protected void Page_Load(object sender, EventArgs e)
{
string action = Request ["action"];
string referrer = Request ["referrer"] ?? (string)Session ["login_referrer"];
Session.Remove("login_referrer");
bool noOpenIdResponse = false;
if (!string.IsNullOrEmpty(referrer))
{
txtReferrer.Value = referrer;
}
if (!this.IsPostBack)
{
if (Request.UrlReferrer != null && string.IsNullOrEmpty(txtReferrer.Value))
{
txtReferrer.Value = Request.UrlReferrer.AbsoluteUri;
}
}
// can't refer back to itself
if (txtReferrer.Value.Contains("Login.aspx"))
{
txtReferrer.Value = "index.aspx";
}
cmdLoginOpenId.Visible = !string.IsNullOrEmpty(Configuration.OpenIdProvider);
cmdLoginOauth.Visible = !string.IsNullOrEmpty(Configuration.OauthClientId);
cmdLoginGitHubOauth.Visible = !string.IsNullOrEmpty(Configuration.GitHubOauthClientId);
if (!Configuration.AllowPasswordLogin)
{
cmdLogin.Visible = Configuration.AllowPasswordLogin;
txtPassword.Visible = Configuration.AllowPasswordLogin;
txtUser.Visible = Configuration.AllowPasswordLogin;
lblUser.Visible = Configuration.AllowPasswordLogin;
lblPassword.Visible = Configuration.AllowPasswordLogin;
}
// If we have a provider of GitHub in the query string,
// try to log in using our Oauth session state.
if (cmdLoginGitHubOauth.Visible &&
Request.QueryString.GetValues("__provider__") != null &&
Request.QueryString.GetValues("__provider__")[0] == "github")
{
var authResult = GitHubAuthenticationHelper.VerifyAuthentication();
if (!authResult.IsSuccessful)
{
lblMessageOpenId.Text = "Failed to get user authenication from GitHub";
return;
}
var accessToken = authResult.GetAccessToken();
var userTeamList = GitHubAuthenticationHelper.GetUserTeams(accessToken);
var gitHubOrgTeamList = new List <string[]> ();
// We can't use select/group by with dynamic objects.
// So instead, we put together the org and team list ourselves as a tuple.
foreach (var userTeam in userTeamList)
{
var teamName = userTeam.name.ToString();
var orgName = userTeam.organization.login.ToString();
gitHubOrgTeamList.Add(new string[] { orgName, teamName });
}
LoginResponse loginResponse = new LoginResponse();
using (DB db = new DB()) {
try {
DBLogin_Extensions.GitHubLogin(db, loginResponse,
Utilities.GetExternalIP(Request),
gitHubOrgTeamList,
authResult.GetGitHubLogin());
} catch (Exception ex) {
loginResponse.Exception = new WebServiceException(ex);
}
}
if (loginResponse.Exception != null)
{
lblMessageOpenId.Text = loginResponse.Exception.Message;
}
else
{
Authentication.SetCookies(Response, loginResponse);
Response.Redirect(txtReferrer.Value, false);
}
Session["github_token"] = accessToken;
return;
}
// If "state" is in the query string callback, it's Google OAuth, so try to log in with that
if (cmdLoginOauth.Visible && Request.QueryString.GetValues("state") != null)
{
var authResult = AuthenticationHelper.VerifyAuthentication();
if (!authResult.IsSuccessful)
{
lblMessageOpenId.Text = "Failed to get user authenication from Google";
return;
}
LoginResponse loginResponse = new LoginResponse();
using (DB db = new DB()) {
try {
DBLogin_Extensions.Login(db, loginResponse, authResult.GetEmail(),
Utilities.GetExternalIP(Request));
} catch (Exception ex) {
loginResponse.Exception = new WebServiceException(ex);
}
}
if (loginResponse.Exception != null)
{
lblMessageOpenId.Text = loginResponse.Exception.Message;
}
else
{
Authentication.SetCookies(Response, loginResponse);
Response.Redirect(txtReferrer.Value, false);
}
return;
}
if (cmdLoginOpenId.Visible)
{
OpenIdRelyingParty openid = new OpenIdRelyingParty();
var oidresponse = openid.GetResponse();
if (oidresponse != null)
{
switch (oidresponse.Status)
{
case AuthenticationStatus.Authenticated:
// This is where you would look for any OpenID extension responses included
// in the authentication assertion.
var fetch = oidresponse.GetExtension <FetchResponse> ();
string email;
email = fetch.Attributes [WellKnownAttributes.Contact.Email].Values [0];
WebServiceLogin login = new WebServiceLogin();
login.Password = Configuration.WebServicePassword;
login.User = Configuration.Host;
var response = Utils.LocalWebService.LoginOpenId(login, email, Utilities.GetExternalIP(Request));
if (response.Exception != null)
{
lblMessageOpenId.Text = response.Exception.Message;
}
else
{
Authentication.SetCookies(Response, response);
Response.Redirect(txtReferrer.Value, false);
return;
}
break;
default:
lblMessageOpenId.Text = "Could not login using OpenId: " + oidresponse.Status.ToString();
break;
}
}
else
{
noOpenIdResponse = true;
}
}
if (!string.IsNullOrEmpty(action) && action == "logout")
{
if (Request.Cookies ["cookie"] != null)
{
Utils.LocalWebService.Logout(Master.WebServiceLogin);
Response.Cookies.Add(new HttpCookie("cookie", ""));
Response.Cookies ["cookie"].Expires = DateTime.Now.AddYears(-20);
Response.Cookies.Add(new HttpCookie("user", ""));
Response.Cookies ["user"].Expires = DateTime.Now.AddYears(-20);
Response.Cookies.Add(new HttpCookie("roles", ""));
Response.Cookies ["roles"].Expires = DateTime.Now.AddYears(-20);
}
Response.Redirect(txtReferrer.Value, false);
return;
}
var auto_openid_redirect = false;
var auto = Request ["auto-redirect-openid"];
if (!string.IsNullOrEmpty(auto) && auto.ToUpperInvariant() == "TRUE")
{
auto_openid_redirect = true;
}
if (!Configuration.AllowPasswordLogin && string.IsNullOrEmpty(action) && Configuration.AllowAnonymousAccess && noOpenIdResponse)
{
auto_openid_redirect = true;
}
if (auto_openid_redirect)
{
cmdLoginOpenId_Click(null, null);
}
}
public static void Authenticate(string user_host_address, DB db, WebServiceLogin login, WebServiceResponse response, bool @readonly)
{
int person_id;
DBLoginView view = null;
log.DebugFormat("WebService.Authenticate (Ip4: {0}, UserHostAddress: {1}, User: {2}, Cookie: {3}, Password: {4}", login == null ? null : login.Ip4, user_host_address, login == null ? null : login.User, login == null ? null : login.Cookie, login == null ? null : login.Password);
// Check if credentials were passed in
if (login == null || string.IsNullOrEmpty(login.User) || (string.IsNullOrEmpty(login.Password) && string.IsNullOrEmpty(login.Cookie)))
{
VerifyAnonymousAllowed();
return;
}
string ip = !string.IsNullOrEmpty(login.Ip4) ? login.Ip4 : user_host_address;
if (!string.IsNullOrEmpty(login.Password))
{
DBLogin result = DBLogin_Extensions.LoginUser(db, login.User, login.Password, ip, @readonly);
if (result != null)
{
if (@readonly)
{
person_id = result.person_id;
}
else
{
view = DBLoginView_Extensions.VerifyLogin(db, login.User, result.cookie, ip);
if (view == null)
{
log.Debug("Invalid cookie");
VerifyAnonymousAllowed();
return;
}
person_id = view.person_id;
}
}
else
{
log.Debug("Invalid user/password");
VerifyAnonymousAllowed();
return;
}
}
else
{
view = DBLoginView_Extensions.VerifyLogin(db, login.User, login.Cookie, ip);
if (view == null)
{
log.Debug("Invalid cookie");
VerifyAnonymousAllowed();
return;
}
person_id = view.person_id;
log.DebugFormat("Verifying login, cookie: {0} user: {1} ip: {2}", login.Cookie, login.User, ip);
}
log.Debug("Valid credentials");
if (response == null)
{
return;
}
DBPerson person = DBPerson_Extensions.Create(db, person_id);
LoginResponse login_response = response as LoginResponse;
if (login_response != null)
{
login_response.Cookie = view != null ? view.cookie : null;
login_response.FullName = person.fullname;
login_response.ID = person_id;
}
response.UserName = person.login;
response.UserRoles = person.Roles;
log.DebugFormat("Authenticate2 Roles are: {0}", response.UserRoles == null ? "null" : string.Join(";", response.UserRoles));
}
