private LoginAttemptStatus CheckCanLoginImpl(ILogin login, ITrustedDevice device = null)
{
if (login.Flags.IsSet(LoginFlags.Inactive))
{
return(LoginAttemptStatus.AccountInactive);
}
if (login.Flags.IsSet(LoginFlags.Suspended) && login.SuspendedUntil != null && login.SuspendedUntil > App.TimeService.UtcNow)
{
return(login.Flags.IsSet(LoginFlags.DoNotConcealMembership) ?
LoginAttemptStatus.AccountSuspended : LoginAttemptStatus.Failed);
}
if (login.Flags.IsSet(LoginFlags.OneTimePassword))
{
//If it was already used, login fails; otherwise succeed but mark it as used
if (login.Flags.IsSet(LoginFlags.OneTimePasswordUsed))
{
return(LoginAttemptStatus.Failed);
}
return(LoginAttemptStatus.Success);
}
// multi-factor
if (CheckNeedMultifactor(login, device))
{
return(LoginAttemptStatus.PendingMultifactor);
}
return(LoginAttemptStatus.Success);
}
private void AttachUserSession(OperationContext context, ILogin login, ITrustedDevice device = null, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding)
{
if (_sessionService == null)
{
return;
}
//Start session for logged in user and get session token
var trustLevel = DeviceTrustLevel.None;
if (device != null)
{
trustLevel = device.TrustLevel;
device.LastLoggedIn = App.TimeService.UtcNow;
}
var oldSession = context.UserSession;
if (oldSession != null && oldSession.User != null)
{
switch (oldSession.User.Kind)
{
case UserKind.Anonymous:
// If we had session for anonymous user, we keep the session and keep the token
context.UserSession.User = context.User;
_sessionService.UpdateSession(context);
return;
default: // AuthenticatedUser, System (never happens)
_sessionService.EndSession(context);
break;
}
}
//New session
context.UserSession = _sessionService.StartSession(context, context.User, expirationType);
}
private bool CheckNeedMultifactor(ILogin login, ITrustedDevice device)
{
//Verify multi-factor
if (!login.Flags.IsSet(LoginFlags.RequireMultiFactor))
{
return(false);
}
//check if device is trusted
if (device != null && device.TrustLevel == DeviceTrustLevel.AllowSingleFactor)
{
return(false);
}
return(true);
}
private LoginAttemptStatus CheckCanLoginImpl(ILogin login, ITrustedDevice device = null)
{
if (login.Flags.IsSet(LoginFlags.Inactive))
{
return(LoginAttemptStatus.AccountInactive);
}
if (login.Flags.IsSet(LoginFlags.OneTimePassword))
{
//If it was already used, login fails; otherwise succeed but mark it as used
if (login.Flags.IsSet(LoginFlags.OneTimePasswordUsed))
{
return(LoginAttemptStatus.Failed);
}
login.Flags |= LoginFlags.OneTimePasswordUsed;
return(LoginAttemptStatus.Success);
}
// multi-factor
if (CheckNeedMultifactor(login, device))
{
return(LoginAttemptStatus.PendingMultifactor);
}
return(LoginAttemptStatus.Success);
}
private DeviceInfo RegisterOrUpdateDevice(DeviceInfo device)
{
var login = GetCurrentLogin();
var session = EntityHelper.GetSession(login);
ITrustedDevice deviceEnt = null;
if (!string.IsNullOrWhiteSpace(device.Token))
{
deviceEnt = login.GetDevice(device.Token);
}
if (deviceEnt == null)
{
deviceEnt = _loginManager.RegisterTrustedDevice(login, device.Type, device.TrustLevel);
}
else
{
deviceEnt.TrustLevel = device.TrustLevel;
}
session.SaveChanges();
return(new DeviceInfo()
{
Token = deviceEnt.Token, TrustLevel = deviceEnt.TrustLevel, Type = deviceEnt.Type
});
}
private bool CheckNeedMultifactor(ILogin login, ITrustedDevice device)
{
//Verify multi-factor
if(!login.Flags.IsSet(LoginFlags.RequireMultiFactor))
return false;
//check if device is trusted
if(device != null && device.TrustLevel == DeviceTrustLevel.AllowSingleFactor)
return false;
return true;
}
private LoginAttemptStatus CheckCanLoginImpl(ILogin login, ITrustedDevice device = null)
{
if(login.Flags.IsSet(LoginFlags.Inactive))
return LoginAttemptStatus.AccountInactive;
if(login.Flags.IsSet(LoginFlags.OneTimePassword)) {
//If it was already used, login fails; otherwise succeed but mark it as used
if(login.Flags.IsSet(LoginFlags.OneTimePasswordUsed))
return LoginAttemptStatus.Failed;
login.Flags |= LoginFlags.OneTimePasswordUsed;
return LoginAttemptStatus.Success;
}
// multi-factor
if(CheckNeedMultifactor(login, device))
return LoginAttemptStatus.PendingMultifactor;
return LoginAttemptStatus.Success;
}
private void AttachUserSession(OperationContext context, ILogin login, ITrustedDevice device = null)
{
if(_sessionService == null)
return;
//Start session for logged in user and get session token
var trustLevel = DeviceTrustLevel.None;
if(device != null) {
trustLevel = device.TrustLevel;
device.LastLoggedIn = App.TimeService.UtcNow;
}
if(context.UserSession != null) {
context.UserSession.User = context.User;
_sessionService.UpdateSession(context);
return;
}
//New session
UserSessionExpiration expir = null;
if (trustLevel == DeviceTrustLevel.KeepLoggedIn)
expir = new UserSessionExpiration() { ExpirationType = UserSessionExpirationType.KeepLoggedIn };
context.UserSession = _sessionService.StartSession(context, context.User, expir);
}
