else
{
response.StatusCode = 400;
response.AddToData("Error", "username & password must be provided");
}
return(false);
}
public IHttpResponse Index()
{
ViewData["title"] = "The Cake";
if (IsAuthenticated())
{
ViewData["authenticated"] = "bloc";
ViewData["notAuthenticated"] = "none";
ViewData["searchTerm"] = null;
Request.Session.AddParameter(ShoppingCartViewModel.SessionKey, new ShoppingCartViewModel());
}
else
{
ViewData["authenticated"] = "none";
ViewData["notAuthenticated"] = "bloc";
if (Request.Cookies.ContainsCookie(".auth_cake"))
{
var cookie = Request.Cookies.GetCookie(".auth_cake");
cookie.Delete();
Response.AddCookie(cookie);
}
}
return(View("/"));
}
/// <summary>
/// Save the session into the response
/// </summary>
/// <param name="session">Session to save</param>
/// <param name="response">Response to save into</param>
public void Save(ISession session, Response response)
{
if (session == null || !session.HasChanged)
{
return;
}
var sb = new StringBuilder();
foreach (var kvp in session)
{
sb.Append(HttpUtility.UrlEncode(kvp.Key));
sb.Append("=");
var objectString = this.serializer.Serialize(kvp.Value);
sb.Append(HttpUtility.UrlEncode(objectString));
sb.Append(";");
}
// TODO - configurable path?
var encryptedData = this.encryptionProvider.Encrypt(sb.ToString());
var hmacBytes = this.hmacProvider.GenerateHmac(encryptedData);
var cookieData = String.Format("{0}{1}", Convert.ToBase64String(hmacBytes), encryptedData);
var cookie = new NancyCookie(cookieName, cookieData, true);
response.AddCookie(cookie);
}
public static bool SignIn(NameValueCollection Headers, ref Response response)
{
string uname = Headers["username"], pword = Headers["password"];
if (uname != null && pword != null)
{
Data.Objects.User user = Data.Objects.User.Find(uname);
if (user != null && Hashing.Match(user.hashPassword, pword))
{
response.AddCookie("authtoken", LoginTokens.CreateToken(user));
response.StatusCode = 200;
return(true);
}
else
{
response.AddToData("Error", "User doesnt exist or password is wrong");
response.StatusCode = 401;
}
}
else
{
response.StatusCode = 400;
response.AddToData("Error", "username & password must be provided");
}
return(false);
}
public void Should_append_setcookie_headers()
{
//Given
var respHeaders = Get <IDictionary <string, string[]> >(this.environment, "owin.ResponseHeaders");
const string middlewareSetCookie = "other=othervalue; path=/";
respHeaders.Add("Set-Cookie", new[] { middlewareSetCookie });
var fakeResponse = new Response {
StatusCode = HttpStatusCode.OK
};
fakeResponse.AddCookie("test", "testvalue");
var fakeContext = new NancyContext {
Response = fakeResponse
};
this.SetupFakeNancyCompleteCallback(fakeContext);
//When
this.host.Invoke(this.environment).Wait();
//Then
respHeaders["Set-Cookie"].Length.ShouldEqual(2);
(respHeaders["Set-Cookie"][0] == middlewareSetCookie).ShouldBeTrue();
(respHeaders["Set-Cookie"][1] == "test=testvalue; path=/").ShouldBeTrue();
}
public AuthenticateModule() : base("/api")
{
Post["/AuthenticateUser"] = parameters =>
{
var bind = this.Bind <LoginRequest>();
//do something with request.Username and request.Password.
var response = new Response
{
StatusCode = HttpStatusCode.OK
};
response.AddCookie("valid", bind.Username, DateTime.Now.AddMinutes(5));
return(response);
};
Get["/LogOff"] = parameters =>
{
var response = new Response
{
StatusCode = HttpStatusCode.OK
};
//clear the cookie
response.AddCookie("valid", null, DateTime.Now.AddYears(-5));
return(response);
};
}
public void Should_output_the_responses_cookies()
{
// Given
var cookie1 = A.Fake <INancyCookie>();
var cookie2 = A.Fake <INancyCookie>();
var r = new Response();
r.AddCookie(cookie1).AddCookie(cookie2);
var nancyContext = new NancyContext {
Response = r
};
A.CallTo(() => cookie1.ToString()).Returns("the first cookie");
A.CallTo(() => cookie2.ToString()).Returns("the second cookie");
SetupRequestProcess(nancyContext);
// When
var task = this.handler.ProcessRequest(context, ar => { }, new object());
NancyHandler.EndProcessRequest(task);
// Then
A.CallTo(() => this.response.AddHeader("Set-Cookie", "the first cookie")).MustHaveHappened();
A.CallTo(() => this.response.AddHeader("Set-Cookie", "the second cookie")).MustHaveHappened();
}
public void Should_set_a_cookie_with_name_and_value()
{
var response = new Response();
response.AddCookie("itsover", "9000");
response.Cookies.Count.ShouldEqual(1);
response.Cookies[0].ShouldEqual("itsover", "9000", null, null, null);
}
private Response Login(dynamic pars)
{
try
{
var body = ReadBody();
if (string.IsNullOrEmpty(body))
{
return new Response {
StatusCode = HttpStatusCode.BadRequest
}
}
;
var user = JsonConvert.DeserializeObject <User>(body);
if (user == null)
{
return new Response {
StatusCode = HttpStatusCode.BadRequest
}
}
;
var found =
UserRepository.GetUsers()
.Any(
u =>
u.UserName.Equals(user.UserName, StringComparison.OrdinalIgnoreCase) &&
u.Password.Equals(user.Password));
if (found)
{
var ticket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now,
DateTime.Now.Add(new TimeSpan(0, 0, 20, 0)), false, user.UserId.ToString());
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = FormsAuthentication.GetAuthCookie(user.UserName, false);
cookie.Value = encryptedTicket;
var response = new Response {
StatusCode = HttpStatusCode.Accepted
};
response.AddCookie(cookie.Name, cookie.Value);
return(response);
}
return(new Response {
StatusCode = HttpStatusCode.NotFound
});
}
catch (Exception ex)
{
//for this demo I am not performing exception handling.
return(new Response
{
StatusCode = HttpStatusCode.InternalServerError
});
}
}
public void Should_set_a_cookie_with_everything()
{
var response = new Response();
var date = DateTime.Now;
response.AddCookie("itsover", "9000", date, "life", "/andeverything");
response.Cookies.Count.ShouldEqual(1);
response.Cookies[0].ShouldEqual("itsover", "9000", date, "life", "/andeverything");
}
public void Should_set_a_cookie_with_name_and_value_and_expiry()
{
var response = new Response();
var date = DateTime.Now;
response.AddCookie("itsover", "9000", date);
response.Cookies.Count.ShouldEqual(1);
response.Cookies[0].ShouldEqual("itsover", "9000", date, null, null);
}
private static void AddAuthenticationCookie(this Response response,
IAuthenticationTokenService authenticationTokenService,
ChatUser user)
{
string userToken = authenticationTokenService.GetAuthenticationToken(user);
var cookie = new NancyCookie(Constants.UserTokenCookie, userToken, httpOnly: true)
{
Expires = DateTime.Now + TimeSpan.FromDays(30)
};
response.AddCookie(cookie);
}
public void Should_set_a_cookie_with_name_and_value()
{
// Given
var response = new Response();
// When
response.AddCookie("itsover", "9000");
// Then
response.Cookies.Count.ShouldEqual(1);
ValidateCookie(response.Cookies[0], "itsover", "9000", null, null, null);
}
public void Should_set_cookie_with_valid_header()
{
var fakeResponse = new Response {
StatusCode = HttpStatusCode.OK
};
fakeResponse.AddCookie("test", "testvalue");
fakeResponse.AddCookie("test1", "testvalue1");
var fakeContext = new NancyContext {
Response = fakeResponse
};
this.SetupFakeNancyCompleteCallback(fakeContext);
this.host.Invoke(this.environment).Wait();
var respHeaders = Get <IDictionary <string, string[]> >(this.environment, "owin.ResponseHeaders");
respHeaders.ContainsKey("Set-Cookie").ShouldBeTrue();
(respHeaders["Set-Cookie"][0] == "test=testvalue; path=/").ShouldBeTrue();
(respHeaders["Set-Cookie"][1] == "test1=testvalue1; path=/").ShouldBeTrue();
}
public void Should_set_cookie_with_valid_header()
{
var fakeResponse = new Response()
{
StatusCode = HttpStatusCode.OK
};
fakeResponse.AddCookie("test", "testvalue");
fakeResponse.AddCookie("test1", "testvalue1");
var fakeContext = new NancyContext()
{
Response = fakeResponse
};
this.SetupFakeNancyCompleteCallback(fakeContext);
var respHeaders = new Dictionary <string, string>();
ResponseCallBack callback = (status, headers, bodyDelegate) => respHeaders = (Dictionary <string, string>)headers;
this.host.ProcessRequest(environment, callback, fakeErrorCallback);
respHeaders.ContainsKey("Set-Cookie").ShouldBeTrue();
(respHeaders["Set-Cookie"] == "test=testvalue; path=/\r\ntest1=testvalue1; path=/").ShouldBeTrue();
}
public void Should_set_a_cookie_with_everything()
{
// Given
var response = new Response();
var date = DateTime.Now;
// When
response.AddCookie("itsover", "9000", date, "life", "/andeverything");
// Then
response.Cookies.Count.ShouldEqual(1);
ValidateCookie(response.Cookies[0], "itsover", "9000", date, "life", "/andeverything");
}
public void Should_output_the_responses_cookies()
{
var cookie1 = A.Fake<INancyCookie>();
var cookie2 = A.Fake<INancyCookie>();
var r = new Response();
r.AddCookie(cookie1).AddCookie(cookie2);
A.CallTo(() => cookie1.ToString()).Returns("the first cookie");
A.CallTo(() => cookie2.ToString()).Returns("the second cookie");
SetupRequestProcess(r);
handler.ProcessRequest(context);
A.CallTo(() => this.response.AddHeader("Set-Cookie", "the first cookie")).MustHaveHappened();
A.CallTo(() => this.response.AddHeader("Set-Cookie", "the second cookie")).MustHaveHappened();
}
protected override async Task ApplyResponseChallenge()
{
_logger.WriteVerbose("ApplyResponseChallenge");
if (Response.StatusCode != 401)
{
return;
}
var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);
if (challenge != null)
{
string requestPrefix = Request.Scheme + "://" + Request.Host;
string callBackUrl = requestPrefix + RequestPathBase + Options.CallbackUrlPath;
var extra = challenge.Extra;
if (string.IsNullOrEmpty(extra.RedirectUrl))
{
extra.RedirectUrl = WebUtilities.AddQueryString(requestPrefix + Request.PathBase + Request.Path, Request.QueryString);
}
var requestToken = await ObtainRequestToken(Options.ConsumerKey, Options.ConsumerSecret, callBackUrl, extra);
if (requestToken.CallbackConfirmed)
{
string twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token;
var cookieOptions = new CookieOptions
{
HttpOnly = true,
Secure = Request.IsSecure
};
Response.StatusCode = 302;
Response.AddCookie(StateCookie, _tokenProtectionHandler.Protect(requestToken), cookieOptions);
Response.SetHeader("Location", twitterAuthenticationEndpoint);
}
else
{
_logger.WriteError("requestToken CallbackConfirmed!=true");
}
}
}
public void Should_output_the_responses_cookies()
{
// Given
var cookie1 = A.Fake<INancyCookie>();
var cookie2 = A.Fake<INancyCookie>();
var r = new Response();
r.AddCookie(cookie1).AddCookie(cookie2);
var nancyContext = new NancyContext { Response = r };
A.CallTo(() => cookie1.ToString()).Returns("the first cookie");
A.CallTo(() => cookie2.ToString()).Returns("the second cookie");
SetupRequestProcess(nancyContext);
// When
var task = this.handler.ProcessRequest(context, ar => { }, new object());
NancyHandler.EndProcessRequest(task);
// Then
A.CallTo(() => this.response.AddHeader("Set-Cookie", "the first cookie")).MustHaveHappened();
A.CallTo(() => this.response.AddHeader("Set-Cookie", "the second cookie")).MustHaveHappened();
}
/// <summary>
/// Save the session data to the memory cache, and set the session id cookie
/// in the response
/// </summary>
/// <param name="sessionId"></param>
/// <param name="session"></param>
/// <param name="response"></param>
public void Save(string sessionId, ISession session, Response response)
{
var sess = session as Session;
var t = GetSessionTimeout();
if (sess == null)
{
return;
}
var dict = new Dictionary <string, object>();
foreach (var kvp in session)
{
dict[kvp.Key] = kvp.Value;
}
var cookie = new NancyCookie(SessionIdKey, sessionId);
cookie.Expires = DateTime.UtcNow.AddMinutes(t);
response.AddCookie(cookie);
_cache.Set(sessionId, dict, DateTime.Now + TimeSpan.FromMinutes(t + 1));
}
protected override async Task ApplyResponseGrant()
{
var signin = Helper.LookupSignin(Options.AuthenticationType);
var shouldSignin = signin != null;
var signout = Helper.LookupSignout(Options.AuthenticationType, Options.AuthenticationMode);
var shouldSignout = signout != null;
if (shouldSignin || shouldSignout || _shouldRenew)
{
var cookieOptions = new CookieOptions
{
Domain = Options.CookieDomain,
HttpOnly = Options.CookieHttpOnly,
Path = Options.CookiePath ?? "/",
Secure = Options.CookieSecure,
};
if (shouldSignin)
{
var context = new FormsResponseSignInContext(
Response.Environment,
Options.AuthenticationType,
signin.Identity,
signin.Extra);
var issuedUtc = DateTimeOffset.UtcNow;
var expiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
context.Extra.IssuedUtc = issuedUtc;
context.Extra.ExpiresUtc = expiresUtc;
Options.Provider.ResponseSignIn(context);
if (context.Extra.IsPersistent)
{
cookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
}
var model = new AuthenticationTicket(context.Identity, context.Extra.Properties);
var cookieValue = Options.TicketDataHandler.Protect(model);
Response.AddCookie(
Options.CookieName,
cookieValue,
cookieOptions);
}
else if (shouldSignout)
{
Response.DeleteCookie(
Options.CookieName,
cookieOptions);
}
else if (_shouldRenew)
{
var model = await Authenticate();
model.Extra.IssuedUtc = _renewIssuedUtc;
model.Extra.ExpiresUtc = _renewExpiresUtc;
var cookieValue = Options.TicketDataHandler.Protect(model);
if (model.Extra.IsPersistent)
{
cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime;
}
Response.AddCookie(
Options.CookieName,
cookieValue,
cookieOptions);
}
bool shouldLoginRedirect = shouldSignin && !string.IsNullOrEmpty(Options.LoginPath) && string.Equals(Request.Path, Options.LoginPath, StringComparison.OrdinalIgnoreCase);
bool shouldLogoutRedirect = shouldSignout && !string.IsNullOrEmpty(Options.LogoutPath) && string.Equals(Request.Path, Options.LogoutPath, StringComparison.OrdinalIgnoreCase);
if ((shouldLoginRedirect || shouldLogoutRedirect) && Response.StatusCode == 200)
{
IDictionary <string, string[]> query = Request.GetQuery();
string[] redirectUri;
if (query.TryGetValue(Options.ReturnUrlParameter ?? Constants.DefaultReturnUrlParameter, out redirectUri) &&
redirectUri != null &&
redirectUri.Length == 1)
{
// TODO: safe redirect rules
Response.Redirect(redirectUri[0]);
}
}
}
}
/// <summary>
/// Save the session into the response
/// </summary>
/// <param name="session">Session to save</param>
/// <param name="response">Response to save into</param>
public void Save(ISession session, Response response)
{
if (session == null || !session.HasChanged)
{
return;
}
var sb = new StringBuilder();
foreach (var kvp in session)
{
sb.Append(HttpUtility.UrlEncode(kvp.Key));
sb.Append("=");
var objectString = this.formatter.Serialize(kvp.Value);
sb.Append(HttpUtility.UrlEncode(objectString));
sb.Append(";");
}
// TODO - configurable path?
var cookie = new NancyCookie(cookieName, this.encryptionProvider.Encrypt(sb.ToString(), this.passPhrase, this.salt), true);
response.AddCookie(cookie);
}
public void Should_set_cookie_with_valid_header()
{
var fakeResponse = new Response() { StatusCode = HttpStatusCode.OK };
fakeResponse.AddCookie("test", "testvalue");
var fakeContext = new NancyContext() { Response = fakeResponse };
this.SetupFakeNancyCompleteCallback(fakeContext);
var respHeaders = new Dictionary<string, string>();
ResponseCallBack callback = (status, headers, bodyDelegate) =>respHeaders=(Dictionary<string,string>)headers;
this.host.ProcessRequest(environment, callback, fakeErrorCallback);
respHeaders.ContainsKey("Set-Cookie").ShouldBeTrue();
(respHeaders["Set-Cookie"]=="test=testvalue; path=/").ShouldBeTrue();
}
/// <summary>
/// Save the session into the response
/// </summary>
/// <param name="session">Session to save</param>
/// <param name="response">Response to save into</param>
public void Save(ISession session, Response response)
{
if (session == null || !session.HasChanged)
{
return;
}
var sb = new StringBuilder();
foreach (var kvp in session)
{
sb.Append(HttpUtility.UrlEncode(kvp.Key));
sb.Append("=");
var objectString = this.serializer.Serialize(kvp.Value);
sb.Append(HttpUtility.UrlEncode(objectString));
sb.Append(";");
}
// TODO - configurable path?
var encryptedData = this.encryptionProvider.Encrypt(sb.ToString());
var hmacBytes = this.hmacProvider.GenerateHmac(encryptedData);
var cookieData = String.Format("{0}{1}", Convert.ToBase64String(hmacBytes), encryptedData);
var cookie = new NancyCookie(cookieName, cookieData, true);
response.AddCookie(cookie);
}
/// <summary>
/// Method to authenticate an User.
/// </summary>
/// <returns>A formated web server data response.</returns>
public WebServerResponseData Authentication(NameValueCollection post)
{
log.Info($"Api WebServer Authentication : post => {post}.");
try
{
//NameValueCollection nvc = HttpUtility.ParseQueryString(post);
NameValueCollection nvc = post;
log.Debug($"Api WebServer Authentication : Email => {nvc["email"]}.");
log.Debug($"Api WebServer Authentication : Password => {nvc["email"].MD5Hash()}.");
UserOptionsSelect options = new UserOptionsSelect
{
Email = nvc["email"],
Password = nvc["password"].MD5Hash(),
CheckPassword = true,
Dependencies = new List <EnumEntitiesDependencies> {
EnumEntitiesDependencies.All
}
};
UserEntity user = null;
using (SQLiteSvc.Db.Context)
{
user = Database.Users.SingleOrNull(options);
}
if (user == null)
{
log.Info(string.Format("Api User Authentication : User not found [{0}].", post));
return(ResponseNotAuth());
}
else
{
// Generate sid
string sid = ("").GuidToBase64();
// Generate token
string stoken = ("").GuidToBase64();
Uri myUri = new Uri(Uri.AbsoluteUrl);
//Response.AddCookie("stoken", stoken);
Response.AddCookie("sid", sid + ":" + stoken, "/", myUri.Host);
HttpWebServerApplication.Session.Set(sid, "sid", stoken);
HttpWebServerApplication.Session.Set(sid, "UserId", user.UserId);
Content["Authentication"] = true;
return(ResponseContentToJson());
}
}
catch (Exception e)
{
log.Error("Api User Authentication failed !", e);
return(ResponseNotAuth());
}
}
protected override async Task ApplyResponseGrant()
{
_logger.WriteVerbose("ApplyResponseGrant");
AuthenticationResponseGrant signin = Helper.LookupSignin(Options.AuthenticationType);
bool shouldSignin = signin != null;
AuthenticationResponseRevoke signout = Helper.LookupSignout(Options.AuthenticationType, Options.AuthenticationMode);
bool shouldSignout = signout != null;
if (shouldSignin || shouldSignout || _shouldRenew)
{
var cookieOptions = new CookieOptions
{
Domain = Options.CookieDomain,
HttpOnly = Options.CookieHttpOnly,
Path = Options.CookiePath ?? "/",
};
if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
{
cookieOptions.Secure = Request.IsSecure;
}
else
{
cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always;
}
if (shouldSignin)
{
var context = new FormsResponseSignInContext(
Response.Environment,
Options.AuthenticationType,
signin.Identity,
signin.Extra);
DateTimeOffset issuedUtc = Options.SystemClock.UtcNow;
DateTimeOffset expiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
context.Extra.IssuedUtc = issuedUtc;
context.Extra.ExpiresUtc = expiresUtc;
Options.Provider.ResponseSignIn(context);
if (context.Extra.IsPersistent)
{
cookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
}
var model = new AuthenticationTicket(context.Identity, context.Extra.Properties);
string cookieValue = Options.TicketDataHandler.Protect(model);
Response.AddCookie(
Options.CookieName,
cookieValue,
cookieOptions);
}
else if (shouldSignout)
{
Response.DeleteCookie(
Options.CookieName,
cookieOptions);
}
else if (_shouldRenew)
{
AuthenticationTicket model = await Authenticate();
model.Extra.IssuedUtc = _renewIssuedUtc;
model.Extra.ExpiresUtc = _renewExpiresUtc;
string cookieValue = Options.TicketDataHandler.Protect(model);
if (model.Extra.IsPersistent)
{
cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime;
}
Response.AddCookie(
Options.CookieName,
cookieValue,
cookieOptions);
}
Response.SetHeader(
HeaderNameCacheControl,
HeaderValueNoCache);
Response.SetHeader(
HeaderNamePragma,
HeaderValueNoCache);
Response.SetHeader(
HeaderNameExpires,
HeaderValueMinusOne);
bool shouldLoginRedirect = shouldSignin && !string.IsNullOrEmpty(Options.LoginPath) && string.Equals(Request.Path, Options.LoginPath, StringComparison.OrdinalIgnoreCase);
bool shouldLogoutRedirect = shouldSignout && !string.IsNullOrEmpty(Options.LogoutPath) && string.Equals(Request.Path, Options.LogoutPath, StringComparison.OrdinalIgnoreCase);
if ((shouldLoginRedirect || shouldLogoutRedirect) && Response.StatusCode == 200)
{
IDictionary <string, string[]> query = Request.GetQuery();
string[] redirectUri;
if (query.TryGetValue(Options.ReturnUrlParameter ?? FormsAuthenticationDefaults.ReturnUrlParameter, out redirectUri) &&
redirectUri != null &&
redirectUri.Length == 1 &&
IsHostRelative(redirectUri[0]))
{
Response.Redirect(redirectUri[0]);
}
}
}
}
