public IPagedList <WebApiUserModel> GetUsers(int pageIndex, int pageSize) { var registeredRoleId = _customerService.GetCustomerRoleBySystemName(SystemCustomerRoleNames.Registered).Id; var query = from c in _customers.Table join a in ( from a in _genericAttributes.Table where a.KeyGroup == "Customer" && a.Key == WebApiUserCacheData.Key select a ) on c.Id equals a.EntityId into ga from a in ga.DefaultIfEmpty() where !c.Deleted && c.CustomerRoles.Select(r => r.Id).Contains(registeredRoleId) orderby a.Value descending select new WebApiUserModel { Id = c.Id, Username = c.Username, Email = c.Email, AdminComment = c.AdminComment }; var lst = new PagedList <WebApiUserModel>(query, pageIndex, pageSize); var cacheData = WebApiCaching.UserData(); foreach (var itm in lst) { var cacheItem = cacheData.FirstOrDefault(x => x.CustomerId == itm.Id); if (cacheItem != null) { itm.PublicKey = cacheItem.PublicKey; itm.SecretKey = cacheItem.SecretKey; itm.Enabled = cacheItem.Enabled; if (cacheItem.LastRequest.HasValue) { itm.LastRequest = cacheItem.LastRequest.ToLocalTime(); } else { itm.LastRequest = null; } } } return(lst); }
public void EnableOrDisableUser(int customerId, bool enable) { if (customerId != 0) { var cacheData = WebApiCaching.UserData(); var apiUser = cacheData.FirstOrDefault(x => x.CustomerId == customerId); if (apiUser != null) { apiUser.Enabled = enable; var attribute = _genericAttributeService.GetAttributeById(apiUser.GenericAttributeId); if (attribute != null) { attribute.Value = apiUser.ToString(); _genericAttributeService.UpdateAttribute(attribute); } } } }
public bool CreateKeys(int customerId) { if (customerId != 0) { var hmac = new HmacAuthentication(); var userData = WebApiCaching.UserData(); string key1, key2; for (int i = 0; i < 9999; ++i) { if (hmac.CreateKeys(out key1, out key2) && !userData.Exists(x => x.PublicKey.IsCaseInsensitiveEqual(key1))) { var apiUser = new WebApiUserCacheData() { CustomerId = customerId, PublicKey = key1, SecretKey = key2, Enabled = true }; RemoveKeys(customerId); var attribute = new GenericAttribute() { EntityId = customerId, KeyGroup = "Customer", Key = WebApiUserCacheData.Key, Value = apiUser.ToString() }; _genericAttributeService.InsertAttribute(attribute); WebApiCaching.Remove(WebApiUserCacheData.Key); return(true); } } } return(false); }
protected virtual HmacResult IsAuthenticated(HttpActionContext actionContext, DateTime now, WebApiControllingCacheData cacheControllingData, out Customer customer) { customer = null; var request = HttpContext.Current.Request; DateTime headDateTime; if (request == null) { return(HmacResult.FailedForUnknownReason); } if (cacheControllingData.ApiUnavailable) { return(HmacResult.ApiUnavailable); } string headContentMd5 = request.Headers["Content-Md5"] ?? request.Headers["Content-MD5"]; string headTimestamp = request.Headers[WebApiGlobal.Header.Date]; string headPublicKey = request.Headers[WebApiGlobal.Header.PublicKey]; string scheme = actionContext.Request.Headers.Authorization.Scheme; string signatureConsumer = actionContext.Request.Headers.Authorization.Parameter; if (string.IsNullOrWhiteSpace(headPublicKey)) { return(HmacResult.UserInvalid); } if (!_hmac.IsAuthorizationHeaderValid(scheme, signatureConsumer)) { return(HmacResult.InvalidAuthorizationHeader); } if (!_hmac.ParseTimestamp(headTimestamp, out headDateTime)) { return(HmacResult.InvalidTimestamp); } int maxMinutes = (cacheControllingData.ValidMinutePeriod <= 0 ? WebApiGlobal.DefaultTimePeriodMinutes : cacheControllingData.ValidMinutePeriod); if (Math.Abs((headDateTime - now).TotalMinutes) > maxMinutes) { return(HmacResult.TimestampOutOfPeriod); } var cacheUserData = WebApiCaching.UserData(); var apiUser = cacheUserData.FirstOrDefault(x => x.PublicKey == headPublicKey); if (apiUser == null) { return(HmacResult.UserUnknown); } if (!apiUser.Enabled) { return(HmacResult.UserDisabled); } if (apiUser.LastRequest.HasValue && headDateTime <= apiUser.LastRequest.Value) { return(HmacResult.TimestampOlderThanLastRequest); } var context = new WebApiRequestContext() { HttpMethod = request.HttpMethod, HttpAcceptType = request.Headers["Accept"], PublicKey = headPublicKey, SecretKey = apiUser.SecretKey, Url = HttpUtility.UrlDecode(request.Url.AbsoluteUri.ToLower()) }; string contentMd5 = CreateContentMd5Hash(actionContext.Request); if (headContentMd5.HasValue() && headContentMd5 != contentMd5) { return(HmacResult.ContentMd5NotMatching); } string messageRepresentation = _hmac.CreateMessageRepresentation(context, contentMd5, headTimestamp); if (string.IsNullOrEmpty(messageRepresentation)) { return(HmacResult.MissingMessageRepresentationParameter); } string signatureProvider = _hmac.CreateSignature(apiUser.SecretKey, messageRepresentation); if (signatureProvider != signatureConsumer) { return(HmacResult.InvalidSignature); } customer = GetCustomer(apiUser.CustomerId); if (customer == null) { return(HmacResult.UserUnknown); } if (!HasPermission(actionContext, customer)) { return(HmacResult.UserHasNoPermission); } //var headers = HttpContext.Current.Response.Headers; //headers.Add(ApiHeaderName.LastRequest, apiUser.LastRequest.HasValue ? apiUser.LastRequest.Value.ToString("o") : ""); apiUser.LastRequest = now; return(HmacResult.Success); }