/// <summary>
/// Create an access token for this account and add it to the list
/// of usable tokens.
/// </summary>
/// <param name="pScope">scope of token (usually 'owner')</param>
/// <param name="pParam">an extra uniquifying string to add to generated token</param>
/// <returns>The created token</returns>
public AuthTokenInfo CreateAccessToken(AuthTokenInfo.ScopeCode pScope, string pParam = "")
{
AuthTokenInfo authInfo = AuthTokenInfo.NewToken(pScope, pParam);
this.AuthTokens.Insert(authInfo);
this.Updated();
return(authInfo);
}
// Get the authorization information for a particular token.
// Returns 'null' if there is no such authorization.
public bool TryGetAuthTokenInfo(string pToken, out AuthTokenInfo oAuthToken,
AuthTokenInfo.ScopeCode pScope = AuthTokenInfo.ScopeCode.any)
{
foreach (var authInfo in AuthTokens.Enumerate())
{
if (authInfo.Token == pToken && (pScope == AuthTokenInfo.ScopeCode.any || authInfo.Scope == pScope))
{
oAuthToken = authInfo;
return(true);
}
}
oAuthToken = null;
return(false);
}
/// <summary>
/// Find the account information based on the passed AuthToken.
/// </summary>
/// <param name="pAccountID"></param>
/// <param name="oAccount">AccountEntity found</param>
/// <returns></returns>
public bool TryGetAccountWithAuthToken(string pAuthToken, out AccountEntity oAccount,
AuthTokenInfo.ScopeCode pScope = AuthTokenInfo.ScopeCode.any)
{
AccountEntity ret = null;
if (pAuthToken != null)
{
ret = GetAccountWithFilter(acct =>
{
return(acct.TryGetAuthTokenInfo(pAuthToken, out _, pScope));
});
}
oAccount = ret;
return(ret != null);
}
public RESTReplyData user_login(RESTRequestData pReq, List <string> pArgs)
{
RESTReplyData replyData = new RESTReplyData(); // The HTTP response info
// The /oauth/token request doesn't return a regular respBody
// Should verify that the content-type is "application/x-www-form-urlencoded"
Dictionary <string, string> reqArgs = Tools.PostBody2Dict(pReq.RequestBody);
string accessGrantType = reqArgs["grant_type"];
switch (accessGrantType)
{
case "password":
{
// There are several types of "password"s passed by Interface:
// PLAIN PASSWORD
string userName = reqArgs["username"];
string userPassword = reqArgs["password"];
// STEAM
// string userPassword = reqArgs["steam_auth_ticket"];
// OCULUS
// string userPassword = reqArgs["oculus_nonce"];
// string userPassword = reqArgs["oculus_id"];
AuthTokenInfo.ScopeCode userScope = AuthTokenInfo.ScopeCode.owner;
if (reqArgs.ContainsKey("scope"))
{
try
{
userScope = Enum.Parse <AuthTokenInfo.ScopeCode>(reqArgs["scope"] ?? "owner");
}
catch
{
Context.Log.Error("{0} /oauth/token: unknown scope code: {1}", _logHeader, reqArgs["scope"]);
userScope = AuthTokenInfo.ScopeCode.owner;
}
}
// Context.Log.Debug("{0} Get access token for {1} with password", _logHeader, userName);
if (Accounts.Instance.TryGetAccountWithUsername(userName, out AccountEntity aAccount))
{
if (Accounts.Instance.ValidPassword(aAccount, userPassword))
{
Context.Log.Debug("{0} Login of user {1}", _logHeader, userName);
AuthTokenInfo authInfo = aAccount.CreateAccessToken(userScope, pReq.SenderKey + ";" + userName);
// The response does not follow the usual {status: , data: } form.
replyData.SetBody(OAuthTokenResponseBody(aAccount, authInfo));
}
else
{
Context.Log.Debug("{0} Login failed for user {1}", _logHeader, userName);
// The password doesn't work.
replyData.SetBody(OAuthResponseError("Login failed"));
replyData.Status = (int)HttpStatusCode.Unauthorized;
}
}
else
{
Context.Log.Error("{0} Attempt to get token for unknown user {1}. Sender={2}",
_logHeader, userName, pReq.SenderKey);
replyData.SetBody(OAuthResponseError("Unknown user"));
replyData.Status = (int)HttpStatusCode.BadRequest;
}
break;
}
case "authorization_code":
{
string clientID = reqArgs["client_id"];
string clientSecret = reqArgs["client_secret"];
string clientAuthCode = reqArgs["code"];
string redirectURL = reqArgs["redirect_url"];
Context.Log.Error("{0} Attempt to login with 'authorization_code'. clientID={1}",
_logHeader, clientID);
replyData.SetBody(OAuthResponseError("Cannot process 'authorization_code'"));
replyData.Status = (int)HttpStatusCode.Unauthorized;
break;
}
case "refresh_token":
{
string refreshingToken = reqArgs["refresh_token"];
string userScope = reqArgs["scope"] ?? "owner";
if (Accounts.Instance.TryGetAccountWithAuthToken(pReq.AuthToken, out AccountEntity aAccount))
{
Context.Log.Debug("{0} Refreshing access token for account {1}", _logHeader, aAccount.AccountID);
AuthTokenInfo refreshToken = aAccount.RefreshAccessToken(refreshingToken);
if (refreshToken != null)
{
replyData.SetBody(OAuthTokenResponseBody(aAccount, refreshToken));
}
else
{
replyData.SetBody(OAuthResponseError("Cannot refresh"));
replyData.Status = (int)HttpStatusCode.BadRequest;
}
}
else
{
Context.Log.Error("{0} Attempt to refresh token for not logged in user", _logHeader);
replyData.SetBody(OAuthResponseError("Unknown user"));
replyData.Status = (int)HttpStatusCode.BadRequest;
}
break;
}
default:
Context.Log.Error("{0} Attempt to login with unknown grant type. Type={1}",
_logHeader, accessGrantType);
replyData.SetBody(OAuthResponseError("Unknown grant type: " + accessGrantType));
replyData.Status = (int)HttpStatusCode.Unauthorized;
break;
}
// Context.Log.Debug("{0} oauth/token replyBody={1}", _logHeader, replyData.Body);
return(replyData);
}
