private Token RegenerateToken(Token token)
{
Token newToken = new Token()
{
CreateDate = DateTime.Now,
IpAddress = token.IpAddress,
LocationId = token.LocationId,
Role = token.Role,
UserId = token.UserId
};
TokenHasher.Hash(newToken);
return(newToken);
}
//TODO: log failures
public void OnAuthorization(AuthorizationContext filterContext)
{
bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) ||
filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true);
if (!skipAuthorization)
{
var authCookie = filterContext.HttpContext.Request.Cookies["auth"];
if (authCookie == null)
{
RedirectToLogin(filterContext, "No auth cookie in request");
return;
}
var token = TokenSerializer.GetTokenFromCookie(authCookie);
token.IpAddress = filterContext.HttpContext.Request.UserHostAddress;
if (TokenHasher.IsExpired(token))
{
RedirectToLogin(filterContext, "Token is expired");
return;
}
if (!TokenHasher.IsValid(token))
{
RedirectToLogin(filterContext, string.Format("Token is invalid for {0}|{1}|{2} from {3}", token.UserId, token.RoleName, token.LocationId, token.IpAddress));
return;
}
if (!Roles.Split(',').Contains(token.RoleName))
{
RedirectToLogin(filterContext, string.Format("{0} is an invalid role", token.RoleName));
return;
}
var controller = filterContext.Controller as RestrictedControllerBase;
if (controller != null)
{
controller.SecurityToken = token;
controller.Logger.DebugFormat("Authentication passed for {0} from {1}", token.UserId, token.IpAddress);
}
}
}
