public Response Execute(NancyContext context, IResponseFormatter response) { if (!configurationStore.GetIsEnabled()) { return(responseCreator.AsStatusCode(HttpStatusCode.BadRequest)); } var model = modelBinder.Bind <LoginCommand>(context); var attemptedUsername = model.Username; var requestUserHostAddress = context.Request.UserHostAddress; var action = loginTracker.BeforeAttempt(attemptedUsername, requestUserHostAddress); if (action == InvalidLoginAction.Ban) { return(responseCreator.BadRequest("You have had too many failed login attempts in a short period of time. Please try again later.")); } var userResult = credentialValidator.ValidateCredentials(attemptedUsername, model.Password); if (!userResult.Succeeded) { loginTracker.RecordFailure(attemptedUsername, requestUserHostAddress); if (action == InvalidLoginAction.Slow) { sleep.For(1000); } return(responseCreator.BadRequest(userResult.FailureReason)); } var user = userResult.User; if (user == null || !user.IsActive || user.IsService) { loginTracker.RecordFailure(attemptedUsername, requestUserHostAddress); if (action == InvalidLoginAction.Slow) { sleep.For(1000); } return(responseCreator.BadRequest("Invalid username or password.")); } loginTracker.RecordSucess(attemptedUsername, requestUserHostAddress); var cookie = issuer.CreateAuthCookie(context, user.IdentificationToken, model.RememberMe); return(responseCreator.AsOctopusJson(response, userMapper.MapToResource(user)) .WithCookie(cookie) .WithStatusCode(HttpStatusCode.OK) .WithHeader("Expires", DateTime.UtcNow.AddYears(1).ToString("R", DateTimeFormatInfo.InvariantInfo))); }
public Response Execute(NancyContext context, IResponseFormatter response) { var name = context.Request.Query["name"]; if (string.IsNullOrWhiteSpace(name)) { return(responseCreator.BadRequest("Please provide the name of a group to search by, or a team")); } return(responseCreator.AsOctopusJson(response, SearchByName(name))); }
public OctopusVariablesModule(IApiActionResponseCreator apiResponseCreator, IVariableManifestFactory variableManifestFactory) { _apiResponseCreator = apiResponseCreator; _variableManifestFactory = variableManifestFactory; Get["/api/variables/deployment/{id}"] = parameters => _apiResponseCreator.AsOctopusJson(Response, GetByDeploymentId(parameters), HttpStatusCode.OK); ; Get["/api/variables/test/{releaseId}/{environmentId}"] = parameters => apiResponseCreator.AsOctopusJson(Response, GetFromTestDeployment(parameters), HttpStatusCode.OK); Get["/api/variables/test/{releaseId}/{environmentId}/{tenantId}"] = parameters => apiResponseCreator.AsOctopusJson(Response, GetFromTestDeployment(parameters), HttpStatusCode.OK); Get["/api/variables/deployment/{id}/eval/{variable}"] = parameters => ReturnResolvedVariable(GetByDeploymentId(parameters), parameters); Get["/api/variables/test/{releaseId}/{environmentId}/eval/{variable}"] = parameters => ReturnResolvedVariable(GetFromTestDeployment(parameters), parameters); Get["/api/variables/test/{releaseId}/{environmentId}/{tenantId}/eval/{variable}"] = parameters => ReturnResolvedVariable(GetFromTestDeployment(parameters), parameters); Post["/api/variables/deployment/{id}/eval"] = parameters => ReturnEvaluatedRequest(GetByDeploymentId(parameters)); Post["/api/variables/test/{releaseId}/{environmentId}/eval"] = parameters => ReturnEvaluatedRequest(GetFromTestDeployment(parameters)); Post["/api/variables/test/{releaseId}/{environmentId}/{tenantId}/eval"] = parameters => ReturnEvaluatedRequest(GetFromTestDeployment(parameters)); }
public async Task <Response> ExecuteAsync(NancyContext context, IResponseFormatter response) { if (ConfigurationStore.GetIsEnabled() == false) { log.Warn($"{ConfigurationStore.ConfigurationSettingsName} user authentication API was called while the provider was disabled."); return(ResponseCreator.BadRequest(new string[] { "This authentication provider is disabled." })); } var model = modelBinder.Bind <LoginRedirectLinkRequestModel>(context); var state = model.RedirectAfterLoginTo; if (string.IsNullOrWhiteSpace(state)) { state = "/"; } var whitelist = webPortalConfigurationStore.GetTrustedRedirectUrls(); if (!Requests.IsLocalUrl(state, whitelist)) { log.WarnFormat("Prevented potential Open Redirection attack on an authentication request, to the non-local url {0}", state); return(ResponseCreator.BadRequest("Request not allowed, due to potential Open Redirection attack")); } var nonce = Nonce.GenerateUrlSafeNonce(); try { var issuer = ConfigurationStore.GetIssuer(); var issuerConfig = await identityProviderConfigDiscoverer.GetConfigurationAsync(issuer); var url = urlBuilder.Build(model.ApiAbsUrl, issuerConfig, nonce, state); return(ResponseCreator.AsOctopusJson(response, new LoginRedirectLinkResponseModel { ExternalAuthenticationUrl = url }) .WithCookie(new NancyCookie("s", State.Protect(state), true, false, DateTime.UtcNow.AddMinutes(20))) .WithCookie(new NancyCookie("n", Nonce.Protect(nonce), true, false, DateTime.UtcNow.AddMinutes(20)))); } catch (Exception ex) { log.Error(ex); return(response.AsRedirect($"{state}?error=Login failed. Please see the Octopus Server logs for more details.")); } }