Exemple #1
0
        public object Post(LoginRequestWithCredentials LoginDetails)
        {
            Uri referrerURI = Request.GetReferrerURI();
            Uri current     = new Uri(Request.AbsoluteUri);

            string userPassword = LoginDetails.password;

            //unset the password so we can use the LoginDetails in the resulting display if there is an error
            LoginDetails.password = null;

            Request.Items.Add("Model", LoginDetails);

            //CRSF protection
            if (!referrerURI.SchemeHostPathMatch(current))
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", LoginDetails);
            }


            if (string.IsNullOrWhiteSpace(LoginDetails.username) || string.IsNullOrWhiteSpace(userPassword))
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Missing Username or Password", LoginDetails);
            }


            OAuth2.DataModels.ResourceOwner owner = null;

            List <SWGEmuAPI.Model.Account.AccountResponse> accounts = AccountModel.GetAccount(LoginDetails.username, userPassword);


            if (accounts == null || accounts.Count == 0)
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Username or Password", LoginDetails);
            }

            try
            {
                owner = ResourceOwnerModel.CreateOrUpdateFromAccountModel(accounts.FirstOrDefault());
            }
            catch (System.Data.Common.DbException dbex)
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error Storing Resource Owner Details", LoginDetails, null, dbex);
            }

            Session.Set <OAuth2.DataModels.ResourceOwner>("AuthResourceOwner", owner);

            Uri  redirectURI = null;
            bool valid       = Uri.TryCreate(LoginDetails.redirect, UriKind.RelativeOrAbsolute, out redirectURI);

            if (!valid || (redirectURI.IsAbsoluteUri && current.Host != redirectURI.Host))
            {
                throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", LoginDetails);
            }

            return(new HttpResult(LoginDetails)
            {
                StatusCode = System.Net.HttpStatusCode.Redirect,
                Headers = { { HttpHeaders.Location, LoginDetails.redirect } },
            });
        }
Exemple #2
0
 public Client UpdateClient(OAuth2.DataModels.Client Client, OAuth2.DataModels.ResourceOwner ResourceOwner)
 {
     return(UpdateClient(Client, ResourceOwner.id));
 }
Exemple #3
0
 public bool DeleteClient(OAuth2.DataModels.Client Client, OAuth2.DataModels.ResourceOwner ResourceOwner)
 {
     return(DeleteClient(Client.id, ResourceOwner.id));
 }