public AuthService(IdeContext context, IMapper mapper, JWTFactory jwtFactory, ILogger <AuthService> logger)
{
_context = context;
_jwtFactory = jwtFactory;
_mapper = mapper;
_logger = logger;
}
public async Task T2_CheckLoginWithToken()
{
// Arrange
_factory.CreateClient(); // need to create a client for the server property to be available
var server = _factory.Server;
var connection1 = await StartConnectionAsync(server.CreateHandler());
var connection2 = await StartConnectionAsync(server.CreateHandler());
// Act
var loginWithNameRes = await connection1.InvokeAsync <LoginResponse>("LoginWithName", "David GUETTA");
await connection1.StopAsync();
await Task.Delay(500);
var jwt = loginWithNameRes.Token;
var parsedToken1 = JWTFactory.Parse(jwt);
var loginWithTokenRes = await connection2.InvokeAsync <LoginResponse>("LoginWithToken", jwt);
await connection2.StopAsync();
// Assert
loginWithTokenRes.Success.Should().Be(true);
loginWithTokenRes.Name.Should().Be(parsedToken1.Name);
var parsedToken2 = JWTFactory.Parse(loginWithTokenRes.Token);
parsedToken2.Name.Should().Be(parsedToken1.Name);
parsedToken2.Subject.Should().Be(parsedToken1.Subject);
}
/// <summary>
/// Login the current client with a JWT.
/// </summary>
/// <param name="jwt">The JWT to login with</param>
/// <returns>A LoginResponse with all data</returns>
public async Task <LoginResponse> LoginWithToken(string jwt)
{
var userInfo = getUserInfo(Context);
if (userInfo.Value.JwtID != null)
{
return(new LoginResponse {
Success = false
});
}
if (!_jwtFactory.Verify(jwt))
{
return(new LoginResponse {
Success = false
});
}
var parsedToken = JWTFactory.Parse(jwt);
if (_revokedTokenIds.Contains(parsedToken.JwtID))
{
return(new LoginResponse {
Success = false
});
}
return(await connectUser(Context, parsedToken, jwt));
}
public AdminTasksController(IDAFactory daFactory, JWTFactory jwt, IGluonHostPool hostPool) : base("/admin")
{
JWTTokenAuthentication.Enable(this, jwt);
Get["/tasks"] = _ =>
{
this.DemandAdmin();
using (var da = daFactory.Get)
{
var offset = Request.Query["offset"];
var limit = Request.Query["limit"];
if (offset == null)
{
offset = 0;
}
if (limit == null)
{
limit = 20;
}
if (limit > 100)
{
limit = 100;
}
var result = da.Tasks.All((int)offset, (int)limit);
return(Response.AsPagedList(result));
}
};
Post["/tasks/request"] = x =>
{
var task = this.Bind <TaskRequest>();
var taskServer = hostPool.GetByRole(Database.DA.Hosts.DbHostRole.task).FirstOrDefault();
if (taskServer == null)
{
return(Response.AsJson(-1));
}
else
{
try {
var id = taskServer.Call(new RequestTask()
{
TaskType = task.task_type.ToString(),
ParameterJson = JsonConvert.SerializeObject(task.parameter),
ShardId = (task.shard_id == null || !task.shard_id.HasValue) ? -1 : task.shard_id.Value
}).Result;
return(Response.AsJson(id));
}catch (Exception ex)
{
return(Response.AsJson(-1));
}
}
};
}
public void T3_VerifyBadJWT()
{
byte[] key = { 0xDE, 0xAD, 0xBE, 0xEF };
var payload = new JWTPayload {
Subject = "24"
};
var jwtFactory = new JWTFactory(key);
var jwt = jwtFactory.Generate(payload);
jwtFactory.Verify(jwt + "deadbeef").Should().BeFalse();
}
public void T2_VerifyGoodJWT()
{
byte[] key = { 0xDE, 0xAD, 0xBE, 0xEF };
var payload = new JWTPayload {
Subject = "24"
};
var jwtFactory = new JWTFactory(key);
var jwt = jwtFactory.Generate(payload);
jwtFactory.Verify(jwt).Should().BeTrue();
}
public void T1_GenerateJWT()
{
byte[] key = { 0xDE, 0xAD, 0xBE, 0xEF };
var payload = new JWTPayload {
Subject = "12"
};
var jwtFactory = new JWTFactory(key);
var jwt = jwtFactory.Generate(payload);
jwt.Should().Be("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMiJ9.YyJFI-9mZc1w-YX3bjPSRr-kJ7nlzPlMNI4cgwm735A");
}
public AdminShardsController(IDAFactory daFactory, JWTFactory jwt) : base("/admin")
{
JWTTokenAuthentication.Enable(this, jwt);
this.Get["/shards"] = _ =>
{
this.DemandAdmin();
using (var db = daFactory.Get())
{
var shards = db.Shards.All();
return(Response.AsJson(shards));
}
};
}
public void T4_ParseJWT()
{
byte[] key = { 0xDE, 0xAD, 0xBE, 0xEF };
var payload = new JWTPayload {
Subject = "42"
};
var jwtFactory = new JWTFactory(key);
var jwt = jwtFactory.Generate(payload);
var parsed = JWTFactory.Parse(jwt);
parsed.Subject.Should().Be("42");
parsed.JwtID.Should().BeNull();
}
public async Task <AccessTokenDTO> GenerateAccessToken(User user)
{
var refreshToken = JWTFactory.GenerateRefreshToken();
_context.RefreshTokens.Add(new RefreshToken
{
Token = refreshToken,
UserId = user.Id
});
await _context.SaveChangesAsync();
var accessToken = await _jwtFactory.GenerateAccessToken(user);
return(new AccessTokenDTO(accessToken, refreshToken));
}
public IActionResult Login(string userid, string password)
{
User user = _repository.GetUser(userid, password);
if (user == null)
{
return(Unauthorized());
}
else
{
JWTFactory authentication = new JWTFactory();
string token = authentication.GenerateTokenForUser(user.UserName, user.UserId);
return(Ok(token));
//return Request.CreateResponse(HttpStatusCode.OK, token, Configuration.Formatters.JsonFormatter);
}
}
public AdminHostsController(IDAFactory daFactory, JWTFactory jwt, IGluonHostPool hostPool) : base("/admin")
{
JWTTokenAuthentication.Enable(this, jwt);
this.Get["/hosts"] = _ =>
{
this.DemandAdmin();
var hosts = hostPool.GetAll();
return(Response.AsJson(hosts.Select(x => new {
role = x.Role,
call_sign = x.CallSign,
internal_host = x.InternalHost,
public_host = x.PublicHost,
connected = x.Connected,
time_boot = x.BootTime
})));
};
}
public AdminShardOpController(IDAFactory daFactory, JWTFactory jwt, ApiServer server) : base("/admin/shards")
{
JWTTokenAuthentication.Enable(this, jwt);
DAFactory = daFactory;
Server = server;
After.AddItemToEndOfPipeline(x =>
{
x.Response.WithHeader("Access-Control-Allow-Origin", "*");
});
Post["/shutdown"] = _ =>
{
this.DemandAdmin();
var shutdown = this.Bind <ShutdownModel>();
var type = ShutdownType.SHUTDOWN;
if (shutdown.update)
{
type = ShutdownType.UPDATE;
}
else if (shutdown.restart)
{
type = ShutdownType.RESTART;
}
//JWTUserIdentity user = (JWTUserIdentity)this.Context.CurrentUser;
Server.RequestShutdown((uint)shutdown.timeout, type);
return(Response.AsJson(true));
};
Post["/announce"] = _ =>
{
this.DemandModerator();
var announce = this.Bind <AnnouncementModel>();
Server.BroadcastMessage(announce.sender, announce.subject, announce.message);
return(Response.AsJson(true));
};
}
public async Task <AccessTokenDTO> RefreshToken(RefreshTokenDTO dto)
{
var userId = _jwtFactory.GetUserIdFromToken(dto.AccessToken, dto.Key); //get userId from our access token
var userEntity = _context.Users
.Include(u => u.Avatar)
.FirstOrDefault(x => x.Id == userId); //find user with such id
if (userEntity == null)
{
_logger.LogWarning(LoggingEvents.HaveException, $"Not found user");
throw new NotFoundException(nameof(userEntity));
}
var rToken = await _context.RefreshTokens.FirstOrDefaultAsync(t => t.Token == dto.RefreshToken && t.UserId == userId); // find such token for user
if (rToken == null)
{
_logger.LogWarning(LoggingEvents.HaveException, $"invalid token");
throw new InvalidTokenException("refresh");
}
if (!rToken.IsActive)
{
_logger.LogWarning(LoggingEvents.HaveException, $"expired refresh token");
throw new ExpiredRefreshTokenException();
}
var jwtToken = await _jwtFactory.GenerateAccessToken(userEntity); //generate access token
var refreshToken = JWTFactory.GenerateRefreshToken(); //generate random token
_context.RefreshTokens.Remove(rToken); // remove previous one
_context.RefreshTokens.Add(new RefreshToken //create new token
{
Token = refreshToken,
UserId = userEntity.Id
});
await _context.SaveChangesAsync();
return(new AccessTokenDTO(jwtToken, refreshToken)); //send to front generated tokens
}
public void Init(NameValueCollection appSettings)
{
Config = new ApiConfig();
Config.Maintainance = bool.Parse(appSettings["maintainance"]);
Config.AuthTicketDuration = int.Parse(appSettings["authTicketDuration"]);
Config.Regkey = appSettings["regkey"];
Config.Secret = appSettings["secret"];
Config.UpdateUrl = appSettings["updateUrl"];
Config.CDNUrl = appSettings["cdnUrl"];
Config.NFSdir = appSettings["nfsdir"];
Config.UseProxy = bool.Parse(appSettings["useProxy"]);
Config.UpdateID = (appSettings["updateID"] == "") ? (int?)null : int.Parse(appSettings["updateID"]);
Config.BranchName = appSettings["branchName"] ?? "beta";
// new smtp config vars
if (appSettings["smtpHost"] != null &&
appSettings["smtpUser"] != null &&
appSettings["smtpPassword"] != null &&
appSettings["smtpPort"] != null)
{
Config.SmtpEnabled = true;
Config.SmtpHost = appSettings["smtpHost"];
Config.SmtpUser = appSettings["smtpUser"];
Config.SmtpPassword = appSettings["smtpPassword"];
Config.SmtpPort = int.Parse(appSettings["smtpPort"]);
}
JWT = new JWTFactory(new JWTConfiguration()
{
Key = System.Text.UTF8Encoding.UTF8.GetBytes(Config.Secret)
});
DAFactory = new MySqlDAFactory(new Database.DatabaseConfiguration()
{
ConnectionString = appSettings["connectionString"]
});
Shards = new Shards(DAFactory);
Shards.AutoUpdate();
}
public void Init(NameValueCollection appSettings)
{
Config = new ApiConfig();
Config.Maintainance = bool.Parse(appSettings["maintainance"]);
Config.AuthTicketDuration = int.Parse(appSettings["authTicketDuration"]);
Config.Regkey = appSettings["regkey"];
Config.Secret = appSettings["secret"];
Config.UpdateUrl = appSettings["updateUrl"];
Config.NFSdir = appSettings["nfsdir"];
JWT = new JWTFactory(new JWTConfiguration()
{
Key = System.Text.UTF8Encoding.UTF8.GetBytes(Config.Secret)
});
DAFactory = new MySqlDAFactory(new Database.DatabaseConfiguration()
{
ConnectionString = appSettings["connectionString"]
});
Shards = new Shards(DAFactory);
Shards.AutoUpdate();
}
public async Task T1_CheckLoginWithName()
{
// Arrange
_factory.CreateClient(); // need to create a client for the server property to be available
var server = _factory.Server;
var connection1 = await StartConnectionAsync(server.CreateHandler());
var connection2 = await StartConnectionAsync(server.CreateHandler());
// Act
var login11 = await connection1.InvokeAsync <LoginResponse>("LoginWithName", "David GUETTA");
var login12 = await connection1.InvokeAsync <LoginResponse>("LoginWithName", "John DOE");
var login21 = await connection2.InvokeAsync <LoginResponse>("LoginWithName", "Polo");
await connection1.StopAsync();
await connection2.StopAsync();
// Assert
login11.Success.Should().Be(true);
login11.Name.Should().Be("David GUETTA");
var parsedToken = JWTFactory.Parse(login11.Token);
parsedToken.Name.Should().Be("David GUETTA");
parsedToken.Subject.Should().NotBeNullOrWhiteSpace();
// if a user is already connected, we won't accept a new login attempt
login12.Success.Should().Be(false);
var parsedToken2 = JWTFactory.Parse(login21.Token);
// the subject must be different for every user
parsedToken2.Subject.Should().NotBe(parsedToken.Subject);
}
public CitySelectorController(IDAFactory DAFactory, ApiServerConfiguration config, JWTFactory jwt, IShardsDomain shardsDomain) : base("/cityselector")
{
JsonWebToken.JWTTokenAuthentication.Enable(this, jwt);
var str = GetServerVersion();
var split = str.LastIndexOf('-');
VersionName = str;
if (split != -1)
{
VersionName = str.Substring(0, split);
VersionNumber = str.Substring(split + 1);
}
try
{
using (var file = File.Open("updateUrl.txt", FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
var reader = new StreamReader(file);
DownloadURL = reader.ReadLine();
reader.Close();
}
} catch (Exception)
{
DownloadURL = ""; // couldn't find info from the watchdog
}
//Take the auth ticket, establish trust and then create a cookie (reusing JWT)
this.Get["/app/InitialConnectServlet"] = _ =>
{
var ticketValue = this.Request.Query["ticket"];
var version = this.Request.Query["version"];
if (ticketValue == null)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG)));
}
using (var db = DAFactory.Get())
{
var ticket = db.AuthTickets.Get((string)ticketValue);
if (ticket == null)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG)));
}
db.AuthTickets.Delete((string)ticketValue);
if (ticket.date + config.AuthTicketDuration < Epoch.Now)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_EXPIRED_TOKEN_CODE, ERROR_EXPIRED_TOKEN_MSG)));
}
/** Is it a valid account? **/
var user = db.Users.GetById(ticket.user_id);
if (user == null)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_MISSING_TOKEN_CODE, ERROR_MISSING_TOKEN_MSG)));
}
//Use JWT to create and sign an auth cookies
var session = new JWTUserIdentity()
{
UserID = user.user_id,
UserName = user.username
};
var token = jwt.CreateToken(session);
return(Response.AsXml(new UserAuthorized()
{
FSOBranch = VersionName,
FSOVersion = VersionNumber,
FSOUpdateUrl = DownloadURL
})
.WithCookie("fso", token.Token));
}
};
//Return a list of the users avatars
this.Get["/app/AvatarDataServlet"] = _ =>
{
this.RequiresAuthentication();
var user = (JWTUserIdentity)this.Context.CurrentUser;
var result = new XMLList <AvatarData>("The-Sims-Online");
using (var db = DAFactory.Get())
{
var avatars = db.Avatars.GetSummaryByUserId(user.UserID);
foreach (var avatar in avatars)
{
result.Add(new AvatarData {
ID = avatar.avatar_id,
Name = avatar.name,
ShardName = shardsDomain.GetById(avatar.shard_id).Name,
HeadOutfitID = avatar.head,
BodyOutfitID = avatar.body,
AppearanceType = (AvatarAppearanceType)Enum.Parse(typeof(AvatarAppearanceType), avatar.skin_tone.ToString()),
Description = avatar.description,
LotId = avatar.lot_id,
LotName = avatar.lot_name,
LotLocation = avatar.lot_location
});
}
}
return(Response.AsXml(result));
};
this.Get["/app/ShardSelectorServlet"] = _ =>
{
this.RequiresAuthentication();
var user = (JWTUserIdentity)this.Context.CurrentUser;
var shardName = this.Request.Query["shardName"];
var avatarId = this.Request.Query["avatarId"];
if (avatarId == null)
{
//Using 0 to mean no avatar for CAS
avatarId = "0";
}
using (var db = DAFactory.Get())
{
ShardStatusItem shard = shardsDomain.GetByName(shardName);
if (shard != null)
{
var tryIP = Request.Headers["X-Forwarded-For"].FirstOrDefault();
if (tryIP != null)
{
tryIP = tryIP.Substring(tryIP.LastIndexOf(',') + 1).Trim();
}
var ip = tryIP ?? this.Request.UserHostAddress;
uint avatarDBID = uint.Parse(avatarId);
if (avatarDBID != 0)
{
var avatar = db.Avatars.Get(avatarDBID);
if (avatar == null)
{
//can't join server with an avatar that doesn't exist
return(Response.AsXml(new XMLErrorMessage(ERROR_AVATAR_NOT_FOUND_CODE, ERROR_AVATAR_NOT_FOUND_MSG)));
}
if (avatar.user_id != user.UserID || avatar.shard_id != shard.Id)
{
//make sure we own the avatar we're trying to connect with
LOG.Info("SECURITY: Invalid avatar login attempt from " + ip + ", user " + user.UserID);
return(Response.AsXml(new XMLErrorMessage(ERROR_AVATAR_NOT_YOURS_CODE, ERROR_AVATAR_NOT_YOURS_MSG)));
}
}
var ban = db.Bans.GetByIP(ip);
if (ban != null || db.Users.GetById(user.UserID)?.is_banned != false)
{
return(Response.AsXml(new XMLErrorMessage(ERROR_BANNED_CODE, ERROR_BANNED_MSG)));
}
/** Make an auth ticket **/
var ticket = new ShardTicket
{
ticket_id = Guid.NewGuid().ToString().Replace("-", ""),
user_id = user.UserID,
avatar_id = avatarDBID,
date = Epoch.Now,
ip = ip
};
db.Users.UpdateConnectIP(ticket.user_id, ip);
db.Shards.CreateTicket(ticket);
var result = new ShardSelectorServletResponse();
result.PreAlpha = false;
result.Address = shard.PublicHost;
result.PlayerID = user.UserID;
result.Ticket = ticket.ticket_id;
result.ConnectionID = ticket.ticket_id;
result.AvatarID = avatarId;
return(Response.AsXml(result));
}
else
{
return(Response.AsXml(new XMLErrorMessage(ERROR_SHARD_NOT_FOUND_CODE, ERROR_SHARD_NOT_FOUND_MSG)));
}
}
};
//Get a list of shards (cities)
this.Get["/shard-status.jsp"] = _ =>
{
var result = new XMLList <ShardStatusItem>("Shard-Status-List");
var shards = shardsDomain.All;
foreach (var shard in shards)
{
var status = Protocol.CitySelector.ShardStatus.Down;
/*switch (shard.Status)
* {
* case Database.DA.Shards.ShardStatus.Up:
* status = Protocol.CitySelector.ShardStatus.Up;
* break;
* case Database.DA.Shards.ShardStatus.Full:
* status = Protocol.CitySelector.ShardStatus.Full;
* break;
* case Database.DA.Shards.ShardStatus.Frontier:
* status = Protocol.CitySelector.ShardStatus.Frontier;
* break;
* case Database.DA.Shards.ShardStatus.Down:
* status = Protocol.CitySelector.ShardStatus.Down;
* break;
* case Database.DA.Shards.ShardStatus.Closed:
* status = Protocol.CitySelector.ShardStatus.Closed;
* break;
* case Database.DA.Shards.ShardStatus.Busy:
* status = Protocol.CitySelector.ShardStatus.Busy;
* break;
* }*/
result.Add(shard);
}
return(Response.AsXml(result));
};
}
public RegistrationController(IDAFactory daFactory, JWTFactory jwt, ApiServerConfiguration config) : base("/userapi/registration")
{
JWTTokenAuthentication.Enable(this, jwt);
DAFactory = daFactory;
After.AddItemToEndOfPipeline(x =>
{
x.Response.WithHeader("Access-Control-Allow-Origin", "*");
});
//Create a new user
Post["/"] = x =>
{
var user = this.Bind <RegistrationModel>();
var tryIP = Request.Headers["X-Forwarded-For"].FirstOrDefault();
if (tryIP != null)
{
tryIP = tryIP.Substring(tryIP.LastIndexOf(',') + 1).Trim();
}
var ip = tryIP ?? Request.UserHostAddress;
user.username = user.username ?? "";
user.username = user.username.ToLowerInvariant();
user.email = user.email ?? "";
user.key = user.key ?? "";
string failReason = null;
if (user.username.Length < 3)
{
failReason = "user_short";
}
else if (user.username.Length > 24)
{
failReason = "user_long";
}
else if (!USERNAME_VALIDATION.IsMatch(user.username ?? ""))
{
failReason = "user_invalid";
}
else if ((user.password?.Length ?? 0) == 0)
{
failReason = "pass_required";
}
if (failReason != null)
{
return(Response.AsJson(new RegistrationError()
{
error = "bad_request",
error_description = failReason
}));
}
bool isAdmin = false;
if (config.Regkey != null && config.Regkey != user.key)
{
return(Response.AsJson(new RegistrationError()
{
error = "key_wrong",
error_description = failReason
}));
}
var passhash = PasswordHasher.Hash(user.password);
using (var da = daFactory.Get)
{
//has this ip been banned?
var ban = da.Bans.GetByIP(ip);
if (ban != null)
{
return(Response.AsJson(new RegistrationError()
{
error = "registration_failed",
error_description = "ip_banned"
}));
}
//has this user registered a new account too soon after their last?
var now = Epoch.Now;
var prev = da.Users.GetByRegisterIP(ip);
if (now - (prev.FirstOrDefault()?.register_date ?? 0) < REGISTER_THROTTLE_SECS)
{
//cannot create a new account this soon.
return(Response.AsJson(new RegistrationError()
{
error = "registration_failed",
error_description = "registrations_too_frequent"
}));
}
//TODO: is this ip banned?
var userModel = new User
{
username = user.username,
email = user.email,
is_admin = isAdmin,
is_moderator = isAdmin,
user_state = UserState.valid,
register_date = now,
is_banned = false,
register_ip = ip,
last_ip = ip
};
var authSettings = new UserAuthenticate
{
scheme_class = passhash.scheme,
data = passhash.data
};
try
{
var userId = da.Users.Create(userModel);
authSettings.user_id = userId;
da.Users.CreateAuth(authSettings);
userModel = da.Users.GetById(userId);
if (userModel == null)
{
throw new Exception("Unable to find user");
}
return(Response.AsJson(userModel));
} catch (Exception)
{
return(Response.AsJson(new RegistrationError()
{
error = "registration_failed",
error_description = "user_exists"
}));
}
}
};
}
public AdminUsersController(IDAFactory daFactory, JWTFactory jwt) : base("/admin")
{
JWTTokenAuthentication.Enable(this, jwt);
this.DAFactory = daFactory;
this.After.AddItemToEndOfPipeline(x =>
{
x.Response.WithHeader("Access-Control-Allow-Origin", "*");
});
//Get information about me, useful for the admin user interface to disable UI based on who you login as
this.Get["/users/current"] = _ =>
{
this.RequiresAuthentication();
JWTUserIdentity user = (JWTUserIdentity)this.Context.CurrentUser;
using (var da = daFactory.Get())
{
var userModel = da.Users.GetById(user.UserID);
if (userModel == null)
{
throw new Exception("Unable to find user");
}
return(Response.AsJson <User>(userModel));
}
};
//Get the attributes of a specific user
this.Get["/users/{id}"] = parameters =>
{
this.DemandModerator();
using (var da = daFactory.Get())
{
var userModel = da.Users.GetById((uint)parameters.id);
if (userModel == null)
{
throw new Exception("Unable to find user");
}
return(Response.AsJson <User>(userModel));
}
};
//List users
this.Get["/users"] = _ =>
{
this.DemandModerator();
using (var da = daFactory.Get())
{
var offset = this.Request.Query["offset"];
var limit = this.Request.Query["limit"];
if (offset == null)
{
offset = 0;
}
if (limit == null)
{
limit = 20;
}
if (limit > 100)
{
limit = 100;
}
var result = da.Users.All((int)offset, (int)limit);
return(Response.AsPagedList <User>(result));
}
};
//Create a new user
this.Post["/users"] = x =>
{
this.DemandModerator();
var user = this.Bind <UserCreateModel>();
if (user.is_admin)
{
//I need admin claim to do this
this.DemandAdmin();
}
using (var da = daFactory.Get())
{
var userModel = new User();
userModel.username = user.username;
userModel.email = user.email;
userModel.is_admin = user.is_admin;
userModel.is_moderator = user.is_moderator;
userModel.user_state = UserState.valid;
userModel.register_date = Epoch.Now;
userModel.is_banned = false;
var userId = da.Users.Create(userModel);
userModel = da.Users.GetById(userId);
if (userModel == null)
{
throw new Exception("Unable to find user");
}
return(Response.AsJson <User>(userModel));
}
return(null);
};
}
public AdminOAuthController(IDAFactory daFactory, JWTFactory jwt) : base("/admin/oauth")
{
Post["/token"] = _ =>
{
var grant_type = Request.Form["grant_type"];
if (grant_type == "password")
{
var username = Request.Form["username"];
var password = Request.Form["password"];
using (var da = daFactory.Get)
{
var user = da.Users.GetByUsername(username);
if (user == null || user.is_banned || !(user.is_admin || user.is_moderator))
{
return(Response.AsJson(new OAuthError
{
error = "unauthorized_client",
error_description = "user_credentials_invalid"
}));
}
var authSettings = da.Users.GetAuthenticationSettings(user.user_id);
var isPasswordCorrect = PasswordHasher.Verify(password, new PasswordHash
{
data = authSettings.data,
scheme = authSettings.scheme_class
});
if (!isPasswordCorrect)
{
return(Response.AsJson(new OAuthError
{
error = "unauthorized_client",
error_description = "user_credentials_invalid"
}));
}
var identity = new JWTUserIdentity
{
UserName = user.username
};
var claims = new List <string>();
if (user.is_admin || user.is_moderator)
{
claims.Add("moderator");
}
if (user.is_admin)
{
claims.Add("admin");
}
identity.Claims = claims;
identity.UserID = user.user_id;
var token = jwt.CreateToken(identity);
return(Response.AsJson(new OAuthSuccess
{
access_token = token.Token,
expires_in = token.ExpiresIn
}));
}
}
return(Response.AsJson(new OAuthError
{
error = "invalid_request",
error_description = "unknown grant_type"
}));
};
}
public AuthenticateController(JWTFactory factory, IAuthenticationService authenticationService)
{
_factory = factory;
_authenticationService = authenticationService;
}
