public WebAppLinkResponse GetLink()
{
var autoLoginToken = new WebAutoLoginToken {
Token = OAuth.Token,
Key = (Int64)(new Random().NextDouble() * 10000000000000000000),
Secret = Guid.NewGuid(),
IPAddress = Request.GetClientIpAddress()
};
Database.WebAutoLoginTokenStore.Add(autoLoginToken);
Database.SaveChanges();
return(new WebAppLinkResponse {
UriMask = String.Format(
Settings.Default.KmsWebAppUriMask,
Base36Encoder.Encode(autoLoginToken.Key)
),
AutoLoginSecret = autoLoginToken.Secret.ToString("N")
});
}
public JsonResult Web(string email, string password, string nonce, string apikey)
{
// > Validar que los campos no vengan vacíos
if (String.IsNullOrEmpty(email) || String.IsNullOrEmpty(password) || String.IsNullOrEmpty(password) || string.IsNullOrEmpty(apikey))
{
return(Json(new {
error = "A field is empty"
}, JsonRequestBehavior.AllowGet));
}
// > Validar que el API-Key sea válido
var apiKey = Database.ApiKeyStore.Get(apikey);
if (apiKey == null || apiKey.BasicLoginEnabled == false)
{
throw new HttpException(403, "Invalid API-Key");
}
// > Buscar al Usuario en BD por su Email
email = email.ToLower();
var user = Database.UserStore.GetFirst(
filter: f =>
f.Email == email.ToLower()
);
// > Validar que el Usuario exista y las contraseñas coincidan
if (user == null || !user.PasswordMatches(password))
{
return(Json(new {
error = "User not found"
}, JsonRequestBehavior.AllowGet));
}
// > Generar nuevo Token y WebAutoLoginToken
var token = new Token {
ApiKey = apiKey,
ExpirationDate = DateTime.UtcNow.AddMinutes(5),
LastUseDate = DateTime.UtcNow,
IPAddress = null,
Secret = Guid.NewGuid(),
User = user,
LoginAttempts = 0,
CallbackUri = "oob"
};
var autologinToken = new WebAutoLoginToken {
IPAddress = null,
Key = (Int64)(new Random().NextDouble() * 10000000000000000000),
Secret = Guid.NewGuid(),
Token = token
};
// > Almacenar componentes en BD
Database.TokenStore.Add(token);
Database.WebAutoLoginTokenStore.Add(autologinToken);
var res = Database.GetValidationErrors();
Database.SaveChanges();
// > Calcular hash HMAC-SHA1 de Secreto de Token de Auto-Login
var hmacSha1Key = apiKey.Secret.ToString("N") + "&" + token.Secret.ToString("N");
var hmacSha1 = new HMACSHA1(Encoding.UTF8.GetBytes(hmacSha1Key));
var hmacSha1Bytes = hmacSha1.ComputeHash(
Encoding.UTF8.GetBytes(autologinToken.Secret.ToString("N"))
);
var hmacSha1String = new StringBuilder(hmacSha1Bytes.Length * 2);
for (int i = 0; i < hmacSha1Bytes.Length; i++)
{
hmacSha1String.Append(hmacSha1Bytes[i].ToString("x2"));
}
// > Devolver componentes de la URL
return(Json(new {
k = new Base36Encoder().Encode(autologinToken.Key),
h = hmacSha1String.ToString()
}, JsonRequestBehavior.AllowGet));
}
