public static bool IsTokenMatchInDatabase(string userID, string token)
{
if (string.IsNullOrEmpty(token))
{
return(false);
}
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryParameter queryParam = new QueryParameter();
queryParam.Add("USER_ID", userID);
queryParam.Add("TOKEN", GetStringSha256Hash(token));
QueryResult queryResult = dbConnector.ExecuteStoredProcedure("APP_Q_MATCH_TOKEN", queryParam);
string matchStr = "";
DataTable resultData = queryResult.DataTable;
if (resultData != null && resultData.Rows.Count > 0 && resultData.Columns.Count > 0)
{
matchStr = queryResult.DataTable.Rows[0][0].ToString();
}
return(matchStr == "1");
}
public static QueryResult UserExists(QueryParameter queryParameter)
{
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryResult queryResult = dbConnector.ExecuteStoredProcedure("UM_USER_EXISTS", queryParameter);
return(queryResult);
}
public Stream DS_TRANSIT(Stream requestStream)
{
if (!AMSCSRFCore.IsRequestComeFromProxy(HttpContext.Current.Request))
{
return(GenerateErrorResponse(null, "Requester IP is not authorized", System.Net.HttpStatusCode.Forbidden));
}
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
return(dbConnector.ExecuteStoredProcedure(requestStream).ToStream());
}
public static QueryResult ForgetPassword(QueryParameter queryParameter)
{
QueryResult result = null;
string userID = queryParameter["USER_ID"].ToString();
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryParameter param = new QueryParameter();
param.Add("USER_ID", userID);
QueryResult queryResult = dbConnector.ExecuteStoredProcedure("UM_USER_Q", param);
if (queryResult.Success)
{
string userEmail = queryResult.DataTable.Rows[0]["EMAIL"].ToString();
string token = AuthenUtil.GetStringSha256Hash(AuthenUtil.GenerateToken());
param = new QueryParameter();
param.Add("USER_ID", userID);
param.Add("TOKEN", token);
result = dbConnector.ExecuteStoredProcedure("APP_FORGET_PWD_TOKEN_I", param);
if (result.Success)
{
string passwordResetUrl = string.Format("http://localhost/WebApp/resetpassword.aspx?userID={0}&token={1}", userID, token);
QueryParameter mailParameter = new QueryParameter();
mailParameter.Add("MAIL_TO", userEmail);
mailParameter.Add("MAIL_SUBJECT", "Reset Password");
mailParameter.Add("MAIL_BODY", string.Format(@"
<h1>Reset Password</h1>
<div>
You have requested to reset password for account {0} <br/>
<b>Plase contact administrator if you have not issued reset password request.</b>
</div>
<br/>
Click <a href=""{1}"">here</a> to reset password.
", userID, passwordResetUrl));
result = MailUtil.SendEmail(mailParameter);
}
}
else
{
result = new QueryResult();
result.Success = false;
result.Message = "USER_NOT_EXIST";
}
return(result);
}
public static void ClearToken(string userID, string token)
{
if (string.IsNullOrEmpty(token))
{
return;
}
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryParameter queryParam = new QueryParameter();
queryParam.Add("USER_ID", userID);
queryParam.Add("TOKEN", GetStringSha256Hash(token));
dbConnector.ExecuteStoredProcedure("APP_TOKEN_D", queryParam);
}
public static void StoreToken(string userID, string token)
{
if (string.IsNullOrEmpty(token))
{
throw new Exception("Authentication token cannot be empty");
}
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryParameter queryParam = new QueryParameter();
queryParam.Add("USER_ID", userID);
queryParam.Add("TOKEN", GetStringSha256Hash(token));
dbConnector.ExecuteStoredProcedure("APP_TOKEN_I", queryParam);
}
public static QueryResult UpdateUser(QueryParameter queryParameter)
{
queryParameter = new QueryParameter(queryParameter.Parameter);
if (queryParameter.Parameter.ContainsKey("PASSWORD"))
{
string password = queryParameter["PASSWORD"].ToString();
string hashPassword = AuthenUtil.GetStringSha256Hash(password);
queryParameter.Add("PASSWORD", hashPassword);
}
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryResult queryResult = dbConnector.ExecuteStoredProcedure("UM_USER_U", queryParameter);
return(queryResult);
}
public static void Logout(HttpSessionState Session, HttpResponse Response = null)
{
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryParameter logoutParameter = new QueryParameter();
QueryResult logoutResult = new QueryResult();
if (Session != null)
{
if (AppSession.GetSession("USER_ID", Session) != null)
{
string userID = AppSession.GetSession("USER_ID", Session).ToString();
if (AppSession.GetSession("AUTHEN_TOKEN", Session) != null)
{
AuthenUtil.ClearToken(userID, AppSession.GetSession("AUTHEN_TOKEN", Session).ToString());
}
logoutParameter.Add("USER_ID", userID);
logoutResult = dbConnector.ExecuteStoredProcedure("SYS_I_LOGOUT", logoutParameter);
logoutResult.Success = true;
logoutResult.Message = string.Empty;
logoutResult.RemoveOutputParam("error");
}
AppSession.SetSession("USER_ID", null, Session);
AppSession.SetSession("AUTHEN_TOKEN", null, Session);
AppSession.SetSession("IS_GUEST", true, Session);
//ถ้าอยาก clear session จะต้องบังคับให้ client refresh หน้าเว็บด้วยนะ เพราะต้อง regen CSRF ด้วย
Session.Clear();
Session.Abandon();
}
if (Response != null)
{
HttpCookie authenTokenCookie = new HttpCookie("AUTHEN_TOKEN");
authenTokenCookie.Value = "";
Response.Cookies.Add(authenTokenCookie);
//ถ้าอยาก clear session จะต้องบังคับให้ client refresh หน้าเว็บด้วยนะ เพราะต้อง regen CSRF ด้วย
Response.Cookies["esrith.session.id"].Expires = DateTime.Now.AddDays(-30);
Response.ClearContent();
Response.ContentType = "application/json";
Response.Write(logoutResult.ToJson());
}
}
public static bool IsTokenMatchInDatabase(string userID, string token)
{
if (string.IsNullOrEmpty(token))
{
return(false);
}
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryParameter queryParam = new QueryParameter();
queryParam.Add("USER_ID", userID);
queryParam.Add("TOKEN", GetStringSha256Hash(token));
QueryResult queryResult = dbConnector.ExecuteStoredProcedure("APP_TOKEN_MATCH", queryParam);
return(queryResult.Success);
}
public static QueryResult Login(HttpContext context, QueryParameter queryParameter)
{
queryParameter = new QueryParameter(queryParameter.Parameter);
if (queryParameter.Parameter.ContainsKey("PASSWORD"))
{
string password = queryParameter["PASSWORD"].ToString();
string hashPassword = AuthenUtil.GetStringSha256Hash(password);
queryParameter.Add("PASSWORD", hashPassword);
}
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryResult queryResult = dbConnector.ExecuteStoredProcedure("APP_LOGIN_Q", queryParameter);
if (queryResult.Success && queryResult.DataTable != null && queryResult.DataTable.Rows.Count > 0)
{
foreach (DataColumn dataColumn in queryResult.DataTable.Columns)
{
foreach (AppSessionItem sessionItem in AppSession.AppSessionConfig.SessionItems)
{
if (sessionItem.Name.Equals(dataColumn.ColumnName))
{
AppSession.SetSession(dataColumn.ColumnName, queryResult.DataTable.Rows[0][dataColumn.ColumnName], context.Session);
break;
}
}
}
string userID = AppSession.GetSession("USER_ID", context.Session).ToString();
string token = AuthenUtil.GenerateToken();
AppSession.SetSession("AUTHEN_TOKEN", token, context.Session);
AppSession.SetSession("IS_GUEST", false, context.Session);
if (AppHttpHandler.AppHttpHandlerConfig.Security.EnableDuplicateAuthenChecking)
{
AuthenUtil.StoreToken(userID, token);
}
// ถ้าต้องการให้ retrun ค่าของ USER_ID ไปด้วยให้ลบบรรทัดนี้เลย
queryResult.DataTable.Columns.Remove("USER_ID");
}
return(queryResult);
}
public Stream DS_SAMPLE_FILE_UPLOAD(Stream requestStream)
{
if (!AMSCSRFCore.IsRequestComeFromProxy(HttpContext.Current.Request))
{
return(GenerateErrorResponse(null, "Requester IP is not authorized", System.Net.HttpStatusCode.Forbidden));
}
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryParameter queryParam = new QueryParameter(requestStream);
QueryResult queryResult = dbConnector.ExecuteStoredProcedure(queryParam);
string targetPath = AMSCore.WebConfigReadKey("TEMPORARY_PATH");
if (NetworkConnector.Access(targetPath))
{
foreach (FileParameter fileParameter in queryParam.Files)
{
fileParameter.Save(targetPath);
}
}
return(queryResult.ToStream(true));
}
private void AddDataset(Dictionary <string, object> rptDatasets)
{
if (rptDatasets != null && rptDatasets.Count > 0)
{
foreach (KeyValuePair <string, object> pair in rptDatasets)
{
if (pair.Value == null)
{
//
}
else
{
DataTable dt = new DataTable();
if (pair.Value.GetType() == typeof(ArrayList))
{
ArrayList arrList = pair.Value as ArrayList;
//Dictionary<string, object>[] dictArr = (Dictionary<string, object>[])arrList.ToArray(typeof(Dictionary<string, object>));
//List<Dictionary<string, object>> dictList = new List<Dictionary<string, object>>(dictArr);
//dt = DictionaryListToDataTable(dictList);
dt = ArrayListToDataTable(arrList);
}
else if (pair.Value.GetType() == typeof(Dictionary <string, object>))
{
Dictionary <string, object> dict = pair.Value as Dictionary <string, object>;
if (dict.ContainsKey("SP"))
{
QueryParameter queryParam = new QueryParameter(dict);
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryResult result = dbConnector.ExecuteStoredProcedure(queryParam);
if (result.Success && result.DataTable != null)
{
dt = result.DataTable;
}
}
}
AddDataset(pair.Key, dt);
}
}
}
}
//กรณี ส่ง parameter ที่มาจาก client และจาก SP
public static void Push(QueryParameter queryParam, Dictionary <string, object> NTParameters)
{
string NT_SP = string.Empty;
QueryParameter NTParam;
QueryResult NTqueryResult;
try
{
if (queryParam != null)
{
NTParam = GetNTParameter(queryParam, NTParameters);
}
else
{
throw new Exception("ไม่มี parameter สำหรับส่ง notitfication");
}
if (queryParam["NT"] != null)
{
NT_SP = queryParam["NT"].ToString();
}
else
{
throw new Exception("parameter 'NT' ไม่มี stored procedure สำหรับส่ง notitfication");
}
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
new Task(() =>
{
NTqueryResult = dbConnector.ExecuteStoredProcedure(NT_SP, NTParam);
Push(NTqueryResult);
}).Start();
}
catch (Exception e)
{
}
}
protected void Page_Load(object sender, EventArgs e)
{
string userID = Request.Params["userID"];
string token = Request.Params["token"];
if (userID != null && token != null)
{
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryParameter param = new QueryParameter();
QueryResult queryResult = null;
// check if userId, token is valid.
param = new QueryParameter();
param.Add("USER_ID", userID);
param.Add("TOKEN", token);
queryResult = dbConnector.ExecuteStoredProcedure("APP_FORGET_PWD_TOKEN_MATCH", param);
if (!queryResult.Success)
{
this.PasswordResetForm.Visible = false;
if (queryResult.Message == "TOKEN_EXPIRED")
{
this.Message.Text = "URL is expired";
}
else
{
this.Message.Text = "Unauthorized";
}
}
//if this request come form asp.net webform, then
// check if password == confirmpassword
if (IsPostBack)
{
string password = this.Password.Text.Trim();
string passwordConfirm = this.PasswordConfirm.Text;
if (password.Length == 0)
{
this.Message.Text = "Password is empty";
}
else if (password != passwordConfirm)
{
this.Message.Text = "Password is not match";
}
else
{
string hashPassword = AuthenUtil.GetStringSha256Hash(password);
param = new QueryParameter();
param.Add("USER_ID", userID);
param.Add("PASSWORD", hashPassword);
queryResult = dbConnector.ExecuteStoredProcedure("UM_USER_PWD_U", param);
if (queryResult.Success)
{
param = new QueryParameter();
param.Add("USER_ID", userID);
queryResult = dbConnector.ExecuteStoredProcedure("APP_FORGET_PWD_TOKEN_D", param);
this.PasswordResetForm.Visible = false;
this.Message.Text = "Password reset successful. Please go to login page.";
}
}
}
}
else
{
this.PasswordResetForm.Visible = false;
this.Message.Text = "Unauthorized";
}
}
public void ProcessRequest(HttpContext context)
{
try
{
QueryParameter queryParameter = new QueryParameter(context);
QueryResult queryResult = new QueryResult();
AppHttpHandler.ProcessRequest(context, queryParameter, AuthenUtil.AuthenMode.BYPASS);
if (context.Session != null)
{
if (AppSession.GetSession("USER_ID", context.Session) != null)
{
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
string userID = AppSession.GetSession("USER_ID", context.Session).ToString();
string sqlStmt = "SELECT PASSWORD FROM UM_USER WHERE USER_ID=?";
queryParameter = new QueryParameter();
queryParameter.Add("USER_ID", userID);
QueryResult queryUser = dbConnector.ExecuteStatement(sqlStmt, queryParameter);
if (queryUser.DataTable != null && queryUser.DataTable.Rows.Count > 0)
{
queryParameter = new QueryParameter();
queryParameter.Add("USERNAME", userID);
queryParameter.Add("PASSWORD", queryUser.DataTable.Rows[0][0].ToString());
queryUser = dbConnector.ExecuteStoredProcedure("APP_LOGIN_Q", queryParameter);
queryParameter = new QueryParameter();
queryParameter.Add("APP_SESSION_USER_ID", userID);
queryResult = dbConnector.ExecuteStoredProcedure("APP_CONFIG_Q", queryParameter);
queryResult.AddOutputParam("userInfo", ConnectorUtil.DataTableToDictionary(queryUser.DataTable, dbConnector.DateTimeFormat, dbConnector.CultureInfo));
}
}
if (AppSession.GetSession("REQUEST_DATA", context.Session) != null)
{
queryResult.AddOutputParam("requestData", AppSession.GetSession("REQUEST_DATA", context.Session));
}
}
else
{
throw new Exception("EMPTY_SESSION");
}
context.Response.ContentType = "application/json";
context.Response.Write(queryResult.ToJson());
context.Response.StatusCode = (int)System.Net.HttpStatusCode.OK;
AppHttpHandler.ProcessResponse(context);
}
catch (Exception exception)
{
AppHttpHandler.ProcessException(exception, context);
}
finally
{
context.Response.Flush();
context.Response.End();
}
}
