private bool AuthoriseRequest(string path, OAuthToken token, out OAuthApplication oae, out string nonce)
{
string authorisationHeader = ReadAuthorisationHeader();
if (authorisationHeader != null && authorisationHeader.StartsWith("OAuth "))
{
NameValueCollection authorisationHeaders = ParseAuthorisationHeader(authorisationHeader.Substring(6));
string requestConsumerKey = authorisationHeaders["oauth_consumer_key"];
try
{
oae = new OAuthApplication(core, requestConsumerKey);
nonce = authorisationHeaders["oauth_nonce"];
SortedDictionary<string, string> signatureParamaters = new SortedDictionary<string, string>();
foreach (string key in authorisationHeaders.Keys)
{
if (key == null)
{
}
else if (key == "oauth_signature")
{
}
else
{
signatureParamaters.Add(key, authorisationHeaders[key]);
}
}
foreach (string key in core.Http.Query.Keys)
{
if (string.IsNullOrEmpty(key))
{
}
else if (key.StartsWith("global_"))
{
}
else if (key == "oauth_signature")
{
}
else
{
signatureParamaters.Add(key, core.Http.Query[key]);
}
}
foreach (string key in core.Http.Form.Keys)
{
//if (key == "oauth_verifier")
if (string.IsNullOrEmpty(key))
{
}
else
{
signatureParamaters.Add(key, core.Http.Form[key]);
}
}
string parameters = string.Empty;
foreach (string key in signatureParamaters.Keys)
{
if (parameters != string.Empty)
{
parameters += "&";
}
parameters += string.Format("{0}={1}", OAuth.UrlEncode(key), OAuth.UrlEncode(signatureParamaters[key]));
}
string signature = core.Http.HttpMethod + "&" + OAuth.UrlEncode(core.Http.Host + path) + "&" + OAuth.UrlEncode(parameters);
if (token == null)
{
string oauthToken = authorisationHeaders["oauth_token"];
if (!string.IsNullOrEmpty(oauthToken))
{
try
{
token = new OAuthToken(core, oauthToken);
// start session
StartSession(token);
}
catch (InvalidOAuthTokenException)
{
oae = null;
nonce = null;
return false;
}
}
}
string requestSignature = authorisationHeaders["oauth_signature"];
string expectedSignature = OAuth.ComputeSignature(signature, oae.ApiSecret + "&" + (token != null ? token.TokenSecret : string.Empty));
if (requestSignature == expectedSignature)
{
return true;
}
#if DEBUG
else
{
HttpContext.Current.Response.Write("Request signature: " + requestSignature + "\r\n");
HttpContext.Current.Response.Write("Expected signature: " + expectedSignature + "\r\n");
HttpContext.Current.Response.Write("signature: " + signature + "\r\n");
if (token != null)
{
HttpContext.Current.Response.Write("token: " + token.Token + "\r\n");
HttpContext.Current.Response.Write("secret: " + token.TokenSecret + "\r\n");
}
}
#endif
}
catch (InvalidApplicationException)
{
oae = null;
nonce = null;
return false;
}
}
oae = null;
nonce = null;
return false;
}
public static List<OAuthApplication> GetApps(Core core, Primitive owner)
{
List<OAuthApplication> oauthApplications = new List<OAuthApplication>();
SelectQuery query = Item.GetSelectQueryStub(core, typeof(PrimitiveApplicationInfo));
query.AddFields(Item.GetFieldsPrefixed(core, typeof(ApplicationEntry)));
query.AddJoin(JoinTypes.Inner, Item.GetTable(typeof(ApplicationEntry)), "application_id", "application_id");
query.AddFields(Item.GetFieldsPrefixed(core, typeof(OAuthApplication)));
query.AddJoin(JoinTypes.Inner, Item.GetTable(typeof(OAuthApplication)), "application_id", "application_id");
query.AddCondition(new DataField(typeof(PrimitiveApplicationInfo), "item_id"), owner.ItemKey.Id);
query.AddCondition(new DataField(typeof(PrimitiveApplicationInfo), "item_type_id"), owner.ItemKey.TypeId);
query.AddCondition(new DataField(typeof(ApplicationEntry), "application_type"), (byte)ApplicationType.OAuth);
System.Data.Common.DbDataReader userApplicationsReader = core.Db.ReaderQuery(query);
if (userApplicationsReader.HasRows)
{
while (userApplicationsReader.Read())
{
OAuthApplication ae = new OAuthApplication(core, userApplicationsReader);
oauthApplications.Add(ae);
}
userApplicationsReader.Close();
userApplicationsReader.Dispose();
}
return oauthApplications;
}
public static OAuthToken Create(Core core, OAuthApplication oae, string nonce)
{
if (core == null)
{
throw new NullCoreException();
}
SelectQuery query = new SelectQuery(typeof(OAuthToken));
query.AddCondition("oauth_token_nonce", nonce);
System.Data.Common.DbDataReader queryReader = core.Db.ReaderQuery(query);
if (queryReader.HasRows)
{
queryReader.Close();
queryReader.Dispose();
throw new NonceViolationException();
}
else
{
queryReader.Close();
queryReader.Dispose();
}
string newToken = string.Empty;
do
{
newToken = OAuth.GeneratePublic();
} while (!CheckTokenUnique(core, newToken));
string newSecret = OAuth.GenerateSecret();
Item item = Item.Create(core, typeof(OAuthToken), new FieldValuePair("oauth_application_id", oae.Id),
new FieldValuePair("oauth_token", newToken),
new FieldValuePair("oauth_token_secret", newSecret),
new FieldValuePair("oauth_token_nonce", nonce),
new FieldValuePair("oauth_token_ip", core.Http.IpAddress),
new FieldValuePair("oauth_token_created_ut", UnixTime.UnixTimeStamp()),
new FieldValuePair("oauth_token_expires_ut", UnixTime.UnixTimeStamp() + 15 * 60), /* Expire after 15 minutes */
new FieldValuePair("oauth_token_expired", false));
OAuthToken newOAuthToken = (OAuthToken)item;
return newOAuthToken;
}
void AccountApplicationSettings_Save(object sender, EventArgs e)
{
AuthoriseRequestSid();
string title = core.Http.Form["title"];
string description = core.Http.Form["description"];
string callbackUrl = core.Http.Form["callback"];
if (Owner is ApplicationEntry)
{
ApplicationEntry ae = (ApplicationEntry)Owner;
if (ae.ApplicationType == ApplicationType.OAuth)
{
OAuthApplication oa = new OAuthApplication(core, ae);
oa.CallbackUrl = callbackUrl;
oa.Update();
}
ae.Title = title;
ae.Description = description;
ae.Update();
SetInformation("Application settings saved.");
}
}
public static OAuthApplication Create(Core core, string title, string slug, string description)
{
if (core == null)
{
throw new NullCoreException();
}
core.Db.BeginTransaction();
InsertQuery iQuery = new InsertQuery(typeof(ApplicationEntry));
iQuery.AddField("application_name", slug);
iQuery.AddField("user_id", core.LoggedInMemberId);
iQuery.AddField("application_date_ut", UnixTime.UnixTimeStamp());
iQuery.AddField("application_title", title);
iQuery.AddField("application_description", description);
iQuery.AddField("application_primitive", false);
iQuery.AddField("application_primitives", (byte)AppPrimitives.None);
iQuery.AddField("application_comment", false);
iQuery.AddField("application_rating", false);
iQuery.AddField("application_style", false);
iQuery.AddField("application_script", false);
iQuery.AddField("application_type", (byte)ApplicationType.OAuth);
iQuery.AddField("application_cron_enabled", false);
iQuery.AddField("application_cron_frequency", 0);
long applicationId = core.Db.Query(iQuery);
ApplicationEntry newApplication = new ApplicationEntry(core, applicationId);
iQuery = new InsertQuery(typeof(OAuthApplication));
iQuery.AddField("application_id", applicationId);
iQuery.AddField("application_website", string.Empty);
iQuery.AddField("application_api_key", OAuth.GeneratePublic());
iQuery.AddField("application_api_secret", OAuth.GenerateSecret());
iQuery.AddField("application_api_callback", string.Empty);
core.Db.Query(iQuery);
OAuthApplication newApp = new OAuthApplication(core, newApplication);
ApplicationDeveloper developer = ApplicationDeveloper.Create(core, newApplication, core.Session.LoggedInMember);
try
{
ApplicationEntry profileAe = core.GetApplication("Profile");
profileAe.Install(core, newApplication);
}
catch
{
}
try
{
ApplicationEntry guestbookAe = core.GetApplication("GuestBook");
guestbookAe.Install(core, newApplication);
}
catch
{
}
try
{
ApplicationEntry galleryAe = core.GetApplication("Gallery");
galleryAe.Install(core, newApplication);
}
catch
{
}
return newApp;
}
void AccountApplicationSettings_Show(object sender, EventArgs e)
{
template.SetTemplate("account_application_settings.html");
Save(new EventHandler(AccountApplicationSettings_Save));
if (Owner is ApplicationEntry)
{
ApplicationEntry ae = (ApplicationEntry)Owner;
template.Parse("APPLICATION_TITLE", ae.Title);
template.Parse("APPLICATION_DESCRIPTION", ae.Description);
if (ae.ApplicationType == ApplicationType.OAuth)
{
OAuthApplication oa = new OAuthApplication(core, ae);
template.Parse("IS_OAUTH", "TRUE");
template.Parse("OAUTH_CALLBACK", oa.CallbackUrl);
}
}
}
private void OAuthApprove()
{
string oauthToken = core.Http.Form["oauth_token"];
bool success = false;
try
{
OAuthToken token = new OAuthToken(core, oauthToken);
ApplicationEntry ae = token.Application;
OAuthApplication oae = new OAuthApplication(core, ae);
if (core.Http.Form["mode"] == "verify")
{
Authenticator authenticator = new Authenticator();
if (authenticator.CheckCode(core.Session.CandidateMember.UserInfo.TwoFactorAuthKey, core.Http.Form["verify"]))
{
success = true;
}
else
{
showVerificationForm(ae, oauthToken, core.Session.SessionId);
return;
}
}
else
{
bool authenticated = false;
string userName = Request.Form["username"];
string password = BoxSocial.Internals.User.HashPassword(Request.Form["password"]);
DataTable userTable = db.Query(string.Format("SELECT uk.user_name, uk.user_id, ui.user_password, ui.user_two_factor_auth_key, ui.user_two_factor_auth_verified FROM user_keys uk INNER JOIN user_info ui ON uk.user_id = ui.user_id WHERE uk.user_name = '{0}';",
userName));
if (userTable.Rows.Count == 1)
{
DataRow userRow = userTable.Rows[0];
string dbPassword = (string)userRow["user_password"];
if (dbPassword == password)
{
authenticated = true;
}
if (authenticated)
{
if ((byte)userRow["user_two_factor_auth_verified"] > 0)
{
string sessionId = session.SessionBegin((long)userRow["user_id"], false, false, false);
showVerificationForm(ae, oauthToken, sessionId);
return;
}
else
{
string sessionId = session.SessionBegin((long)userRow["user_id"], false, false);
success = true;
}
}
else
{
OAuthAuthorize(true);
return;
}
}
}
if (success)
{
OAuthVerifier verifier = OAuthVerifier.Create(core, token, core.Session.CandidateMember);
token.UseToken();
db.CommitTransaction();
if (!string.IsNullOrEmpty(oae.CallbackUrl))
{
Response.Redirect(string.Format("{0}?oauth_token={1}&oauth_verifier={2}", oae.CallbackUrl, Uri.EscapeDataString(token.Token), Uri.EscapeDataString(verifier.Verifier)));
}
else
{
core.Response.SendRawText("", string.Format("oauth_token={0}&oauth_verifier={1}", Uri.EscapeDataString(token.Token), Uri.EscapeDataString(verifier.Verifier)));
}
}
else
{
// Incorrect password
OAuthAuthorize(true);
return;
}
}
catch (InvalidOAuthTokenException)
{
core.Functions.Generate403();
}
EndResponse();
}
public static void Show(Core core, TPage page, User owner)
{
if (core == null)
{
throw new NullCoreException();
}
if (core.ResponseFormat == ResponseFormats.Xml)
{
ShowMore(core, page, owner);
return;
}
Template template = new Template(core.Http.TemplatePath, "viewfeed.html");
template.Medium = core.Template.Medium;
template.SetProse(core.Prose);
PermissionGroupSelectBox permissionSelectBox = new PermissionGroupSelectBox(core, "permissions", owner.ItemKey);
template.Parse("S_STATUS_PERMISSIONS", permissionSelectBox);
bool moreContent = false;
long lastId = 0;
bool first = true;
List<Action> feedActions = Feed.GetItems(core, owner, page.TopLevelPageNumber, 20, page.TopLevelPageOffset, out moreContent);
if (feedActions.Count > 0)
{
template.Parse("HAS_FEED_ITEMS", "TRUE");
VariableCollection feedDateVariableCollection = null;
string lastDay = core.Tz.ToStringPast(core.Tz.Now);
foreach (Action feedAction in feedActions)
{
DateTime feedItemDay = feedAction.GetTime(core.Tz);
if (feedDateVariableCollection == null || lastDay != core.Tz.ToStringPast(feedItemDay))
{
lastDay = core.Tz.ToStringPast(feedItemDay);
feedDateVariableCollection = template.CreateChild("feed_days_list");
feedDateVariableCollection.Parse("DAY", lastDay);
}
if (first)
{
first = false;
template.Parse("NEWEST_ID", feedAction.Id.ToString());
}
VariableCollection feedItemVariableCollection = feedDateVariableCollection.CreateChild("feed_item");
core.Display.ParseBbcode(feedItemVariableCollection, "TITLE", feedAction.FormattedTitle);
/*if ((!core.IsMobile) && (!string.IsNullOrEmpty(feedAction.BodyCache)))
{
core.Display.ParseBbcodeCache(feedItemVariableCollection, "TEXT", feedAction.BodyCache);
}
else*/
{
Primitive itemOwner = core.PrimitiveCache[feedAction.OwnerId];
if (feedAction.InteractItem is IActionableItem)
{
itemOwner = ((IActionableItem)feedAction.InteractItem).Owner;
if (((IActionableItem)feedAction.InteractItem).ApplicationId > 0)
{
try
{
ApplicationEntry ae = new ApplicationEntry(core, ((IActionableItem)feedAction.InteractItem).ApplicationId);
if (ae.ApplicationType == ApplicationType.OAuth)
{
OAuthApplication oae = new OAuthApplication(core, ae);
feedItemVariableCollection.Parse("VIA_APP_TITLE", oae.DisplayTitle);
feedItemVariableCollection.Parse("U_VIA_APP", oae.Uri);
}
}
catch (InvalidApplicationException)
{
}
}
}
else if (feedAction.ActionedItem is IActionableItem)
{
itemOwner = ((IActionableItem)feedAction.ActionedItem).Owner;
if (((IActionableItem)feedAction.ActionedItem).ApplicationId > 0)
{
try
{
ApplicationEntry ae = new ApplicationEntry(core, ((IActionableItem)feedAction.ActionedItem).ApplicationId);
if (ae.ApplicationType == ApplicationType.OAuth)
{
OAuthApplication oae = new OAuthApplication(core, ae);
feedItemVariableCollection.Parse("VIA_APP_TITLE", oae.DisplayTitle);
feedItemVariableCollection.Parse("U_VIA_APP", oae.Uri);
}
}
catch (InvalidApplicationException)
{
}
}
}
core.Display.ParseBbcode(feedItemVariableCollection, "TEXT", feedAction.Body, itemOwner, true, string.Empty, string.Empty);
}
feedItemVariableCollection.Parse("USER_DISPLAY_NAME", feedAction.Owner.DisplayName);
ItemKey interactItemKey = null;
if (feedAction.InteractItemKey.Id > 0)
{
interactItemKey = feedAction.InteractItemKey;
feedItemVariableCollection.Parse("ID", feedAction.InteractItemKey.Id);
feedItemVariableCollection.Parse("TYPE_ID", feedAction.InteractItemKey.TypeId);
}
else
{
interactItemKey = feedAction.ActionItemKey;
feedItemVariableCollection.Parse("ID", feedAction.ActionItemKey.Id);
feedItemVariableCollection.Parse("TYPE_ID", feedAction.ActionItemKey.TypeId);
}
if (interactItemKey.GetType(core).Likeable)
{
feedItemVariableCollection.Parse("LIKEABLE", "TRUE");
if (feedAction.Info.Likes > 0)
{
feedItemVariableCollection.Parse("LIKES", string.Format(" {0:d}", feedAction.Info.Likes));
feedItemVariableCollection.Parse("DISLIKES", string.Format(" {0:d}", feedAction.Info.Dislikes));
}
}
if (interactItemKey.GetType(core).Commentable)
{
feedItemVariableCollection.Parse("COMMENTABLE", "TRUE");
if (feedAction.Info.Comments > 0)
{
feedItemVariableCollection.Parse("COMMENTS", string.Format(" ({0:d})", feedAction.Info.Comments));
}
}
//Access access = new Access(core, feedAction.ActionItemKey, true);
if (feedAction.PermissiveParent.Access.IsPublic())
{
feedItemVariableCollection.Parse("IS_PUBLIC", "TRUE");
if (interactItemKey.GetType(core).Shareable)
{
feedItemVariableCollection.Parse("SHAREABLE", "TRUE");
//feedItemVariableCollection.Parse("U_SHARE", feedAction.ShareUri);
if (feedAction.Info.SharedTimes > 0)
{
feedItemVariableCollection.Parse("SHARES", string.Format(" {0:d}", feedAction.Info.SharedTimes));
}
}
}
else
{
feedItemVariableCollection.Parse("IS_PUBLIC", "FALSE");
feedItemVariableCollection.Parse("SHAREABLE", "FALSE");
}
if (feedAction.Owner is User)
{
feedItemVariableCollection.Parse("USER_TILE", ((User)feedAction.Owner).Tile);
feedItemVariableCollection.Parse("USER_ICON", ((User)feedAction.Owner).Icon);
}
lastId = feedAction.Id;
}
}
core.Display.ParseBlogPagination(template, "PAGINATION", core.Hyperlink.BuildHomeUri(), 0, moreContent ? lastId : 0);
template.Parse("U_NEXT_PAGE", core.Hyperlink.BuildHomeUri() + "?p=" + (core.TopLevelPageNumber + 1) + "&o=" + lastId);
core.AddMainPanel(template);
}
void AccountApplicationOAuth_GenerateKeys(object sender, EventArgs e)
{
AuthoriseRequestSid();
string newKey = OAuth.GeneratePublic();
string newSecret = OAuth.GenerateSecret();
if (Owner is ApplicationEntry)
{
ApplicationEntry ae = (ApplicationEntry)Owner;
if (ae.ApplicationType == ApplicationType.OAuth)
{
OAuthApplication oa = new OAuthApplication(core, ae);
oa.ApiKey = newKey;
oa.ApiSecret = newSecret;
oa.Update();
}
}
AccountApplicationOAuth_Show(sender, e);
}
void AccountApplicationOAuth_Show(object sender, EventArgs e)
{
template.SetTemplate("account_application_oauth.html");
template.Parse("U_REGENERATE_KEYS", core.Hyperlink.AppendSid(BuildUri("oauth", "generate-keys"), true));
if (Owner is ApplicationEntry)
{
ApplicationEntry ae = (ApplicationEntry)Owner;
if (ae.ApplicationType == ApplicationType.OAuth)
{
OAuthApplication oa = new OAuthApplication(core, ae);
template.Parse("IS_OAUTH", "TRUE");
template.Parse("CONSUMER_KEY", oa.ApiKey);
template.Parse("CONSUMER_SECRET", oa.ApiSecret);
}
/*SelectQuery query = OAuthApplication.GetSelectQueryStub(core);
query.AddCondition(new DataField("applications_oauth", "application_id"), ae.Id);
HttpContext.Current.Response.Write(query.ToString());*/
}
}
