예제 #1
0
        /// <inheritdoc/>
        public async Task <AuthenticationResult> AcquireToken(TargetUri targetUri, string username, string password, AuthenticationResultType resultType, TokenScope scope)
        {
            if (resultType == AuthenticationResultType.TwoFactor)
            {
                // a previous attempt to aquire a token failed in a way that suggests the user has
                // Bitbucket 2FA turned on. so attempt to run the OAuth dance...
                OAuth.OAuthAuthenticator oauth = new OAuth.OAuthAuthenticator();
                try
                {
                    var result = await oauth.GetAuthAsync(targetUri, scope, CancellationToken.None);

                    if (!result.IsSuccess)
                    {
                        Trace.WriteLine($"oauth authentication failed");
                        return(new AuthenticationResult(AuthenticationResultType.Failure));
                    }

                    // we got a toke but lets check to see the usernames match
                    var restRootUri = new Uri(_restRootUrl);
                    var authHeader  = GetBearerHeaderAuthHeader(result.Token.Value);
                    var userResult  = await RestClient.TryGetUser(targetUri, RequestTimeout, restRootUri, authHeader);

                    if (!userResult.IsSuccess)
                    {
                        Trace.WriteLine($"oauth user check failed");
                        return(new AuthenticationResult(AuthenticationResultType.Failure));
                    }

                    if (!string.IsNullOrWhiteSpace(userResult.RemoteUsername) && !username.Equals(userResult.RemoteUsername))
                    {
                        Trace.WriteLine($"Remote username [{userResult.RemoteUsername}] != [{username}] supplied username");
                        // make sure the 'real' username is returned
                        return(new AuthenticationResult(AuthenticationResultType.Success, result.Token, result.RefreshToken, userResult.RemoteUsername));
                    }

                    // everything is hunky dory
                    return(result);
                }
                catch (Exception ex)
                {
                    Trace.WriteLine($"oauth authentication failed [{ex.Message}]");
                    return(new AuthenticationResult(AuthenticationResultType.Failure));
                }
            }
            else
            {
                BasicAuthAuthenticator basicauth = new BasicAuthAuthenticator();
                try
                {
                    var restRootUri = new Uri(_restRootUrl);
                    return(await basicauth.GetAuthAsync(targetUri, scope, RequestTimeout, restRootUri, username, password));
                }
                catch (Exception ex)
                {
                    Trace.WriteLine($"basic auth authentication failed [{ex.Message}]");
                    return(new AuthenticationResult(AuthenticationResultType.Failure));
                }
            }
        }
예제 #2
0
 /// <inheritdoc/>
 public async Task <AuthenticationResult> RefreshToken(TargetUri targetUri, string refreshToken)
 {
     // Refreshing is only an OAuth concept so use the OAuth tools
     OAuth.OAuthAuthenticator oauth = new OAuth.OAuthAuthenticator();
     try
     {
         return(await oauth.RefreshAuthAsync(targetUri, refreshToken, CancellationToken.None));
     }
     catch (Exception ex)
     {
         Trace.WriteLine($"oauth refresh failed [{ex.Message}]");
         return(new AuthenticationResult(AuthenticationResultType.Failure));
     }
 }
예제 #3
0
파일: Authority.cs 프로젝트: numbnet/unix
        /// <inheritdoc/>
        public async Task <AuthenticationResult> AcquireToken(TargetUri targetUri, Credential credentials, AuthenticationResultType resultType, TokenScope scope)
        {
            if (targetUri is null)
            {
                throw new ArgumentNullException(nameof(targetUri));
            }
            if (credentials is null)
            {
                throw new ArgumentNullException(nameof(credentials));
            }
            if (resultType < AuthenticationResultType.None || resultType > AuthenticationResultType.TwoFactor)
            {
                throw new ArgumentOutOfRangeException(nameof(resultType));
            }
            if (scope is null)
            {
                throw new ArgumentNullException(nameof(scope));
            }

            if (resultType == AuthenticationResultType.TwoFactor)
            {
                // A previous attempt to acquire a token failed in a way that suggests the user has
                // Bitbucket 2FA turned on. so attempt to run the OAuth dance...
                var oauth = new OAuth.OAuthAuthenticator(Context);
                try
                {
                    var result = await oauth.GetAuthAsync(targetUri, scope, CancellationToken.None);

                    if (!result.IsSuccess)
                    {
                        Trace.WriteLine($"oauth authentication failed");
                        return(new AuthenticationResult(AuthenticationResultType.Failure));
                    }

                    // We got a toke but lets check to see the usernames match.
                    var restRootUri = new Uri(_restRootUrl);
                    var userResult  = await(new RestClient(Context)).TryGetUser(targetUri, RequestTimeout, restRootUri, result.Token);

                    if (!userResult.IsSuccess)
                    {
                        Trace.WriteLine($"oauth user check failed");
                        return(new AuthenticationResult(AuthenticationResultType.Failure));
                    }

                    if (!string.IsNullOrWhiteSpace(userResult.RemoteUsername) && !credentials.Username.Equals(userResult.RemoteUsername))
                    {
                        Trace.WriteLine($"Remote username [{userResult.RemoteUsername}] != [{credentials.Username}] supplied username");
                        // Make sure the 'real' username is returned.
                        return(new AuthenticationResult(AuthenticationResultType.Success, result.Token, result.RefreshToken, userResult.RemoteUsername));
                    }

                    // Everything is hunky dory.
                    return(result);
                }
                catch (Exception ex)
                {
                    Trace.WriteLine($"oauth authentication failed [{ex.Message}]");
                    return(new AuthenticationResult(AuthenticationResultType.Failure));
                }
            }
            else
            {
                var basicauth = new BasicAuthAuthenticator(Context);
                try
                {
                    var restRootUri = new Uri(_restRootUrl);
                    return(await basicauth.GetAuthAsync(targetUri, scope, RequestTimeout, restRootUri, credentials));
                }
                catch (Exception ex)
                {
                    Trace.WriteLine($"basic authentication failed [{ex.Message}]");
                    return(new AuthenticationResult(AuthenticationResultType.Failure));
                }
            }
        }
        /// <inheritdoc/>
        public async Task <AuthenticationResult> AcquireToken(TargetUri targetUri, string username, string password, AuthenticationResultType resultType, TokenScope scope)
        {
            if (resultType == AuthenticationResultType.TwoFactor)
            {
                // a previous attempt to aquire a token failed in a way that suggests the user has
                // Bitbucket 2FA turned on. so attempt to run the OAuth dance...
                OAuth.OAuthAuthenticator oauth = new OAuth.OAuthAuthenticator();
                try
                {
                    return(await oauth.GetAuthAsync(targetUri, scope, CancellationToken.None));
                }
                catch (Exception ex)
                {
                    Trace.WriteLine($"oauth authentication failed [{ex.Message}]");
                    return(new AuthenticationResult(AuthenticationResultType.Failure));
                }
            }
            else
            {
                // use the provided username and password and attempt a Basic Auth request to a known
                // REST API resource.
                Token token = null;
                using (HttpClientHandler handler = targetUri.HttpClientHandler)
                {
                    using (HttpClient httpClient = new HttpClient(handler)
                    {
                        Timeout = TimeSpan.FromMilliseconds(RequestTimeout)
                    })
                    {
                        string basicAuthValue = String.Format("{0}:{1}", username, password);
                        byte[] authBytes      = Encoding.UTF8.GetBytes(basicAuthValue);
                        basicAuthValue = Convert.ToBase64String(authBytes);
                        httpClient.DefaultRequestHeaders.Add("Authorization", "Basic " + basicAuthValue);

                        var url = new Uri(new Uri(_restRootUrl), UserUrl).AbsoluteUri;
                        using (HttpResponseMessage response = await httpClient.GetAsync(url))
                        {
                            Trace.WriteLine($"server responded with {response.StatusCode}.");

                            switch (response.StatusCode)
                            {
                            case HttpStatusCode.OK:
                            case HttpStatusCode.Created:
                            {
                                // Success with username/passord indicates 2FA is not on so
                                // the 'token' is actually the password if we had a
                                // successful call then the password is good.
                                token = new Token(password, TokenType.Personal);

                                Trace.WriteLine("authentication success: new password token created.");
                                return(new AuthenticationResult(AuthenticationResultType.Success, token));
                            }

                            case HttpStatusCode.Forbidden:
                            {
                                // A 403/Forbidden response indicates the username/password
                                // are recognized and good but 2FA is on in which case we
                                // want to indicate that with the TwoFactor result
                                Trace.WriteLine("two-factor app authentication code required");
                                return(new AuthenticationResult(AuthenticationResultType.TwoFactor));
                            }

                            case HttpStatusCode.Unauthorized:
                            {
                                // username or password are wrong.
                                Trace.WriteLine("authentication failed");
                                return(new AuthenticationResult(AuthenticationResultType.Failure));
                            }

                            default:
                                // any unexpected result can be treated as a failure.
                                Trace.WriteLine("authentication failed");
                                return(new AuthenticationResult(AuthenticationResultType.Failure));
                            }
                        }
                    }
                }
            }
        }