/// <summary>
/// Only for development!!
/// </summary>
public async Task <bool> LoginDebugAsync(HttpContext context, string userId)
{
var user = await userRepository.GetSingleAsync(u => string.Equals(u.Userid, userId, StringComparison.OrdinalIgnoreCase));
if (user == null)
{
return(false);
}
if (user.Delstat != 0)
{
return(false);
}
if (user.Passwdexpr < DateTime.Now)
{
return(false);
}
var sessionData = SessionStore.GetSession(context);
if (!await ProcessLoginAsync(context, sessionData.Sid, user))
{
return(false);
}
return(true);
}
private bool ValidateContext(HttpContext context, string key, out MembershipContext membershipContext, out IAuthorizationService authorizer)
{
membershipContext = null;
authorizer = null;
if (string.IsNullOrWhiteSpace(key))
{
return(false);
}
var sessionData = SessionStore.GetSession(context, key);
if (sessionData == null)
{
return(false);
}
membershipContext = sessionData.Context;
if (membershipContext == null)
{
return(false);
}
authorizer = authorizerAdapter.Provider();
if (authorizer == null)
{
return(false);
}
return(true);
}
public void GetSessionTest()
{
var session = SessionStore.CreateSession(TimeSpan.FromDays(1));
var guid = session.Guid;
session = SessionStore.GetSession(guid);
Assert.NotNull(session);
}
public async Task <SessionData> GetSessionAsync(HttpContext context, string sid = null)
{
if (string.IsNullOrWhiteSpace(sid))
{
sid = await GetSidFromContextAsync(context);
}
return(SessionStore.GetSession(context, sid));
}
private void InitializeSession()
{
if (this.Cookies.ContainsKey(SessionStore.SessionCookieKey))
{
var cookie = this.Cookies.Get(SessionStore.SessionCookieKey);
string sessionId = cookie.Value;
this.Session = SessionStore.GetSession(sessionId);
}
}
public void SessionExpiryTest()
{
var session = SessionStore.CreateSession(TimeSpan.FromSeconds(1));
Thread.Sleep(TimeSpan.FromSeconds(2));
session = SessionStore.GetSession(session.Guid);
Assert.Null(session);
}
private async Task <string> GetSaltAsync(HttpContext context, string sid)
{
var sessionData = SessionStore.GetSession(context, sid);
var plain = ToHex(Encoding.UTF8.GetBytes(Convert.ToBase64String(sessionData.Ipa))) + sessionData.Timestamp.ToString();
var saltBytes = Encoding.UTF8.GetBytes(Convert.ToBase64String(await CryptoService.EncryptAsync(plain)));
saltBytes = CryptoService.ComputeSHA512Hash(saltBytes);
var salt = ToHex(saltBytes);
return(salt);
}
public IActionResult Index(AuthenticationIdentity identity)
{
if (!ModelState.IsValid)
{
return(View("Authentication", identity));
}
MvcIdentityModel computed = Identity.GetIdentityByEmail(identity.Email);
if (computed == default(MvcIdentityModel))
{
ModelState.AddModelError("General", "The entered email and/or password is incorrect!");
return(View("Authentication", identity));
}
if (!computed.VerifyPassword(identity.Password))
{
ModelState.AddModelError("General", "The entered email and/or password is incorrect!");
return(View("Authentication", identity));
}
var sid = Request.Cookies.ContainsKey("SID") ? Guid.Parse(Request.Cookies["SID"]) : Guid.Empty;
if (sid == Guid.Empty)
{
ModelState.AddModelError("General", "The session ID was lost between authentication steps!");
return(View("Authentication", identity));
}
var session = SessionStore.GetSession(sid);
var authRequest = session.GetAttribute <AuthRequestPayload>("AuthRequest");
var authResponse = new AuthResponsePayload()
{
Authenticated = true,
RequestId = authRequest.RequestId,
SessionId = session.Guid,
SessionExpiry = session.ExpiryTime,
Identity = computed.ToBaseModel()
};
session["AuthPayload"] = authResponse;
HttpHandler.Post(authRequest.ResponseUri, authResponse.Encode()).Wait();
return(Redirect(authRequest.RedirectUri.ToString()));
}
private string SetRequestSession(IHttpRequest httpRequest)
{
string sessionId = null;
if (httpRequest.Cookies.ContainsKey(SessionStore.SessionCookieKey))
{
var cookie = httpRequest.Cookies.Get(SessionStore.SessionCookieKey);
sessionId = cookie.Value;
httpRequest.Session = SessionStore.GetSession(sessionId);
}
else
{
sessionId = Guid.NewGuid().ToString();
httpRequest.Session = SessionStore.GetSession(sessionId);
}
return(sessionId);
}
public void SessionDisposalTest()
{
SessionStore.DisposeInterval = TimeSpan.FromSeconds(1);
var session = SessionStore.CreateSession(TimeSpan.FromSeconds(3));
Assert.True(session.IsValid());
Thread.Sleep(TimeSpan.FromSeconds(1));
session = SessionStore.GetSession(session.Guid);
Assert.NotNull(session);
Assert.True(session.IsValid());
Thread.Sleep(TimeSpan.FromSeconds(3));
Assert.False(session.IsValid());
session = SessionStore.GetSession(session.Guid);
Assert.Null(session);
}
public IActionResult Index()
{
if (Request.Query.Count == 0)
{
return(Redirect("https://andreihava.net/"));
}
if (Request.Query.ContainsKey("Email"))
{
var email = Request.Query.ContainsKey("Email")
? Request.Query["Email"].ToString()
: string.Empty;
if (string.IsNullOrEmpty(email))
{
return(BadRequest("Email parameter was defined but didn't have a value!"));
}
var newReg = Request.Query.ContainsKey("NewAccount") &&
bool.Parse(Request.Query["NewAccount"].ToString());
var pendingActivation = Request.Query.ContainsKey("PendingActivation") &&
bool.Parse(Request.Query["PendingActivation"].ToString());
if (string.IsNullOrEmpty(email))
{
return(View("Authentication", new AuthenticationIdentity()));
}
var identity = new AuthenticationIdentity
{
Email = email,
NewAccount = newReg,
PendingActivation = pendingActivation
};
return(View("Authentication", identity));
}
if (Request.Query.ContainsKey("AuthToken"))
{
Session session;
AuthRequestPayload authRequest;
var authToken = Request.Query.ContainsKey("AuthToken")
? Request.Query["AuthToken"].ToString()
: string.Empty;
if (string.IsNullOrEmpty(authToken))
{
return(BadRequest("AuthToken parameter was defined but didn't have a value!"));
}
authRequest = AuthRequestPayload.Decode(authToken);
if (Request.Cookies.ContainsKey("SID"))
{
var sid = Guid.Parse(Request.Cookies["SID"]);
session = SessionStore.GetSession(sid);
if (session == null || !session.IsValid())
{
session = SessionStore.CreateSession(TimeSpan.FromHours(12));
}
else
{
var authResponse = session.GetAttribute <AuthResponsePayload>("AuthPayload");
authResponse.RequestId = authRequest.RequestId;
HttpHandler.Post(authRequest.ResponseUri, authResponse.Encode()).Wait();
return(Redirect(authRequest.RedirectUri.ToString()));
}
}
else
{
session = SessionStore.CreateSession(TimeSpan.FromHours(12));
}
session["AuthRequest"] = authRequest;
Response.Cookies.Append("SID", session.Guid.ToString(),
new CookieOptions()
{
Domain = Request.Host.Host, HttpOnly = true, SameSite = SameSiteMode.Strict, Expires = DateTimeOffset.UtcNow.AddHours(12)
});
Response.Cookies.Append("RID", authRequest.RequestId.ToString(),
new CookieOptions()
{
Domain = Request.Host.Host, HttpOnly = true, SameSite = SameSiteMode.Strict
});
return(View("Authentication", new AuthenticationIdentity()));
}
return(BadRequest());
}
