public object Post(LoginRequestWithCredentials LoginDetails) { Uri referrerURI = Request.GetReferrerURI(); Uri current = new Uri(Request.AbsoluteUri); string userPassword = LoginDetails.password; //unset the password so we can use the LoginDetails in the resulting display if there is an error LoginDetails.password = null; Request.Items.Add("Model", LoginDetails); //CRSF protection if (!referrerURI.SchemeHostPathMatch(current)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", LoginDetails); } if (string.IsNullOrWhiteSpace(LoginDetails.username) || string.IsNullOrWhiteSpace(userPassword)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Missing Username or Password", LoginDetails); } OAuth2.DataModels.ResourceOwner owner = null; List <SWGEmuAPI.Model.Account.AccountResponse> accounts = AccountModel.GetAccount(LoginDetails.username, userPassword); if (accounts == null || accounts.Count == 0) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Username or Password", LoginDetails); } try { owner = ResourceOwnerModel.CreateOrUpdateFromAccountModel(accounts.FirstOrDefault()); } catch (System.Data.Common.DbException dbex) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error Storing Resource Owner Details", LoginDetails, null, dbex); } Session.Set <OAuth2.DataModels.ResourceOwner>("AuthResourceOwner", owner); Uri redirectURI = null; bool valid = Uri.TryCreate(LoginDetails.redirect, UriKind.RelativeOrAbsolute, out redirectURI); if (!valid || (redirectURI.IsAbsoluteUri && current.Host != redirectURI.Host)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", LoginDetails); } return(new HttpResult(LoginDetails) { StatusCode = System.Net.HttpStatusCode.Redirect, Headers = { { HttpHeaders.Location, LoginDetails.redirect } }, }); }
} //injected by IOC public T Authorize <T>(DataModels.ITokenRequest Request, OAuth2.DataModels.Client Client = null) where T : DataModels.Token, new() { var accounts = AccountModel.GetAccount(Request.username, Request.password); if (accounts == null || accounts.Count == 0) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid username or password", Request); } DataModels.ResourceOwner owner = new DataModels.ResourceOwner() { id = accounts[0].username, time = DateTime.UtcNow.Millisecond, attributes = accounts[0].ToDictonary(), }; ResourceOwnerModel.CreateOrUpdate(owner); T token = TokenModel.InsertToken <T>( TokenHelper.CreateAccessToken(), DataModels.TokenTypes.bearer, 3600, DateTime.UtcNow.GetTotalSeconds(), Client, TokenHelper.IntersectScopes(Request.scope, Client.allowed_scope), owner); if (token == null) { throw new OAuth2.DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Unable to store access token"); } return(token); }
public object Get(ApprovalRequest ApprovalRequest) { Uri redirectURI = null; Uri current = new Uri(Request.AbsoluteUri); ApprovalData data = new ApprovalData(); if (!Uri.TryCreate(ApprovalRequest.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data); } data.Redirect = ApprovalRequest.redirect; DataModels.ResourceOwner user = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); if (user == null) { UriBuilder bldr = new UriBuilder(Request.GetApplicationUrl()); bldr.Path += "/auth/login"; bldr.Query = "redirect=" + Request.AbsoluteUri.UrlEncode(); return(new HttpResult(data) { Headers = { { "Location", bldr.ToString() } }, StatusCode = System.Net.HttpStatusCode.Redirect, }); } data.User = user; DataModels.Client client = ClientModel.GetClientByID(ApprovalRequest.client_id); if (client == null) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data); } if (!string.IsNullOrWhiteSpace(client.owned_by)) { data.Owner = ResourceOwnerModel.GetByID(client.owned_by); } data.Client = client; string[] scopes = ApprovalRequest.scope == null ? new string[] {} : ApprovalRequest.scope.Split(new char[] { ' ', ';', ',' }, StringSplitOptions.RemoveEmptyEntries); List <DataModels.Scope> scopeDetails = ScopeModel.GetScopeDetails(scopes).ToList(); if (scopeDetails.Count != scopes.Length) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_scope, "Invalid Scope(s) requested", data); } data.RequestedScopes = scopeDetails; return((IApprovalData)data); }
public object Post(ApprovalResponse ApprovalResponse) { ApprovalData data = new ApprovalData(); data.User = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); Request.Items.Add("Model", data); data.Redirect = ApprovalResponse.redirect; Uri referrerURI = Request.GetReferrerURI(); Uri current = new Uri(Request.AbsoluteUri); //CRSF protection if (!referrerURI.SchemeHostPathMatch(current)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", ApprovalResponse); } Uri redirectURI = null; if (!Uri.TryCreate(ApprovalResponse.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data); } data.Redirect = redirectURI.ToString(); DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); if (owner == null) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.access_denied, "Not Authenticated", data); } data.Owner = owner; DataModels.Client client = ClientModel.GetClientByID(ApprovalResponse.client_id); if (client == null) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data); } data.Client = client; List <DataModels.Scope> scopes = ScopeModel.GetScopeDetails(ApprovalResponse.approved_scopes).ToList(); string scope = ""; if (scopes != null) { scopes.ForEach((cur) => scope += cur.scope_name + " "); } data.RequestedScopes = scopes; DataModels.Approval approval = new DataModels.Approval() { client_id = client.id, resource_owner_id = owner.id, type = DataModels.ApprovalTypes.user_granted, scope = scope, }; if (!ApprovalModel.AddOrUpdateApproval(approval)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error storing approval", data); } return(new HttpResult(data) { StatusCode = System.Net.HttpStatusCode.Redirect, Location = ApprovalResponse.redirect }); }