public TM_Authentication mapUserRoles(bool disable_Csrf_Check) // todo: rename to something like logging request
{
//currentUser.setGitUser(); //TODO track this better on user commit
Disable_Csrf_Check = disable_Csrf_Check;
// check if there is an AuthToken in the current request, then try WindowsAuthentication (if enabled)
if (authToken != Guid.Empty)
{
sessionID = new TokenAuthentication().login_Using_AuthToken(authToken, sessionID);
if (sessionID != Guid.Empty)
{
Disable_Csrf_Check = true;
}
}
else if (TMConfig.Current.windowsAuthentication_Enabled())
{
if (sessionID == Guid.Empty || sessionID.validSession() == false)
{
sessionID = new WindowsAuthentication().login_Using_WindowsAuthentication(Current_WindowsIdentity);
}
}
//if there is a valid session maps its permissions
var userGroup = UserGroup.None;
if (sessionID != Guid.Empty)
{
if (check_CSRF_Token()) // only map the roles if the CSRF check passed
{
userGroup = new UserRoleBaseSecurity().MapRolesBasedOnSessionGuid(sessionID);
}
}
if (userGroup == UserGroup.None)
{
if (TMConfig.Current.show_ContentToAnonymousUsers())
{
UserGroup.Reader.setThreadPrincipalWithRoles();
}
else
if (TMConfig.Current.show_LibraryToAnonymousUsers()) // when show_LibraryToAnonymousUsers is set, make the default user a Viewer
{
UserGroup.Viewer.setThreadPrincipalWithRoles();
}
else
{
UserGroup.None.setThreadPrincipalWithRoles();
}
}
if (HttpContextFactory.Session.notNull())
{
HttpContextFactory.Session["principal"] = Thread.CurrentPrincipal;
}
return(this);
}
public static TMUser tmUser_From_AuthToken(this TokenAuthentication tokenAuth, Guid token)
{
if (tokenAuth.isNull() || token == Guid.Empty)
{
return(null);
}
return((from tmUser in tokenAuth.userData.tmUsers()
from authToken in tmUser.AuthTokens
where authToken.Token == token
select tmUser).first());
}
public static Guid login_Using_AuthToken(this TokenAuthentication tokenAuth, Guid token, Guid sessionID)
{
var tmUser = tokenAuth.tmUser_From_AuthToken(token);
if (tmUser.notNull())
{
if (sessionID.session_TmUser() == tmUser)
{
return(sessionID); // the auth token matches the sssionId
}
return(tmUser.login("AuthToken"));
}
return(Guid.Empty);
}
public static TMUser tmUser_From_AuthToken(this TokenAuthentication tokenAuth, AuthToken authToken)
{
return(tokenAuth.tmUser_From_AuthToken(authToken.token()));
}
public static bool validToken(this TokenAuthentication tokenAuth, Guid token)
{
return(tokenAuth.tmUser_From_AuthToken(token)
.notNull());
}
public static bool validToken(this TokenAuthentication tokenAuth, AuthToken authToken)
{
return(tokenAuth.validToken(authToken.token()));
}
public Test_TokenAuthentication()
{
tokenAuth = new TokenAuthentication();
authVar = TMConsts.AUTH_TOKEN_REQUEST_VAR_NAME;
}
// todo: rename to something like logging request
public TM_Authentication mapUserRoles(bool disable_Csrf_Check)
{
//currentUser.setGitUser(); //TODO track this better on user commit
Disable_Csrf_Check = disable_Csrf_Check;
// check if there is an AuthToken in the current request, then try WindowsAuthentication (if enabled)
if (authToken != Guid.Empty)
{
sessionID = new TokenAuthentication().login_Using_AuthToken(authToken, sessionID);
if (sessionID != Guid.Empty)
Disable_Csrf_Check = true;
}
else if (TMConfig.Current.windowsAuthentication_Enabled())
if (sessionID == Guid.Empty || sessionID.validSession() == false)
{
sessionID = new WindowsAuthentication().login_Using_WindowsAuthentication(Current_WindowsIdentity);
}
//if there is a valid session maps its permissions
var userGroup = UserGroup.None;
if (sessionID != Guid.Empty)
{
if (check_CSRF_Token()) // only map the roles if the CSRF check passed
{
userGroup = new UserRoleBaseSecurity().MapRolesBasedOnSessionGuid(sessionID);
}
}
if (userGroup == UserGroup.None)
{
if (TMConfig.Current.show_ContentToAnonymousUsers())
UserGroup.Reader.setThreadPrincipalWithRoles();
else
if (TMConfig.Current.show_LibraryToAnonymousUsers()) // when show_LibraryToAnonymousUsers is set, make the default user a Viewer
UserGroup.Viewer.setThreadPrincipalWithRoles();
else
UserGroup.None.setThreadPrincipalWithRoles();
}
if (HttpContextFactory.Session.notNull())
{
HttpContextFactory.Session["principal"] = Thread.CurrentPrincipal;
}
return this;
}