}//method
// Used by OAuth
public LoginResult LoginUser(OperationContext context, Guid userId, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding)
{
var session = context.OpenSystemSession();
var login = session.EntitySet <ILogin>().Where(lg => lg.UserId == userId).FirstOrDefault();
if (login == null || login.Flags.IsSet(LoginFlags.Inactive))
{
return new LoginResult()
{
Status = LoginAttemptStatus.Failed
}
}
;
context.User = login.CreateUserInfo();
if (_sessionService != null)
{
AttachUserSession(context, login, null, expirationType);
}
App.UserLoggedIn(context);
var lastLogin = login.LastLoggedInOn; //save prev value
login.LastLoggedInOn = App.TimeService.UtcNow;
OnLoginEvent(context, LoginEventType.Login, login, userName: login.UserName);
session.SaveChanges();
var sessionToken = context.UserSession == null ? null : context.UserSession.Token;
return(new LoginResult()
{
Status = LoginAttemptStatus.Success, Login = login, User = context.User, SessionToken = sessionToken, LastLoggedInOn = lastLogin
});
}
public CachedSessionItem(UserSessionContext userSession, TUserSession sessionEntity)
{
UserSession = userSession;
ExpirationType = sessionEntity.ExpirationType;
ExpiresOn = sessionEntity.FixedExpiration;
LastUsedOn = sessionEntity.LastUsedOn;
}
//Helper methods used by othere tests
private LoginResponse LoginAs(string userName, string password = null, bool assertSuccess = true, string deviceToken = null,
UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding)
{
password = password ?? Samples.BookStore.SampleData.SampleDataGenerator.DefaultPassword;
var loginRq = new LoginRequest()
{
UserName = userName, Password = password, DeviceToken = deviceToken, ExpirationType = expirationType
};
var resp = Startup.Client.ExecutePost <LoginRequest, LoginResponse>(loginRq, "api/login");
Assert.IsTrue(resp != null, "Authentication failed.");
if (resp.Status == LoginAttemptStatus.Success)
{
//We can use AddAuthorizationHeader here as well
Startup.Client.AddAuthorizationHeader(resp.AuthenticationToken);
return(resp);
}
if (assertSuccess)
{
Assert.IsTrue(false, "Authentication failed, Status: " + resp.Status);
}
return(resp);
}
private void AttachUserSession(OperationContext context, ILogin login, ITrustedDevice device = null, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding)
{
if (_sessionService == null)
{
return;
}
//Start session for logged in user and get session token
var trustLevel = DeviceTrustLevel.None;
if (device != null)
{
trustLevel = device.TrustLevel;
device.LastLoggedIn = App.TimeService.UtcNow;
}
var oldSession = context.UserSession;
if (oldSession != null && oldSession.User != null)
{
switch (oldSession.User.Kind)
{
case UserKind.Anonymous:
// If we had session for anonymous user, we keep the session and keep the token
context.UserSession.User = context.User;
_sessionService.UpdateSession(context);
return;
default: // AuthenticatedUser, System (never happens)
_sessionService.EndSession(context);
break;
}
}
//New session
context.UserSession = _sessionService.StartSession(context, context.User, expirationType);
}
public LoginResult Login(OperationContext context, string userName, string password, Guid?tenantId = null,
string deviceToken = null, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding)
{
context.ThrowIf(password.Length > 100, ClientFaultCodes.InvalidValue, "password", "Password too long, max size: 100.");
var webCtx = context.WebContext;
userName = CheckUserName(context, userName);
var session = context.OpenSystemSession();
var login = FindLogin(session, userName, password, tenantId);
if (login == null)
{
if (webCtx != null)
{
webCtx.Flags |= WebCallFlags.AttackRedFlag;
}
OnLoginEvent(context, LoginEventType.LoginFailed, null, userName: userName);
LogIncident(context, LoginIncidentType, LoginEventType.LoginFailed.ToString(), "User: "******"Login failed due to inactive status", userName: userName);
return(new LoginResult()
{
Status = status, Login = login
});
case LoginAttemptStatus.Failed:
default:
OnLoginEvent(context, LoginEventType.LoginFailed, login, userName: userName);
return(new LoginResult()
{
Status = status
});
}
}//method
public LoginResult CompleteMultiFactorLogin(OperationContext context, ILogin login, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding)
{
PostLoginActions actions = GetPostLoginActions(login);
context.User = login.CreateUserInfo();
var lastLogin = login.LastLoggedInOn;
login.LastLoggedInOn = App.TimeService.UtcNow;
var session = EntityHelper.GetSession(login);
session.SaveChanges();
AttachUserSession(context, login, null, expirationType);
OnLoginEvent(context, LoginEventType.MultiFactorLoginCompleted, login);
App.UserLoggedIn(context);
return(new LoginResult()
{
Status = LoginAttemptStatus.Success, Login = login, Actions = actions, User = context.User, SessionToken = context.UserSession?.Token,
RefreshToken = context.UserSession?.RefreshToken, LastLoggedInOn = lastLogin
});
}
