public IHttpActionResult unlock() { if (!IsAdmin()) { return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Unauthorized, Messages.ActionIsUnauthorized))); } Durados.Web.Mvc.Controllers.AccountMembershipService accountMembershipService = new Durados.Web.Mvc.Controllers.AccountMembershipService(); string json = System.Web.HttpContext.Current.Server.UrlDecode(Request.Content.ReadAsStringAsync().Result); if (string.IsNullOrEmpty(json)) { return(ResponseMessage(Request.CreateResponse(HttpStatusCode.NotFound, Messages.FieldNameIsMissing))); } Dictionary <string, object> data = Durados.Web.Mvc.UI.Json.JsonSerializer.Deserialize(json); if (!data.ContainsKey("username")) { return(ResponseMessage(Request.CreateResponse(HttpStatusCode.NotFound, Messages.FieldNameIsMissing))); } string username = data["username"].ToString(); bool success = accountMembershipService.UnlockUser(username); return(Ok(new { success = success })); }
// public override async Task GrantRefreshToken( //OAuthGrantRefreshTokenContext context) // { // var originalClient = context.Ticket.Properties.Dictionary["as:client_id"]; // var currentClient = context.OwinContext.Get<string>("as:client_id"); // // enforce client binding of refresh token // if (originalClient != currentClient) // { // context.Rejected(); // return; // } // // chance to change authentication ticket for refresh token requests // var newId = new ClaimsIdentity(context.Ticket.Identity); // newId.AddClaim(new Claim("newClaim", "refreshToken")); // var newTicket = new Microsoft.Owin.Security.AuthenticationTicket(newId, context.Ticket.Properties); // context.Validated(newTicket); // } public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); if (System.Web.HttpContext.Current.Request.Form["username"] == null && System.Web.HttpContext.Current.Request.Form["userid"] != null) { ValidateById(context); return; } else if (System.Web.HttpContext.Current.Request.Form["username"] == null && System.Web.HttpContext.Current.Request.Form["accessToken"] != null) { ValidateByOneTimeAccessToken(context); return; } else if (System.Web.HttpContext.Current.Request.Form["refreshToken"] != null) { if (System.Web.HttpContext.Current.Request.Form["username"] == null) { throw new DuradosException("username is missing."); } if (System.Web.HttpContext.Current.Request.Form[Database.AppName] == null) { throw new DuradosException(Database.AppName + " is missing."); } if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName)) { System.Web.HttpContext.Current.Items.Add(Database.AppName, System.Web.HttpContext.Current.Request.Form[Database.AppName]); } if (!System.Web.HttpContext.Current.Items.Contains(Database.Username)) { System.Web.HttpContext.Current.Items.Add(Database.Username, System.Web.HttpContext.Current.Request.Form["username"]); } ValidateByRefreshToken(context, System.Web.HttpContext.Current.Request.Form["username"], System.Web.HttpContext.Current.Request.Form[Database.AppName], System.Web.HttpContext.Current.Request.Form["refreshToken"]); return; } string appname = null; appname = System.Web.HttpContext.Current.Request.Form[Database.AppName]; if (SharedMemorySingeltone.Instance.Contains(appname, Durados.Data.SharedMemoryKey.DebugMode)) { System.Web.HttpContext.Current.Items[Durados.Workflow.JavaScript.Debug] = true; } if (string.IsNullOrEmpty(appname)) { context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.AppNameNotSupplied); return; } if (!IsAppExists(appname)) { context.SetError(UserValidationErrorMessages.InvalidGrant, string.Format(UserValidationErrorMessages.AppNameNotExists, appname)); return; } System.Collections.Specialized.NameValueCollection form = GetFixedForm(); string username = context.UserName; try { username = form["username"]; } catch { } string password = context.Password; try { password = form["password"]; } catch { } if (!Durados.Web.Mvc.Maps.IsDevUser(username) && IsAppLocked(appname)) { context.SetError(UserValidationErrorMessages.InvalidGrant, string.Format(UserValidationErrorMessages.AppLocked, appname)); return; } if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName)) { System.Web.HttpContext.Current.Items.Add(Database.AppName, appname); } if (!System.Web.HttpContext.Current.Items.Contains(Database.Username)) { System.Web.HttpContext.Current.Items.Add(Database.Username, username); } Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-start", appname, username, null, 3, string.Empty); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-start", appname, username, null, 3, string.Empty); } UserValidationError userValidationError = UserValidationError.Valid; string customError = null; bool hasCustomValidation = false; bool customValid = false; try { if (!IsValid(appname, username, password, out userValidationError, out customError, out hasCustomValidation, out customValid)) { Durados.Web.Mvc.Controllers.AccountMembershipService accountMembershipService = new Durados.Web.Mvc.Controllers.AccountMembershipService(); string message = UserValidationErrorMessages.Unknown; switch (userValidationError) { case UserValidationError.IncorrectUsernameOrPassword: message = UserValidationErrorMessages.IncorrectUsernameOrPassword; break; case UserValidationError.LockedOut: message = UserValidationErrorMessages.LockedOut; break; case UserValidationError.NotApproved: message = UserValidationErrorMessages.NotApproved; break; case UserValidationError.NotRegistered: message = UserValidationErrorMessages.NotRegistered; break; case UserValidationError.UserDoesNotBelongToApp: message = UserValidationErrorMessages.UserDoesNotBelongToApp; break; case UserValidationError.Custom: if (customError != null) { message = customError; } else { message = UserValidationErrorMessages.Unknown; } break; default: message = UserValidationErrorMessages.Unknown; break; } context.SetError(UserValidationErrorMessages.InvalidGrant, message); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, message); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-start", appname, username, null, 3, message); } return; } } catch (System.Exception exception) { context.SetError(UserValidationErrorMessages.InvalidGrant, exception.Message); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 1, exception.Message); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 1, exception.Message); } return; } Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appname); Durados.Web.Mvc.Controllers.AccountMembershipService account = new Durados.Web.Mvc.Controllers.AccountMembershipService(); if (!hasCustomValidation || !customValid) { if (map.Database.SecureLevel == SecureLevel.AllUsers) { try { if (!(account.AuthenticateUser(map, username, password))) { context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.IncorrectUsernameOrPassword); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.IncorrectUsernameOrPassword); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.IncorrectUsernameOrPassword); } return; } else if (!(account.IsApproved(username))) { if (map.HasAuthApp && account.IsApproved(username, map.AuthAppName)) { userController uc = new userController(); var userRow = map.GetAuthAppMap().Database.GetUserRow(username); var signUpResults = uc.SignUp(appname, null, null, true, GetFirstName(userRow), username, GetLastName(userRow), password, password, new Dictionary <string, object>()); } else { context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.NotApproved); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.NotApproved); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.NotApproved); } return; } } } catch (System.Exception exception) { context.SetError(UserValidationErrorMessages.Unknown, exception.Message); return; } } } if (!string.IsNullOrEmpty(map.Database.LogOnUrlAuth) && !new DuradosAuthorizationHelper().ValidateLogOnAuthUrl(map, System.Web.HttpContext.Current.Request.Form)) { string message = "External authentication failer"; context.SetError(UserValidationErrorMessages.InvalidGrant, message); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, message); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, message); } return; } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim(Database.Username, username)); identity.AddClaim(new Claim(Database.AppName, appname)); // create metadata to pass on to refresh token provider //var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary<string, string> //{ // { "as:client_id", context.ClientId } //}); //var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props); //context.Validated(ticket); context.Validated(identity); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end", appname, username, null, 3, string.Empty); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end", appname, username, null, 3, string.Empty); } }
private void ValidateByOneTimeAccessToken(OAuthGrantResourceOwnerCredentialsContext context) { if (System.Web.HttpContext.Current.Request.Form["accessToken"] == null) { context.SetError(UserValidationErrorMessages.MissingAccessToken, UserValidationErrorMessages.MissingAccessToken); return; } string accessToken = System.Web.HttpContext.Current.Request.Form["accessToken"]; string appName = System.Web.HttpContext.Current.Request.Form["appName"]; if (appName == null) { context.SetError(UserValidationErrorMessages.AppNameNotSupplied, UserValidationErrorMessages.AppNameNotSupplied); return; } Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appName); if (map == null || (appName != Durados.Web.Mvc.Maps.DuradosAppName && map == Durados.Web.Mvc.Maps.Instance.DuradosMap)) { context.SetError(UserValidationErrorMessages.WrongAppName, UserValidationErrorMessages.WrongAppName); return; } string userGuid = Durados.Web.Mvc.UI.Helpers.SecurityHelper.GetUserGuidFromTmpGuid(accessToken); string username = Durados.Web.Mvc.Maps.Instance.DuradosMap.Database.GetUsernameByGuid(userGuid); if (username == null) { context.SetError(UserValidationErrorMessages.InvalidAccessToken, UserValidationErrorMessages.InvalidAccessToken); return; } Durados.Web.Mvc.Controllers.AccountMembershipService accountMembershipService = new Durados.Web.Mvc.Controllers.AccountMembershipService(); if (map.Database.GetUserRow(username) == null) { context.SetError(UserValidationErrorMessages.UserDoesNotBelongToApp, UserValidationErrorMessages.UserDoesNotBelongToApp); return; } if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName)) { System.Web.HttpContext.Current.Items.Add(Database.AppName, appName); } if (!System.Web.HttpContext.Current.Items.Contains(Database.Username)) { System.Web.HttpContext.Current.Items.Add(Database.Username, username); } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim(Database.Username, username)); identity.AddClaim(new Claim(Database.AppName, appName)); if (!System.Web.HttpContext.Current.Items.Contains(Durados.Database.CustomTokenAttrKey)) { string tokenInfo; var profile = GetProfileFromSharedMemoryToModulateInAccessToken(accessToken, out tokenInfo); if (profile != null) { if (profile.ContainsKey(AdditionalValues) && profile[AdditionalValues] is IDictionary <string, object> ) { System.Web.HttpContext.Current.Items.Add(Durados.Database.CustomTokenAttrKey, (IDictionary <string, object>)profile[AdditionalValues]); } identity.AddClaim(new Claim(Database.TokenInfo, tokenInfo)); } } context.Validated(identity); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end", appName, username, null, 3, string.Empty); }
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { if (IsBasicAuthorized(actionContext)) { ((apiController)actionContext.ControllerContext.Controller).Init(); return; } if (IsServerAuthorized(actionContext)) { return; } if (IsAnonymous(actionContext)) { return; } base.OnAuthorization(actionContext); ClaimsPrincipal principal = actionContext.Request.GetRequestContext().Principal as ClaimsPrincipal; var ci = principal.Identity as ClaimsIdentity; if (!ci.IsAuthenticated) { AuthorizationTokenExpiredException authorizationTokenExpiredException = new AuthorizationTokenExpiredException(); actionContext.Response = actionContext.Request.CreateErrorResponse( HttpStatusCode.Unauthorized, authorizationTokenExpiredException.Message, authorizationTokenExpiredException); return; } try { var usernameObj = principal.Claims.Where(c => c.Type == Database.Username).Single(); var appnameObj = principal.Claims.Where(c => c.Type == Database.AppName).Single(); var infoObj = principal.Claims.Where(c => c.Type == Database.TokenInfo).SingleOrDefault(); if (usernameObj == null) { HandleUnauthorized(actionContext, null, null); return; } if (appnameObj == null) { HandleUnauthorized(actionContext, null, null); return; } string username = usernameObj.Value; string appname = appnameObj.Value; string appNameFromToken = appnameObj.Value; bool mainAppFromToken = appNameFromToken == Maps.DuradosAppName; string appNameInHeader = null; if (actionContext.Request.Headers.Contains("AppName")) { appNameInHeader = actionContext.Request.Headers.GetValues("AppName").FirstOrDefault(); } else if (actionContext.Request.Headers.Contains("appName")) { appNameInHeader = actionContext.Request.Headers.GetValues("appName").FirstOrDefault(); } else if (actionContext.Request.Headers.Contains("appname")) { appNameInHeader = actionContext.Request.Headers.GetValues("appname").FirstOrDefault(); } Durados.Web.Mvc.Controllers.AccountMembershipService accountMembershipService = new Durados.Web.Mvc.Controllers.AccountMembershipService(); if (appNameInHeader != null) { if (appname.ToLower() == Maps.DuradosAppName) { appname = appNameInHeader; } else { if (appname != appNameInHeader) { // BackandSSO if (!IsSso(appname, appNameInHeader)) { actionContext.Response = actionContext.Request.CreateErrorResponse( HttpStatusCode.Unauthorized, string.Format(Durados.Web.Mvc.UI.Helpers.UserValidationErrorMessages.AccessTokenNotAllowedToApp, appNameInHeader)); return; } else { appname = appNameInHeader; if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName)) { System.Web.HttpContext.Current.Items.Add(Database.AppName, appname); } else { System.Web.HttpContext.Current.Items[Database.AppName] = appname; } if (!accountMembershipService.IsApproved(username)) { try { userController uc = new userController(); string provider = GetDomainControllerProvider(appname); var userRow = (DataRow)GetUserRow(appnameObj.Value, username); string socialId = GetSocialId(provider, username, appnameObj.Value); bool hasSocialId = socialId != null; string password = GetPassword(); System.Web.HttpContext.Current.Items.Add(Database.SignupInProcess, true); if (hasSocialId) { uc.SignUpCommand(appname, username, provider, socialId, GetValues(userRow, username), GetFirstName(userRow), GetLastName(userRow), password, true); } else { bool hasMembership = Maps.Instance.GetMap(appname).GetMembershipProvider().GetUser(username, false) != null; if (hasMembership) { var signUpResults = uc.SignUp(appname, null, null, true, GetFirstName(userRow), username, GetLastName(userRow), password, password, new Dictionary <string, object>()); } else { actionContext.Response = actionContext.Request.CreateErrorResponse( HttpStatusCode.Unauthorized, string.Format(Durados.Web.Mvc.UI.Helpers.UserValidationErrorMessages.AccessTokenNotAllowedToApp, appNameInHeader)); return; } } } catch (Exception exception) { actionContext.Response = actionContext.Request.CreateErrorResponse( HttpStatusCode.Unauthorized, exception.Message, exception); } } string key = appname + "_userRow_" + username; System.Web.HttpContext.Current.Items.Remove(key); } } } } if (!System.Web.HttpContext.Current.Items.Contains(Database.Username)) { System.Web.HttpContext.Current.Items.Add(Database.Username, username); } if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName)) { System.Web.HttpContext.Current.Items.Add(Database.AppName, appname); } else { System.Web.HttpContext.Current.Items[Database.AppName] = appname; } if (!System.Web.HttpContext.Current.Items.Contains(Database.MainAppFromToken)) { System.Web.HttpContext.Current.Items.Add(Database.MainAppFromToken, mainAppFromToken); } string infoJson = null; object info = null; if (infoObj != null) { infoJson = infoObj.Value; var jss = new System.Web.Script.Serialization.JavaScriptSerializer(); info = jss.Deserialize <Dictionary <string, object> >(infoJson); } const string ForToken = "forToken"; IDictionary <string, object> tokenInfo = new Dictionary <string, object>(); if (info != null && info is IDictionary <string, object> && ((IDictionary <string, object>)info).ContainsKey(ForToken) && ((IDictionary <string, object>)info)[ForToken] is IDictionary <string, object> ) { tokenInfo = (IDictionary <string, object>)((IDictionary <string, object>)info)[ForToken]; } if (!System.Web.HttpContext.Current.Items.Contains(Database.TokenInfo)) { System.Web.HttpContext.Current.Items.Add(Database.TokenInfo, tokenInfo); } try { if (SharedMemorySingeltone.Instance.Contains(appname, SharedMemoryKey.DebugMode)) { System.Web.HttpContext.Current.Items[Durados.Workflow.JavaScript.Debug] = true; } } catch { } if (!System.Web.HttpContext.Current.Items.Contains(Database.RequestId)) { System.Web.HttpContext.Current.Items.Add(Database.RequestId, Guid.NewGuid().ToString()); } //NewRelic.Api.Agent.NewRelic.AddCustomParameter(Durados.Database.RequestId, System.Web.HttpContext.Current.Items[Database.RequestId].ToString()); //if (actionContext.Request.Headers.Contains("AppName")) //{ try { //if (!IsAppReady()) //{ // throw new Durados.DuradosException("App is not ready yet"); //} //if (!accountMembershipService.ValidateUser(username) || !accountMembershipService.IsApproved(username) || Revoked(appname, GetAuthToken(actionContext))) if (!accountMembershipService.IsApproved(username) || Revoked(appname, GetAuthToken(actionContext))) { HandleUnauthorized(actionContext, appname, username); return; } if (!(Maps.IsDevUser(username) || System.Web.HttpContext.Current.Request.Url.Segments.Contains("general/")) && (new Durados.Web.Mvc.UI.Helpers.DuradosAuthorizationHelper().IsAppLocked(appname) || IsAdminLocked(appname, appNameFromToken, username))) { actionContext.Response = actionContext.Request.CreateErrorResponse( HttpStatusCode.Unauthorized, string.Format(Durados.Web.Mvc.UI.Helpers.UserValidationErrorMessages.AppLocked, appname)); return; } } catch (Durados.Web.Mvc.UI.Helpers.AppNotReadyException exception) { actionContext.Response = actionContext.Request.CreateResponse( HttpStatusCode.NoContent, exception.Message); return; } catch (Exception exception) { actionContext.Response = actionContext.Request.CreateErrorResponse( HttpStatusCode.InternalServerError, string.Format(Messages.Unexpected, exception.Message)); try { Maps.Instance.DuradosMap.Logger.Log(actionContext.ControllerContext.Controller.GetType().Name, actionContext.Request.RequestUri.ToString(), "BackAndAuthorizeAttribute", exception, 1, "authorization failure"); } catch { } try { if (Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.UI.Helpers.RestHelper.Refresh(appname); } } catch { } return; } //} if (_allowedRoles == "Admin") { string userRole = Maps.Instance.GetMap(appname).Database.GetUserRole(); if (!(userRole == "Admin" || userRole == "Developer")) { actionContext.ActionArguments.Add(Database.backand_serverAuthorizationAttempt, true); actionContext.ActionArguments.Add(UserRoleNotSufficient, true); HandleUnauthorized(actionContext, appname, username); return; } } if (_allowedRoles == "Developer") { string userRole = Maps.Instance.GetMap(appname).Database.GetUserRole(); if (userRole != "Developer") { actionContext.ActionArguments.Add(Database.backand_serverAuthorizationAttempt, true); actionContext.ActionArguments.Add(UserRoleNotSufficient, true); HandleUnauthorized(actionContext, appname, username); return; } } try { string message = null; if (!mainAppFromToken && IsCustomDeny(appname, username, out message)) { HandleUnauthorized(actionContext, appname, username, message); return; } } catch (Exception exception) { HandleUnauthorized(actionContext, appname, username, "Unexpected error: " + exception.Message); return; } ((apiController)actionContext.ControllerContext.Controller).Init(); } catch { HandleUnauthorized(actionContext, null, null); return; } }