public static string GetDocKey(object fileId, int fileVersion, DateTime modified)
{
var str = String.Format("teamlab_{0}_{1}_{2}_{3}",
fileId,
fileVersion,
modified.GetHashCode(),
Global.GetDocDbKey());
var keyDoc = Encoding.UTF8.GetBytes(str)
.ToList()
.Concat(MachinePseudoKeys.GetMachineConstant())
.ToArray();
return(DocumentServiceConnector.GenerateRevisionId(Hasher.Base64Hash(keyDoc, HashAlg.SHA256)));
}
public OnlyoShortener(
IConfiguration configuration,
CommonLinkUtility commonLinkUtility,
MachinePseudoKeys machinePseudoKeys)
{
url = configuration["web:url-shortener:value"];
internalUrl = configuration["web:url-shortener:internal"];
sKey = machinePseudoKeys.GetMachineConstant();
if (!url.EndsWith("/"))
{
url += '/';
}
CommonLinkUtility = commonLinkUtility;
}
public static string GetDocKey(object fileId, int fileVersion, DateTime modified)
{
var str = string.Format("teamlab_{0}_{1}_{2}_{3}",
fileId,
fileVersion,
modified.GetHashCode(),
GetDocDbKey());
var keyDoc = Encoding.UTF8.GetBytes(str)
.ToList()
.Concat(MachinePseudoKeys.GetMachineConstant())
.ToArray();
return(Global.InvalidTitleChars.Replace(Hasher.Base64Hash(keyDoc, HashAlg.SHA256), "_"));
}
public TfaManager(
SettingsManager settingsManager,
SecurityContext securityContext,
CookiesManager cookiesManager,
SetupInfo setupInfo,
Signature signature,
InstanceCrypto instanceCrypto,
MachinePseudoKeys machinePseudoKeys)
{
SettingsManager = settingsManager;
SecurityContext = securityContext;
CookiesManager = cookiesManager;
SetupInfo = setupInfo;
Signature = signature;
InstanceCrypto = instanceCrypto;
MachinePseudoKeys = machinePseudoKeys;
}
public AuthHandler(
IOptionsMonitor <AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
ISystemClock clock,
IConfiguration configuration,
IOptionsMonitor <ILog> option,
ApiSystemHelper apiSystemHelper,
MachinePseudoKeys machinePseudoKeys) :
base(options, logger, encoder, clock)
{
Configuration = configuration;
Log = option.Get("ASC.ApiSystem");
ApiSystemHelper = apiSystemHelper;
MachinePseudoKeys = machinePseudoKeys;
}
protected override Task <AuthenticateResult> HandleAuthenticateAsync()
{
if (Convert.ToBoolean(Configuration[Scheme.Name] ?? "false"))
{
Log.DebugFormat("Auth for {0} skipped", Scheme.Name);
return(Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(Context.User, new AuthenticationProperties(), Scheme.Name))));
}
try
{
Context.Request.Headers.TryGetValue("Authorization", out var headers);
var header = headers.FirstOrDefault();
if (string.IsNullOrEmpty(header))
{
Log.Debug("Auth header is NULL");
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Unauthorized.ToString()))));
}
var substring = "ASC";
if (header.StartsWith(substring, StringComparison.InvariantCultureIgnoreCase))
{
var splitted = header.Substring(substring.Length).Trim().Split(':', StringSplitOptions.RemoveEmptyEntries);
if (splitted.Length < 3)
{
Log.DebugFormat("Auth failed: invalid token {0}.", header);
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Unauthorized.ToString()))));
}
var pkey = splitted[0];
var date = splitted[1];
var orighash = splitted[2];
Log.Debug("Variant of correct auth:" + ApiSystemHelper.CreateAuthToken(pkey));
if (!string.IsNullOrWhiteSpace(date))
{
var timestamp = DateTime.ParseExact(date, "yyyyMMddHHmmss", CultureInfo.InvariantCulture);
var trustInterval = TimeSpan.FromMinutes(Convert.ToDouble(Configuration["auth:trust-interval"] ?? "5"));
if (DateTime.UtcNow > timestamp.Add(trustInterval))
{
Log.DebugFormat("Auth failed: invalid timesatmp {0}, now {1}.", timestamp, DateTime.UtcNow);
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Forbidden.ToString()))));
}
}
var skey = MachinePseudoKeys.GetMachineConstant();
using var hasher = new HMACSHA1(skey);
var data = string.Join("\n", date, pkey);
var hash = hasher.ComputeHash(Encoding.UTF8.GetBytes(data));
if (WebEncoders.Base64UrlEncode(hash) != orighash && Convert.ToBase64String(hash) != orighash)
{
Log.DebugFormat("Auth failed: invalid token {0}, expect {1} or {2}.", orighash, WebEncoders.Base64UrlEncode(hash), Convert.ToBase64String(hash));
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Forbidden.ToString()))));
}
}
else
{
Log.DebugFormat("Auth failed: invalid auth header. Sheme: {0}, parameter: {1}.", Scheme.Name, header);
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Forbidden.ToString()))));
}
}
catch (Exception ex)
{
Log.Error(ex);
return(Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.InternalServerError.ToString()))));
}
var identity = new ClaimsIdentity(Scheme.Name);
Log.InfoFormat("Auth success {0}", Scheme.Name);
if (HttpContextAccessor?.HttpContext != null)
{
HttpContextAccessor.HttpContext.User = new CustomClaimsPrincipal(new ClaimsIdentity(Scheme.Name), identity);
}
return(Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(Context.User, new AuthenticationProperties(), Scheme.Name))));
}
public static T Read <T>(string signature)
{
return(Read <T>(signature, Encoding.UTF8.GetString(MachinePseudoKeys.GetMachineConstant())));
}
public static string Create <T>(T obj)
{
return(Create(obj, Encoding.UTF8.GetString(MachinePseudoKeys.GetMachineConstant())));
}
public Signature(MachinePseudoKeys machinePseudoKeys)
{
MachinePseudoKeys = machinePseudoKeys;
}
public ApiSystemHelper(IConfiguration configuration, CommonLinkUtility commonLinkUtility, MachinePseudoKeys machinePseudoKeys)
{
ApiSystemUrl = configuration["web:api-system"];
ApiCacheUrl = configuration["web:api-cache"];
CommonLinkUtility = commonLinkUtility;
Skey = machinePseudoKeys.GetMachineConstant();
}
protected static string GetPasswordHash(Guid userId, string password)
{
return(Hasher.Base64Hash(password + userId + Encoding.UTF8.GetString(MachinePseudoKeys.GetMachineConstant()), HashAlg.SHA512));
}
static ApiSystemHelper()
{
ApiSystemUrl = ConfigurationManagerExtension.AppSettings["web.api-system"];
ApiCacheUrl = ConfigurationManagerExtension.AppSettings["web.api-cache"];
Skey = MachinePseudoKeys.GetMachineConstant();
}
public EFUserService(DbContextManager <UserDbContext> userDbContextManager, PasswordHasher passwordHasher, MachinePseudoKeys machinePseudoKeys) : this()
{
UserDbContextManager = userDbContextManager;
PasswordHasher = passwordHasher;
MachinePseudoKeys = machinePseudoKeys;
UserDbContext = UserDbContextManager.Value;
}
