public void DeleteManager(Guid id, string password) { var users = _database.GetCollection <BsonDocument> ("users"); var manager = GetManager(id); if (_api.Authenticate(_ssaDomain.Key, manager.UserName, password) != null) { users.Remove(new QueryDocument("_id", id)); var domains = GetDomains(id); if (domains != null && domains.Length > 0) { foreach (Domain domain in domains) { DeleteDomain(domain.Id); } } } }
public LogonModule(IRepository repository, IApiRepository api) { Get ["/forgot"] = parameters => { var model = new ForgotPasswordModel(); return(View ["Forgot", model]); }; Post ["/forgot"] = parameters => { var model = this.Bind <ForgotPasswordModel> (); model.Errors = new List <Error> (); var result = this.Validate(model); if (!result.IsValid) { model.Errors = Helpers.GetValidationErrors(result); return(View ["Forgot", model]); } string password = repository.ForgotPassword(model.Email); if (string.IsNullOrEmpty(password)) { var error = new Error(); error.Name = "NoAccount"; error.Message = "Account does not exist. Please sign up for an account."; model.Errors.Add(error); } else { var body = "You have requested a new password.\n"; body += string.Format("password: {0}\n", password); body += "login at: https://www.supersimpleauth.com\n\n\n"; body += "If you did not request this password please report this activity to: [email protected] \n"; body += string.Format("The request was generated from IP: {0}", Request.UserHostAddress); Email.Send("supersimpleauth.com", model.Email, string.Format("New password for: {0}", model.Email), body); model.Messages.Add("Your new password has been sent to your email."); } return(View ["Forgot", model]); }; Get ["/logon"] = parameters => { var logon = new LogonModel(); return(View ["Logon", logon]); }; Post ["/logon"] = parameters => { var model = this.Bind <LogonModel> (); model.Errors = new List <Error> (); var result = this.Validate(model); if (!result.IsValid) { model.Errors = Helpers.GetValidationErrors(result); return(View ["Logon", model]); } var manager = api.Authenticate(repository.SsaDomain.Key, model.Username, model.Secret); var error = new Error(); error.Name = "SignInError"; error.Message = "Password or username incorrect."; model.Errors.Add(error); if (manager == null) { return(View ["Logon", model]); } return(this.LoginAndRedirect(manager.Id, fallbackRedirectUrl: "/home")); }; Get ["/logoff"] = parameters => { return(this.LogoutAndRedirect("/Logon")); }; Get ["/signup"] = parameters => { var model = new SignupModel(); return(View ["Index", model]); }; Post ["/signup"] = parameters => { var model = this.Bind <SignupModel> (); model.Errors = new List <Error> (); var result = this.Validate(model); if (!result.IsValid) { model.Errors = Helpers.GetValidationErrors(result); return(View ["Index", model]); } try { repository.CreateManager(model.Email, model.Secret); } catch (MongoDB.Driver.WriteConcernException e) { var error = new Error() { Name = "Duplicate", Message = "This email has an account." }; model.Errors.Add(error); return(View ["Index", model]); } var logon = new LogonModel(); logon.Messages.Add("Successully created your account. Please Sign In."); return(View ["Logon", logon]); }; Get ["/settings"] = parameters => { var model = new SettingsModel(); model.Manager = (IUser)this.Context.CurrentUser; return(View ["Settings", model]); }; Post ["/settings"] = parameters => { var model = this.Bind <SettingsModel> (); model.Manager = (IUser)this.Context.CurrentUser; if (Request.Form.ChangeEmail != null) { repository.ChangeEmail(model.Manager.Id, model.Password, model.Email); } if (Request.Form.ChangePassword) { repository.ChangePassword(model.Manager.Id, model.OldPassword, model.NewPassword, model.ConfirmPassword); } if (Request.Form.Delete) { if (!string.IsNullOrEmpty(model.DeletePassword)) { repository.DeleteManager(model.Manager.Id, model.DeletePassword); return(this.Response.AsRedirect("/")); } else { var error = new Error(); error.Name = "Password"; error.Message = "Please supply a valid password to delete account."; model.Errors.Add(error); return(View ["Settings", model]); } } return(Response.AsRedirect("/settings")); }; }
public AuthModule(IApiRepository repository) { Before += ctx => { //var token = // Request.Headers [_authorization].FirstOrDefault (); //var jwt = Jwt.ToObject(token.Replace("\"", string.Empty)); //var key = repository.GetAuthToken(Guid.Parse(jwt.Payload.Audience), // jwt.Payload.Username); //if(Jwt.Validate(token.Replace("\"", // string.Empty), key)) //{ // return Response.AsJson (true); //} //var error = Error.VerifyRequest (Request, repository); //if (error != null) //{ // return Response.AsJson (error, // Nancy.HttpStatusCode.UnprocessableEntity); //} ///////old //var domainKey = // Guid.Parse (Request.Headers [_headerDomainKey].FirstOrDefault ()); //if (!repository.IpAllowed (domainKey, Request.UserHostAddress)) //{ // var e = new ErrorMessage (); // e.Message = "Server IP not accepted"; // e.Status = "IpNotAllowed"; // return Response.AsJson (e, // HttpStatusCode.UnprocessableEntity); //} return(null); }; Post ["/email"] = parameters => { var token = Request.Headers [_authorization].FirstOrDefault(); var jwt = Jwt.ToObject(token.Replace("\"", string.Empty)); Guid domainKey = Guid.Parse(jwt.Payload.Audience); Guid authToken = Guid.Parse(jwt.Payload.JwtTokenId); string newEmail = Request.Form ["NewEmail"]; //string IP = Request.Form["IP"]; if (repository.EmailExists(domainKey, newEmail)) { var e = new Error(); e.Detail = "Email already exist. Please choose another."; e.Status = (int)HttpStatusCode.UnprocessableEntity; e.Title = "Duplicate"; e.Source = new Source("/email"); return(Response.AsJson(e, Nancy.HttpStatusCode.UnprocessableEntity)); } var key = repository.GetKey(authToken); if (repository.ChangeEmail (domainKey, authToken, newEmail)) { jwt.Payload.Email = newEmail; } return(Response.AsJson(Jwt.ToToken(jwt, key), HttpStatusCode.OK)); }; Post ["/username"] = parameters => { var token = Request.Headers [_authorization].FirstOrDefault(); var jwt = Jwt.ToObject(token.Replace("\"", string.Empty)); Guid domainKey = Guid.Parse(jwt.Payload.Audience); Guid authToken = Guid.Parse(jwt.Payload.JwtTokenId); string newUserName = Request.Form ["NewUserName"]; //string IP = Request.Form["IP"]; if (repository.UsernameExists(domainKey, newUserName)) { var e = new Error(); e.Detail = "Username already exist. Please choose another."; e.Status = (int)HttpStatusCode.UnprocessableEntity; e.Title = "Duplicate"; e.Source = new Source("/username"); return(Response.AsJson(e, HttpStatusCode.UnprocessableEntity)); } var key = repository.GetKey(authToken); if (repository .ChangeUserName(domainKey, authToken, newUserName)) { jwt.Payload.Username = newUserName; } return(Response.AsJson(Jwt.ToToken(jwt, key), HttpStatusCode.OK)); }; Post ["/password"] = parameters => { var token = Request.Headers [_authorization].FirstOrDefault(); var jwt = Jwt.ToObject(token.Replace("\"", string.Empty)); Guid domainKey = Guid.Parse(jwt.Payload.Audience); Guid authToken = Guid.Parse(jwt.Payload.JwtTokenId); string newPassword = Request.Form ["NewPassword"]; //string IP = Request.Form["IP"]; return(Response.AsJson(repository .ChangePassword(domainKey, authToken, newPassword), HttpStatusCode.OK)); }; Post ["/forgot"] = parameters => { var email = Request.Form ["Email"]; Guid domainKey = Guid.Parse(Request.Headers [_headerDomainKey] .FirstOrDefault()); if (string.IsNullOrEmpty(email)) { var er = new Error(); er.Detail = "Email could not be found."; er.Status = (int)HttpStatusCode.UnprocessableEntity; er.Title = "Invalid"; er.Source = new Source("/forgot"); return(Response.AsJson(er, Nancy.HttpStatusCode.UnprocessableEntity)); } if (repository.EmailExists(domainKey, email)) { string newPassword = repository.Forgot(domainKey, email); if (newPassword != null) { return(Response.AsJson(newPassword, HttpStatusCode.OK)); } } var e = new Error(); e.Detail = "Email could not be found."; e.Status = (int)HttpStatusCode.UnprocessableEntity; e.Title = "Invalid"; e.Source = new Source("/forgot"); return(Response.AsJson(e, Nancy.HttpStatusCode.UnprocessableEntity)); }; /// <summary> /// End the user's session and erase auth token. /// After this is called the user must logon again /// </summary> /// <param name="authToken">Auth token.</param> Post ["/end"] = parameters => { var token = Request.Headers [_authorization].FirstOrDefault(); var jwt = Jwt.ToObject(token.Replace("\"", string.Empty)); Guid domainKey = Guid.Parse(jwt.Payload.Audience); Guid authToken = Guid.Parse(jwt.Payload.JwtTokenId); var end = repository.End(domainKey, authToken); return(Response.AsJson(end, HttpStatusCode.OK)); }; Post ["/validate"] = parameters => { var token = Request.Headers [_authorization].FirstOrDefault(); var jwt = Jwt.ToObject(token.Replace("\"", string.Empty)); string IP = Request.Form ["IP"]; var key = repository.GetKey(Guid.Parse(jwt.Payload.JwtTokenId)); if (key == null) { return(Response.AsJson(false)); } if (Jwt.Validate(token.Replace("\"", string.Empty), key)) { return(Response.AsJson(true, HttpStatusCode.OK)); } //return error here return(Response.AsJson(false, HttpStatusCode.OK)); }; Post ["/validateauthtoken"] = parameters => { Guid domainKey = Guid.Parse(Request.Headers [_headerDomainKey].FirstOrDefault()); Guid token = Guid.Parse(Request.Form ["AuthToken"]); string IP = Request.Form ["IP"]; User user = null; user = repository.Validate(token, domainKey, IP); if (user == null) { var e = new Error(); e.Detail = "AuthToken is not valid or expired.Re-Authenticate user"; e.Status = (int)HttpStatusCode.UnprocessableEntity; e.Title = "Invalid"; e.Source = new Source("/validateauthtoken"); return(Response.AsJson(e, Nancy.HttpStatusCode.Forbidden)); } var header = new Header(); header.Algorithm = "HS256"; header.Type = "JWT"; var payload = new Payload(); payload.Issuer = "autheticate.technology"; payload.Audience = user.DomainId.ToString(); payload.JwtTokenId = user.AuthToken.ToString(); payload.Username = user.UserName; payload.Email = user.Email; var jwt = new Jwt(header, payload); var u = new { Username = user.UserName, Email = user.Email, Jwt = Jwt.ToToken(jwt, repository.GetKey(user.AuthToken)), AuthToken = user.AuthToken, Claims = user.GetClaims(), Roles = user.GetRoles() }; return(Response.AsJson(u, HttpStatusCode.OK)); }; Post ["/disable"] = parameters => { var token = Request.Headers [_authorization].FirstOrDefault(); var jwt = Jwt.ToObject(token.Replace("\"", string.Empty)); Guid domainKey = Guid.Parse(jwt.Payload.Audience); var key = Guid.Parse(jwt.Payload.JwtTokenId); return(Response.AsJson(repository.Disable(key, domainKey), HttpStatusCode.OK)); }; Post ["/authenticate"] = parameters => { var domainKey = Guid.Parse(Request.Headers [_headerDomainKey] .FirstOrDefault()); User user = null; string username = Request.Form ["Username"]; string secret = Request.Form ["Secret"]; string IP = Request.Form ["IP"]; user = repository.Authenticate(domainKey, username, secret, IP); if (user == null) { var e = new Error(); e.Detail = "Authentication failed. User not found."; e.Status = (int)HttpStatusCode.Forbidden; e.Title = "Unauthorized"; e.Source = new Source("/authenticate"); return(Response.AsJson(e, HttpStatusCode.Forbidden)); } var header = new Header(); header.Algorithm = "HS256"; header.Type = "JWT"; var payload = new Payload(); payload.Issuer = "autheticate.technology"; payload.Audience = domainKey.ToString(); payload.JwtTokenId = user.AuthToken.ToString(); payload.Username = user.UserName; payload.Email = user.Email; var jwt = new Jwt(header, payload); return(Response.AsJson(Jwt.ToToken(jwt, user.Key), HttpStatusCode.OK)); }; Post ["/user"] = parameters => { var domainKey = Guid.Parse(Request.Headers [_headerDomainKey] .FirstOrDefault()); var user = new User(); try { if (Request.Form ["Email"] != null && Request.Form ["Email"] != "" && repository.EmailExists(domainKey, Request.Form ["Email"])) { var e = new Error(); e.Detail = "Email is already used."; e.Status = (int)HttpStatusCode.UnprocessableEntity; e.Title = "Duplicate"; e.Source = new Source("/user"); return(Response.AsJson(e, HttpStatusCode.UnprocessableEntity)); } user = repository.CreateUser(domainKey, Request.Form ["Username"], Request.Form ["Secret"], Request.Form ["Email"]); } catch (Exception exc) { var e = new Error(); e.Detail = exc.Message; e.Status = (int)HttpStatusCode.UnprocessableEntity; e.Title = "Duplicate"; e.Source = new Source("/user"); return(Response.AsJson(e, HttpStatusCode.UnprocessableEntity)); } return(Response.AsJson(true, HttpStatusCode.OK)); }; }