public Response Execute(NancyContext context, IResponseFormatter response)
{
if (!configurationStore.GetIsEnabled())
{
return(responseCreator.AsStatusCode(HttpStatusCode.BadRequest));
}
var model = modelBinder.Bind <LoginCommand>(context);
var attemptedUsername = model.Username;
var requestUserHostAddress = context.Request.UserHostAddress;
var action = loginTracker.BeforeAttempt(attemptedUsername, requestUserHostAddress);
if (action == InvalidLoginAction.Ban)
{
return(responseCreator.BadRequest("You have had too many failed login attempts in a short period of time. Please try again later."));
}
var userResult = credentialValidator.ValidateCredentials(attemptedUsername, model.Password);
if (!userResult.Succeeded)
{
loginTracker.RecordFailure(attemptedUsername, requestUserHostAddress);
if (action == InvalidLoginAction.Slow)
{
sleep.For(1000);
}
return(responseCreator.BadRequest(userResult.FailureReason));
}
var user = userResult.User;
if (user == null || !user.IsActive || user.IsService)
{
loginTracker.RecordFailure(attemptedUsername, requestUserHostAddress);
if (action == InvalidLoginAction.Slow)
{
sleep.For(1000);
}
return(responseCreator.BadRequest("Invalid username or password."));
}
loginTracker.RecordSucess(attemptedUsername, requestUserHostAddress);
var cookie = issuer.CreateAuthCookie(context, user.IdentificationToken, model.RememberMe);
return(responseCreator.AsOctopusJson(response, userMapper.MapToResource(user))
.WithCookie(cookie)
.WithStatusCode(HttpStatusCode.OK)
.WithHeader("Expires", DateTime.UtcNow.AddYears(1).ToString("R", DateTimeFormatInfo.InvariantInfo)));
}
public Response Execute(NancyContext context, IResponseFormatter response)
{
var name = context.Request.Query["name"];
if (string.IsNullOrWhiteSpace(name))
{
return(responseCreator.BadRequest("Please provide the name of a group to search by, or a team"));
}
return(responseCreator.AsOctopusJson(response, SearchByName(name)));
}
public OctopusVariablesModule(IApiActionResponseCreator apiResponseCreator, IVariableManifestFactory variableManifestFactory)
{
_apiResponseCreator = apiResponseCreator;
_variableManifestFactory = variableManifestFactory;
Get["/api/variables/deployment/{id}"] = parameters => _apiResponseCreator.AsOctopusJson(Response, GetByDeploymentId(parameters), HttpStatusCode.OK);
;
Get["/api/variables/test/{releaseId}/{environmentId}"] = parameters => apiResponseCreator.AsOctopusJson(Response, GetFromTestDeployment(parameters), HttpStatusCode.OK);
Get["/api/variables/test/{releaseId}/{environmentId}/{tenantId}"] = parameters => apiResponseCreator.AsOctopusJson(Response, GetFromTestDeployment(parameters), HttpStatusCode.OK);
Get["/api/variables/deployment/{id}/eval/{variable}"] = parameters => ReturnResolvedVariable(GetByDeploymentId(parameters), parameters);
Get["/api/variables/test/{releaseId}/{environmentId}/eval/{variable}"] = parameters => ReturnResolvedVariable(GetFromTestDeployment(parameters), parameters);
Get["/api/variables/test/{releaseId}/{environmentId}/{tenantId}/eval/{variable}"] = parameters => ReturnResolvedVariable(GetFromTestDeployment(parameters), parameters);
Post["/api/variables/deployment/{id}/eval"] = parameters => ReturnEvaluatedRequest(GetByDeploymentId(parameters));
Post["/api/variables/test/{releaseId}/{environmentId}/eval"] = parameters => ReturnEvaluatedRequest(GetFromTestDeployment(parameters));
Post["/api/variables/test/{releaseId}/{environmentId}/{tenantId}/eval"] = parameters => ReturnEvaluatedRequest(GetFromTestDeployment(parameters));
}
public async Task <Response> ExecuteAsync(NancyContext context, IResponseFormatter response)
{
if (ConfigurationStore.GetIsEnabled() == false)
{
log.Warn($"{ConfigurationStore.ConfigurationSettingsName} user authentication API was called while the provider was disabled.");
return(ResponseCreator.BadRequest(new string[] { "This authentication provider is disabled." }));
}
var model = modelBinder.Bind <LoginRedirectLinkRequestModel>(context);
var state = model.RedirectAfterLoginTo;
if (string.IsNullOrWhiteSpace(state))
{
state = "/";
}
var whitelist = webPortalConfigurationStore.GetTrustedRedirectUrls();
if (!Requests.IsLocalUrl(state, whitelist))
{
log.WarnFormat("Prevented potential Open Redirection attack on an authentication request, to the non-local url {0}", state);
return(ResponseCreator.BadRequest("Request not allowed, due to potential Open Redirection attack"));
}
var nonce = Nonce.GenerateUrlSafeNonce();
try
{
var issuer = ConfigurationStore.GetIssuer();
var issuerConfig = await identityProviderConfigDiscoverer.GetConfigurationAsync(issuer);
var url = urlBuilder.Build(model.ApiAbsUrl, issuerConfig, nonce, state);
return(ResponseCreator.AsOctopusJson(response, new LoginRedirectLinkResponseModel {
ExternalAuthenticationUrl = url
})
.WithCookie(new NancyCookie("s", State.Protect(state), true, false, DateTime.UtcNow.AddMinutes(20)))
.WithCookie(new NancyCookie("n", Nonce.Protect(nonce), true, false, DateTime.UtcNow.AddMinutes(20))));
}
catch (Exception ex)
{
log.Error(ex);
return(response.AsRedirect($"{state}?error=Login failed. Please see the Octopus Server logs for more details."));
}
}
