public HttpWebResponse GetResponse(OAuthContext context, TokenBase accessToken)
{
SignContext(context, accessToken);
Uri uri = context.GenerateUri();
Console.WriteLine("Uri: {0}", uri);
var request = (HttpWebRequest) WebRequest.Create(uri);
request.Method = context.RequestMethod;
if ((context.FormEncodedParameters != null) && (context.FormEncodedParameters.Count > 0))
{
request.ContentType = "application/x-www-form-urlencoded";
using (var writer = new StreamWriter(request.GetRequestStream()))
{
writer.Write(UriUtility.FormatQueryString(context.FormEncodedParameters));
}
}
if (UseHeaderForOAuthParameters)
{
request.Headers[Parameters.OAuth_Authorization_Header] = context.GenerateOAuthParametersForHeader();
}
return (HttpWebResponse) request.GetResponse();
}
private IContextSignatureImplementation FindImplementationForAuthContext(OAuthContext authContext)
{
IContextSignatureImplementation impl =
_implementations.FirstOrDefault(i => i.MethodName == authContext.SignatureMethod);
if (impl != null) return impl;
throw Error.UnknownSignatureMethod(authContext.SignatureMethod);
}
public TokenEndPoint(
OAuthContext context,
AuthorizationCodeStorage authCodeStorage,
RefreshTokenStorage refreshTokenStorage)
{
_context = context;
_authorizationCodestorage = authCodeStorage;
_refreshTokenStorage = refreshTokenStorage;
}
/*[Test]
public void Go()
{
var factory = new OAuthContextFactory();
var context = factory.FromUri("GET", new Uri("http://localhost.:888/api/contacts/list.rails"));
OAuthConsumer consumer = new OAuthConsumer("http://localhost/rt", "http://localhost/at");
consumer.SignatureMethod = SignatureMethod.RsaSha1;
consumer.ConsumerKey = "key";
consumer.ConsumerSecret = "secret";
consumer.Key = TestCertificates.OAuthTestCertificate().PrivateKey;
consumer.SignContext(context, new TokenBase { ConsumerKey="key", Token = "accesskey", TokenSecret = "accesssecret" });
OAuthContext context2 = factory.FromUri("GET", context.GenerateUri());
Assert.AreEqual(context.Signature, context2.Signature);
OAuthProvider provider = new OAuthProvider();
provider.TestAlgorithm = TestCertificates.OAuthTestCertificate().PublicKey.Key;
var outcome = provider.VerifyProtectedResourceRequest(context2);
Assert.IsTrue(outcome.Granted, outcome.AdditionalInfo);
}*/
public void Test()
{
string signature = "RJfuUrAU7qFkBfk9nR02qw9YsdlJzaT2tYINzZ8b+H5dQLfcZqUjmgEjOvfqBo6HcDg3tFKcZgxsUF+zw5Tv4KWTuhPaAl7SFOmpvVzAA5Pn0pKSkivEl6oAvKQW7JP00/KQoR9gD7HrspFvzYsoqv3DlfGgLF7VYx62JzUPYr4=";
OAuthContext context = new OAuthContext() { RequestMethod = "GET", RawUri = new Uri("http://localhost/service") };
context.Signature = signature;
Console.WriteLine(context.GenerateUri().ToString());
}
public bool ValidateSignature(OAuthContext authContext, SigningContext signingContext)
{
if (signingContext.Algorithm == null) throw Error.AlgorithmPropertyNotSetOnSigningContext();
SHA1CryptoServiceProvider sha1 = GenerateHash(signingContext);
var deformatter = new RSAPKCS1SignatureDeformatter(signingContext.Algorithm);
deformatter.SetHashAlgorithm("MD5");
byte[] signature = Convert.FromBase64String(authContext.Signature);
return deformatter.VerifySignature(sha1, signature);
}
private string GenerateSignature(OAuthContext authContext, SigningContext signingContext)
{
if (signingContext.Algorithm == null) throw Error.AlgorithmPropertyNotSetOnSigningContext();
SHA1CryptoServiceProvider sha1 = GenerateHash(signingContext);
var formatter = new RSAPKCS1SignatureFormatter(signingContext.Algorithm);
formatter.SetHashAlgorithm("MD5");
byte[] signature = formatter.CreateSignature(sha1);
return Convert.ToBase64String(signature);
}
public static async Task<TokenEndPoint> GetTokenEndProint
(
IOwinContext owinContext,
OAuthOptions options,
AuthorizationCodeStorage storage,
RefreshTokenStorage refreshTokenStorage
)
{
var request = new TokenRequest(owinContext);
await request.LoadAsync();
var context = new OAuthContext(options, request, owinContext);
return new TokenEndPoint(context, storage, refreshTokenStorage);
}
public TokenBase GrantRequestToken(OAuthContext context)
{
SigningContext signingContext = CreateSignatureContextForAuthContext(context);
if (!_signer.ValidateSignature(context, signingContext))
{
throw Error.FailedToValidateSignature();
}
return new TokenBase
{
ConsumerKey = context.ConsumerKey,
Token = "requestkey",
TokenSecret = "requestsecret"
};
}
private string GenerateSignature(OAuthContext authContext, SigningContext signingContext)
{
string consumerSecret = (signingContext.ConsumerSecret != null)
? UriUtility.UrlEncode(signingContext.ConsumerSecret)
: "";
string tokenSecret = (authContext.TokenSecret != null)
? UriUtility.UrlEncode(authContext.TokenSecret)
: null;
string hashSource = string.Format("{0}&{1}", consumerSecret, tokenSecret);
var hashAlgorithm = new HMACSHA1();
hashAlgorithm.Key = Encoding.ASCII.GetBytes(hashSource);
return ComputeHash(hashAlgorithm, signingContext.SignatureBase);
}
public void BeginAuthentication()
{
var oContext = new OAuthContext
{
ConsumerKey = Credentials.Facebook.ConsumerKey,
ConsumerSecret = Credentials.Facebook.ConsumerSecret,
VerifierUrl = Credentials.Facebook.VerifierUrl,
RequestAccessTokenUrl = Credentials.Facebook.RequestAccessTokenUrl,
RequestProfileUrl = Credentials.Facebook.RequestProfileUrl,
Scope = Credentials.Facebook.Scope,
OAuthVersion = OAuthVersion.V2,
SocialSiteName = "Facebook"
};
//In version 2.0 no need to get request token
oContext.ObtainVerifier();
}
public void BeginAuthentication()
{
var oContext = new OAuthContext
{
ConsumerKey = Credentials.Google.ConsumerKey,
ConsumerSecret = Credentials.Google.ConsumerSecret,
RequestTokenUrl = Credentials.Google.RequestTokenUrl,
VerifierUrl = Credentials.Google.VerifierUrl,
RequestAccessTokenUrl = Credentials.Google.RequestAccessTokenUrl,
RequestProfileUrl = Credentials.Google.RequestProfileUrl,
Realm = HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.DnsSafeHost + HttpContext.Current.Request.ApplicationPath,
OAuthVersion = OAuthVersion.V1,
SocialSiteName = "Google"
};
oContext.GetRequestToken();
oContext.ObtainVerifier();
}
public TokenBase ExchangeRequestTokenForAccessToken(OAuthContext context)
{
SigningContext signingContext = CreateSignatureContextForAuthContext(context);
if (!_signer.ValidateSignature(context, signingContext))
{
throw Error.FailedToValidateSignature();
}
if (context.Token != "requestkey")
{
throw Error.InvalidRequestToken(context.Token);
}
if (context.ConsumerKey != "key")
{
throw Error.InvalidConsumerKey(context.ConsumerKey);
}
return new TokenBase {ConsumerKey = context.ConsumerKey, Token = "accesskey", TokenSecret = "accesssecret"};
}
public AccessOutcome VerifyProtectedResourceRequest(OAuthContext context)
{
var outcome = new AccessOutcome {Context = context};
SigningContext signingContext = null;
try
{
signingContext = CreateSignatureContextForAuthContext(context);
}
catch (Exception ex)
{
outcome.AdditionalInfo = "Failed to parse request for context info";
return outcome;
}
if (!_signer.ValidateSignature(context, signingContext))
{
outcome.AdditionalInfo = "Failed to validate signature";
return outcome;
}
if (context.Token != "accesskey")
{
outcome.AdditionalInfo = "Invalid access token";
return outcome;
}
if (context.ConsumerKey != "key")
{
outcome.AdditionalInfo = "Invalid consumer key";
return outcome;
}
outcome.Granted = true;
outcome.AccessToken = new TokenBase {ConsumerKey = "key", TokenSecret = "accesssecret", Token = "accesskey"};
return outcome;
}
protected void Page_Load(object sender, EventArgs e)
{
try
{
OContext = OAuthContext.Current;
if(!IsPostBack)
{
//End authentication and register tokens.
OContext.EndAuthenticationAndRegisterTokens();
txtTokenKey.Text = OContext.Token;
txtTokenSecret.Text = OContext.TokenSecret;
txtVerifier.Text = OContext.Verifier;
}
}
catch (OAuthException ex)
{
Response.Write("<p>OAuth Exception occurred.</p>");
Response.Write("<p>" + ex.InnerException.Message + "</p>");
Response.Write("<p>" + ex.InnerException.StackTrace + "</p>");
}
}
public static async Task<Flow> Get
(
IOwinContext owinContext,
OAuthOptions options,
AuthorizationCodeStorage authCodeStorage,
RefreshTokenStorage refreshTokenStorage
)
{
var request = new AuthenticationRequest(owinContext);
await request.LoadAsync();
var context = new OAuthContext(options, request, owinContext);
switch (context.AuthenticationRequest.response_type?.Trim())
{
case "code": return new AuthorizationCodeFlow(context, authCodeStorage);
case "id_token": return new ImplicitFlow(context);
case "id_token token": return new ImplicitFlow(context);
case "code id_token": return new HybridFlow(context);
case "code token": return new HybridFlow(context);
case "code id_token token": return new HybridFlow(context);
default: return null;
}
}
public void SignContext(OAuthContext authContext, SigningContext signingContext)
{
authContext.Signature = GenerateSignature(authContext, signingContext);
}
protected void gOAuthClientEdit_SaveClick(object sender, EventArgs e)
{
divErrors.Visible = false;
if (String.IsNullOrEmpty(tbClientName.Text))
{
divErrors.InnerText = "A valid Client Name must be provided.";
divErrors.Visible = true;
return;
}
if (tbApiKey.Text.AsGuidOrNull() == null)
{
divErrors.InnerText = "A valid GUID must be provided for the API Key.";
divErrors.Visible = true;
return;
}
if (tbApiSecret.Text.AsGuidOrNull() == null)
{
divErrors.InnerText = "A valid GUID must be provided for the API Secret.";
divErrors.Visible = true;
return;
}
if (string.IsNullOrEmpty(tbCallbackUrl.Text))
{
divErrors.InnerText = "A valid Callback URL must be provided.";
divErrors.Visible = true;
return;
}
ClientScopeService clientScopeService = new ClientScopeService(OAuthContext);
ClientService clientService = new ClientService(OAuthContext);
Client client = null;
if (hfClientId.Value.AsIntegerOrNull().HasValue)
{
client = clientService.Get(hfClientId.Value.AsInteger());
}
else
{
client = new Client();
clientService.Add(client);
}
client.ClientName = tbClientName.Text;
client.ApiKey = tbApiKey.Text.AsGuid();
client.ApiSecret = tbApiSecret.Text.AsGuid();
client.CallbackUrl = tbCallbackUrl.Text;
client.Active = cbActive.Checked;
foreach (System.Web.UI.WebControls.ListItem item in cblClientScopes.Items)
{
int scopeId = item.Value.AsInteger();
ClientScope clientScope = clientScopeService.Queryable().Where(cs => cs.ClientId == client.Id && cs.ScopeId == scopeId).FirstOrDefault();
if (clientScope != null)
{
clientScope.Active = item.Selected;
}
else if (item.Selected)
{
clientScope = new ClientScope();
clientScope.ClientId = client.Id;
clientScope.ScopeId = item.Value.AsInteger();
clientScope.Active = item.Selected;
clientScopeService.Add(clientScope);
}
}
OAuthContext.SaveChanges();
OAuthContext = new OAuthContext();
gOAuthClients_Bind(sender, e);
gOAuthClientEdit.Hide();
}
private string GenerateSignature(OAuthContext authContext, SigningContext signingContext)
{
return(UriUtility.UrlEncode(string.Format("{0}&{1}", signingContext.ConsumerSecret, authContext.TokenSecret)));
}
public CustomersController(OAuthContext context)
{
_context = context;
}
public OAuthService(OAuthContext oAuthContext)
{
this.oAuthContext = oAuthContext;
}
public HybridFlow(OAuthContext context)
: base(context)
{
}
public HttpResponseMessage CreateAccount(Account account)
{
OAuthContext oAuthContext = new OAuthContext();
ClientService clientService = new ClientService(oAuthContext);
var clientId = HttpContext.Current.User.Identity.Name;
Client oAuthClient = clientService.GetByApiKey(clientId.AsGuid());
if (oAuthClient.Active)
{
var rockContext = new Rock.Data.RockContext();
PersonService personService = new PersonService(rockContext);
UserLoginService userLoginService = new UserLoginService(rockContext);
// Validate the Model
if (!string.IsNullOrEmpty(account.Username))
{
// Make sure the username is unique
UserLogin user = userLoginService.GetByUserName(account.Username);
if (user != null)
{
ModelState.AddModelError("Account.Username", "Username already exists");
}
// Make sure the password is valid
if (!UserLoginService.IsPasswordValid(account.Password))
{
ModelState.AddModelError("Account.Password", UserLoginService.FriendlyPasswordRules());
}
// Make sure this person meets the minimum age requirement
var birthday = account.Birthdate ?? Rock.RockDateTime.Today;
if (RockDateTime.Today.AddYears(MINIMUM_AGE * -1) < birthday)
{
ModelState.AddModelError("Account.Birthdate", string.Format("We are sorry, you must be at least {0} years old to create an account.", MINIMUM_AGE));
}
}
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
// Try to match the person
var matchPerson = personService.GetByMatch(account.FirstName, account.LastName, account.Birthdate, account.EmailAddress, account.MobileNumber, null, null);
bool confirmed = false;
Person person = new Person();
if (matchPerson != null && matchPerson.Count() == 1)
{
var mobilePhone = matchPerson.First().PhoneNumbers.Where(pn => pn.NumberTypeValueId == DefinedValueCache.Get(Rock.SystemGuid.DefinedValue.PERSON_PHONE_TYPE_MOBILE.AsGuid()).Id).FirstOrDefault();
// The emails MUST match for security
if (matchPerson.First().Email == account.EmailAddress && (mobilePhone == null || mobilePhone.Number.Right(10) == account.MobileNumber.Right(10)))
{
person = matchPerson.First();
// If they don't have a current mobile phone, go ahead and set it
if (mobilePhone == null)
{
string cleanNumber = PhoneNumber.CleanNumber(account.MobileNumber);
var phoneNumber = new PhoneNumber {
NumberTypeValueId = DefinedValueCache.Get(Rock.SystemGuid.DefinedValue.PERSON_PHONE_TYPE_MOBILE.AsGuid()).Id
};
person.PhoneNumbers.Add(phoneNumber);
phoneNumber.CountryCode = cleanNumber.Length > 10 ? cleanNumber.Left(10 - cleanNumber.Length) : PhoneNumber.DefaultCountryCode();
phoneNumber.Number = cleanNumber.Right(10);
phoneNumber.IsMessagingEnabled = true;
}
// Make sure the gender matches
person.Gender = account.Gender;
confirmed = true;
}
}
// If we don't have a match, create a new web prospect
if (!confirmed)
{
DefinedValueCache dvcConnectionStatus = DefinedValueCache.Get(Rock.SystemGuid.DefinedValue.PERSON_CONNECTION_STATUS_WEB_PROSPECT.AsGuid());
DefinedValueCache dvcRecordStatus = DefinedValueCache.Get(Rock.SystemGuid.DefinedValue.PERSON_RECORD_STATUS_PENDING.AsGuid());
person.FirstName = account.FirstName;
person.LastName = account.LastName;
person.NickName = account.NickName;
person.Email = account.EmailAddress;
person.IsEmailActive = true;
person.EmailPreference = EmailPreference.EmailAllowed;
person.RecordTypeValueId = DefinedValueCache.Get(Rock.SystemGuid.DefinedValue.PERSON_RECORD_TYPE_PERSON.AsGuid()).Id;
if (dvcConnectionStatus != null)
{
person.ConnectionStatusValueId = dvcConnectionStatus.Id;
}
if (dvcRecordStatus != null)
{
person.RecordStatusValueId = dvcRecordStatus.Id;
}
person.Gender = account.Gender;
var birthday = account.Birthdate;
if (birthday.HasValue)
{
person.BirthMonth = birthday.Value.Month;
person.BirthDay = birthday.Value.Day;
if (birthday.Value.Year != DateTime.MinValue.Year)
{
person.BirthYear = birthday.Value.Year;
}
}
if (!string.IsNullOrWhiteSpace(account.MobileNumber))
{
string cleanNumber = PhoneNumber.CleanNumber(account.MobileNumber);
var phoneNumber = new PhoneNumber {
NumberTypeValueId = DefinedValueCache.Get(Rock.SystemGuid.DefinedValue.PERSON_PHONE_TYPE_MOBILE.AsGuid()).Id
};
person.PhoneNumbers.Add(phoneNumber);
phoneNumber.CountryCode = cleanNumber.Length > 10 ? cleanNumber.Left(10 - cleanNumber.Length) : PhoneNumber.DefaultCountryCode();
phoneNumber.Number = cleanNumber.Right(10);
phoneNumber.IsMessagingEnabled = true;
}
PersonService.SaveNewPerson(person, rockContext);
}
UserLogin userLogin = null;
if (!string.IsNullOrWhiteSpace(account.Username) && UserLoginService.IsPasswordValid(account.Password))
{
// Create the user login (only require confirmation if we didn't match the person)
userLogin = UserLoginService.Create(
rockContext,
person,
AuthenticationServiceType.Internal,
EntityTypeCache.Get(Rock.SystemGuid.EntityType.AUTHENTICATION_DATABASE.AsGuid()).Id,
account.Username,
account.Password,
confirmed);
}
else if (!string.IsNullOrWhiteSpace(account.EmailAddress) && !confirmed)
{
userLogin = userLoginService.Queryable()
.Where(u => u.UserName == ("SMS_" + person.Id.ToString()))
.FirstOrDefault();
// Create an unconfirmed SMS user login if does not exist
if (userLogin == null)
{
var entityTypeId = EntityTypeCache.Get("Rock.Security.ExternalAuthentication.SMSAuthentication").Id;
userLogin = new UserLogin()
{
UserName = "******" + person.Id.ToString(),
EntityTypeId = entityTypeId,
IsConfirmed = false,
PersonId = person.Id
};
userLoginService.Add(userLogin);
}
}
// Send an email to confirm the account.
if (userLogin != null && userLogin.IsConfirmed != true)
{
// For mobile we will make a custom/short confirmation code
var mobileConfirmationCode = new BigInteger(MD5.Create().ComputeHash(userLogin.Guid.ToByteArray())).ToString().Right(6);
var mergeFields = Rock.Lava.LavaHelper.GetCommonMergeFields(null, person);
mergeFields.Add("MobileConfirmationCode", mobileConfirmationCode);
mergeFields.Add("ConfirmAccountUrl", GlobalAttributesCache.Get().GetValue("PublicApplicationRoot").EnsureTrailingForwardslash() + "ConfirmAccount");
mergeFields.Add("Person", userLogin.Person);
mergeFields.Add("User", userLogin);
var recipients = new List <RockEmailMessageRecipient>();
recipients.Add(new RockEmailMessageRecipient(userLogin.Person, mergeFields));
var message = new RockEmailMessage(Rock.SystemGuid.SystemCommunication.SECURITY_CONFIRM_ACCOUNT.AsGuid());
message.SetRecipients(recipients);
message.AppRoot = GlobalAttributesCache.Get().GetValue("PublicApplicationRoot").EnsureTrailingForwardslash();
message.CreateCommunicationRecord = false;
message.Send();
}
rockContext.SaveChanges();
return(ControllerContext.Request.CreateResponse(HttpStatusCode.OK, new StandardResponse()
{
Message = string.Format("Account has been created.{0}", confirmed ? "" : " An email has been sent to confirm the email address."),
Result = StandardResponse.ResultCode.Success
}
));
}
return(ControllerContext.Request.CreateResponse(HttpStatusCode.Forbidden));
}
private string CreateAuthorizationHeaderInternal(HttpMethod httpMethod, string url, Dictionary <string, string> parameters,
string body)
{
Encoding enc = Encoding.UTF8;
NameValueCollection authorizationHeaderParameters = new NameValueCollection();
authorizationHeaderParameters.Add(Parameters.OAuth_Timestamp, DateTime.Now.Epoch().ToString());
authorizationHeaderParameters.Add(Parameters.OAuth_Version, "1.0");
authorizationHeaderParameters.Add(Parameters.OAuth_Consumer_Key, _consumerKey);
authorizationHeaderParameters.Add(Parameters.OAuth_Signature_Method, SignatureMethod.RsaSha1);
authorizationHeaderParameters.Add(Parameters.Realm, Realm);
var oauthContext = new OAuthContext
{
AuthorizationHeaderParameters = authorizationHeaderParameters,
RawUri = new Uri(url),
RequestMethod = httpMethod.Method
};
authorizationHeaderParameters.Add(Parameters.OAuth_Nonce, new GuidNonceGenerator().GenerateNonce(oauthContext));
if (parameters != null && parameters.ContainsKey("CallbackUrl"))
{
authorizationHeaderParameters.Add(Parameters.OAuth_Callback, parameters["CallbackUrl"]);
}
if (parameters != null && parameters.ContainsKey("Oauth_Verifier"))
{
authorizationHeaderParameters.Add(Parameters.OAuth_Verifier, parameters["Oauth_Verifier"]);
}
if (parameters != null && parameters.ContainsKey("Token"))
{
authorizationHeaderParameters.Add(Parameters.OAuth_Token, parameters["Token"]);
}
if (body != null)
{
var rawContent = enc.GetBytes(body);
oauthContext.Realm = null;
oauthContext.RawContent = rawContent;
authorizationHeaderParameters.Add(Parameters.OAuth_Body_Hash, oauthContext.GenerateBodyHash());
}
oauthContext.AuthorizationHeaderParameters = authorizationHeaderParameters;
var privateKey = GetCertificate(_certThumbprint).PrivateKey;
// Set the signature base string so that it's viewable by the
// caller upon the return of the response.
var signatureBaseString = oauthContext.GenerateSignatureBase();
var signer = new RsaSha1SignatureImplementation();
signer.SignContext(oauthContext,
new SigningContext {
Algorithm = privateKey, SignatureBase = signatureBaseString
});
authorizationHeaderParameters.Add(Parameters.OAuth_Signature, oauthContext.Signature);
oauthContext.AuthorizationHeaderParameters = authorizationHeaderParameters;
var authHeader = oauthContext.GenerateOAuthParametersForHeader();
return(authHeader);
}
/// <summary>
/// Initializes a new instance of the <see cref="ClientService"/> class.
/// </summary>
/// <param name="context">The context.</param>
public ClientService(OAuthContext context) : base(context)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthorizationService"/> class.
/// </summary>
/// <param name="context">The context.</param>
public AuthorizationService(OAuthContext context) : base(context)
{
}
public Flow(OAuthContext context)
{
Context = context;
}
/// <summary>
/// Raises the <see cref="E:System.Web.UI.Control.Load" /> event.
/// </summary>
/// <param name="e">The <see cref="T:System.EventArgs" /> object that contains the event data.</param>
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
var authentication = HttpContext.Current.GetOwinContext().Authentication;
var ticket = authentication.AuthenticateAsync("OAuth").Result;
var identity = ticket != null ? ticket.Identity : null;
string userName = null;
string[] authorizedScopes = null;
var scopes = (Request.QueryString.Get("scope") ?? "").Split(' ');
bool scopesApproved = false;
if (identity == null)
{
authentication.Challenge("OAuth");
Response.Redirect(OAuthSettings["OAuthLoginPath"] + "?ReturnUrl=" + Server.UrlEncode(Request.RawUrl), true);
}
else if (CurrentUser == null)
{
// Kill the OAuth session
authentication.SignOut("OAuth");
authentication.Challenge("OAuth");
Response.Redirect(OAuthSettings["OAuthLoginPath"] + "?ReturnUrl=" + Server.UrlEncode(Request.RawUrl), true);
}
else
{
OAuthContext context = new OAuthContext();
ClientService clientService = new ClientService(context);
Client OAuthClient = clientService.GetByApiKey(PageParameter("client_id").AsGuid());
if (OAuthClient != null)
{
ClientScopeService clientScopeService = new ClientScopeService(context);
userName = identity.Name;
AuthorizationService authorizationService = new AuthorizationService(context);
authorizedScopes = authorizationService.Queryable().Where(a => a.Client.Id == OAuthClient.Id && a.UserLogin.UserName == identity.Name && a.Active == true).Select(a => a.Scope.Identifier).ToArray <string>();
if (!clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Any() ||
(authorizedScopes != null && scopes.Where(s => !authorizedScopes.Select(a => a.ToLower()).Contains(s.ToLower())).Count() == 0))
{
scopesApproved = true;
}
if (scopesApproved)
{
identity = new ClaimsIdentity(identity.Claims, "Bearer", identity.NameClaimType, identity.RoleClaimType);
//only allow claims that have been requested and the client has been authorized for
foreach (var scope in scopes.Where(s => clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Select(cs => cs.Scope.Identifier.ToLower()).Contains(s.ToLower())))
{
identity.AddClaim(new Claim("urn:oauth:scope", scope));
}
authentication.SignIn(identity);
}
else
{
rptScopes.DataSource = clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Select(s => s.Scope).ToList();
rptScopes.DataBind();
}
lClientName.Text = OAuthClient.ClientName;
lClientName2.Text = OAuthClient.ClientName;
lUsername.Text = CurrentUser.Person.FullName + " (" + userName + ")";
hlLogout.NavigateUrl = Request.RawUrl + "&OAuthLogout=true";
}
else
{
throw new Exception("Invalid Client ID for OAuth authentication.");
}
}
}
public abstract Task<bool> GrantResourceOwnerCredentials(OAuthContext context);
public OAuthAttribute(string realm)
{
Realm = realm;
Context = OAuth.GetContext(Realm);
}
private async void Twitter_Tapped(object sender, TappedRoutedEventArgs e)
{
dataBindingSource.progressBarIsIndeterminate = true;
//Make a POST Request and get the Request Token
TwitterOauth twitter = new TwitterOauth();
twitter.oauth_callback = "https://www.facebook.com/connect/login_success.html";
twitter.oauth_consumer_key = "iNpGqyW7YR6tEGCi8jQw";
twitter.oauth_consumer_secret = "yIu7O2de1ohn4Wn6TIMoi1PRjMFtuYIlLbzO6lDgJMY";
twitter.oauth_nonce = Convert.ToBase64String(
Encoding.UTF8.GetBytes(
DateTime.Now.Ticks.ToString()));
TimeSpan timespan = DateTime.UtcNow
- new DateTime(1970, 1, 1, 0, 0, 0, 0,
DateTimeKind.Utc);
twitter.oauth_timestamp = Convert.ToInt64(timespan.TotalSeconds).ToString();
twitter.request_uri = "https://api.twitter.com/oauth/request_token";
twitter.oauth_version = "1.0";
twitter.oauth_signature_method = "HMAC-SHA1";
//Compute Key and BaseString for implementing the SCHA1 Algorithm
var compositeKey = string.Concat(WebUtility.UrlEncode(twitter.oauth_consumer_secret),
"&");
string baseString,baseFormat;
baseFormat = "oauth_callback={0}&oauth_consumer_key={1}&oauth_nonce={2}&oauth_signature={3}" +
"&oauth_signature_method={4}&oauth_timestamp={5}&oauth_version={6}";
baseString = String.Format(baseFormat, twitter.oauth_callback, twitter.oauth_consumer_key,
twitter.oauth_nonce, twitter.oauth_signature, twitter.oauth_signature_method,
twitter.oauth_timestamp, twitter.oauth_version);
baseString = String.Concat("POST&", WebUtility.UrlEncode(twitter.request_uri),"&", WebUtility.UrlEncode(baseString));
twitter.oauth_signature = Utils.HmacSha1(baseString, compositeKey);
twitter.authorize_uri = "https://api.twitter.com/oauth/authorize";
try
{
//
// Acquiring a request token
//
TimeSpan SinceEpoch = (DateTime.Now - new DateTime(1970, 1, 1, 0, 0, 0, 0).ToLocalTime());
Random Rand = new Random();
String TwitterUrl = "https://api.twitter.com/oauth/request_token";
Int32 Nonce = Rand.Next(1000000000);
//
// Compute base signature string and sign it.
// This is a common operation that is required for all requests even after the token is obtained.
// Parameters need to be sorted in alphabetical order
// Keys and values should be URL Encoded.
//
String SigBaseStringParams = "oauth_callback=" + Uri.EscapeDataString(twitter.oauth_callback);
SigBaseStringParams += "&" + "oauth_consumer_key=" + twitter.oauth_consumer_key;
SigBaseStringParams += "&" + "oauth_nonce=" + Nonce.ToString();
SigBaseStringParams += "&" + "oauth_signature_method=HMAC-SHA1";
SigBaseStringParams += "&" + "oauth_timestamp=" + Math.Round(SinceEpoch.TotalSeconds);
SigBaseStringParams += "&" + "oauth_version=1.0";
String SigBaseString = "POST&";
SigBaseString += Uri.EscapeDataString(TwitterUrl) + "&" + Uri.EscapeDataString(SigBaseStringParams);
IBuffer KeyMaterial = CryptographicBuffer.ConvertStringToBinary(twitter.oauth_consumer_secret + "&", BinaryStringEncoding.Utf8);
MacAlgorithmProvider HmacSha1Provider = MacAlgorithmProvider.OpenAlgorithm("HMAC_SHA1");
CryptographicKey MacKey = HmacSha1Provider.CreateKey(KeyMaterial);
IBuffer DataToBeSigned = CryptographicBuffer.ConvertStringToBinary(SigBaseString, BinaryStringEncoding.Utf8);
IBuffer SignatureBuffer = CryptographicEngine.Sign(MacKey, DataToBeSigned);
String Signature = CryptographicBuffer.EncodeToBase64String(SignatureBuffer);
String DataToPost = "OAuth oauth_callback=\"" + Uri.EscapeDataString(twitter.oauth_callback) + "\", oauth_consumer_key=\"" + twitter.oauth_consumer_key + "\", oauth_nonce=\"" + Nonce.ToString() + "\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"" + Math.Round(SinceEpoch.TotalSeconds) + "\", oauth_version=\"1.0\", oauth_signature=\"" + Uri.EscapeDataString(Signature) + "\"";
PostResponse = await PostData(TwitterUrl, DataToPost, true);
if (PostResponse != null)
{
String oauth_token = null;
String oauth_token_secret = null;
String[] keyValPairs = PostResponse.Split('&');
for (int i = 0; i < keyValPairs.Length; i++)
{
String[] splits = keyValPairs[i].Split('=');
switch (splits[0])
{
case "oauth_token":
oauth_token = splits[1];
break;
case "oauth_token_secret":
oauth_token_secret = splits[1];
break;
}
}
if (oauth_token != null)
{
TwitterUrl = "https://api.twitter.com/oauth/authorize?oauth_token=" + oauth_token;
System.Uri StartUri = new Uri(TwitterUrl);
System.Uri EndUri = new Uri(twitter.oauth_callback);
WebAuthenticationResult WebAuthenticationResult = await WebAuthenticationBroker.AuthenticateAsync(
WebAuthenticationOptions.None,
StartUri,
EndUri);
if (WebAuthenticationResult.ResponseStatus == WebAuthenticationStatus.Success)
{
string oauth_verifier = "";
string oauth_token2 = "";
string webResponseString = WebAuthenticationResult.ResponseData.ToString();
int index_oauth = webResponseString.IndexOf("oauth_token");
int i = index_oauth;
while (webResponseString[i] != '=')
{
i++;
}
i++;
while (webResponseString[i] != '&')
{
oauth_token2 += webResponseString[i];
i++;
}
while (webResponseString[i] != '=')
{
i++;
}
i++;
while (i != webResponseString.Length)
{
oauth_verifier += webResponseString[i];
i++;
}
//Get the access token by making a POST request
string access_token_post_url = "https://api.twitter.com/oauth/access_token?oauth_verifier=" + oauth_verifier;
Signature = Utils.HmacSha1(baseString, compositeKey + oauth_token_secret);
string postData = "OAuth oauth_consumer_key=\"" + twitter.oauth_consumer_key + "\", oauth_nonce=\"" + Nonce.ToString() + "\", oauth_signature=\"" + Uri.EscapeDataString(Signature) + "\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"" + Math.Round(SinceEpoch.TotalSeconds) + "\", oauth_token=\"" + oauth_token2 + "\", oauth_version=\"1.0\"";
string postResponsedata = await PostData(access_token_post_url, postData,true);
string accessToken = "", accessSecretKey = "", userID = "", screenName = "";
List<string> tokenList = new List<string>(postResponsedata.Split('&'));
foreach (string tokenNameValue in tokenList)
{
List<string> singleTokenList = new List<string>(tokenNameValue.Split('='));
if (String.Compare(singleTokenList[0], "oauth_token") == 0)
{
accessToken = singleTokenList[1];
}
else if(String.Compare(singleTokenList[0],"oauth_token_secret") == 0)
{
accessSecretKey = singleTokenList[1];
}
else if (String.Compare(singleTokenList[0], "user_id") == 0)
{
userID = singleTokenList[1];
}
else if (String.Compare(singleTokenList[0], "screen_name") == 0)
{
screenName = singleTokenList[1];
}
}
//Getting the user details
string userDetailsUrl = "https://api.twitter.com/1.1/account/verify_credentials.json";
SigBaseStringParams = "oauth_consumer_key=" + twitter.oauth_consumer_key;
SigBaseStringParams += "&" + "oauth_nonce=" + Nonce.ToString();
SigBaseStringParams += "&" + "oauth_signature_method=HMAC-SHA1";
SigBaseStringParams += "&" + "oauth_timestamp=" + Math.Round(SinceEpoch.TotalSeconds);
SigBaseStringParams += "&" + "oauth_token=" + accessToken;
SigBaseStringParams += "&" + "oauth_version=1.0";
SigBaseString = "GET&";
SigBaseString += Uri.EscapeDataString(userDetailsUrl) + "&" + Uri.EscapeDataString(SigBaseStringParams);
Signature = Utils.HmacSha1(SigBaseStringParams, compositeKey + accessSecretKey);
postData = "OAuth oauth_consumer_key=\"" + twitter.oauth_consumer_key + "\", oauth_nonce=\"" + Nonce.ToString() + "\", oauth_signature=\"" + Uri.EscapeDataString(Signature) + "\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"" + Math.Round(SinceEpoch.TotalSeconds) + "\", oauth_token=\"" + accessToken + "\", oauth_version=\"1.0\"";
var context = new OAuthContext(twitter.oauth_consumer_key, twitter.oauth_consumer_secret, "https://api.twitter.com/oauth/request_token", "https://api.twitter.com/oauth/authorize", "https://api.twitter.com/oauth/access_token", twitter.oauth_callback);
var client = new Client(context);
client.AccessToken = new TokenContainer();
client.AccessToken.Token = accessToken;
client.AccessToken.Secret = accessSecretKey;
String postResponse = await client.MakeRequest("GET")
.WithFormEncodedData(new {}) //this will be sent as a key/value in the request body an is included in the OAuth signature
.ForResource(client.AccessToken.Token,new Uri("https://api.twitter.com/1.1/account/verify_credentials.json"))
.Sign(client.AccessToken.Secret)
.ExecuteRequest();
Newtonsoft.Json.Linq.JObject twitterUserInfoJObject = Newtonsoft.Json.Linq.JObject.Parse(postResponse);
dynamic parameter = new ExpandoObject();
try
{
Newtonsoft.Json.Linq.JToken value;
if (twitterUserInfoJObject.TryGetValue("id",out value))
{
parameter.id = value.ToString();
}
if (twitterUserInfoJObject.TryGetValue("screen_name", out value))
{
parameter.username = value.ToString();
}
if (twitterUserInfoJObject.TryGetValue("name", out value))
{
parameter.first_name = value.ToString();
}
if (twitterUserInfoJObject.TryGetValue("profile_image_url_https", out value))
{
parameter.picture = value.ToString();
}
parameter.service = "Twitter";
}
catch (NullReferenceException ex)
{
}
UserInfo user = new UserInfo(parameter);
Frame.Navigate(typeof(HomePage), (object) user);
}
else if (WebAuthenticationResult.ResponseStatus == WebAuthenticationStatus.ErrorHttp)
{
dataBindingSource.progressBarIsIndeterminate = false;
var messageBox = new MessageDialog("Could not connect to the network.Please check your internet connections");
messageBox.Commands.Add(new UICommand("OK"));
messageBox.DefaultCommandIndex = 0;
await messageBox.ShowAsync();
}
else
{
//User cancelled login
dataBindingSource.progressBarIsIndeterminate = false;
}
}
}
}
catch (Exception Error)
{
throw Error;
}
}
/// <summary>
/// Initializes a new instance of the <see cref="BoundParameter"/> class.
/// </summary>
/// <param name="name">The name.</param>
/// <param name="context">The context.</param>
public BoundParameter(string name, OAuthContext context)
{
_name = name;
_context = context;
}
public AccessOutcome AccessProtectedResource(IRequest request)
{
OAuthContext context = _contextFactory.FromMonoRailRequest(request);
return(_provider.VerifyProtectedResourceRequest(context));
}
private System.Threading.Tasks.Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (!string.IsNullOrEmpty(context.UserName) && !string.IsNullOrEmpty(context.Password))
{
var rockContext = new RockContext();
var userLoginService = new UserLoginService(rockContext);
var userName = context.UserName;
var userLogin = userLoginService.GetByUserName(userName);
if (userLogin != null && userLogin.EntityType != null)
{
var component = AuthenticationContainer.GetComponent(userLogin.EntityType.Name);
if (component != null && component.IsActive &&
(!component.RequiresRemoteAuthentication || component.TypeName == "Rock.Security.ExternalAuthentication.SMSAuthentication"))
{
if (component.Authenticate(userLogin, context.Password))
{
if ((userLogin.IsConfirmed ?? true) && !(userLogin.IsLockedOut ?? false))
{
OAuthContext oAuthContext = new OAuthContext();
ClientScopeService clientScopeService = new ClientScopeService(oAuthContext);
AuthorizationService authorizationService = new AuthorizationService(oAuthContext);
ClientService clientService = new ClientService(oAuthContext);
var scopes = (context.Scope.FirstOrDefault() ?? "").Split(',');
bool scopesApproved = false;
Client OAuthClient = clientService.GetByApiKey(context.ClientId.AsGuid());
string[] authorizedScopes = authorizationService.Queryable().Where(a => a.Client.Id == OAuthClient.Id && a.UserLogin.UserName == userName && a.Active == true).Select(a => a.Scope.Identifier).ToArray <string>();
if (!clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Any() ||
(authorizedScopes != null && scopes.Where(s => !authorizedScopes.Select(a => a.ToLower()).Contains(s.ToLower())).Count() == 0))
{
scopesApproved = true;
}
if (scopesApproved)
{
var identity = new ClaimsIdentity(new GenericIdentity(userName, OAuthDefaults.AuthenticationType));
//only allow claims that have been requested and the client has been authorized for
foreach (var scope in scopes.Where(s => clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Select(cs => cs.Scope.Identifier.ToLower()).Contains(s.ToLower())))
{
identity.AddClaim(new Claim("urn:oauth:scope", scope));
}
UserLoginService.UpdateLastLogin(userName);
context.Validated(identity);
return(System.Threading.Tasks.Task.FromResult(0));
}
else
{
context.Rejected();
context.SetError("Authentication Error", "All scopes are not authorized for this user.");
}
}
if (!userLogin.IsConfirmed ?? true)
{
context.Rejected();
context.SetError("Authentication Error", "Account email is unconfirmed.");
}
if (userLogin.IsLockedOut ?? false)
{
context.Rejected();
context.SetError("Authentication Error", "Account is locked.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Username/Password.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Authentication Configuration.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Username/Password.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Username/Password.");
}
return(System.Threading.Tasks.Task.FromResult(0));
}
private SigningContext CreateSignatureContextForAuthContext(OAuthContext context)
{
return new SigningContext
{
ConsumerSecret = GetConsumerSecretForKey(context.ConsumerKey),
Algorithm = GetAlgorithmForConsumer(context.ConsumerKey)
};
}
public void SignContext(OAuthContext context, TokenBase accessToken)
{
EnsureStateIsValid();
if (accessToken.ConsumerKey != ConsumerKey)
throw Error.SuppliedTokenWasNotIssuedToThisConsumer(ConsumerKey, accessToken.ConsumerKey);
var signer = new OAuthContextSigner();
var auth = new NonceGenerator();
context.UseAuthorizationHeader = UseHeaderForOAuthParameters;
context.ConsumerKey = accessToken.ConsumerKey;
context.Token = accessToken.Token;
context.TokenSecret = accessToken.TokenSecret;
context.SignatureMethod = SignatureMethod;
context.Timestamp = DateTime.Now.EpocString();
context.Nonce = auth.GenerateNonce();
context.Version = "1.0";
string signatureBase = context.GenerateSignatureBase();
Console.WriteLine("signature_base: {0}", signatureBase);
signer.SignContext(context,
new SigningContext
{Algorithm = Key, SignatureBase = signatureBase, ConsumerSecret = ConsumerSecret});
Console.WriteLine("oauth_singature: {0}", context.Signature);
}
/// <summary>
/// Raises the <see cref="E:System.Web.UI.Control.Load" /> event.
/// </summary>
/// <param name="e">The <see cref="T:System.EventArgs" /> object that contains the event data.</param>
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
var authentication = HttpContext.Current.GetOwinContext().Authentication;
if (IsAuthenticationNotPermitted())
{
Rock.Security.Authorization.SignOut();
authentication.SignOut("OAuth");
authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
NavigateToLinkedPage(AttributeKeys.RejectedAuthenticationPage);
return;
}
var ticket = authentication.AuthenticateAsync(DefaultAuthenticationTypes.ApplicationCookie).Result;
var identity = ticket != null ? ticket.Identity : null;
string userName = null;
string[] authorizedScopes = null;
var scopes = (Request.QueryString.Get("scope") ?? "").Split(' ');
bool scopesApproved = false;
//The user is logged in but does not have OAuth identity
if (CurrentUser != null && identity == null)
{
CreateOAuthIdentity(authentication);
Response.Redirect(Request.RawUrl, true);
}
//The user is not logged in and does not have OAuth identity
else if (identity == null)
{
authentication.Challenge(DefaultAuthenticationTypes.ApplicationCookie);
//Send them off to log in
StoreQueryStringCookie();
Response.Redirect(OAuthSettings["OAuthLoginPath"], true);
}
//The user has an OAuth identity
else
{
OAuthContext context = new OAuthContext();
ClientService clientService = new ClientService(context);
Client OAuthClient = clientService.GetByApiKey(PageParameter(PageParameterKeys.ClientId).AsGuid());
if (OAuthClient != null)
{
ClientScopeService clientScopeService = new ClientScopeService(context);
userName = identity.Name;
AuthorizationService authorizationService = new AuthorizationService(context);
authorizedScopes = authorizationService.Queryable().Where(a => a.Client.Id == OAuthClient.Id && a.UserLogin.UserName == identity.Name && a.Active == true).Select(a => a.Scope.Identifier).ToArray <string>();
if (!clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Any() ||
(authorizedScopes != null && scopes.Where(s => !authorizedScopes.Select(a => a.ToLower()).Contains(s.ToLower())).Count() == 0))
{
scopesApproved = true;
}
if (scopesApproved)
{
identity = new ClaimsIdentity(identity.Claims, "Bearer", identity.NameClaimType, identity.RoleClaimType);
//only allow claims that have been requested and the client has been authorized for
foreach (var scope in scopes.Where(s => clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Select(cs => cs.Scope.Identifier.ToLower()).Contains(s.ToLower())))
{
identity.AddClaim(new Claim("urn:oauth:scope", scope));
}
authentication.SignIn(identity);
}
else
{
rptScopes.DataSource = clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Select(s => s.Scope).ToList();
rptScopes.DataBind();
}
lClientName.Text = OAuthClient.ClientName;
lClientName2.Text = OAuthClient.ClientName;
lUsername.Text = CurrentUser.Person.FullName + " (" + userName + ")";
hlLogout.NavigateUrl = Request.RawUrl + "&OAuthLogout=true";
}
else
{
throw new Exception("Invalid Client ID for OAuth authentication.");
}
}
}
public OrderRepository()
{
_ctx = new OAuthContext();
}
/// <summary>
/// Initializes a new instance of the <see cref="ScopeService"/> class.
/// </summary>
/// <param name="context">The context.</param>
public ScopeService(OAuthContext context) : base(context)
{
}
public UnitOfWork()
{
dbContext = new OAuthContext();
}
public OAuthRepository()
{
this.authContext = new OAuthContext();
this.userManager = new UserManager <IdentityUser>(new UserStore <IdentityUser>(authContext));
this.roleManager = new RoleManager <IdentityRole>(new RoleStore <IdentityRole>(authContext));
}
public AuthRepository()
{
authContext = new OAuthContext();
userManager = new UserManager <IdentityUser>(new UserStore <IdentityUser>(authContext));
}
public bool ValidateSignature(OAuthContext authContext, SigningContext signingContext)
{
return(authContext.Signature == GenerateSignature(authContext, signingContext));
}
public SampleService(OAuthContext oAuthContext)
{
this.oAuthContext = oAuthContext;
}
private System.Threading.Tasks.Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (!string.IsNullOrEmpty(context.UserName) && !string.IsNullOrEmpty(context.Password))
{
var rockContext = new RockContext();
var userLoginService = new UserLoginService(rockContext);
//Older Avalanche Clients use __PHONENUMBER__+1 prefix vs the newer SMS_ prefix
//This makes sure we are using the new ROCK external sms authentication
var userName = context.UserName.Replace("__PHONENUMBER__+1", "SMS_");
//SMS login does not use the phone number as the username.
//Instead we need to change it to use the person's id.
if (userName.StartsWith("SMS_"))
{
string error;
var smsAuthentication = new SMSAuthentication();
var person = smsAuthentication.GetNumberOwner(userName.Split('_').Last(), rockContext, out error);
if (person != null)
{
userName = string.Format("SMS_{0}", person.Id);
}
//If we cannot find a person, do nothing and just pass through the existing username
}
var userLogin = userLoginService.GetByUserName(userName);
if (userLogin != null && userLogin.EntityType != null)
{
var component = AuthenticationContainer.GetComponent(userLogin.EntityType.Name);
if (component != null && component.IsActive &&
(!component.RequiresRemoteAuthentication || component.TypeName == "Rock.Security.ExternalAuthentication.SMSAuthentication"))
{
if (component.Authenticate(userLogin, context.Password))
{
if ((userLogin.IsConfirmed ?? true) && !(userLogin.IsLockedOut ?? false))
{
OAuthContext oAuthContext = new OAuthContext();
ClientScopeService clientScopeService = new ClientScopeService(oAuthContext);
AuthorizationService authorizationService = new AuthorizationService(oAuthContext);
ClientService clientService = new ClientService(oAuthContext);
var scopes = (context.Scope.FirstOrDefault() ?? "").Split(',');
bool scopesApproved = false;
Client OAuthClient = clientService.GetByApiKey(context.ClientId.AsGuid());
string[] authorizedScopes = authorizationService.Queryable().Where(a => a.Client.Id == OAuthClient.Id && a.UserLogin.UserName == userName && a.Active == true).Select(a => a.Scope.Identifier).ToArray <string>();
if (!clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Any() ||
(authorizedScopes != null && scopes.Where(s => !authorizedScopes.Select(a => a.ToLower()).Contains(s.ToLower())).Count() == 0))
{
scopesApproved = true;
}
if (scopesApproved)
{
var identity = new ClaimsIdentity(new GenericIdentity(userName, OAuthDefaults.AuthenticationType));
//only allow claims that have been requested and the client has been authorized for
foreach (var scope in scopes.Where(s => clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Select(cs => cs.Scope.Identifier.ToLower()).Contains(s.ToLower())))
{
identity.AddClaim(new Claim("urn:oauth:scope", scope));
}
UserLoginService.UpdateLastLogin(userName);
context.Validated(identity);
return(System.Threading.Tasks.Task.FromResult(0));
}
else
{
context.Rejected();
context.SetError("Authentication Error", "All scopes are not authorized for this user.");
}
}
if (!userLogin.IsConfirmed ?? true)
{
context.Rejected();
context.SetError("Authentication Error", "Account email is unconfirmed.");
}
if (userLogin.IsLockedOut ?? false)
{
context.Rejected();
context.SetError("Authentication Error", "Account is locked.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Username/Password.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Authentication Configuration.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Username/Password.");
}
}
else
{
context.Rejected();
context.SetError("Authentication Error", "Invalid Username/Password.");
}
return(System.Threading.Tasks.Task.FromResult(0));
}
public TokenBase ExchangeRequestTokenForAccessToken(IRequest request)
{
OAuthContext context = _contextFactory.FromMonoRailRequest(request);
return(_provider.ExchangeRequestTokenForAccessToken(context));
}
public void SignContext(OAuthContext authContext, SigningContext signingContext)
{
signingContext.SignatureBase = authContext.GenerateSignatureBase();
FindImplementationForAuthContext(authContext).SignContext(authContext, signingContext);
}
public AuthorizationCodeFlow(OAuthContext context,
AuthorizationCodeStorage authCodeStorage) : base(context)
{
_authorizationCodestorage = authCodeStorage;
}
public bool ValidateSignature(OAuthContext authContext, SigningContext signingContext)
{
signingContext.SignatureBase = authContext.GenerateSignatureBase();
return FindImplementationForAuthContext(authContext).ValidateSignature(authContext, signingContext);
}
public TokenBase GrantRequestToken(IRequest request)
{
OAuthContext context = _contextFactory.FromMonoRailRequest(request);
return(_provider.GrantRequestToken(context));
}
public bool ValidateSignature(OAuthContext authContext, SigningContext signingContext)
{
return (authContext.Signature == GenerateSignature(authContext, signingContext));
}
private string GenerateSignature(OAuthContext authContext, SigningContext signingContext)
{
return UriUtility.UrlEncode(string.Format("{0}&{1}", signingContext.ConsumerSecret, authContext.TokenSecret));
}
/// <summary>
/// Page load event with oauth token handling
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
try
{
string channel = string.Empty;
OContext = OAuthContext.Current;
if (!IsPostBack && OContext != null)
{
//End authentication and register tokens.
OContext.EndAuthenticationAndRegisterTokens();
//Retrieve token by verification
OContext.GetAccessToken();
//Restore tokens from session
if (Session["fbAccessToken"] != null)
fbAccessToken.Text = Session["fbAccessToken"].ToString();
if (Session["twToken"] != null)
twToken.Text = Session["twToken"].ToString();
if (Session["twTknSecret"] != null)
twTknSecret.Text = Session["twTknSecret"].ToString();
if (Session["twVerifier"] != null)
twVerifier.Text = Session["twVerifier"].ToString();
if (Session["gpToken"] != null)
gpToken.Text = Session["gpToken"].ToString();
if (Session["gpTknSecret"] != null)
gpTknSecret.Text = Session["gpTknSecret"].ToString();
if (Session["gpVerifier"] != null)
gpVerifier.Text = Session["gpVerifier"].ToString();
if (Session["channel"] != null)
channel = Session["channel"].ToString();
if (channel == Channel.Facebook.ToString())
{
fbAccessToken.Text = OContext.AccessToken;
Session["fbAccessToken"] = OContext.AccessToken;
}
else if (channel == Channel.Twitter.ToString())
{
twToken.Text = OContext.AccessToken;
Session["twToken"] = OContext.AccessToken;
twTknSecret.Text = OContext.AccessTokenSecret;
Session["twTknSecret"] = OContext.AccessTokenSecret;
twVerifier.Text = OContext.Verifier;
Session["twVerifier"] = OContext.Verifier;
}
else if (channel == Channel.GooglePlus.ToString())
{
gpToken.Text = OContext.AccessToken;
Session["gpToken"] = OContext.AccessToken;
gpTknSecret.Text = OContext.AccessTokenSecret;
Session["gpTknSecret"] = OContext.AccessTokenSecret;
gpVerifier.Text = OContext.Verifier;
Session["gpVerifier"] = OContext.Verifier;
}
}
}
catch (OAuthException ex)
{
txtFBResponse.Text = "OAuth Exception occurred " + ex.InnerException.Message;
}
}
public UnitOfWork(OAuthContext context)
{
dbContext = context;
}
public void SignContext(OAuthContext authContext, SigningContext signingContext)
{
authContext.Signature = GenerateSignature(authContext, signingContext);
}
public HttpResponseMessage ForgotPassword([FromBody] string email)
{
OAuthContext oAuthContext = new OAuthContext();
ClientService clientService = new ClientService(oAuthContext);
var clientId = HttpContext.Current.User.Identity.Name;
Client oAuthClient = clientService.GetByApiKey(clientId.AsGuid());
if (oAuthClient.Active)
{
var response = new StandardResponse();
var rockContext = new Rock.Data.RockContext();
PersonService personService = new PersonService(rockContext);
UserLoginService userLoginService = new UserLoginService(rockContext);
bool hasAccountWithPasswordResetAbility = false;
var results = new List <IDictionary <string, object> >();
// Check to make sure we have accounts matching the email address given
foreach (Person person in personService.GetByEmail(email)
.Where(p => p.Users.Any()))
{
var users = new List <UserLogin>();
foreach (UserLogin user in userLoginService.GetByPersonId(person.Id))
{
if (user.EntityType != null)
{
var component = Rock.Security.AuthenticationContainer.GetComponent(user.EntityType.Name);
if (component != null && !component.RequiresRemoteAuthentication)
{
users.Add(user);
hasAccountWithPasswordResetAbility = true;
}
}
}
var resultsDictionary = new Dictionary <string, object>();
resultsDictionary.Add("Person", person);
resultsDictionary.Add("Users", users);
results.Add(resultsDictionary);
}
var mergeFields = Rock.Lava.LavaHelper.GetCommonMergeFields(null, null);
// If we found matching accounts that have the ability to be reset, go ahead and send the email
if (results.Count > 0 && hasAccountWithPasswordResetAbility)
{
mergeFields.Add("Results", results.ToArray());
var emailMessage = new RockEmailMessage(Rock.SystemGuid.SystemCommunication.SECURITY_FORGOT_USERNAME.AsGuid());
emailMessage.AddRecipient(RockEmailMessageRecipient.CreateAnonymous(email, mergeFields));
emailMessage.AppRoot = GlobalAttributesCache.Get().GetValue("PublicApplicationRoot").EnsureTrailingForwardslash();
emailMessage.CreateCommunicationRecord = false;
emailMessage.Send();
response.Result = StandardResponse.ResultCode.Success;
response.Message = "Forgot password email has been sent successfully.";
}
else
{
// the person either has no user accounts or none of them are allowed to have their passwords reset (Facebook/Google/SMS/etc)
response.Result = StandardResponse.ResultCode.Error;
response.Message = "No accounts associated with this email address are able to be reset via email.";
}
return(ControllerContext.Request.CreateResponse(HttpStatusCode.OK, response));
}
return(ControllerContext.Request.CreateResponse(HttpStatusCode.Forbidden));
}
/// <summary>
/// Initializes a new instance of the <see cref="DocumentationService{T}"/> class.
/// </summary>
public OAuthService(OAuthContext context)
: base(context)
{
}
public HttpResponseMessage SMSLogin([FromBody] string phoneNumber)
{
OAuthContext oAuthContext = new OAuthContext();
ClientService clientService = new ClientService(oAuthContext);
var clientId = HttpContext.Current?.User?.Identity?.Name;
if (clientId.IsNullOrWhiteSpace())
{
return(ControllerContext.Request.CreateResponse(HttpStatusCode.Forbidden));
}
Client oAuthClient = clientService.GetByApiKey(clientId.AsGuid());
if (oAuthClient != null && oAuthClient.Active)
{
Rock.Data.RockContext rockContext = new Rock.Data.RockContext();
var smsAuth = ( SMSAuthentication )Rock.Security.AuthenticationContainer.GetComponent("Rock.Security.ExternalAuthentication.SMSAuthentication");
PhoneNumberService phoneNumberService = new PhoneNumberService(rockContext);
var numberOwners = phoneNumberService.Queryable()
.Where(pn => pn.Number == phoneNumber)
.Select(pn => pn.Person)
.DistinctBy(p => p.Id)
.ToList();
SMSLoginResponse loginResponse = new SMSLoginResponse();
// If we don't have this phone number
if (numberOwners.Count == 0)
{
loginResponse.Result = SMSLoginResponse.ResultCode.NoMatch;
loginResponse.Message = "There was an issue with your request";
}
// If we match more than 1 person
else if (numberOwners.Count > 1)
{
loginResponse.Result = SMSLoginResponse.ResultCode.MultipleMatch;
loginResponse.Message = "There was an issue with your request";
}
// If we've matched a single person
else if (numberOwners.Count == 1)
{
var person = numberOwners.FirstOrDefault();
// Make sure the person is alive
if (person.IsDeceased)
{
loginResponse.Result = SMSLoginResponse.ResultCode.NoMatch;
loginResponse.Message = "There was an issue with your request";
return(ControllerContext.Request.CreateResponse(HttpStatusCode.OK, loginResponse));
}
// Check the age of the person
var minimumAge = smsAuth.GetAttributeValue("MinimumAge").AsInteger();
if (minimumAge != 0)
{
if (person.Age == null)
{
loginResponse.Result = SMSLoginResponse.ResultCode.Error;
loginResponse.Message = string.Format("We could not determine your age. You must be at least {0} years old to log in.", minimumAge);
return(ControllerContext.Request.CreateResponse(HttpStatusCode.OK, loginResponse));
}
if (person.Age.Value < minimumAge)
{
loginResponse.Result = SMSLoginResponse.ResultCode.Error;
loginResponse.Message = string.Format("You must be at least {0} years old to log in.", minimumAge);
return(ControllerContext.Request.CreateResponse(HttpStatusCode.OK, loginResponse));
}
}
// If we get all the way here, go ahead and attempt to login!
var response = smsAuth.SendSMSAuthentication(phoneNumber);
if (response)
{
loginResponse.Result = SMSLoginResponse.ResultCode.Success;
loginResponse.Message = "We have sent you a code please enter it to login.";
loginResponse.Username = "******" + person.Id.ToString();
}
else
{
loginResponse.Result = SMSLoginResponse.ResultCode.Error;
loginResponse.Message = "An unknown error occurred.";
}
}
else
{
loginResponse.Result = SMSLoginResponse.ResultCode.Error;
loginResponse.Message = "An unknown error occurred.";
}
return(ControllerContext.Request.CreateResponse(HttpStatusCode.OK, loginResponse));
}
return(ControllerContext.Request.CreateResponse(HttpStatusCode.Forbidden));
}
public AccountRepository()
{
_ctx = new OAuthContext();
}
public ImplicitFlow(OAuthContext context)
: base(context)
{
}
