public LoginResponse Login (WebServiceLogin login) { LoginResponse response = new LoginResponse (); using (DB db = new DB ()) { Authenticate (db, login, response); response.User = login.User; return response; } }
public LoginResponse LoginOpenId (WebServiceLogin login, string email, string ip4) { LoginResponse response = new LoginResponse (); using (DB db = new DB ()) { VerifyUserInRole (db, login, Roles.Administrator); DBLogin_Extensions.LoginOpenId (db, response, email, ip4); return response; } }
public LoginResponse LoginOpenId (WebServiceLogin login, string email, string ip4) { LoginResponse response = new LoginResponse (); using (DB db = new DB ()) { try { VerifyUserInRole (db, login, Roles.Administrator); db.Audit (login, "WebServices.LoginOpenId (email: {0}, ip4: {1})", email, ip4); DBLogin_Extensions.LoginOpenId (db, response, email, ip4); } catch (Exception ex) { response.Exception = new WebServiceException (ex); } return response; } }
public static void GitHubLogin (DB db, LoginResponse response, string ip4, List<string[]> userOrgs, string gitHubLogin = "") { var userrole = Configuration.GitHubOrganizationList.FirstOrDefault(node => { var split = node.Split (':'); var roleSpecCheck = split[0]; var roles = split[1]; var orgAndTeamString = roleSpecCheck.Split ('*'); // If we only have an org, just check for that. return orgAndTeamString.Length == 1 ? userOrgs.Any (org => org[0] == orgAndTeamString[0]) : userOrgs.Any (org => org[0] == orgAndTeamString[0] && org[1] == orgAndTeamString[1]); }); if (userrole == null) { throw new Exception ("No valid organizations or teams available for logging in"); } LoginDB (db, response, gitHubLogin, userrole.Split(':')[1], ip4); }
public static void Login (DB db, LoginResponse response, string email, string ip4) { string [] specs; // email is used when using OpenID/Google Auth, // and is checked against the OpenIdRoles in the Wrench Config. // For GitHub auth, userOrgs is used to store the users // GitHub organizations which are checked against the configs. // Setting the useGitHub flag will pick which format to auth against, // GitHub or OpenID/Google. // Note: username is NOT used for checking for authorization. // It is used for adding that users name as the users Wrench account name string username = email; specs = Configuration.OpenIdRoles; foreach (var spec in specs) { // org:role1,role2 // email:role1,role2 string [] split = spec.Split (':'); if (split.Length != 2) { log.ErrorFormat ("AuthenticateLogin: Invalid role spec: {0}", spec); continue; } if (string.IsNullOrEmpty (split [1])) { log.ErrorFormat ("AuthenticateLogin: No roles specified for {0}", split [0]); continue; } var roleSpecCheck = split[0]; var roles = split[1]; if (!Regex.IsMatch (email, roleSpecCheck)) continue; LoginDB (db, response, username, roles, ip4); return; } throw new Exception ("The provided email address is not allowed to log in"); }
public static void LoginDB (DB db, LoginResponse response, string username, string roles, string ip4) { // We now create an account with an empty password and the specified roles. // Note that it is not possible to log into an account with an empty password // using the normal login procedure. DBPerson open_person = null; using (IDbCommand cmd = db.CreateCommand ()) { cmd.CommandText = @"SELECT * FROM Person WHERE login = @login;"; DB.CreateParameter (cmd, "login", username); using (var reader = cmd.ExecuteReader ()) { if (reader.Read ()) open_person = new DBPerson (reader); } } if (open_person == null) { open_person = new DBPerson (); open_person.login = username; open_person.roles = roles; open_person.Save (db); } else { // only save if something has changed if (open_person.roles != roles) { open_person.roles = roles; open_person.Save (db); } } WebServiceLogin login = new WebServiceLogin (); login.Ip4 = ip4; login.User = open_person.login; db.Audit (login, "DBLogin_Extensions.Login (username: {0}, ip4: {1})", username, ip4); var result = new DBLogin (); result.person_id = open_person.id; result.ip4 = ip4; result.cookie = CreateCookie (); result.expires = DateTime.Now.AddDays (1); result.Save (db); response.User = username; response.UserName = username; response.UserRoles = open_person.Roles; response.Cookie = result.cookie; }
public static void LoginOpenId (DB db, LoginResponse response, string email, string ip4) { if (string.IsNullOrEmpty (Configuration.OpenIdProvider) && string.IsNullOrEmpty (Configuration.OauthClientId)) throw new Exception ("No OpenId provider available"); if (string.IsNullOrEmpty (Configuration.OpenIdRoles)) throw new Exception ("No OpenId roles specified"); if (string.IsNullOrEmpty (email)) throw new Exception ("OpenId authentication requires an email"); string [] specs = Configuration.OpenIdRoles.Split (';'); foreach (var spec in specs) { // email:role1,role2 string [] split = spec.Split (':'); if (split.Length != 2) { log.ErrorFormat ("AuthenticateOpenId: Invalid role spec: {0}", spec); continue; } if (string.IsNullOrEmpty (split [1])) { log.ErrorFormat ("AuthenticateOpenId: No roles specified for {0}", split [0]); continue; } if (!Regex.IsMatch (email, split [0])) continue; // We now create an account with an empty password and the specified roles. // Note that it is not possible to log into an account with an empty password // using the normal login procedure. DBPerson open_person = null; using (IDbCommand cmd = db.CreateCommand ()) { cmd.CommandText = @"SELECT * FROM Person WHERE login = @login;"; DB.CreateParameter (cmd, "login", email); using (var reader = cmd.ExecuteReader ()) { if (reader.Read ()) open_person = new DBPerson (reader); } } if (open_person == null) { open_person = new DBPerson (); open_person.login = email; open_person.roles = split [1]; open_person.Save (db); } else { // only save if something has changed if (open_person.roles != split [1]) { open_person.roles = split [1]; open_person.Save (db); } } WebServiceLogin login = new WebServiceLogin (); login.Ip4 = ip4; login.User = open_person.login; db.Audit (login, "DBLogin_Extensions.LoginOpenId (email: {0}, ip4: {1})", email, ip4); var result = new DBLogin (); result.person_id = open_person.id; result.ip4 = ip4; result.cookie = CreateCookie (); result.expires = DateTime.Now.AddDays (1); result.Save (db); response.User = email; response.UserName = email; response.UserRoles = open_person.Roles; response.Cookie = result.cookie; return; } throw new Exception ("The provided email address is not allowed to log in"); }