Exemplo n.º 1
0
        private static void SetCSRF()
        {
            Debug.WriteLine("Getting CSRF Token");
            String url  = GetURL("/simplecsrf/token.json");
            String json = GetPage(url);

            Debug.WriteLine(json);
            if (json.Contains("\"error\":"))
            {
                csrfToken = "";  // Block rest of CSRF calls
                System.Windows.Forms.MessageBox.Show("Error hooking Spotify. Please restart SpotBlocker after restarting Spotify.", "Error");
                System.Windows.Forms.Application.Exit();
            }
            CSRF res = JsonConvert.DeserializeObject <CSRF>(json);

            csrfToken = res.token;
        }
Exemplo n.º 2
0
        public static void ProcessRequest(HttpContext context, QueryParameter queryParameter, AuthenUtil.AuthenMode authenMode)
        {
            //Set Encoding.
            context.Response.ContentEncoding = Encoding.UTF8;

            // Security checks
            string errorMessage = "";

            if (!AuthenUtil.IsValidAuthen(context.Request, context.Session, authenMode, out errorMessage))
            {
                //message can be "DUPLICATE_LOGIN", "NOT_AUTHORIZED"
                throw new Exception(errorMessage);
            }

            if (!CSRF.IsCSRFTokenMatch(context.Session, queryParameter))
            {
                throw new Exception("CSRF_TOKEN_MISMATCH");
            }
        }
Exemplo n.º 3
0
        public async Task <IActionResult> AddOAuthToken([FromQuery(Name = "code")] string code, [FromQuery(Name = "state")] string state)
        {
            //ObjectId currentUser = ObjectId.Parse(User.FindFirst(ClaimTypes.NameIdentifier).Value);

            var db             = _mongoService.GetDb;
            var csrfCollection = db.GetCollection <CSRF>(_mongoService.GetDBSettings.OGitAuthCollectionName);
            var csrfFilter     = Builders <CSRF> .Filter.Eq(c => c.Csrf, state);

            CSRF currentUser = (await csrfCollection.FindAsync <CSRF>(csrfFilter)).FirstOrDefault();

            var gitHubClient = _githubClientService.GetGitHubClient(currentUser.Id);

            var userCollection = db.GetCollection <Models.User>("Users");
            var filter         = Builders <Models.User> .Filter.Eq(u => u.Id, currentUser.UserId);

            var user = (await userCollection.FindAsync <Models.User>(filter)).FirstOrDefault();

            if (!user.CSRF.Equals(state))
            {
                throw new InvalidOperationException("SECURITY FAIL!");
            }
            //Session["CSRF:State"]

            var token = await gitHubClient.Oauth.CreateAccessToken(
                new OauthTokenRequest(_configuration.GetSection("GithubOAuth:ClientId").Value,
                                      _configuration.GetSection("GithubOAuth:ClientSecret").Value,
                                      code));

            gitHubClient.Credentials = new Credentials(token.AccessToken);

            Octokit.User githubProfile = await gitHubClient.User.Current();

            var update = Builders <Models.User> .Update.Set("OAuthToken", token.AccessToken)
                         .Set("GithubLogin", githubProfile.Login)
                         .Set("GithubFullName", githubProfile.Name);

            await userCollection.UpdateOneAsync(filter, update);

            return(Ok());
        }