コード例 #1
0
ファイル: AuthHelper.cs プロジェクト: hydrantwiki/hwMobileAPI 
        public static BaseResponse Authorize(Request _request, out User _user)
        {
            string body = _request.Body.AsString();

            Objects.AuthObject auth = null;

            if (body != null)
            {
                auth = JsonConvert.DeserializeObject <Objects.AuthObject>(body);
            }

            return(Authorize(auth, out _user));
        }
コード例 #2
0
ファイル: AuthHelper.cs プロジェクト: hydrantwiki/hwMobileAPI 
        public static BaseResponse Authorize(Objects.AuthObject _auth, out User _user)
        {
            AuthorizationResponse authResponse = new AuthorizationResponse {
                Success = false
            };

            if (_auth == null)
            {
                _user = null;
                authResponse.Message = "Bad Request";
                return(authResponse);
            }

            HydrantWikiManager hwManager = new HydrantWikiManager();

            _user = hwManager.GetUserByEmail(UserSources.HydrantWiki, _auth.Email);

            if (_user != null)
            {
                if (_user.IsVerified)
                {
                    if (_user.Active)
                    {
                        DateTime now        = DateTime.UtcNow;
                        DateTime tenMinAgo  = now.AddMinutes(-10);
                        int      count10Min = hwManager.GetAuthenticationFailureCount(_user.Guid, tenMinAgo);
                        DateTime oneDayAgo  = now.AddHours(-24);
                        int      count1Day  = hwManager.GetAuthenticationFailureCount(_user.Guid, oneDayAgo);


                        if (hwManager.ValidateUser(_user, _auth.Password))
                        {
                            TGUserAuthorization authorization =
                                TGUserAuthorization.GetNew(_user.Guid, "unknown");
                            hwManager.Persist(authorization);

                            var user = new HydrantWiki.Mobile.Api.Objects.User();
                            user.AuthorizationToken = authorization.AuthorizationToken;
                            user.DisplayName        = _user.DisplayName;
                            user.Username           = _user.Username;
                            user.UserType           = Enum.GetName(typeof(UserTypes), _user.UserType);

                            authResponse.Success = true;
                            authResponse.User    = user;
                            authResponse.Message = "";

                            hwManager.LogUserToInstall(_auth.InstallId, user.Username);

                            hwManager.LogInfo(_user.Guid, "User Logged In");

                            return(authResponse);
                        }

                        //Record failure to test if this is an attack.
                        hwManager.RecordAuthenticationFailure(_user.Guid);

                        //Bad password or username
                        hwManager.LogWarning(_user.Guid, "Bad user or password");
                        authResponse.Message = "Bad user or password";

                        return(authResponse);
                    }

                    //user not active
                    //Todo - Log Something
                    hwManager.LogWarning(_user.Guid, "User Not Active");
                    authResponse.Message = "User not active";
                    return(authResponse);
                }

                //User not verified
                //Todo - Log Something
                hwManager.LogWarning(_user.Guid, "User not verified");
                authResponse.Message = "User not verified";
                return(authResponse);
            }

            //User not found
            hwManager.LogWarning(Guid.Empty, "User not found");
            authResponse.Message = "User not found";
            return(authResponse);
        }