public static bool AuthenticateMe(string cookie) { if (!string.IsNullOrEmpty(cookie)) { int tenant; Guid userid; int indexTenant; DateTime expire; int indexUser; if (cookie.Equals("Bearer", StringComparison.InvariantCulture)) { var ipFrom = string.Empty; var address = string.Empty; if (HttpContext.Current != null) { var request = HttpContext.Current.Request; ipFrom = "from " + (request.Headers["X-Forwarded-For"] ?? request.UserHostAddress); address = "for " + request.GetUrlRewriter(); } log.InfoFormat("Empty Bearer cookie: {0} {1}", ipFrom, address); } else if (CookieStorage.DecryptCookie(cookie, out tenant, out userid, out indexTenant, out expire, out indexUser)) { if (tenant != CoreContext.TenantManager.GetCurrentTenant().TenantId) { return(false); } var settingsTenant = TenantCookieSettings.GetForTenant(tenant); if (indexTenant != settingsTenant.Index) { return(false); } if (expire != DateTime.MaxValue && expire < DateTime.UtcNow) { return(false); } try { var settingsUser = TenantCookieSettings.GetForUser(userid); if (indexUser != settingsUser.Index) { return(false); } AuthenticateMe(new UserAccount(new UserInfo { ID = userid }, tenant)); return(true); } catch (InvalidCredentialException ice) { log.DebugFormat("{0}: cookie {1}, tenant {2}, userid {3}", ice.Message, cookie, tenant, userid); } catch (SecurityException se) { log.DebugFormat("{0}: cookie {1}, tenant {2}, userid {3}", se.Message, cookie, tenant, userid); } catch (Exception err) { log.ErrorFormat("Authenticate error: cookie {0}, tenant {1}, userid {2}: {5}", cookie, tenant, userid, err); } } else { var ipFrom = string.Empty; var address = string.Empty; if (HttpContext.Current != null) { var request = HttpContext.Current.Request; address = "for " + request.GetUrlRewriter(); ipFrom = "from " + (request.Headers["X-Forwarded-For"] ?? request.UserHostAddress); } log.WarnFormat("Can not decrypt cookie: {0} {1} {2}", cookie, ipFrom, address); } } return(false); }
[Create(@"", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!! public AuthenticationTokenData AuthenticateMe(string userName, string password, string provider, string accessToken) { bool viaEmail; var user = GetUser(userName, password, provider, accessToken, out viaEmail); if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable) { if (string.IsNullOrEmpty(user.MobilePhone) || user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated) { return new AuthenticationTokenData { Sms = true } } ; SmsManager.PutAuthCode(user, false); return(new AuthenticationTokenData { Sms = true, PhoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone), Expires = new ApiDateTime(DateTime.UtcNow.Add(SmsKeyStorage.StoreInterval)) }); } if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable) { if (!TfaAppUserSettings.EnableForUser(user.ID)) { return new AuthenticationTokenData { Tfa = true, TfaKey = user.GenerateSetupCode(300).ManualEntryKey } } ; return(new AuthenticationTokenData { Tfa = true }); } try { var token = SecurityContext.AuthenticateMe(user.ID); MessageService.Send(Request, viaEmail ? MessageAction.LoginSuccessViaApi : MessageAction.LoginSuccessViaApiSocialAccount); var tenant = CoreContext.TenantManager.GetCurrentTenant().TenantId; var expires = TenantCookieSettings.GetExpiresTime(tenant); return(new AuthenticationTokenData { Token = token, Expires = new ApiDateTime(expires) }); } catch { MessageService.Send(Request, user.DisplayUserName(false), viaEmail ? MessageAction.LoginFailViaApi : MessageAction.LoginFailViaApiSocialAccount); throw new AuthenticationException("User authentication failed"); } finally { SecurityContext.Logout(); } }
public static int GetLifeTime() { return(TenantCookieSettings.GetForTenant(TenantProvider.CurrentTenantID).LifeTime); }
[Create(@"{code}", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!! public AuthenticationTokenData AuthenticateMe(string userName, string password, string provider, string accessToken, string code) { bool viaEmail; var user = GetUser(userName, password, provider, accessToken, out viaEmail); var sms = false; try { if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable) { sms = true; SmsManager.ValidateSmsCode(user, code); } else if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable) { if (user.ValidateAuthCode(code)) { MessageService.Send(HttpContext.Current.Request, MessageAction.UserConnectedTfaApp, MessageTarget.Create(user.ID)); } } else { throw new SecurityException("Auth code is not available"); } var token = SecurityContext.AuthenticateMe(user.ID); MessageService.Send(Request, sms ? MessageAction.LoginSuccessViaApiSms : MessageAction.LoginSuccessViaApiTfa); var tenant = CoreContext.TenantManager.GetCurrentTenant().TenantId; var expires = TenantCookieSettings.GetExpiresTime(tenant); var result = new AuthenticationTokenData { Token = token, Expires = new ApiDateTime(expires) }; if (sms) { result.Sms = true; result.PhoneNoise = SmsSender.BuildPhoneNoise(user.MobilePhone); } else { result.Tfa = true; } return(result); } catch { MessageService.Send(Request, user.DisplayUserName(false), sms ? MessageAction.LoginFailViaApiSms : MessageAction.LoginFailViaApiTfa, MessageTarget.Create(user.ID)); throw new AuthenticationException("User authentication failed"); } finally { SecurityContext.Logout(); } }