public ActionResult Login(string email, string password, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (!string.IsNullOrWhiteSpace(email) &&
!string.IsNullOrWhiteSpace(password))
{
UserProfileDTO userProfile = this.userRepository.GetUserByNameAndPassword(email, password);
if (userProfile != null)
{
var principal = new ClaimsPrincipal(ClaimHelpers.ConstructClaimsIdentity(userProfile));
HttpContext.Authentication.SignInAsync("Cookies", principal);
if (returnUrl != null)
{
if (returnUrl != null && returnUrl.Contains("Home/") || returnUrl.Contains("Users/Edit/0"))
{
return(RedirectToAction("Edit", "Users", new { @id = ClaimHelpers.GetUserIDClaimValue((ClaimsIdentity)principal.Identity) }));
}
return(LocalRedirect(returnUrl));
}
else
{
return(RedirectToAction("Index", "Home"));
}
}
}
return(View());
}
public BaseController(IBaseRepository baseRepository, IHttpContextAccessor httpContextAccessor)
{
if (httpContextAccessor.HttpContext.User != null && httpContextAccessor.HttpContext.User.Identity.IsAuthenticated)
{
baseRepository.UserID = ClaimHelpers.GetUserIDClaimValue((ClaimsIdentity)httpContextAccessor.HttpContext.User.Identity);
}
}
public static IServiceCollection RegisterJwtAuthentication(this IServiceCollection services, string secret, bool requireHttpsMetadata)
{
var key = Encoding.ASCII.GetBytes(secret);
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(x =>
{
x.Events = new JwtBearerEvents
{
OnTokenValidated = ctx =>
{
var loginUser = ClaimHelpers.GetUserFromClaims(ctx.Principal.Claims.ToArray());
var authService = ctx.HttpContext.RequestServices.GetRequiredService <IAuthService>();
if (!authService.CheckLogin(loginUser.UserId, loginUser.LogId))
{
ctx.Fail($"User is no longer logged in.");
}
return(Task.CompletedTask);
}
};
x.RequireHttpsMetadata = requireHttpsMetadata;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
};
});
return(services);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UserProfileAuthorizationPolicyRequirement requirement)
{
var mvcContext = context.Resource as
Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
string idParam = mvcContext.HttpContext.Request.Path.Value.Split(new char[] { '/' }).Last();
if (!context.User.HasClaim(c => c.Type == ClaimTypesCustom.UserID))
{
return(Task.CompletedTask);
}
if (!context.User.HasClaim(c => c.Type == ClaimTypesCustom.Role))
{
return(Task.CompletedTask);
}
if (idParam != null && ClaimHelpers.GetUserIDClaimValue((ClaimsIdentity)context.User.Identity) == Int32.Parse(idParam))
{
context.Succeed(requirement);
}
if (context.User.Claims.Any(c => c.Type == ClaimTypesCustom.Role && c.Value == RolesEnum.Admin.ToString()))
{
context.Succeed(requirement);
}
return(Task.CompletedTask);
}
/// <summary>
/// Validate authenticated claims.
/// </summary>
/// <param name="claimsPrincipal">Request claims.</param>
/// <param name="ignoreSchedule">Whether to ignore parental control.</param>
/// <param name="localAccessOnly">Whether access is to be allowed locally only.</param>
/// <param name="requiredDownloadPermission">Whether validation requires download permission.</param>
/// <returns>Validated claim status.</returns>
protected bool ValidateClaims(
ClaimsPrincipal claimsPrincipal,
bool ignoreSchedule = false,
bool localAccessOnly = false,
bool requiredDownloadPermission = false)
{
// Ensure claim has userId.
var userId = ClaimHelpers.GetUserId(claimsPrincipal);
if (!userId.HasValue)
{
return(false);
}
// Ensure userId links to a valid user.
var user = _userManager.GetUserById(userId.Value);
if (user == null)
{
return(false);
}
// Ensure user is not disabled.
if (user.HasPermission(PermissionKind.IsDisabled))
{
return(false);
}
var ip = _httpContextAccessor.HttpContext.GetNormalizedRemoteIp();
var isInLocalNetwork = _networkManager.IsInLocalNetwork(ip);
// User cannot access remotely and user is remote
if (!user.HasPermission(PermissionKind.EnableRemoteAccess) && !isInLocalNetwork)
{
return(false);
}
if (localAccessOnly && !isInLocalNetwork)
{
return(false);
}
// User attempting to access out of parental control hours.
if (!ignoreSchedule &&
!user.HasPermission(PermissionKind.IsAdministrator) &&
!user.IsParentalScheduleAllowed())
{
return(false);
}
// User attempting to download without permission.
if (requiredDownloadPermission &&
!user.HasPermission(PermissionKind.EnableContentDownloading))
{
return(false);
}
return(true);
}
private (string ClientName, string ClientVersion) GetRequestInformation()
{
var clientName = ClaimHelpers.GetClient(HttpContext.User) ?? "unknown-client";
var clientVersion = ClaimHelpers.GetIsApiKey(HttpContext.User)
? "apikey"
: ClaimHelpers.GetVersion(HttpContext.User) ?? "unknown-version";
return(clientName, clientVersion);
}
public BaseModel Logout()
{
var user = ClaimHelpers.GetUserFromClaims(User.Claims.ToArray());
_authService.LogoffUser(user.UserId, user.LogId);
return(new BaseModel()
{
Error = false
});
}
public ActionResult <bool> Authorize([FromQuery, Required] string code)
{
var userId = ClaimHelpers.GetUserId(Request.HttpContext.User);
if (!userId.HasValue)
{
return(StatusCode(StatusCodes.Status403Forbidden, "Unknown user id"));
}
return(_quickConnect.AuthorizeRequest(userId.Value, code));
}
public ActionResult <int> Deauthorize()
{
var userId = ClaimHelpers.GetUserId(Request.HttpContext.User);
if (!userId.HasValue)
{
return(0);
}
return(_quickConnect.DeleteAllDevices(userId.Value));
}
public static bool IsUserAdmin(this ClaimsPrincipal User)
{
bool isUserAdmin = false;
if (User != null)
{
isUserAdmin = ClaimHelpers.IsUserAnAdmin((ClaimsIdentity)User.Identity);
}
return(isUserAdmin);
}
private string GetJwtToken(LoginModel logindData)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.AuthSecret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(ClaimHelpers.GetUserClaims(logindData)),
Expires = DateTime.UtcNow.AddHours(_appSettings.AuthTokenExpiresInHours),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return(tokenHandler.WriteToken(token));
}
/// <summary>
/// Add additional fields depending on client.
/// </summary>
/// <remarks>
/// Use in place of GetDtoOptions.
/// Legacy order: 2.
/// </remarks>
/// <param name="dtoOptions">DtoOptions object.</param>
/// <param name="request">Current request.</param>
/// <returns>Modified DtoOptions object.</returns>
internal static DtoOptions AddClientFields(
this DtoOptions dtoOptions, HttpRequest request)
{
dtoOptions.Fields ??= Array.Empty <ItemFields>();
string?client = ClaimHelpers.GetClient(request.HttpContext.User);
// No client in claim
if (string.IsNullOrEmpty(client))
{
return(dtoOptions);
}
if (!dtoOptions.ContainsField(ItemFields.RecursiveItemCount))
{
if (client.IndexOf("kodi", StringComparison.OrdinalIgnoreCase) != -1 ||
client.IndexOf("wmc", StringComparison.OrdinalIgnoreCase) != -1 ||
client.IndexOf("media center", StringComparison.OrdinalIgnoreCase) != -1 ||
client.IndexOf("classic", StringComparison.OrdinalIgnoreCase) != -1)
{
int oldLen = dtoOptions.Fields.Count;
var arr = new ItemFields[oldLen + 1];
dtoOptions.Fields.CopyTo(arr, 0);
arr[oldLen] = ItemFields.RecursiveItemCount;
dtoOptions.Fields = arr;
}
}
if (!dtoOptions.ContainsField(ItemFields.ChildCount))
{
if (client.IndexOf("kodi", StringComparison.OrdinalIgnoreCase) != -1 ||
client.IndexOf("wmc", StringComparison.OrdinalIgnoreCase) != -1 ||
client.IndexOf("media center", StringComparison.OrdinalIgnoreCase) != -1 ||
client.IndexOf("classic", StringComparison.OrdinalIgnoreCase) != -1 ||
client.IndexOf("roku", StringComparison.OrdinalIgnoreCase) != -1 ||
client.IndexOf("samsung", StringComparison.OrdinalIgnoreCase) != -1 ||
client.IndexOf("androidtv", StringComparison.OrdinalIgnoreCase) != -1)
{
int oldLen = dtoOptions.Fields.Count;
var arr = new ItemFields[oldLen + 1];
dtoOptions.Fields.CopyTo(arr, 0);
arr[oldLen] = ItemFields.ChildCount;
dtoOptions.Fields = arr;
}
}
return(dtoOptions);
}
public ActionResult<UserDto> GetCurrentUser()
{
var userId = ClaimHelpers.GetUserId(Request.HttpContext.User);
if (userId is null)
{
return BadRequest();
}
var user = _userManager.GetUserById(userId.Value);
if (user == null)
{
return BadRequest();
}
return _userManager.GetUserDto(user);
}
public static int GetUserId(this ClaimsPrincipal User)
{
int userId = 0;
if (User != null)
{
try
{
userId = ClaimHelpers.GetUserIDClaimValue((ClaimsIdentity)User.Identity);
}
catch (Exception ex)
{
}
}
return(userId);
}
public async Task <ActionResult <bool> > Authorize([FromQuery, Required] string code)
{
var userId = ClaimHelpers.GetUserId(Request.HttpContext.User);
if (!userId.HasValue)
{
return(StatusCode(StatusCodes.Status403Forbidden, "Unknown user id"));
}
try
{
return(await _quickConnect.AuthorizeRequest(userId.Value, code).ConfigureAwait(false));
}
catch (AuthenticationException)
{
return(Unauthorized("Quick connect is disabled"));
}
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SyncPlayAccessRequirement requirement)
{
if (!ValidateClaims(context.User))
{
context.Fail();
return(Task.CompletedTask);
}
var userId = ClaimHelpers.GetUserId(context.User);
var user = _userManager.GetUserById(userId !.Value);
if ((requirement.RequiredAccess.HasValue && user.SyncPlayAccess == requirement.RequiredAccess) ||
user.SyncPlayAccess == SyncPlayAccess.CreateAndJoinGroups)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, BankAccountOperationsAuthorizationPolicyRequirement requirement)
{
var mvcContext = context.Resource as
Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
string idParam = mvcContext.HttpContext.Request.Path.Value.Split(new char[] { '/' }).Last();
var id = mvcContext.ActionDescriptor.Id;
BankAccountRepository bankAccountRepo = new BankAccountRepository((int)UserEnum.SystemUser);
int accountOwnerUserID = bankAccountRepo.GetBankAccountOwnerId(Int32.Parse(idParam));
if (accountOwnerUserID == ClaimHelpers.GetUserIDClaimValue((ClaimsIdentity)context.User.Identity))
{
context.Succeed(requirement);
}
if (context.User.Claims.Any(c => c.Value == requirement.RoleName))
{
context.Succeed(requirement);
}
return(Task.CompletedTask);
}
public MealController(IHttpContextAccessor contextAccessor, IMealService mealService)
{
_mealService = mealService;
_loggedInUser = ClaimHelpers.GetUserFromClaims(contextAccessor.HttpContext.User.Claims);
}
public static List <Claim> RemoveClaimsByType(List <Claim> claims, string type) => ClaimHelpers.RemoveClaimsByType(claims, type);
public static IEnumerable <string> GetClaimValuesByType(IEnumerable <Claim> claims, string type) => ClaimHelpers.GetClaimValuesByType(claims, type);
public static string GetFirstClaimValueByType(IEnumerable <Claim> claims, string type) => ClaimHelpers.GetFirstClaimValueByType(claims, type);
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SyncPlayAccessRequirement requirement)
{
if (!ValidateClaims(context.User))
{
context.Fail();
return(Task.CompletedTask);
}
var userId = ClaimHelpers.GetUserId(context.User);
var user = _userManager.GetUserById(userId !.Value);
if (requirement.RequiredAccess == SyncPlayAccessRequirementType.HasAccess)
{
if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups ||
user.SyncPlayAccess == SyncPlayUserAccessType.JoinGroups ||
_syncPlayManager.IsUserActive(userId.Value))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.CreateGroup)
{
if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.JoinGroup)
{
if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups ||
user.SyncPlayAccess == SyncPlayUserAccessType.JoinGroups)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.IsInGroup)
{
if (_syncPlayManager.IsUserActive(userId.Value))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
else
{
context.Fail();
}
return(Task.CompletedTask);
}
public UserSettingsController(IHttpContextAccessor contextAccessor, IUserSettingsService userSettingsService)
{
_userSettingsService = userSettingsService;
_loggedInUser = ClaimHelpers.GetUserFromClaims(contextAccessor.HttpContext.User.Claims);
}
