private void OnRequestStart(IRequest request, IResponse response, object dto)
{
if (dto == null)
{
return;
}
var session = request.GetSession();
if (!session.IsAuthenticated)
{
return;
}
if (dto is Authenticate authenticateDto && !AuthenticateService.LogoutAction.EqualsIgnoreCase(authenticateDto.provider))
{
var copy = AuthenticateService.CurrentSessionFactory().PopulateWith(session);
request.Items[SessionCopyRequestItemKey] = copy;
// clear details to allow credentials to be rechecked,
// otherwise IsAuthorized will just return, bypassing the auth provider's Authenticate method
// fields cleared LoginMatchesSession
session.UserAuthName = null;
session.Email = null;
}
}
/// <summary>
/// Creates a new Session without an Id
/// </summary>
public static IAuthSession CreateNewSession(IRequest httpReq)
{
var session = AuthenticateService.CurrentSessionFactory();
session.CreatedAt = session.LastModified = DateTime.UtcNow;
session.OnCreated(httpReq);
var authEvents = HostContext.TryResolve <IAuthEvents>();
authEvents?.OnCreated(httpReq, session);
return(session);
}
public void Register(IAppHost appHost)
{
var s = AuthenticateService.CurrentSessionFactory() as IWebSudoAuthSession;
if (s == null)
{
throw new NotSupportedException("The IUserAuth session must also implement IWebSudoAuthSession");
}
appHost.GlobalRequestFilters.Add(OnRequestStart);
appHost.GlobalResponseFilters.Add(OnRequestEnd);
var authFeature = appHost.GetPlugin <AuthFeature>();
authFeature.AuthEvents.Add(this);
}
public static IAuthSession GetSession(this IRequest httpReq, bool reload = false)
{
if (httpReq == null)
{
return(null);
}
object oSession = null;
if (!reload)
{
httpReq.Items.TryGetValue(RequestItemsSessionKey, out oSession);
}
if (oSession != null)
{
return((IAuthSession)oSession);
}
using (var cache = httpReq.GetCacheClient())
{
var sessionId = httpReq.GetSessionId();
var session = cache.Get <IAuthSession>(SessionFeature.GetSessionKey(sessionId));
if (session == null)
{
session = AuthenticateService.CurrentSessionFactory();
session.Id = sessionId;
session.CreatedAt = session.LastModified = DateTime.UtcNow;
session.OnCreated(httpReq);
var authEvents = HostContext.TryResolve <IAuthEvents>();
if (authEvents != null)
{
authEvents.OnCreated(httpReq, session);
}
}
if (httpReq.Items.ContainsKey(RequestItemsSessionKey))
{
httpReq.Items.Remove(RequestItemsSessionKey);
}
httpReq.Items.Add(RequestItemsSessionKey, session);
return(session);
}
}
public static IAuthSession CreateNewSession(IRequest httpReq, string sessionId)
{
var session = AuthenticateService.CurrentSessionFactory();
session.Id = sessionId ?? CreateSessionIds(httpReq);
session.CreatedAt = session.LastModified = DateTime.UtcNow;
session.OnCreated(httpReq);
var authEvents = HostContext.TryResolve <IAuthEvents>();
if (authEvents != null)
{
authEvents.OnCreated(httpReq, session);
}
return(session);
}
