public WebAppLinkResponse GetLink() { var autoLoginToken = new WebAutoLoginToken { Token = OAuth.Token, Key = (Int64)(new Random().NextDouble() * 10000000000000000000), Secret = Guid.NewGuid(), IPAddress = Request.GetClientIpAddress() }; Database.WebAutoLoginTokenStore.Add(autoLoginToken); Database.SaveChanges(); return(new WebAppLinkResponse { UriMask = String.Format( Settings.Default.KmsWebAppUriMask, Base36Encoder.Encode(autoLoginToken.Key) ), AutoLoginSecret = autoLoginToken.Secret.ToString("N") }); }
public JsonResult Web(string email, string password, string nonce, string apikey) { // > Validar que los campos no vengan vacíos if (String.IsNullOrEmpty(email) || String.IsNullOrEmpty(password) || String.IsNullOrEmpty(password) || string.IsNullOrEmpty(apikey)) { return(Json(new { error = "A field is empty" }, JsonRequestBehavior.AllowGet)); } // > Validar que el API-Key sea válido var apiKey = Database.ApiKeyStore.Get(apikey); if (apiKey == null || apiKey.BasicLoginEnabled == false) { throw new HttpException(403, "Invalid API-Key"); } // > Buscar al Usuario en BD por su Email email = email.ToLower(); var user = Database.UserStore.GetFirst( filter: f => f.Email == email.ToLower() ); // > Validar que el Usuario exista y las contraseñas coincidan if (user == null || !user.PasswordMatches(password)) { return(Json(new { error = "User not found" }, JsonRequestBehavior.AllowGet)); } // > Generar nuevo Token y WebAutoLoginToken var token = new Token { ApiKey = apiKey, ExpirationDate = DateTime.UtcNow.AddMinutes(5), LastUseDate = DateTime.UtcNow, IPAddress = null, Secret = Guid.NewGuid(), User = user, LoginAttempts = 0, CallbackUri = "oob" }; var autologinToken = new WebAutoLoginToken { IPAddress = null, Key = (Int64)(new Random().NextDouble() * 10000000000000000000), Secret = Guid.NewGuid(), Token = token }; // > Almacenar componentes en BD Database.TokenStore.Add(token); Database.WebAutoLoginTokenStore.Add(autologinToken); var res = Database.GetValidationErrors(); Database.SaveChanges(); // > Calcular hash HMAC-SHA1 de Secreto de Token de Auto-Login var hmacSha1Key = apiKey.Secret.ToString("N") + "&" + token.Secret.ToString("N"); var hmacSha1 = new HMACSHA1(Encoding.UTF8.GetBytes(hmacSha1Key)); var hmacSha1Bytes = hmacSha1.ComputeHash( Encoding.UTF8.GetBytes(autologinToken.Secret.ToString("N")) ); var hmacSha1String = new StringBuilder(hmacSha1Bytes.Length * 2); for (int i = 0; i < hmacSha1Bytes.Length; i++) { hmacSha1String.Append(hmacSha1Bytes[i].ToString("x2")); } // > Devolver componentes de la URL return(Json(new { k = new Base36Encoder().Encode(autologinToken.Key), h = hmacSha1String.ToString() }, JsonRequestBehavior.AllowGet)); }