Exemple #1
0
        public object Get()
        {
            TimeSpan ts;

            if (BruteForceLock.IsBanned(HttpContext.Current.Request.UserHostAddress, out ts))
            {
                return(new
                {
                    attempts = 0,
                    banTime = (int)ts.TotalSeconds
                });
            }

            return(new { attempts = GetRemainingAttempts() });
        }
Exemple #2
0
        public object Post([FromBody] LoginModel model)
        {
            if (IsAuthenticated)
            {
                return new { result = false }
            }
            ;

            if (BruteForceLock.IsBanned(HttpContext.Current.Request.UserHostAddress))
            {
                return new { result = false, attempts = 0 }
            }
            ;

            if (!ModelState.IsValid)
            {
                var errors = new List <string>();

                foreach (var value in ModelState.Values)
                {
                    foreach (var error in value.Errors)
                    {
                        errors.Add(error.ErrorMessage);
                    }
                }

                return(new { result = false, attempts = GetRemainingAttempts(), errors = errors });
            }

            var email         = model.Email.ToLower();
            var password_hash = model.Password.ToPasswordHash(email);

            var user = _database.Login(email, password_hash);

            if (user == null)
            {
                var ts = BruteForceLock.OnFailed(HttpContext.Current.Request.UserHostAddress);
                if (ts.HasValue)
                {
                    return(new
                    {
                        result = false,
                        attempts = 0,
                        banTime = (int)ts.Value.TotalSeconds
                    });
                }

                // username or password wrong
                return(new
                {
                    result = false,
                    attempts = GetRemainingAttempts()
                });
            }

            // set cookie etc...
            BruteForceLock.OnSuccess(HttpContext.Current.Request.UserHostAddress);

            var userCookie = UserCookie.Create(email);
            var expireDate = DateTime.UtcNow + UserCookieCache.CookieLifetime;

            var cookie = new HttpCookie(UserCookie.CookieName);

            cookie.Expires = expireDate;
            cookie.Value   = userCookie.SecureHash;
            if (!string.IsNullOrWhiteSpace(UserCookie.CookieDomain))
            {
                cookie.Domain = UserCookie.CookieDomain;
            }
            HttpContext.Current.Response.Cookies.Add(cookie);

            UserCookieCache.AddSession(userCookie.SecureHash, HttpContext.Current.Request.UserHostAddress, user.Id, expireDate);
            _database.AddUserLog(user.Id, "Logged in");

            return(new { result = true });
        }
    }
}
Exemple #3
0
 private int GetRemainingAttempts()
 {
     return(BruteForceLock.GetRemainingAttempts(HttpContext.Current.Request.UserHostAddress));
 }