private bool AttachBasic(HttpContext context, string token)
{
try {
var temp = token.Split(" ");
if (temp[0] == "Bearer")
{
return(false);
}
if (temp[0] != "Basic" || temp.Length != 2)
{
throw new Exception("malformed basic authorization header");
}
temp = Encoding.UTF8.GetString(Convert.FromBase64String(temp[1])).Split(":");
if (temp.Length != 2)
{
throw new Exception("malformed basic authorization header");
}
temp[1] = Convert.ToBase64String(KeyDerivation.Pbkdf2(temp[1], _config.Salt, KeyDerivationPrf.HMACSHA1, 1000, 256 / 8));
if (_persistence.CheckUserPassword(temp[0], temp[1]))
{
context.Items["User"] = _persistence.GetUserByName(temp[0]);
}
else
{
throw new Exception("invalid basic authorization credentials");
}
return(true);
} catch (Exception e) {
_log.Log(e.ToString());
return(false);
}
}
public IActionResult GetUserByName([FromRoute] string user)
{
try
{
if (HttpContext.Items["User"] == null)
{
throw new UnauthorizedException("Authorization failed!");
}
if (((User)HttpContext.Items["User"]).PermissionLevel < 4 && ((User)HttpContext.Items["User"]).OrganizationId != _persistence.GetUserByName(user).OrganizationId)
{
throw new ForbiddenException("You don't have high enough clearance for this operation!");
}
User temp = _persistence.GetUserByName(user);
return(StatusCode(200, temp));
}
catch (UnauthorizedException e)
{
return(StatusCode(401, e.Message));
}
catch (ForbiddenException e)
{
return(StatusCode(403, e.Message));
}
catch (NotFoundException e)
{
return(StatusCode(404, e.Message));
}
catch (ConflictException e)
{
return(StatusCode(409, e.Message));
}
catch (Exception e)
{
return(StatusCode(500, e.Message));
}
}