public void OnAuthorization(AuthorizationContext filterContext) { var dp = filterContext.HttpContext.User as DnsPrincipal; if (dp != null) { return; } var db = filterContext.HttpContext.DataContext(); string token = filterContext.HttpContext.Request.QueryString.Get("token"); Guid passwordResetToken; if (!string.IsNullOrEmpty(token) && !Guid.TryParse(token, out passwordResetToken)) { try { string decryptedToken = Utilities.Crypto.DecryptString(System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(token))); string[] split = decryptedToken.Split(new[] { ':' }); string username = split[0]; string passwordHashed = Password.ComputeHash(split[1]); DateTime issued = DateTime.ParseExact(string.Join(":", split[2], split[3], split[4]), "s", null, System.Globalization.DateTimeStyles.AssumeUniversal); //must have been issue within the last 6 hours DateTime cutoffDate = DateTime.UtcNow.AddHours(-6); var user = (from u in db.Users where !u.Deleted && u.Active && u.UserName == username && cutoffDate < issued select u).FirstOrDefault(); if (user != null && string.Equals(user.PasswordHash, passwordHashed, StringComparison.Ordinal)) { filterContext.HttpContext.User = new DnsPrincipal(user); System.Web.Security.FormsAuthentication.SetAuthCookie(user.ID.ToString(), false); var cookie = new Lpp.Utilities.WebSites.Models.LoginResponseModel(user, split[1], user.OrganizationID, user.PasswordExpiration, -1); var sModel = Newtonsoft.Json.JsonConvert.SerializeObject(cookie); var authCookie = new System.Web.HttpCookie("Authorization", sModel) { Shareable = false, Expires = DateTime.MinValue, }; filterContext.HttpContext.Response.Cookies.Add(authCookie); return; } } catch (Exception ex) { Logger.Error("Error authenticating via token.", ex); } } MaybeNotNull <User> result = from u in Maybe.Value(filterContext.HttpContext.User) from i in u.Identity from n in i.Name from id in Guid.Parse(n) from user in db.Users.SingleOrDefault(uu => uu.ID == id) where !user.Deleted select user; var anonymous = AllowAnonymous(filterContext); if (result.Kind == MaybeKind.Value) { if (result.Value.PasswordExpiration <= DateTime.Now && !anonymous) { filterContext.Result = new RedirectResult(new UrlHelper(filterContext.RequestContext).Action( (HomeController c) => c.PasswordExpired())); } else { filterContext.HttpContext.User = new DnsPrincipal(result.Value); } } else if (!anonymous) { if (filterContext.IsChildAction) { filterContext.Result = View.Result <Views.Errors.AccessDenied>().WithoutModel(); } else if (AjaxCall(filterContext) || filterContext.HttpContext.IsEmbeddedRequest()) { filterContext.Result = new AjaxJsonResponseResult(new { code = "auth", message = "Session is no longer valid.<br/>Please refresh the page to log in.", redirectTo = LoginUrl(filterContext) }); } else { filterContext.Result = new RedirectResult(LoginUrl(filterContext)); } } }
public static DnsResult Lift(this MaybeNotNull <DnsResult> maybe, DnsResult nullResult = null) { return(maybe.Kind == MaybeKind.Error ? DnsResult.FromException(maybe.Exception) : (maybe.ValueOrNull() ?? nullResult ?? DnsResult.Failed("Unknown error has occurred"))); }