private bool AuthoriseRequest(string path, OAuthToken token, out OAuthApplication oae, out string nonce) { string authorisationHeader = ReadAuthorisationHeader(); if (authorisationHeader != null && authorisationHeader.StartsWith("OAuth ")) { NameValueCollection authorisationHeaders = ParseAuthorisationHeader(authorisationHeader.Substring(6)); string requestConsumerKey = authorisationHeaders["oauth_consumer_key"]; try { oae = new OAuthApplication(core, requestConsumerKey); nonce = authorisationHeaders["oauth_nonce"]; SortedDictionary<string, string> signatureParamaters = new SortedDictionary<string, string>(); foreach (string key in authorisationHeaders.Keys) { if (key == null) { } else if (key == "oauth_signature") { } else { signatureParamaters.Add(key, authorisationHeaders[key]); } } foreach (string key in core.Http.Query.Keys) { if (string.IsNullOrEmpty(key)) { } else if (key.StartsWith("global_")) { } else if (key == "oauth_signature") { } else { signatureParamaters.Add(key, core.Http.Query[key]); } } foreach (string key in core.Http.Form.Keys) { //if (key == "oauth_verifier") if (string.IsNullOrEmpty(key)) { } else { signatureParamaters.Add(key, core.Http.Form[key]); } } string parameters = string.Empty; foreach (string key in signatureParamaters.Keys) { if (parameters != string.Empty) { parameters += "&"; } parameters += string.Format("{0}={1}", OAuth.UrlEncode(key), OAuth.UrlEncode(signatureParamaters[key])); } string signature = core.Http.HttpMethod + "&" + OAuth.UrlEncode(core.Http.Host + path) + "&" + OAuth.UrlEncode(parameters); if (token == null) { string oauthToken = authorisationHeaders["oauth_token"]; if (!string.IsNullOrEmpty(oauthToken)) { try { token = new OAuthToken(core, oauthToken); // start session StartSession(token); } catch (InvalidOAuthTokenException) { oae = null; nonce = null; return false; } } } string requestSignature = authorisationHeaders["oauth_signature"]; string expectedSignature = OAuth.ComputeSignature(signature, oae.ApiSecret + "&" + (token != null ? token.TokenSecret : string.Empty)); if (requestSignature == expectedSignature) { return true; } #if DEBUG else { HttpContext.Current.Response.Write("Request signature: " + requestSignature + "\r\n"); HttpContext.Current.Response.Write("Expected signature: " + expectedSignature + "\r\n"); HttpContext.Current.Response.Write("signature: " + signature + "\r\n"); if (token != null) { HttpContext.Current.Response.Write("token: " + token.Token + "\r\n"); HttpContext.Current.Response.Write("secret: " + token.TokenSecret + "\r\n"); } } #endif } catch (InvalidApplicationException) { oae = null; nonce = null; return false; } } oae = null; nonce = null; return false; }
public static List<OAuthApplication> GetApps(Core core, Primitive owner) { List<OAuthApplication> oauthApplications = new List<OAuthApplication>(); SelectQuery query = Item.GetSelectQueryStub(core, typeof(PrimitiveApplicationInfo)); query.AddFields(Item.GetFieldsPrefixed(core, typeof(ApplicationEntry))); query.AddJoin(JoinTypes.Inner, Item.GetTable(typeof(ApplicationEntry)), "application_id", "application_id"); query.AddFields(Item.GetFieldsPrefixed(core, typeof(OAuthApplication))); query.AddJoin(JoinTypes.Inner, Item.GetTable(typeof(OAuthApplication)), "application_id", "application_id"); query.AddCondition(new DataField(typeof(PrimitiveApplicationInfo), "item_id"), owner.ItemKey.Id); query.AddCondition(new DataField(typeof(PrimitiveApplicationInfo), "item_type_id"), owner.ItemKey.TypeId); query.AddCondition(new DataField(typeof(ApplicationEntry), "application_type"), (byte)ApplicationType.OAuth); System.Data.Common.DbDataReader userApplicationsReader = core.Db.ReaderQuery(query); if (userApplicationsReader.HasRows) { while (userApplicationsReader.Read()) { OAuthApplication ae = new OAuthApplication(core, userApplicationsReader); oauthApplications.Add(ae); } userApplicationsReader.Close(); userApplicationsReader.Dispose(); } return oauthApplications; }
public static OAuthToken Create(Core core, OAuthApplication oae, string nonce) { if (core == null) { throw new NullCoreException(); } SelectQuery query = new SelectQuery(typeof(OAuthToken)); query.AddCondition("oauth_token_nonce", nonce); System.Data.Common.DbDataReader queryReader = core.Db.ReaderQuery(query); if (queryReader.HasRows) { queryReader.Close(); queryReader.Dispose(); throw new NonceViolationException(); } else { queryReader.Close(); queryReader.Dispose(); } string newToken = string.Empty; do { newToken = OAuth.GeneratePublic(); } while (!CheckTokenUnique(core, newToken)); string newSecret = OAuth.GenerateSecret(); Item item = Item.Create(core, typeof(OAuthToken), new FieldValuePair("oauth_application_id", oae.Id), new FieldValuePair("oauth_token", newToken), new FieldValuePair("oauth_token_secret", newSecret), new FieldValuePair("oauth_token_nonce", nonce), new FieldValuePair("oauth_token_ip", core.Http.IpAddress), new FieldValuePair("oauth_token_created_ut", UnixTime.UnixTimeStamp()), new FieldValuePair("oauth_token_expires_ut", UnixTime.UnixTimeStamp() + 15 * 60), /* Expire after 15 minutes */ new FieldValuePair("oauth_token_expired", false)); OAuthToken newOAuthToken = (OAuthToken)item; return newOAuthToken; }
void AccountApplicationSettings_Save(object sender, EventArgs e) { AuthoriseRequestSid(); string title = core.Http.Form["title"]; string description = core.Http.Form["description"]; string callbackUrl = core.Http.Form["callback"]; if (Owner is ApplicationEntry) { ApplicationEntry ae = (ApplicationEntry)Owner; if (ae.ApplicationType == ApplicationType.OAuth) { OAuthApplication oa = new OAuthApplication(core, ae); oa.CallbackUrl = callbackUrl; oa.Update(); } ae.Title = title; ae.Description = description; ae.Update(); SetInformation("Application settings saved."); } }
public static OAuthApplication Create(Core core, string title, string slug, string description) { if (core == null) { throw new NullCoreException(); } core.Db.BeginTransaction(); InsertQuery iQuery = new InsertQuery(typeof(ApplicationEntry)); iQuery.AddField("application_name", slug); iQuery.AddField("user_id", core.LoggedInMemberId); iQuery.AddField("application_date_ut", UnixTime.UnixTimeStamp()); iQuery.AddField("application_title", title); iQuery.AddField("application_description", description); iQuery.AddField("application_primitive", false); iQuery.AddField("application_primitives", (byte)AppPrimitives.None); iQuery.AddField("application_comment", false); iQuery.AddField("application_rating", false); iQuery.AddField("application_style", false); iQuery.AddField("application_script", false); iQuery.AddField("application_type", (byte)ApplicationType.OAuth); iQuery.AddField("application_cron_enabled", false); iQuery.AddField("application_cron_frequency", 0); long applicationId = core.Db.Query(iQuery); ApplicationEntry newApplication = new ApplicationEntry(core, applicationId); iQuery = new InsertQuery(typeof(OAuthApplication)); iQuery.AddField("application_id", applicationId); iQuery.AddField("application_website", string.Empty); iQuery.AddField("application_api_key", OAuth.GeneratePublic()); iQuery.AddField("application_api_secret", OAuth.GenerateSecret()); iQuery.AddField("application_api_callback", string.Empty); core.Db.Query(iQuery); OAuthApplication newApp = new OAuthApplication(core, newApplication); ApplicationDeveloper developer = ApplicationDeveloper.Create(core, newApplication, core.Session.LoggedInMember); try { ApplicationEntry profileAe = core.GetApplication("Profile"); profileAe.Install(core, newApplication); } catch { } try { ApplicationEntry guestbookAe = core.GetApplication("GuestBook"); guestbookAe.Install(core, newApplication); } catch { } try { ApplicationEntry galleryAe = core.GetApplication("Gallery"); galleryAe.Install(core, newApplication); } catch { } return newApp; }
void AccountApplicationSettings_Show(object sender, EventArgs e) { template.SetTemplate("account_application_settings.html"); Save(new EventHandler(AccountApplicationSettings_Save)); if (Owner is ApplicationEntry) { ApplicationEntry ae = (ApplicationEntry)Owner; template.Parse("APPLICATION_TITLE", ae.Title); template.Parse("APPLICATION_DESCRIPTION", ae.Description); if (ae.ApplicationType == ApplicationType.OAuth) { OAuthApplication oa = new OAuthApplication(core, ae); template.Parse("IS_OAUTH", "TRUE"); template.Parse("OAUTH_CALLBACK", oa.CallbackUrl); } } }
private void OAuthApprove() { string oauthToken = core.Http.Form["oauth_token"]; bool success = false; try { OAuthToken token = new OAuthToken(core, oauthToken); ApplicationEntry ae = token.Application; OAuthApplication oae = new OAuthApplication(core, ae); if (core.Http.Form["mode"] == "verify") { Authenticator authenticator = new Authenticator(); if (authenticator.CheckCode(core.Session.CandidateMember.UserInfo.TwoFactorAuthKey, core.Http.Form["verify"])) { success = true; } else { showVerificationForm(ae, oauthToken, core.Session.SessionId); return; } } else { bool authenticated = false; string userName = Request.Form["username"]; string password = BoxSocial.Internals.User.HashPassword(Request.Form["password"]); DataTable userTable = db.Query(string.Format("SELECT uk.user_name, uk.user_id, ui.user_password, ui.user_two_factor_auth_key, ui.user_two_factor_auth_verified FROM user_keys uk INNER JOIN user_info ui ON uk.user_id = ui.user_id WHERE uk.user_name = '{0}';", userName)); if (userTable.Rows.Count == 1) { DataRow userRow = userTable.Rows[0]; string dbPassword = (string)userRow["user_password"]; if (dbPassword == password) { authenticated = true; } if (authenticated) { if ((byte)userRow["user_two_factor_auth_verified"] > 0) { string sessionId = session.SessionBegin((long)userRow["user_id"], false, false, false); showVerificationForm(ae, oauthToken, sessionId); return; } else { string sessionId = session.SessionBegin((long)userRow["user_id"], false, false); success = true; } } else { OAuthAuthorize(true); return; } } } if (success) { OAuthVerifier verifier = OAuthVerifier.Create(core, token, core.Session.CandidateMember); token.UseToken(); db.CommitTransaction(); if (!string.IsNullOrEmpty(oae.CallbackUrl)) { Response.Redirect(string.Format("{0}?oauth_token={1}&oauth_verifier={2}", oae.CallbackUrl, Uri.EscapeDataString(token.Token), Uri.EscapeDataString(verifier.Verifier))); } else { core.Response.SendRawText("", string.Format("oauth_token={0}&oauth_verifier={1}", Uri.EscapeDataString(token.Token), Uri.EscapeDataString(verifier.Verifier))); } } else { // Incorrect password OAuthAuthorize(true); return; } } catch (InvalidOAuthTokenException) { core.Functions.Generate403(); } EndResponse(); }
public static void Show(Core core, TPage page, User owner) { if (core == null) { throw new NullCoreException(); } if (core.ResponseFormat == ResponseFormats.Xml) { ShowMore(core, page, owner); return; } Template template = new Template(core.Http.TemplatePath, "viewfeed.html"); template.Medium = core.Template.Medium; template.SetProse(core.Prose); PermissionGroupSelectBox permissionSelectBox = new PermissionGroupSelectBox(core, "permissions", owner.ItemKey); template.Parse("S_STATUS_PERMISSIONS", permissionSelectBox); bool moreContent = false; long lastId = 0; bool first = true; List<Action> feedActions = Feed.GetItems(core, owner, page.TopLevelPageNumber, 20, page.TopLevelPageOffset, out moreContent); if (feedActions.Count > 0) { template.Parse("HAS_FEED_ITEMS", "TRUE"); VariableCollection feedDateVariableCollection = null; string lastDay = core.Tz.ToStringPast(core.Tz.Now); foreach (Action feedAction in feedActions) { DateTime feedItemDay = feedAction.GetTime(core.Tz); if (feedDateVariableCollection == null || lastDay != core.Tz.ToStringPast(feedItemDay)) { lastDay = core.Tz.ToStringPast(feedItemDay); feedDateVariableCollection = template.CreateChild("feed_days_list"); feedDateVariableCollection.Parse("DAY", lastDay); } if (first) { first = false; template.Parse("NEWEST_ID", feedAction.Id.ToString()); } VariableCollection feedItemVariableCollection = feedDateVariableCollection.CreateChild("feed_item"); core.Display.ParseBbcode(feedItemVariableCollection, "TITLE", feedAction.FormattedTitle); /*if ((!core.IsMobile) && (!string.IsNullOrEmpty(feedAction.BodyCache))) { core.Display.ParseBbcodeCache(feedItemVariableCollection, "TEXT", feedAction.BodyCache); } else*/ { Primitive itemOwner = core.PrimitiveCache[feedAction.OwnerId]; if (feedAction.InteractItem is IActionableItem) { itemOwner = ((IActionableItem)feedAction.InteractItem).Owner; if (((IActionableItem)feedAction.InteractItem).ApplicationId > 0) { try { ApplicationEntry ae = new ApplicationEntry(core, ((IActionableItem)feedAction.InteractItem).ApplicationId); if (ae.ApplicationType == ApplicationType.OAuth) { OAuthApplication oae = new OAuthApplication(core, ae); feedItemVariableCollection.Parse("VIA_APP_TITLE", oae.DisplayTitle); feedItemVariableCollection.Parse("U_VIA_APP", oae.Uri); } } catch (InvalidApplicationException) { } } } else if (feedAction.ActionedItem is IActionableItem) { itemOwner = ((IActionableItem)feedAction.ActionedItem).Owner; if (((IActionableItem)feedAction.ActionedItem).ApplicationId > 0) { try { ApplicationEntry ae = new ApplicationEntry(core, ((IActionableItem)feedAction.ActionedItem).ApplicationId); if (ae.ApplicationType == ApplicationType.OAuth) { OAuthApplication oae = new OAuthApplication(core, ae); feedItemVariableCollection.Parse("VIA_APP_TITLE", oae.DisplayTitle); feedItemVariableCollection.Parse("U_VIA_APP", oae.Uri); } } catch (InvalidApplicationException) { } } } core.Display.ParseBbcode(feedItemVariableCollection, "TEXT", feedAction.Body, itemOwner, true, string.Empty, string.Empty); } feedItemVariableCollection.Parse("USER_DISPLAY_NAME", feedAction.Owner.DisplayName); ItemKey interactItemKey = null; if (feedAction.InteractItemKey.Id > 0) { interactItemKey = feedAction.InteractItemKey; feedItemVariableCollection.Parse("ID", feedAction.InteractItemKey.Id); feedItemVariableCollection.Parse("TYPE_ID", feedAction.InteractItemKey.TypeId); } else { interactItemKey = feedAction.ActionItemKey; feedItemVariableCollection.Parse("ID", feedAction.ActionItemKey.Id); feedItemVariableCollection.Parse("TYPE_ID", feedAction.ActionItemKey.TypeId); } if (interactItemKey.GetType(core).Likeable) { feedItemVariableCollection.Parse("LIKEABLE", "TRUE"); if (feedAction.Info.Likes > 0) { feedItemVariableCollection.Parse("LIKES", string.Format(" {0:d}", feedAction.Info.Likes)); feedItemVariableCollection.Parse("DISLIKES", string.Format(" {0:d}", feedAction.Info.Dislikes)); } } if (interactItemKey.GetType(core).Commentable) { feedItemVariableCollection.Parse("COMMENTABLE", "TRUE"); if (feedAction.Info.Comments > 0) { feedItemVariableCollection.Parse("COMMENTS", string.Format(" ({0:d})", feedAction.Info.Comments)); } } //Access access = new Access(core, feedAction.ActionItemKey, true); if (feedAction.PermissiveParent.Access.IsPublic()) { feedItemVariableCollection.Parse("IS_PUBLIC", "TRUE"); if (interactItemKey.GetType(core).Shareable) { feedItemVariableCollection.Parse("SHAREABLE", "TRUE"); //feedItemVariableCollection.Parse("U_SHARE", feedAction.ShareUri); if (feedAction.Info.SharedTimes > 0) { feedItemVariableCollection.Parse("SHARES", string.Format(" {0:d}", feedAction.Info.SharedTimes)); } } } else { feedItemVariableCollection.Parse("IS_PUBLIC", "FALSE"); feedItemVariableCollection.Parse("SHAREABLE", "FALSE"); } if (feedAction.Owner is User) { feedItemVariableCollection.Parse("USER_TILE", ((User)feedAction.Owner).Tile); feedItemVariableCollection.Parse("USER_ICON", ((User)feedAction.Owner).Icon); } lastId = feedAction.Id; } } core.Display.ParseBlogPagination(template, "PAGINATION", core.Hyperlink.BuildHomeUri(), 0, moreContent ? lastId : 0); template.Parse("U_NEXT_PAGE", core.Hyperlink.BuildHomeUri() + "?p=" + (core.TopLevelPageNumber + 1) + "&o=" + lastId); core.AddMainPanel(template); }
void AccountApplicationOAuth_GenerateKeys(object sender, EventArgs e) { AuthoriseRequestSid(); string newKey = OAuth.GeneratePublic(); string newSecret = OAuth.GenerateSecret(); if (Owner is ApplicationEntry) { ApplicationEntry ae = (ApplicationEntry)Owner; if (ae.ApplicationType == ApplicationType.OAuth) { OAuthApplication oa = new OAuthApplication(core, ae); oa.ApiKey = newKey; oa.ApiSecret = newSecret; oa.Update(); } } AccountApplicationOAuth_Show(sender, e); }
void AccountApplicationOAuth_Show(object sender, EventArgs e) { template.SetTemplate("account_application_oauth.html"); template.Parse("U_REGENERATE_KEYS", core.Hyperlink.AppendSid(BuildUri("oauth", "generate-keys"), true)); if (Owner is ApplicationEntry) { ApplicationEntry ae = (ApplicationEntry)Owner; if (ae.ApplicationType == ApplicationType.OAuth) { OAuthApplication oa = new OAuthApplication(core, ae); template.Parse("IS_OAUTH", "TRUE"); template.Parse("CONSUMER_KEY", oa.ApiKey); template.Parse("CONSUMER_SECRET", oa.ApiSecret); } /*SelectQuery query = OAuthApplication.GetSelectQueryStub(core); query.AddCondition(new DataField("applications_oauth", "application_id"), ae.Id); HttpContext.Current.Response.Write(query.ToString());*/ } }