public async Task <ActionResult <AuthenticationResult> > AuthenticateUserByName([FromBody, Required] AuthenticateUserByName request)
{
var auth = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
try
{
var result = await _sessionManager.AuthenticateNewSession(new AuthenticationRequest
{
App = auth.Client,
AppVersion = auth.Version,
DeviceId = auth.DeviceId,
DeviceName = auth.Device,
Password = request.Pw,
RemoteEndPoint = HttpContext.GetNormalizedRemoteIp().ToString(),
Username = request.Username
}).ConfigureAwait(false);
return(result);
}
catch (SecurityException e)
{
// rethrow adding IP address to message
throw new SecurityException($"[{HttpContext.GetNormalizedRemoteIp()}] {e.Message}", e);
}
}
public async Task <object> Post(AuthenticateUserByName request)
{
var auth = _authContext.GetAuthorizationInfo(Request);
try
{
var result = await _sessionMananger.AuthenticateNewSession(new AuthenticationRequest
{
App = auth.Client,
AppVersion = auth.Version,
DeviceId = auth.DeviceId,
DeviceName = auth.Device,
Password = request.Pw,
PasswordSha1 = request.Password,
RemoteEndPoint = Request.RemoteIp,
Username = request.Username
}).ConfigureAwait(false);
return(ToOptimizedResult(result));
}
catch (SecurityException e)
{
// rethrow adding IP address to message
throw new SecurityException($"[{Request.RemoteIp}] {e.Message}");
}
}
public async Task <object> Post(AuthenticateUserByName request)
{
var auth = AuthorizationContext.GetAuthorizationInfo(Request);
if (string.IsNullOrWhiteSpace(auth.Client))
{
auth.Client = "Unknown app";
}
if (string.IsNullOrWhiteSpace(auth.Device))
{
auth.Device = "Unknown device";
}
if (string.IsNullOrWhiteSpace(auth.Version))
{
auth.Version = "Unknown version";
}
if (string.IsNullOrWhiteSpace(auth.DeviceId))
{
auth.DeviceId = "Unknown device id";
}
var result = await _sessionMananger.AuthenticateNewSession(new AuthenticationRequest
{
App = auth.Client,
AppVersion = auth.Version,
DeviceId = auth.DeviceId,
DeviceName = auth.Device,
PasswordSha1 = request.Password,
PasswordMd5 = request.PasswordMd5,
RemoteEndPoint = Request.RemoteIp,
Username = request.Username
}).ConfigureAwait(false);
return(ToOptimizedResult(result));
}
public object Post(AuthenticateUserByName request)
{
var auth = AuthorizationContext.GetAuthorizationInfo(Request);
if (string.IsNullOrWhiteSpace(auth.Client))
{
auth.Client = "Unknown app";
}
if (string.IsNullOrWhiteSpace(auth.Device))
{
auth.Device = "Unknown device";
}
if (string.IsNullOrWhiteSpace(auth.Version))
{
auth.Version = "Unknown version";
}
if (string.IsNullOrWhiteSpace(auth.DeviceId))
{
auth.DeviceId = "Unknown device id";
}
var result = _sessionMananger.AuthenticateNewSession(request.Username, request.Password, auth.Client, auth.Version,
auth.DeviceId, auth.Device, Request.RemoteIp, Request.IsLocal).Result;
return(ToOptimizedResult(result));
}
public async Task <object> Post(AuthenticateAccountByToken request)
{
var session = _authRepo.Get(new AuthenticationInfoQuery
{
AccessToken = request.AccessToken
}).Items.FirstOrDefault();
if (session == null)
{
throw new ArgumentException("Invalid access token.");
}
var account = _userManager.Accounts.FirstOrDefault(i => i.Guid == session.UserId);
if (account == null)
{
throw new ArgumentException("Invalid account.");
}
var user = _userManager.Users.FirstOrDefault(i => i.AccountId == account.Id && i.Id == Guid.Parse(request.Guid));
if (user == null)
{
throw new ArgumentException("Invalid account.");
}
var auth = _authContext.GetAuthorizationInfo(Request);
var result = await _sessionMananger.AuthenticateNewSession(new AuthenticationRequest
{
App = auth.Client,
AppVersion = auth.Version,
DeviceId = auth.DeviceId,
DeviceName = auth.Device,
PasswordSha1 = user.Password,
RemoteEndPoint = Request.RemoteIp,
Username = user.Name
}).ConfigureAwait(false);
return(ToOptimizedResult(result));
}
public async Task <object> Post(AuthenticateUserByName request)
{
var auth = _authContext.GetAuthorizationInfo(Request);
var result = await _sessionMananger.AuthenticateNewSession(new AuthenticationRequest
{
App = auth.Client,
AppVersion = auth.Version,
DeviceId = auth.DeviceId,
DeviceName = auth.Device,
PasswordSha1 = request.Password,
PasswordMd5 = request.PasswordMd5,
RemoteEndPoint = Request.RemoteIp,
Username = request.Username
}).ConfigureAwait(false);
return(ToOptimizedResult(result));
}
private async Task <AuthenticationResult> AuthenticateUser(AuthenticateUser request)
{
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
var auth = AuthorizationRequestFilterAttribute.GetAuthorization(Request);
// Login in the old way if the header is missing
if (string.IsNullOrEmpty(auth.Client) ||
string.IsNullOrEmpty(auth.Device) ||
string.IsNullOrEmpty(auth.DeviceId) ||
string.IsNullOrEmpty(auth.Version))
{
var success = await _userManager.AuthenticateUser(user, request.Password).ConfigureAwait(false);
if (!success)
{
// Unauthorized
throw new UnauthorizedAccessException("Invalid user or password entered.");
}
return(new AuthenticationResult
{
User = _dtoService.GetUserDto(user)
});
}
var session = await _sessionMananger.AuthenticateNewSession(user, request.Password, auth.Client, auth.Version,
auth.DeviceId, auth.Device, Request.RemoteIp).ConfigureAwait(false);
var result = new AuthenticationResult
{
User = _dtoService.GetUserDto(user),
SessionInfo = _sessionMananger.GetSessionInfoDto(session)
};
return(result);
}
