public override async Task Invoke(IOwinContext context)
{
var header = context.Request.Headers.Get("Authorization");
if (!string.IsNullOrWhiteSpace(header))
{
var authHeader = AuthenticationHeaderValue.Parse(header);
if ("Basic".Equals(authHeader.Scheme,
StringComparison.OrdinalIgnoreCase))
{
Logger.Debug("performing Basic authentication");
bool exceptionThrown = false;
string[] parameters = { "a", "b" };
App app = null;
try
{
parameters = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter)).Split(':');
var publicKey = parameters[0];
var privateKey = parameters[1];
app = await _dbContext.Apps.FirstOrDefaultAsync(
t => t.ClientId == publicKey && t.ClientSecret == privateKey);
}
catch (Exception exception)
{
Logger.Error(exception.Message);
exceptionThrown = true;
}
if (app != null)
{
if (!app.IsActive)
{
Logger.Debug("Unsuccessful authorization: your account is not active");
context.Response.StatusCode = 403;
//context.Response.Headers.Add("WWW-Authenticate",new []{"Basic realm=\"USP\""});
await
context.Response.WriteAsync(string.Format("Your account status is {0}",
app.IsActive));
}
else
{
var user = await _dbContext.Users.FirstOrDefaultAsync(u => u.UserName == app.Username);
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.Sid, user.Id),
new Claim(ClaimTypes.Email, user.Email),
new Claim(ClaimTypes.MobilePhone, user.PhoneNumber),
new Claim(ClaimTypes.GivenName, user.Fullname),
//new Claim(ClaimTypes.SerialNumber,app.Id.ToString()),
new Claim("sidekick.client.appId", app.Id.ToString()),
new Claim("sidekick.client.istrusted", app.IsTrusted.ToString()),
new Claim("sidekick.client.name", app.Username),
new Claim("sidekick.client.appName", app.ClientId),
new Claim("sidekick.client.allowedIps", string.IsNullOrEmpty(app.AllowedIp)?"*":app.AllowedIp),
new Claim("sidekick.client.meta", string.IsNullOrEmpty(app.Meta)?JsonConvert.SerializeObject(new { rateLimit = 30, allowSso = false }):app.Meta),
};
var identity = new ClaimsIdentity(claims, "Basic");
context.Request.User = new ClaimsPrincipal(identity);
Logger.Info("successfully authenticated basic auth");
await _nextMiddleware.Invoke(context);
}
}
else if (exceptionThrown)
{
context.Response.StatusCode = 401;
//context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" });
await context.Response.WriteAsync(string.Format("Invalid API credentials"));
}
else
{
Logger.Warn("Invalid API credential {0}", authHeader.Parameter);
context.Response.StatusCode = 401;
// context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" });
await context.Response.WriteAsync("Invalid API credentials");
}
}
else
{
await _nextMiddleware.Invoke(context);
}
}
else
{
var routesToIgnore = new ApiHandlerHelper().GatherRoutesToIgnore();
if (routesToIgnore.Any(route => context.Request.Uri.AbsolutePath.ToLower().Equals(route.ToLower(), StringComparison.CurrentCultureIgnoreCase)))
{
await _nextMiddleware.Invoke(context);
//return;
}
else
{
Logger.Info("no authentication header detected...request will be failed!");
context.Response.StatusCode = 401;
//context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" });
await context.Response.WriteAsync(string.Format("no authorization header detected"));
}
}
}
public override async Task Invoke(IOwinContext context)
{
var header = context.Request.Headers.Get("Authorization");
if (!string.IsNullOrWhiteSpace(header))
{
var authHeader = AuthenticationHeaderValue.Parse(header);
if ("Basic".Equals(authHeader.Scheme,
StringComparison.OrdinalIgnoreCase))
{
Logger.Debug("performing Basic authentication");
bool exceptionThrown = false;
string[] parameters = {"a","b"};
App app = null;
try
{
parameters = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter)).Split(':');
var publicKey = parameters[0];
var privateKey = parameters[1];
app = await _dbContext.Apps.FirstOrDefaultAsync(
t => t.ClientId == publicKey && t.ClientSecret == privateKey);
}
catch (Exception exception)
{
Logger.Error(exception.Message);
exceptionThrown = true;
}
if (app != null)
{
if (!app.IsActive)
{
Logger.Debug("Unsuccessful authorization: your account is not active");
context.Response.StatusCode = 403;
//context.Response.Headers.Add("WWW-Authenticate",new []{"Basic realm=\"USP\""});
await
context.Response.WriteAsync(string.Format("Your account status is {0}",
app.IsActive));
}
else
{
var user = await _dbContext.Users.FirstOrDefaultAsync(u => u.UserName == app.Username);
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.Sid, user.Id),
new Claim(ClaimTypes.Email, user.Email),
new Claim(ClaimTypes.MobilePhone, user.PhoneNumber),
new Claim(ClaimTypes.GivenName, user.Fullname),
new Claim(ClaimTypes.SerialNumber,
app.Id.ToString()),
};
var identity = new ClaimsIdentity(claims, "Basic");
context.Request.User = new ClaimsPrincipal(identity);
Logger.Info("successfully authenticated basic auth");
await _nextMiddleware.Invoke(context);
}
}
else if (exceptionThrown)
{
context.Response.StatusCode = 401;
//context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" });
await context.Response.WriteAsync(string.Format("Invalid API credentials"));
}
else
{
Logger.Warn("Invalid API credential {0}", authHeader.Parameter);
context.Response.StatusCode = 401;
// context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" });
await context.Response.WriteAsync(string.Format("Invalid API credentials"));
}
}
else
{
await _nextMiddleware.Invoke(context);
}
}
else
{
var routesToIgnore = new ApiHandlerHelper().GatherRoutesToIgnore();
if (routesToIgnore.Any(route => context.Request.Uri.AbsolutePath.ToLower().Equals(route.ToLower(),StringComparison.CurrentCultureIgnoreCase)))
{
await _nextMiddleware.Invoke(context);
//return;
}
//if (context.Request.Uri.ToString().ToLower().Contains("ping")
// || context.Request.Uri.ToString().ToLower().Contains("signalr")
// || context.Request.Uri.ToString().ToLower().Contains("swagger"))
//{
// await _nextMiddleware.Invoke(context);
//}
else
{
Logger.Info("no authentication header detected...request will be failed!");
context.Response.StatusCode = 401;
//context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" });
await context.Response.WriteAsync(string.Format("no authorization header detected"));
}
}
}
public override async Task Invoke(IOwinContext context)
{
var header = context.Request.Headers.Get("Authorization");
if (!string.IsNullOrWhiteSpace(header))
{
var authHeader = AuthenticationHeaderValue.Parse(header);
if ("Bearer".Equals(authHeader.Scheme,
StringComparison.OrdinalIgnoreCase))
{
Logger.Debug("performing Bearer token transformation");
_dbContext = new ApplicationDbContext();
var userApp = await
_dbContext.UserApps.FirstOrDefaultAsync(x => x.HashedAccessToken == authHeader.Parameter);
if (userApp == null)
{
Logger.Error("Bearer token {0} not found for any user", authHeader.Parameter);
context.Response.StatusCode = 404;
//context.Response.Headers.Add("WWW-Authenticate",new []{"Basic realm=\"USP\""});
await
context.Response.WriteAsync($"Bearer token,{authHeader.Parameter}, not found. Please restart the oauth flow");
return;
}
if (userApp.AccessTokenExpiresOn.HasValue)
{
if (DateTime.Now > userApp.AccessTokenExpiresOn.Value)
{
Logger.Error("Bearer token {0} is no longer valid. It was expired on {1}", authHeader.Parameter, userApp.AccessTokenExpiresOn);
context.Response.StatusCode = 401;
//context.Response.Headers.Add("WWW-Authenticate",new []{"Basic realm=\"USP\""});
await
context.Response.WriteAsync($"Bearer token,{authHeader.Parameter}, is no longer valid. It was expired on {userApp.AccessTokenExpiresOn}");
return;
}
}
context.Request.Headers["Authorization"] = "Bearer " + userApp.AccessToken;
await _nextMiddleware.Invoke(context);
}
else
{
await _nextMiddleware.Invoke(context);
}
}
else
{
var routesToIgnore = new ApiHandlerHelper().GatherRoutesToIgnore();
if (routesToIgnore.Any(route => context.Request.Uri.AbsolutePath.ToLower().Contains(route)))
{
await _nextMiddleware.Invoke(context);
//return;
}
else
{
await _nextMiddleware.Invoke(context);
}
}
}
public override async Task Invoke(IOwinContext context)
{
var routesToIgnore = new ApiHandlerHelper().GatherRoutesToIgnore();
if (routesToIgnore.Any(route => context.Request.Uri.ToString().ToLower().Contains(route.ToLower())))
{
await _nextMiddleware.Invoke(context);
return;
}
var clientIp = context.Request.Headers["X-Forwarded-For"];
var ipAddress = (string)context.Environment["server.RemoteIpAddress"];
if (!string.IsNullOrEmpty(clientIp))
{
Logger.Info("X-Forwarded-For address is {0}", clientIp);
var rawIpAddress = clientIp.Split(new[] { ':' }, StringSplitOptions.RemoveEmptyEntries)[0];
//Logger.Debug("assigning");
ipAddress = rawIpAddress;
}
Logger.Info("caller's API address is {0}", ipAddress);
var app = context.Request.User as ClaimsPrincipal;
if (app == null)
{
Logger.Fatal("User not found");
context.Response.StatusCode = 404;
context.Response.Headers.Add("Content-Type", new[] { "application/json" });
await context.Response.WriteAsync("user not found");
return;
}
var appIdClaim = app.FindFirst(x => x.Type == ClaimTypes.SerialNumber);
if (appIdClaim == null)
{
Logger.Fatal("app claim not found");
context.Response.StatusCode = 404;
context.Response.Headers.Add("Content-Type", new[] { "application/json" });
await context.Response.WriteAsync("app claim not found");
return;
}
var appId = int.Parse(appIdClaim.Value);
var client = await _dbContext.Apps.FirstOrDefaultAsync(a => a.Id == appId);
if (client == null)
{
Logger.Fatal("app claim not found");
context.Response.StatusCode = 404;
context.Response.Headers.Add("Content-Type", new[] { "application/json" });
await context.Response.WriteAsync("app claim not found");
return;
}
if (!string.IsNullOrEmpty(client.AllowedIp))
{
if (client.AllowedIp.Contains("*")) //merchant wants to allow any IP to access the service
{
Logger.Debug("Whitelist contains *. Will allow any request to pass through");
await _nextMiddleware.Invoke(context);
return;
}
_allowedIPs.AddRange(client.AllowedIp.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).ToList());
}
if (!_allowedIPs.Contains(ipAddress))
{
Logger.Fatal("IP, {0}, not allowed", ipAddress);
context.Response.StatusCode = 403;
context.Response.Headers.Add("Content-Type", new[] { "application/json" });
await context.Response.WriteAsync("IP not allowed");
return;
}
await _nextMiddleware.Invoke(context);
}
public override async Task Invoke(IOwinContext context)
{
var routesToIgnore = new ApiHandlerHelper().GatherRoutesToIgnore();
if (routesToIgnore.Any(route => context.Request.Uri.ToString().ToLower().Contains(route.ToLower())))
{
await _nextMiddleware.Invoke(context);
return;
}
var clientIp = context.Request.Headers["X-Forwarded-For"];
var ipAddress = (string)context.Environment["server.RemoteIpAddress"];
if (!string.IsNullOrEmpty(clientIp))
{
Logger.Info("X-Forwarded-For address is {0}", clientIp);
var rawIpAddress = clientIp.Split(new[] { ':' }, StringSplitOptions.RemoveEmptyEntries)[0];
//Logger.Debug("assigning");
ipAddress = rawIpAddress;
}
Logger.Info("caller's API address is {0}", ipAddress);
var app = context.Request.User as ClaimsPrincipal;
if (app==null)
{
Logger.Fatal("User not found");
context.Response.StatusCode = 404;
context.Response.Headers.Add("Content-Type", new[] { "application/json" });
await context.Response.WriteAsync("user not found");
return;
}
var appIdClaim = app.FindFirst(x=>x.Type==ClaimTypes.SerialNumber);
if (appIdClaim==null)
{
Logger.Fatal("app claim not found");
context.Response.StatusCode = 404;
context.Response.Headers.Add("Content-Type", new[] { "application/json" });
await context.Response.WriteAsync("app claim not found");
return;
}
var appId = int.Parse(appIdClaim.Value);
var client = await _dbContext.Apps.FirstOrDefaultAsync(a => a.Id == appId);
if (client==null)
{
Logger.Fatal("app claim not found");
context.Response.StatusCode = 404;
context.Response.Headers.Add("Content-Type", new[] { "application/json" });
await context.Response.WriteAsync("app claim not found");
return;
}
if (!string.IsNullOrEmpty(client.AllowedIp))
{
if (client.AllowedIp.Contains("*")) //merchant wants to allow any IP to access the service
{
Logger.Debug("Whitelist contains *. Will allow any request to pass through");
await _nextMiddleware.Invoke(context);
return;
}
_allowedIPs.AddRange(client.AllowedIp.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).ToList());
}
if (!_allowedIPs.Contains(ipAddress))
{
Logger.Fatal("IP, {0}, not allowed", ipAddress);
context.Response.StatusCode = 403;
context.Response.Headers.Add("Content-Type", new[] { "application/json" });
await context.Response.WriteAsync("IP not allowed");
return;
}
await _nextMiddleware.Invoke(context);
}
