public static async Task <Task> VerifyPayload( ServerState state, HTTPRequest request, Stream body, IProxyHTTPEncoder encoder) { var req = await Util.ReadJsonObjectFromStreamAsync <AuthVerifyPayloadRequest>(body, 1024 * 1024); var user = state.VerifyPayload(req.challenge, req.chash, req.phash); if (user == null) { return(await encoder.Response(403, "Authentication based on user failed.").SendNothing()); } var resp = new AuthCheckResponse() { payload = "", success = true, user = user, }; return(await encoder.Response(200, "OK").ContentType_JSON().SendJsonFromObject(resp)); }
public static async Task <Task> IsLoginValid( ServerState state, HTTPRequest request, Stream body, IProxyHTTPEncoder encoder) { var msg = await Util.ReadJsonObjectFromStreamAsync <Msg>(body, 1024); bool valid = false; User user; if (msg.payload == null || msg.auth.hash == null) { // Ensure the payload can never be accidentally used since this // authentication is without a payload hash. msg.payload = null; user = state.Verify(msg.auth.challenge, msg.auth.chash); if (user != null) { valid = true; } } else { var payload_hash = BitConverter.ToString( new SHA512Managed().ComputeHash( Encoding.UTF8.GetBytes(msg.payload) ) ).Replace("-", "").ToLower(); user = state.VerifyPayload( msg.auth.challenge, msg.auth.chash, payload_hash /* recompute it */ ); if (user != null) { valid = true; } } if (valid) { return(await encoder.Response(200, "Login Valid") .CacheControlDoNotCache() .ContentType_JSON() .SendJsonFromObject(new AuthLoginValidResponse() { success = true, user = user, })); } else { return(await encoder.Response(403, "The login was not valid.") .CacheControlDoNotCache() .ContentType_JSON() .SendJsonFromObject(new AuthLoginValidResponse() { success = false, user = null, })); } }