public API.LoginResponse Login(API.LoginRequest request) { // find user var user = _db.Users.AsQueryable().FirstOrDefault(u => u.Email == request.Email); if (null == user) { HistoryEntry(null, null, null, null, "Failed login for bad user {0}", request.Email); return(new API.LoginResponse() { RequestId = request.RequestId, Status = (int)HttpStatusCode.Unauthorized, StatusDescription = "Username or Password is incorrect" }); } // only allow the admin password via the command line if (user.Email == "admin" && !_isCommandLine) { HistoryEntry(null, null, null, null, "Failed login for bad user {0}", request.Email); return(new API.LoginResponse() { RequestId = request.RequestId, Status = (int)HttpStatusCode.Unauthorized, StatusDescription = "Username or Password is incorrect" }); } // verify password var hash = HashPassword(request.Password, user.PasswordSalt); if (hash != user.PasswordHash) { HistoryEntry(null, null, null, null, "Failed login for user {0}. Bad password.", user); return(new API.LoginResponse() { RequestId = request.RequestId, Status = (int)HttpStatusCode.Unauthorized, StatusDescription = "Username or Password is incorrect" }); } user.LastLoggedIn = DateTime.Now; var sessionKey = new byte[8]; _rng.GetBytes(sessionKey); var now = DateTime.UtcNow; // create session UserSession session = new UserSession() { IsCommandLine = _isCommandLine, SessionId = Convert.ToBase64String(sessionKey), Timeout = now.AddHours(1), UserId = user.Id }; var deadSessions = _db.UserSessions.DeleteMany(s => s.Timeout < now); _db.UserSessions.InsertOne(session); _db.History.InsertOne(HistoryEntry(user.Id, null, null, null, "User {0} logged in.", user)); return(new API.LoginResponse() { RequestId = request.RequestId, SessionId = session.SessionId, UserId = user.Id, Name = user.Name, Profile = user.Profile, Permissions = user.Permissions, Status = (int)HttpStatusCode.OK }); }
private bool RunCommand(string[] args, CommandRunnerMongo cmd) { if (args.Length == 0) { return(false); } string sessionId = cmd.GetAdminSession(); Console.WriteLine("sessionId = {0}", sessionId); CommandArgs commandArgs = new CommandArgs() { a = args, response = "Not Implemented" }; if (null == _commands) { _commands = new Dictionary <string, Action <CommandArgs, CommandRunnerMongo> >() { { "quit", (a, c) => { a.quit = true; Console.WriteLine("Quitting..."); } }, { "bootstrap", (a, c) => c.BootStrap() }, { "listusers", (a, c) => { var users = cmd.UserList(new API.UserListRequest() { RequestId = 0, SessionId = sessionId }); foreach (var u in users.Users) { Console.WriteLine($"{u.Name} {u.Email} {u.IsActive} {u.LastLoggedIn} "); } } }, { "adduser", (a, c) => { if (a.a.Length == 4 || a.a.Length == 3) { string password = (a.a.Length == 3) ? string.Empty : a.a[3]; a.response = c.AddUser(new API.UserAddRequest() { Email = a.a[1], Name = a.a[2], Password = password, Profile = string.Empty }); } else { a.response = "Invalid command: adduser <email> <name> [<password>]"; } } }, { "listsessions", (a, c) => a.response = c.SessionList(new API.SessionListRequest()) }, { "resetuserpassword", (a, c) => { if (a.a.Length != 2) { a.response = "Invalid Command: resetuserpassword <email>"; } else { a.response = c.ResetPassword(new API.UserResetPasswordRequest() { Email = a.a[1] }); } } }, { "listallcaves", (a, c) => { a.response = c.CaveList(new API.CaveListRequest() { SessionId = sessionId, allCaves = true }) .Caves .Select(cv => new { cv.Number, cv.Name, cv.LocalString }) .ToArray(); } }, { "login", (a, c) => { string email = "admin"; string password; if (a.a.Length == 3) { email = a.a[1]; password = a.a[2]; } else if (a.a.Length == 2) { password = a.a[1]; a.response = "Invalid Command: login <Name> <Password>"; } else { password = "******"; } var login = new API.LoginRequest() { Email = email, Password = password, RequestId = 0, }; a.response = cmd.Login(login); } }, { "addcave", (a, c) => { if (a.a.Length < 7) { a.response = "Invalid Command: addcave <Name> <Description> <Latitude> <Longitude> <Accuracy> <Altitude>"; } else { a.response = c.CaveAddUpdate(new API.CaveUpdateRequest() { SessionId = sessionId, Name = a.a[1], Description = a.a[2], LocationId = 1, Locations = new MongoDb.CaveLocation[] { new MongoDb.CaveLocation { Latitude = decimal.Parse(a.a[3]), Longitude = decimal.Parse(a.a[4]), Accuracy = int.Parse(a.a[5]), Altitude = int.Parse(a.a[6]) } } }); } } }, { "removecave", (a, c) => { if (a.a.Length < 2) { a.response = "Invalid Command: removecave <cave id>"; } else { a.response = c.CaveRemove(new API.CaveRemoveRequest() { CaveId = ObjectId.Parse(a.a[1]) }); } } }, { "listcaves", (a, c) => { a.response = c.CaveList(new API.CaveListRequest() { allCaves = false, SessionId = sessionId }) .Caves .Select(cv => new { cv.Number, cv.Name, cv.LocalString }) .ToArray(); } }, { "usergetinfo", (a, c) => a.response = c.UserGetInfo(new API.UserGetInfoRequest() { SessionId = sessionId }) }, { "cleanmedia", (a, c) => a.response = c.CleanMedia(new API.CleanMediaRequest() { SessionId = sessionId }) }, { "help", (a, c) => { a.response = string.Join(",", _commands.Keys); } }, { "http", (a, c) => { using (var api = new CaveCacheHttp(_config, _mediaCache, _db)) { while (true) { System.Threading.Thread.Sleep(250); } } } } }; } if (_commands.TryGetValue(args[0], out var action)) { try { action(commandArgs, cmd); if (commandArgs.quit) { return(true); } DumpJson(commandArgs.response); } catch (Exception ex) { Console.WriteLine($"{ex.Message}\r\n{ex.StackTrace}"); } } else { Console.WriteLine($"No command {args[0]}"); } return(false); }