/// <summary> /// Create an access token for this account and add it to the list /// of usable tokens. /// </summary> /// <param name="pScope">scope of token (usually 'owner')</param> /// <param name="pParam">an extra uniquifying string to add to generated token</param> /// <returns>The created token</returns> public AuthTokenInfo CreateAccessToken(AuthTokenInfo.ScopeCode pScope, string pParam = "") { AuthTokenInfo authInfo = AuthTokenInfo.NewToken(pScope, pParam); this.AuthTokens.Insert(authInfo); this.Updated(); return(authInfo); }
// Get the authorization information for a particular token. // Returns 'null' if there is no such authorization. public bool TryGetAuthTokenInfo(string pToken, out AuthTokenInfo oAuthToken, AuthTokenInfo.ScopeCode pScope = AuthTokenInfo.ScopeCode.any) { foreach (var authInfo in AuthTokens.Enumerate()) { if (authInfo.Token == pToken && (pScope == AuthTokenInfo.ScopeCode.any || authInfo.Scope == pScope)) { oAuthToken = authInfo; return(true); } } oAuthToken = null; return(false); }
/// <summary> /// Find the account information based on the passed AuthToken. /// </summary> /// <param name="pAccountID"></param> /// <param name="oAccount">AccountEntity found</param> /// <returns></returns> public bool TryGetAccountWithAuthToken(string pAuthToken, out AccountEntity oAccount, AuthTokenInfo.ScopeCode pScope = AuthTokenInfo.ScopeCode.any) { AccountEntity ret = null; if (pAuthToken != null) { ret = GetAccountWithFilter(acct => { return(acct.TryGetAuthTokenInfo(pAuthToken, out _, pScope)); }); } oAccount = ret; return(ret != null); }
public RESTReplyData user_login(RESTRequestData pReq, List <string> pArgs) { RESTReplyData replyData = new RESTReplyData(); // The HTTP response info // The /oauth/token request doesn't return a regular respBody // Should verify that the content-type is "application/x-www-form-urlencoded" Dictionary <string, string> reqArgs = Tools.PostBody2Dict(pReq.RequestBody); string accessGrantType = reqArgs["grant_type"]; switch (accessGrantType) { case "password": { // There are several types of "password"s passed by Interface: // PLAIN PASSWORD string userName = reqArgs["username"]; string userPassword = reqArgs["password"]; // STEAM // string userPassword = reqArgs["steam_auth_ticket"]; // OCULUS // string userPassword = reqArgs["oculus_nonce"]; // string userPassword = reqArgs["oculus_id"]; AuthTokenInfo.ScopeCode userScope = AuthTokenInfo.ScopeCode.owner; if (reqArgs.ContainsKey("scope")) { try { userScope = Enum.Parse <AuthTokenInfo.ScopeCode>(reqArgs["scope"] ?? "owner"); } catch { Context.Log.Error("{0} /oauth/token: unknown scope code: {1}", _logHeader, reqArgs["scope"]); userScope = AuthTokenInfo.ScopeCode.owner; } } // Context.Log.Debug("{0} Get access token for {1} with password", _logHeader, userName); if (Accounts.Instance.TryGetAccountWithUsername(userName, out AccountEntity aAccount)) { if (Accounts.Instance.ValidPassword(aAccount, userPassword)) { Context.Log.Debug("{0} Login of user {1}", _logHeader, userName); AuthTokenInfo authInfo = aAccount.CreateAccessToken(userScope, pReq.SenderKey + ";" + userName); // The response does not follow the usual {status: , data: } form. replyData.SetBody(OAuthTokenResponseBody(aAccount, authInfo)); } else { Context.Log.Debug("{0} Login failed for user {1}", _logHeader, userName); // The password doesn't work. replyData.SetBody(OAuthResponseError("Login failed")); replyData.Status = (int)HttpStatusCode.Unauthorized; } } else { Context.Log.Error("{0} Attempt to get token for unknown user {1}. Sender={2}", _logHeader, userName, pReq.SenderKey); replyData.SetBody(OAuthResponseError("Unknown user")); replyData.Status = (int)HttpStatusCode.BadRequest; } break; } case "authorization_code": { string clientID = reqArgs["client_id"]; string clientSecret = reqArgs["client_secret"]; string clientAuthCode = reqArgs["code"]; string redirectURL = reqArgs["redirect_url"]; Context.Log.Error("{0} Attempt to login with 'authorization_code'. clientID={1}", _logHeader, clientID); replyData.SetBody(OAuthResponseError("Cannot process 'authorization_code'")); replyData.Status = (int)HttpStatusCode.Unauthorized; break; } case "refresh_token": { string refreshingToken = reqArgs["refresh_token"]; string userScope = reqArgs["scope"] ?? "owner"; if (Accounts.Instance.TryGetAccountWithAuthToken(pReq.AuthToken, out AccountEntity aAccount)) { Context.Log.Debug("{0} Refreshing access token for account {1}", _logHeader, aAccount.AccountID); AuthTokenInfo refreshToken = aAccount.RefreshAccessToken(refreshingToken); if (refreshToken != null) { replyData.SetBody(OAuthTokenResponseBody(aAccount, refreshToken)); } else { replyData.SetBody(OAuthResponseError("Cannot refresh")); replyData.Status = (int)HttpStatusCode.BadRequest; } } else { Context.Log.Error("{0} Attempt to refresh token for not logged in user", _logHeader); replyData.SetBody(OAuthResponseError("Unknown user")); replyData.Status = (int)HttpStatusCode.BadRequest; } break; } default: Context.Log.Error("{0} Attempt to login with unknown grant type. Type={1}", _logHeader, accessGrantType); replyData.SetBody(OAuthResponseError("Unknown grant type: " + accessGrantType)); replyData.Status = (int)HttpStatusCode.Unauthorized; break; } // Context.Log.Debug("{0} oauth/token replyBody={1}", _logHeader, replyData.Body); return(replyData); }