public static LoginResponse Authenticate(Login login)
{
// Ensure that we have what we need
if (login == null || string.IsNullOrEmpty(login.Email) || string.IsNullOrEmpty(login.Password))
{
return(null);
}
USERS loginUser = null;
// Read directly from the database; UserManager does not read password and salt, in order to keep them more private
using (var db = new CSET_Context())
{
loginUser = db.USERS.Where(x => x.PrimaryEmail == login.Email).FirstOrDefault();
if (loginUser == null)
{
return(null);
}
}
// Validate the supplied password against the hashed password and its salt
bool success = PasswordHash.ValidatePassword(login.Password, loginUser.Password, loginUser.Salt);
if (!success)
{
return(null);
}
// Generate a token for this user
string token = TransactionSecurity.GenerateToken(loginUser.UserId, login.TzOffset, -1, null, null, login.Scope);
// Build response object
LoginResponse resp = new LoginResponse
{
Token = token,
UserId = loginUser.UserId,
Email = login.Email,
UserFirstName = loginUser.FirstName,
UserLastName = loginUser.LastName,
IsSuperUser = loginUser.IsSuperUser,
ResetRequired = loginUser.PasswordResetRequired ?? true,
ExportExtension = IOHelper.GetExportFileExtension(login.Scope),
ImportExtensions = IOHelper.GetImportFileExtensions(login.Scope)
};
return(resp);
}
/// <summary>
/// Emulates credential authentication without requiring credentials.
/// The Windows file system is consulted to see if a certain file was placed there
/// during the stand-alone install process.
/// </summary>
/// <param name="login"></param>
/// <returns></returns>
public static LoginResponse AuthenticateStandalone(Login login)
{
int userIdSO = 100;
string primaryEmailSO = "";
// Read the file system for the LOCAL-INSTALLATION file put there at install time
if (!IsLocalInstallation(login.Scope))
{
return(null);
}
String name = WindowsIdentity.GetCurrent().Name;
name = string.IsNullOrWhiteSpace(name) ? "Local" : name;
primaryEmailSO = name;
using (var db = new CSET_Context())
{
//check for legacy default email for local installation and set to new standard
var userOrg = db.USERS.Where(x => x.PrimaryEmail == primaryEmailSO + "@myorg.org").FirstOrDefault();
if (userOrg != null)
{
string tmp = userOrg.PrimaryEmail.Split('@')[0];
userOrg.PrimaryEmail = tmp;
if (db.USERS.Where(x => x.PrimaryEmail == tmp).FirstOrDefault() == null)
{
db.SaveChanges();
}
primaryEmailSO = userOrg.PrimaryEmail;
}
var user = db.USERS.Where(x => x.PrimaryEmail == primaryEmailSO).FirstOrDefault();
if (user == null)
{
UserManager um = new UserManager();
UserDetail ud = new UserDetail()
{
Email = primaryEmailSO,
FirstName = name,
LastName = ""
};
UserCreateResponse userCreateResponse = um.CreateUser(ud);
db.SaveChanges();
//update the userid 1 to the new user
var tempu = db.USERS.Where(x => x.PrimaryEmail == primaryEmailSO).FirstOrDefault();
if (tempu != null)
{
userIdSO = tempu.UserId;
}
determineIfUpgradedNeededAndDoSo(userIdSO);
}
else
{
userIdSO = user.UserId;
}
}
if (string.IsNullOrEmpty(primaryEmailSO))
{
return(null);
}
// Generate a token for this user
string token = TransactionSecurity.GenerateToken(userIdSO, login.TzOffset, -1, null, null, login.Scope);
// Build response object
LoginResponse resp = new LoginResponse
{
Token = token,
Email = primaryEmailSO,
UserFirstName = name,
UserLastName = "",
IsSuperUser = false,
ResetRequired = false,
ExportExtension = IOHelper.GetExportFileExtension(login.Scope),
ImportExtensions = IOHelper.GetImportFileExtensions(login.Scope)
};
return(resp);
}
