public LoginResult CompleteMultiFactorLogin(OperationContext context, ILogin login) { PostLoginActions actions = GetPostLoginActions(login); context.User = login.CreateUserInfo(); var lastLogin = login.LastLoggedInOn; login.LastLoggedInOn = App.TimeService.UtcNow; var session = EntityHelper.GetSession(login); // session must be already established! var userSession = context.UserSession; if (userSession != null) { userSession.Status = UserSessionStatus.Active; } OnLoginEvent(context, LoginEventType.MultiFactorLoginCompleted, login); OnLoginEvent(context, LoginEventType.Login, login); OnLoginSucceeded(login); session.SaveChanges(); return(new LoginResult() { Status = LoginAttemptStatus.Success, Login = login, Actions = actions, User = context.User, SessionId = userSession?.SessionId, PreviousLoginOn = lastLogin }); }
public LoginResult CompleteMultiFactorLogin(OperationContext context, ILogin login, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding) { PostLoginActions actions = GetPostLoginActions(login); context.User = login.CreateUserInfo(); var lastLogin = login.LastLoggedInOn; login.LastLoggedInOn = App.TimeService.UtcNow; var session = EntityHelper.GetSession(login); session.SaveChanges(); AttachUserSession(context, login, null, expirationType); OnLoginEvent(context, LoginEventType.MultiFactorLoginCompleted, login); App.UserLoggedIn(context); return(new LoginResult() { Status = LoginAttemptStatus.Success, Login = login, Actions = actions, User = context.User, SessionToken = context.UserSession?.Token, RefreshToken = context.UserSession?.RefreshToken, LastLoggedInOn = lastLogin }); }
public LoginResult CompleteMultiFactorLogin(OperationContext context, ILogin login) { PostLoginActions actions = GetPostLoginActions(login); context.User = login.CreateUserInfo(); var lastLogin = login.LastLoggedInOn; login.LastLoggedInOn = App.TimeService.UtcNow; var session = EntityHelper.GetSession(login); if (context.SessionId == null) { context.SessionId = Guid.NewGuid(); } OnLoginEvent(context, LoginEventType.MultiFactorLoginCompleted, login); OnLoginEvent(context, LoginEventType.Login, login); OnLoginSucceeded(login); session.SaveChanges(); return(new LoginResult() { Status = LoginAttemptStatus.Success, Login = login, Actions = actions, User = context.User, SessionId = context.SessionId.Value, LastLoggedInOn = lastLogin }); }
public LoginResult Login(OperationContext context, string userName, string password, Guid?tenantId = null, string deviceToken = null, UserSessionExpirationType expirationType = UserSessionExpirationType.Sliding) { context.ThrowIf(password.Length > 100, ClientFaultCodes.InvalidValue, "password", "Password too long, max size: 100."); var webCtx = context.WebContext; userName = CheckUserName(context, userName); var session = context.OpenSystemSession(); var login = FindLogin(session, userName, password, tenantId); if (login == null) { if (webCtx != null) { webCtx.Flags |= WebCallFlags.AttackRedFlag; } OnLoginEvent(context, LoginEventType.LoginFailed, null, userName: userName); LogIncident(context, LoginIncidentType, LoginEventType.LoginFailed.ToString(), "User: "******"Login failed due to inactive status", userName: userName); return(new LoginResult() { Status = status, Login = login }); case LoginAttemptStatus.Failed: default: OnLoginEvent(context, LoginEventType.LoginFailed, login, userName: userName); return(new LoginResult() { Status = status }); } }//method
public static bool IsSet(this PostLoginActions actions, PostLoginActions action) { return (actions & action) != 0; }
public static bool IsSet(this PostLoginActions actions, PostLoginActions action) { return((actions & action) != 0); }
public LoginResult Login(OperationContext context, string userName, string password, Guid?tenantId = null, string deviceToken = null) { context.ThrowIf(password.Length > 100, ClientFaultCodes.InvalidValue, "password", "Password too long, max size: 100."); userName = CheckUserName(context, userName); var session = context.OpenSession(); // find login and verify password try { var login = FindLogin(session, userName, password, tenantId); if (login == null || !VerifyPassword(login, password)) { if (context.WebContext != null) { context.WebContext.Flags |= WebCallFlags.AttackRedFlag; } if (login != null) { OnLoginFailed(login); } OnLoginEvent(context, LoginEventType.LoginFailed, null, userName: userName); return(new LoginResult() { Status = LoginAttemptStatus.Failed }); } VerifyExpirationSuspensionDates(login); //check device var status = CheckCanLoginImpl(login); // if we are ready to login, check external function to allow login if (status == LoginAttemptStatus.Success && _settings.CheckCanLoginFunc != null) { status = _settings.CheckCanLoginFunc(context, login, status); } switch (status) { case LoginAttemptStatus.Success: PostLoginActions actions = GetPostLoginActions(login); context.User = login.CreateUserInfo(); //save prev value var prevLoggedInOn = login.LastLoggedInOn; OnLoginSucceeded(login); OnLoginEvent(context, LoginEventType.Login, login, userName: userName); return(new LoginResult() { Status = status, Login = login, Actions = actions, User = context.User, SessionId = Guid.NewGuid(), LastLoggedInOn = prevLoggedInOn, }); case LoginAttemptStatus.PendingMultifactor: OnLoginEvent(context, LoginEventType.LoginPendingMultiFactor, login, userName: userName); return(new LoginResult() { Status = status, Login = login }); case LoginAttemptStatus.AccountInactive: OnLoginEvent(context, LoginEventType.LoginFailed, login, "Login failed due to inactive status", userName: userName); return(new LoginResult() { Status = status, Login = login }); case LoginAttemptStatus.Failed: default: OnLoginFailed(login); OnLoginEvent(context, LoginEventType.LoginFailed, login, userName: userName); return(new LoginResult() { Status = status }); }//switch } finally { session.SaveChanges(); } }//method