}//method // Used by OAuth public LoginResult LoginUser(OperationContext context, Guid userId, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding) { var session = context.OpenSystemSession(); var login = session.EntitySet <ILogin>().Where(lg => lg.UserId == userId).FirstOrDefault(); if (login == null || login.Flags.IsSet(LoginFlags.Inactive)) { return new LoginResult() { Status = LoginAttemptStatus.Failed } } ; context.User = login.CreateUserInfo(); if (_sessionService != null) { AttachUserSession(context, login, null, expirationType); } App.UserLoggedIn(context); var lastLogin = login.LastLoggedInOn; //save prev value login.LastLoggedInOn = App.TimeService.UtcNow; OnLoginEvent(context, LoginEventType.Login, login, userName: login.UserName); session.SaveChanges(); var sessionToken = context.UserSession == null ? null : context.UserSession.Token; return(new LoginResult() { Status = LoginAttemptStatus.Success, Login = login, User = context.User, SessionToken = sessionToken, LastLoggedInOn = lastLogin }); }
public CachedSessionItem(UserSessionContext userSession, TUserSession sessionEntity) { UserSession = userSession; ExpirationType = sessionEntity.ExpirationType; ExpiresOn = sessionEntity.FixedExpiration; LastUsedOn = sessionEntity.LastUsedOn; }
//Helper methods used by othere tests private LoginResponse LoginAs(string userName, string password = null, bool assertSuccess = true, string deviceToken = null, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding) { password = password ?? Samples.BookStore.SampleData.SampleDataGenerator.DefaultPassword; var loginRq = new LoginRequest() { UserName = userName, Password = password, DeviceToken = deviceToken, ExpirationType = expirationType }; var resp = Startup.Client.ExecutePost <LoginRequest, LoginResponse>(loginRq, "api/login"); Assert.IsTrue(resp != null, "Authentication failed."); if (resp.Status == LoginAttemptStatus.Success) { //We can use AddAuthorizationHeader here as well Startup.Client.AddAuthorizationHeader(resp.AuthenticationToken); return(resp); } if (assertSuccess) { Assert.IsTrue(false, "Authentication failed, Status: " + resp.Status); } return(resp); }
private void AttachUserSession(OperationContext context, ILogin login, ITrustedDevice device = null, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding) { if (_sessionService == null) { return; } //Start session for logged in user and get session token var trustLevel = DeviceTrustLevel.None; if (device != null) { trustLevel = device.TrustLevel; device.LastLoggedIn = App.TimeService.UtcNow; } var oldSession = context.UserSession; if (oldSession != null && oldSession.User != null) { switch (oldSession.User.Kind) { case UserKind.Anonymous: // If we had session for anonymous user, we keep the session and keep the token context.UserSession.User = context.User; _sessionService.UpdateSession(context); return; default: // AuthenticatedUser, System (never happens) _sessionService.EndSession(context); break; } } //New session context.UserSession = _sessionService.StartSession(context, context.User, expirationType); }
public LoginResult Login(OperationContext context, string userName, string password, Guid?tenantId = null, string deviceToken = null, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding) { context.ThrowIf(password.Length > 100, ClientFaultCodes.InvalidValue, "password", "Password too long, max size: 100."); var webCtx = context.WebContext; userName = CheckUserName(context, userName); var session = context.OpenSystemSession(); var login = FindLogin(session, userName, password, tenantId); if (login == null) { if (webCtx != null) { webCtx.Flags |= WebCallFlags.AttackRedFlag; } OnLoginEvent(context, LoginEventType.LoginFailed, null, userName: userName); LogIncident(context, LoginIncidentType, LoginEventType.LoginFailed.ToString(), "User: "******"Login failed due to inactive status", userName: userName); return(new LoginResult() { Status = status, Login = login }); case LoginAttemptStatus.Failed: default: OnLoginEvent(context, LoginEventType.LoginFailed, login, userName: userName); return(new LoginResult() { Status = status }); } }//method
public LoginResult CompleteMultiFactorLogin(OperationContext context, ILogin login, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding) { PostLoginActions actions = GetPostLoginActions(login); context.User = login.CreateUserInfo(); var lastLogin = login.LastLoggedInOn; login.LastLoggedInOn = App.TimeService.UtcNow; var session = EntityHelper.GetSession(login); session.SaveChanges(); AttachUserSession(context, login, null, expirationType); OnLoginEvent(context, LoginEventType.MultiFactorLoginCompleted, login); App.UserLoggedIn(context); return(new LoginResult() { Status = LoginAttemptStatus.Success, Login = login, Actions = actions, User = context.User, SessionToken = context.UserSession?.Token, RefreshToken = context.UserSession?.RefreshToken, LastLoggedInOn = lastLogin }); }