void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
if (DateTime.UtcNow.Subtract(lastPollCheck).TotalMinutes > 15)
{
PollController.AutoClosePolls();
lastPollCheck = DateTime.UtcNow;
}
Account acc = null;
if (Request[GlobalConst.ASmallCakeCookieName] != null)
{
var testAcc = Account.AccountByName(new ZkDataContext(), Request[GlobalConst.ASmallCakeLoginCookieName]);
if (testAcc != null)
{
if (AuthTools.ValidateSiteAuthToken(testAcc.Name, testAcc.Password, Request[GlobalConst.ASmallCakeCookieName]))
{
acc = testAcc;
}
}
}
if (acc == null)
{
if (Request[GlobalConst.LoginCookieName] != null)
{
acc = AuthServiceClient.VerifyAccountHashed(Request[GlobalConst.LoginCookieName], Request[GlobalConst.PasswordHashCookieName]);
}
}
if (acc != null)
{
var ip = GetUserIP();
using (var db = new ZkDataContext()) {
var penalty = Punishment.GetActivePunishment(acc.AccountID, ip, null, x => x.BanSite, db);
if (penalty != null)
{
Response.Write(string.Format("You are banned! (IP match to account {0})\n", penalty.AccountByAccountID.Name));
Response.Write(string.Format("Ban expires: {0} UTC\n", penalty.BanExpires));
Response.Write(string.Format("Reason: {0}\n", penalty.Reason));
Response.End();
}
else
{
HttpContext.Current.User = acc;
// todo replace with safer permanent cookie
Response.SetCookie(new HttpCookie(GlobalConst.LoginCookieName, acc.Name)
{
Expires = DateTime.Now.AddMonths(12)
});
Response.SetCookie(new HttpCookie(GlobalConst.PasswordHashCookieName, acc.Password)
{
Expires = DateTime.Now.AddMonths(12)
});
}
}
}
}
private void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
if (DateTime.UtcNow.Subtract(lastPollCheck).TotalMinutes > 60)
{
PollController.AutoClosePolls(); // this is silly here, should be a seaprate timer/thread
lastPollCheck = DateTime.UtcNow;
}
Account acc = null;
if (FormsAuthentication.IsEnabled && User.Identity.IsAuthenticated)
{
acc = Account.AccountByName(new ZkDataContext(), User.Identity.Name);
}
else if (Request[GlobalConst.SessionTokenVariable] != null)
{
int id = 0;
if (Global.Server?.SessionTokens.TryRemove(Request[GlobalConst.SessionTokenVariable], out id) == true)
{
acc = new ZkDataContext().Accounts.Find(id);
}
}
if (acc != null)
{
var ip = Request.UserHostAddress;
var lastLogin = acc.AccountUserIDs.OrderByDescending(x => x.LastLogin).FirstOrDefault();
var userID = lastLogin?.UserID;
var installID = lastLogin?.InstallID;
var penalty = Punishment.GetActivePunishment(acc.AccountID, ip, userID, installID, x => x.BanSite);
if (penalty != null)
{
Response.Write(string.Format("You are banned! (IP match to account {0})\n", penalty.AccountByAccountID.Name));
Response.Write(string.Format("Ban expires: {0} UTC\n", penalty.BanExpires));
Response.Write(string.Format("Reason: {0}\n", penalty.Reason));
Response.End();
}
else
{
HttpContext.Current.User = acc;
FormsAuthentication.SetAuthCookie(acc.Name, true);
}
}
// remove cake from URL
var removeCake = Regex.Replace(Request.Url.ToString(), $"([?|&])({GlobalConst.SessionTokenVariable}=[^&?]+[?|&]*)", m => m.Groups[1].Value);
if (removeCake != Request.Url.ToString())
{
Response.Redirect(removeCake, true);
}
}
