/// <summary>
/// Adds user authentication details to the HTTP request
/// </summary>
/// <param name="user"></param>
/// <param name="request"></param>
public static void ApplyAuthenticationToRequest(string hostName, User user, System.Net.HttpWebRequest request)
{
var config = ServiceLocator.Get<IConfigurationManagerService>().Get(hostName);
if (config != null)
{
if (config.EvolutionCredentials != null)
{
request.Credentials = config.EvolutionCredentials;
if (user != null)
{
request.Headers["OAuth-Authorization"] = user.OAuthToken;
}
}
else if (user != null)
{
request.Headers["Authorization"] = "OAuth " + user.OAuthToken;
}
}
}
public User GetDefaultUser(IOAuthClientConfiguration configuration)
{
User defaultUser = null;
defaultUser = configuration.Items[_defaultUserItemKey] as User;
if (defaultUser != null && defaultUser.TokenExpiresUtc.Subtract(DateTime.UtcNow).TotalMinutes >= Constants.RefreshMarginMinutes)
return defaultUser;
lock (_defaultUserLock)
{
if (defaultUser != null && defaultUser.TokenExpiresUtc.Subtract(DateTime.UtcNow).TotalMinutes >= Constants.RefreshMarginMinutes)
return defaultUser;
var request = (HttpWebRequest)WebRequest.Create(configuration.EvolutionBaseUrl.OriginalString + "api.ashx/v2/oauth/token");
request.Timeout = Constants.RequestTimeoutMilliseconds;
if (configuration.EvolutionCredentials != null)
request.Credentials = configuration.EvolutionCredentials;
request.Method = "POST";
string data = string.Concat(
"client_id=",
Uri.EscapeDataString(configuration.OAuthClientId),
"&client_secret=",
Uri.EscapeDataString(configuration.OAuthClientSecret),
"&grant_type=client_credentials&username="******"application/x-www-form-urlencoded";
request.ContentLength = bytes.Length;
using (var requestStream = request.GetRequestStream())
{
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Close();
}
string rawResponse = null;
try
{
using (HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse())
{
using (var reader = new StreamReader(webResponse.GetResponseStream()))
{
rawResponse = reader.ReadToEnd();
}
}
}
catch (Exception e)
{
throw new Exception("An error occured while attempting to authorize the default user", e);
}
var serializer = new System.Web.Script.Serialization.JavaScriptSerializer();
var response = serializer.Deserialize<OAuthResponse>(rawResponse);
if (!string.IsNullOrEmpty(response.error))
throw new Exception(response.error);
var user = new User(configuration.DefaultUserName, GetUserIdByAccessToken(configuration, response.access_token), configuration.DefaultUserLanguageKey);
user.OAuthToken = response.access_token;
user.RefreshToken = response.refresh_token;
user.TokenExpiresUtc = DateTime.UtcNow.AddSeconds(response.expires_in);
defaultUser = user;
configuration.Items[_defaultUserItemKey] = user;
return defaultUser;
}
}
internal static User Deserialize(string serializedUser, string signature)
{
var signatureAndMessage = serializedUser.Split(':');
if (signatureAndMessage.Length != 2)
return null;
var hash = Convert.FromBase64String(signatureAndMessage[0]);
var message = Convert.FromBase64String(signatureAndMessage[1]);
var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(signature));
var validateHash = hmac.ComputeHash(message);
bool valid = false;
if (validateHash.Length == hash.Length)
{
for (int i = 0; i < hash.Length; i++)
{
if (hash[i] != validateHash[i])
break;
if (i == hash.Length - 1)
valid = true;
}
}
if (!valid)
return null;
string[] data = Encoding.UTF8.GetString(message).Split('?');
if (data.Length != 7)
return null;
var user = new User(Uri.UnescapeDataString(data[0]), int.Parse(Uri.UnescapeDataString(data[1])), Uri.UnescapeDataString(data[2]));
user.SynchronizedUserName = Uri.UnescapeDataString(data[3]);
user.OAuthToken = Uri.UnescapeDataString(data[4]);
user.RefreshToken = Uri.UnescapeDataString(data[5]);
user.TokenExpiresUtc = new DateTime(long.Parse(Uri.UnescapeDataString(data[6])), DateTimeKind.Utc);
return user;
}
private bool IsEmailInUse(IUserCreatableOAuthClientConfiguration configuration, User managementAccount)
{
var request = (HttpWebRequest)WebRequest.Create(configuration.EvolutionBaseUrl.OriginalString + "api.ashx/v2/users.xml?PageIndex=0&PageSize=1&EmailAddress=" + HttpUtility.UrlEncode(configuration.LocalUserEmailAddress));
request.Timeout = Constants.RequestTimeoutMilliseconds;
if (configuration.EvolutionCredentials != null)
{
request.Credentials = configuration.EvolutionCredentials;
request.Headers["OAuth-Authorization"] = managementAccount.OAuthToken;
}
else
request.Headers["Authorization"] = "OAuth " + managementAccount.OAuthToken;
request.Method = "GET";
string rawResponse = null;
try
{
using (HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse())
{
using (var reader = new StreamReader(webResponse.GetResponseStream()))
{
rawResponse = reader.ReadToEnd();
}
}
}
catch
{
return false; // We didn't get a user but something went wrong
}
try
{
var xml = XElement.Parse(rawResponse);
var user = xml.Descendants("User").FirstOrDefault(); // If we have a user node then its a duplicate
return user != null;
}
catch
{
return false; // We got a response but not in the expected format
}
}
private User GetToken(IUserCreatableOAuthClientConfiguration configuration, string username)
{
var request = (HttpWebRequest)WebRequest.Create(configuration.EvolutionBaseUrl.OriginalString + "api.ashx/v2/oauth/token");
request.Timeout = Constants.RequestTimeoutMilliseconds;
if (configuration.EvolutionCredentials != null)
request.Credentials = configuration.EvolutionCredentials;
request.Method = "POST";
string data = string.Concat(
"client_id=",
Uri.EscapeDataString(configuration.OAuthClientId),
"&client_secret=",
Uri.EscapeDataString(configuration.OAuthClientSecret),
"&grant_type=client_credentials&username="******"application/x-www-form-urlencoded";
request.ContentLength = bytes.Length;
using (var requestStream = request.GetRequestStream())
{
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Close();
}
string rawResponse = null;
using (HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse())
{
using (var reader = new StreamReader(webResponse.GetResponseStream()))
{
rawResponse = reader.ReadToEnd();
}
}
var serializer = new System.Web.Script.Serialization.JavaScriptSerializer();
var response = serializer.Deserialize<OAuthResponse>(rawResponse);
if (!string.IsNullOrEmpty(response.error))
return null;
var user = new User(configuration.DefaultUserName,-1, configuration.DefaultUserLanguageKey);
user.OAuthToken = response.access_token;
user.RefreshToken = response.refresh_token;
user.TokenExpiresUtc = DateTime.UtcNow.AddSeconds(response.expires_in);
return user;
}
private User ValidateAgainstUserSynchronization(IUserSynchronizedOAuthClientConfiguration configuration, User user, NameValueCollection state, Action<Uri> redirect)
{
if (!configuration.EnableEvolutionUserSynchronization || redirect == null)
return user;
var evolutionUserName = GetEvolutionAuthenticatedUserName(configuration);
if (string.IsNullOrEmpty(evolutionUserName))
{
if (user != null)
return null;
}
else if (user == null || (string.CompareOrdinal(evolutionUserName, user.UserName) != 0 && string.CompareOrdinal(evolutionUserName, user.SynchronizedUserName) != 0))
{
state[Constants.SynchronizedUserNameQueryStringKey] = evolutionUserName;
IUserCreatableOAuthClientConfiguration userCreateClient = configuration as IUserCreatableOAuthClientConfiguration;
userCreateClient = (IUserCreatableOAuthClientConfiguration)configuration;
if (userCreateClient != null && userCreateClient.EnableEvolutionUserCreation)
{
if (user == null)
redirect(GetEvolutionLogOutUrl(configuration, state));
else
redirect(GetAuthenticatedRedirectUrlInternal(configuration, user.UserName, GetLoginUrl(configuration, state).OriginalString));
return user;
}
else
{
redirect(GetLoginUrl(configuration, state));
return null;
}
}
return user;
}
private User ValidateAgainstLocalUser(IUserCreatableOAuthClientConfiguration configuration, User user, NameValueCollection state, Action<Uri> redirect)
{
if (!configuration.EnableEvolutionUserCreation)
return user;
if(!string.IsNullOrEmpty(configuration.LocalUserName))
{
if (user == null || string.CompareOrdinal(user.UserName, configuration.LocalUserName) != 0)
if (_userSyncService.GetCreateUser(configuration))
{
IUserSynchronizedOAuthClientConfiguration syncClient = configuration as IUserSynchronizedOAuthClientConfiguration;
if (syncClient != null && syncClient.EnableEvolutionUserSynchronization && redirect != null)
{
redirect(GetAuthenticatedRedirectUrlInternal(syncClient, syncClient.LocalUserName, GetLoginUrl(syncClient, state).OriginalString));
return null;
}
else
return GetUserByUserName(configuration, configuration.LocalUserName);
}
}
else
{
if(user != null && string.CompareOrdinal(user.UserName, configuration.DefaultUserName) != 0)
{
return null;
}
}
return user;
}
private User RefreshOAuthToken(IOAuthClientConfiguration configuration, User user)
{
lock (user.SyncRoot)
{
if (user.TokenExpiresUtc.Subtract(DateTime.UtcNow).TotalMinutes >= Constants.RefreshMarginMinutes)
return user;
var request = (HttpWebRequest)WebRequest.Create(configuration.EvolutionBaseUrl.OriginalString + "api.ashx/v2/oauth/token");
request.Timeout = Constants.RequestTimeoutMilliseconds;
ApplyHeaders(configuration, request, null);
request.Method = "POST";
string data = string.Concat(
"client_id=",
Uri.EscapeDataString(configuration.OAuthClientId),
"&client_secret=",
Uri.EscapeDataString(configuration.OAuthClientSecret),
"&grant_type=refresh_token&refresh_token=",
Uri.EscapeDataString(user.RefreshToken),
"&redirect_uri=",
Uri.EscapeDataString(configuration.LocalOAuthClientHttpHandlerUrl.OriginalString)
);
byte[] bytes = Encoding.UTF8.GetBytes(data);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = bytes.Length;
using (var requestStream = request.GetRequestStream())
{
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Close();
}
string rawResponse = null;
try
{
using (HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse())
{
using (var reader = new StreamReader(webResponse.GetResponseStream()))
{
rawResponse = reader.ReadToEnd();
}
}
}
catch
{
return null;
}
var serializer = new System.Web.Script.Serialization.JavaScriptSerializer();
var response = serializer.Deserialize<OAuthResponse>(rawResponse);
if (!string.IsNullOrEmpty(response.error))
throw new Exception(response.error);
user.OAuthToken = response.access_token;
user.RefreshToken = response.refresh_token;
user.TokenExpiresUtc = DateTime.UtcNow.AddSeconds(response.expires_in);
return user;
}
}
