public void DeleteManager(Guid id, string password)
{
var users =
_database.GetCollection <BsonDocument> ("users");
var manager = GetManager(id);
if (_api.Authenticate(_ssaDomain.Key, manager.UserName, password) != null)
{
users.Remove(new QueryDocument("_id", id));
var domains = GetDomains(id);
if (domains != null && domains.Length > 0)
{
foreach (Domain domain in domains)
{
DeleteDomain(domain.Id);
}
}
}
}
public LogonModule(IRepository repository, IApiRepository api)
{
Get ["/forgot"] = parameters =>
{
var model = new ForgotPasswordModel();
return(View ["Forgot", model]);
};
Post ["/forgot"] = parameters =>
{
var model = this.Bind <ForgotPasswordModel> ();
model.Errors = new List <Error> ();
var result = this.Validate(model);
if (!result.IsValid)
{
model.Errors = Helpers.GetValidationErrors(result);
return(View ["Forgot", model]);
}
string password = repository.ForgotPassword(model.Email);
if (string.IsNullOrEmpty(password))
{
var error = new Error();
error.Name = "NoAccount";
error.Message = "Account does not exist. Please sign up for an account.";
model.Errors.Add(error);
}
else
{
var body = "You have requested a new password.\n";
body += string.Format("password: {0}\n", password);
body += "login at: https://www.supersimpleauth.com\n\n\n";
body += "If you did not request this password please report this activity to: [email protected] \n";
body += string.Format("The request was generated from IP: {0}", Request.UserHostAddress);
Email.Send("supersimpleauth.com", model.Email,
string.Format("New password for: {0}", model.Email), body);
model.Messages.Add("Your new password has been sent to your email.");
}
return(View ["Forgot", model]);
};
Get ["/logon"] = parameters =>
{
var logon = new LogonModel();
return(View ["Logon", logon]);
};
Post ["/logon"] = parameters =>
{
var model = this.Bind <LogonModel> ();
model.Errors = new List <Error> ();
var result = this.Validate(model);
if (!result.IsValid)
{
model.Errors = Helpers.GetValidationErrors(result);
return(View ["Logon", model]);
}
var manager = api.Authenticate(repository.SsaDomain.Key,
model.Username,
model.Secret);
var error = new Error();
error.Name = "SignInError";
error.Message = "Password or username incorrect.";
model.Errors.Add(error);
if (manager == null)
{
return(View ["Logon", model]);
}
return(this.LoginAndRedirect(manager.Id, fallbackRedirectUrl: "/home"));
};
Get ["/logoff"] = parameters =>
{
return(this.LogoutAndRedirect("/Logon"));
};
Get ["/signup"] = parameters =>
{
var model = new SignupModel();
return(View ["Index", model]);
};
Post ["/signup"] = parameters =>
{
var model = this.Bind <SignupModel> ();
model.Errors = new List <Error> ();
var result = this.Validate(model);
if (!result.IsValid)
{
model.Errors = Helpers.GetValidationErrors(result);
return(View ["Index", model]);
}
try
{
repository.CreateManager(model.Email, model.Secret);
}
catch (MongoDB.Driver.WriteConcernException e)
{
var error = new Error()
{
Name = "Duplicate",
Message = "This email has an account."
};
model.Errors.Add(error);
return(View ["Index", model]);
}
var logon = new LogonModel();
logon.Messages.Add("Successully created your account. Please Sign In.");
return(View ["Logon", logon]);
};
Get ["/settings"] = parameters =>
{
var model = new SettingsModel();
model.Manager = (IUser)this.Context.CurrentUser;
return(View ["Settings", model]);
};
Post ["/settings"] = parameters =>
{
var model = this.Bind <SettingsModel> ();
model.Manager = (IUser)this.Context.CurrentUser;
if (Request.Form.ChangeEmail != null)
{
repository.ChangeEmail(model.Manager.Id,
model.Password, model.Email);
}
if (Request.Form.ChangePassword)
{
repository.ChangePassword(model.Manager.Id, model.OldPassword,
model.NewPassword, model.ConfirmPassword);
}
if (Request.Form.Delete)
{
if (!string.IsNullOrEmpty(model.DeletePassword))
{
repository.DeleteManager(model.Manager.Id, model.DeletePassword);
return(this.Response.AsRedirect("/"));
}
else
{
var error = new Error();
error.Name = "Password";
error.Message = "Please supply a valid password to delete account.";
model.Errors.Add(error);
return(View ["Settings", model]);
}
}
return(Response.AsRedirect("/settings"));
};
}
public AuthModule(IApiRepository repository)
{
Before += ctx =>
{
//var token =
// Request.Headers [_authorization].FirstOrDefault ();
//var jwt = Jwt.ToObject(token.Replace("\"", string.Empty));
//var key = repository.GetAuthToken(Guid.Parse(jwt.Payload.Audience),
// jwt.Payload.Username);
//if(Jwt.Validate(token.Replace("\"",
// string.Empty), key))
//{
// return Response.AsJson (true);
//}
//var error = Error.VerifyRequest (Request, repository);
//if (error != null)
//{
// return Response.AsJson (error,
// Nancy.HttpStatusCode.UnprocessableEntity);
//}
///////old
//var domainKey =
// Guid.Parse (Request.Headers [_headerDomainKey].FirstOrDefault ());
//if (!repository.IpAllowed (domainKey, Request.UserHostAddress))
//{
// var e = new ErrorMessage ();
// e.Message = "Server IP not accepted";
// e.Status = "IpNotAllowed";
// return Response.AsJson (e,
// HttpStatusCode.UnprocessableEntity);
//}
return(null);
};
Post ["/email"] = parameters =>
{
var token =
Request.Headers [_authorization].FirstOrDefault();
var jwt = Jwt.ToObject(token.Replace("\"", string.Empty));
Guid domainKey = Guid.Parse(jwt.Payload.Audience);
Guid authToken = Guid.Parse(jwt.Payload.JwtTokenId);
string newEmail = Request.Form ["NewEmail"];
//string IP = Request.Form["IP"];
if (repository.EmailExists(domainKey, newEmail))
{
var e = new Error();
e.Detail = "Email already exist. Please choose another.";
e.Status = (int)HttpStatusCode.UnprocessableEntity;
e.Title = "Duplicate";
e.Source = new Source("/email");
return(Response.AsJson(e,
Nancy.HttpStatusCode.UnprocessableEntity));
}
var key = repository.GetKey(authToken);
if (repository.ChangeEmail
(domainKey, authToken, newEmail))
{
jwt.Payload.Email = newEmail;
}
return(Response.AsJson(Jwt.ToToken(jwt,
key), HttpStatusCode.OK));
};
Post ["/username"] = parameters =>
{
var token =
Request.Headers [_authorization].FirstOrDefault();
var jwt = Jwt.ToObject(token.Replace("\"", string.Empty));
Guid domainKey = Guid.Parse(jwt.Payload.Audience);
Guid authToken = Guid.Parse(jwt.Payload.JwtTokenId);
string newUserName = Request.Form ["NewUserName"];
//string IP = Request.Form["IP"];
if (repository.UsernameExists(domainKey, newUserName))
{
var e = new Error();
e.Detail = "Username already exist. Please choose another.";
e.Status = (int)HttpStatusCode.UnprocessableEntity;
e.Title = "Duplicate";
e.Source = new Source("/username");
return(Response.AsJson(e,
HttpStatusCode.UnprocessableEntity));
}
var key = repository.GetKey(authToken);
if (repository
.ChangeUserName(domainKey,
authToken, newUserName))
{
jwt.Payload.Username = newUserName;
}
return(Response.AsJson(Jwt.ToToken(jwt,
key), HttpStatusCode.OK));
};
Post ["/password"] = parameters =>
{
var token =
Request.Headers [_authorization].FirstOrDefault();
var jwt = Jwt.ToObject(token.Replace("\"", string.Empty));
Guid domainKey = Guid.Parse(jwt.Payload.Audience);
Guid authToken = Guid.Parse(jwt.Payload.JwtTokenId);
string newPassword = Request.Form ["NewPassword"];
//string IP = Request.Form["IP"];
return(Response.AsJson(repository
.ChangePassword(domainKey, authToken,
newPassword),
HttpStatusCode.OK));
};
Post ["/forgot"] = parameters =>
{
var email = Request.Form ["Email"];
Guid domainKey =
Guid.Parse(Request.Headers [_headerDomainKey]
.FirstOrDefault());
if (string.IsNullOrEmpty(email))
{
var er = new Error();
er.Detail = "Email could not be found.";
er.Status = (int)HttpStatusCode.UnprocessableEntity;
er.Title = "Invalid";
er.Source = new Source("/forgot");
return(Response.AsJson(er,
Nancy.HttpStatusCode.UnprocessableEntity));
}
if (repository.EmailExists(domainKey, email))
{
string newPassword = repository.Forgot(domainKey, email);
if (newPassword != null)
{
return(Response.AsJson(newPassword, HttpStatusCode.OK));
}
}
var e = new Error();
e.Detail = "Email could not be found.";
e.Status = (int)HttpStatusCode.UnprocessableEntity;
e.Title = "Invalid";
e.Source = new Source("/forgot");
return(Response.AsJson(e,
Nancy.HttpStatusCode.UnprocessableEntity));
};
/// <summary>
/// End the user's session and erase auth token.
/// After this is called the user must logon again
/// </summary>
/// <param name="authToken">Auth token.</param>
Post ["/end"] = parameters =>
{
var token =
Request.Headers [_authorization].FirstOrDefault();
var jwt = Jwt.ToObject(token.Replace("\"", string.Empty));
Guid domainKey = Guid.Parse(jwt.Payload.Audience);
Guid authToken = Guid.Parse(jwt.Payload.JwtTokenId);
var end = repository.End(domainKey, authToken);
return(Response.AsJson(end, HttpStatusCode.OK));
};
Post ["/validate"] = parameters =>
{
var token =
Request.Headers [_authorization].FirstOrDefault();
var jwt = Jwt.ToObject(token.Replace("\"", string.Empty));
string IP = Request.Form ["IP"];
var key = repository.GetKey(Guid.Parse(jwt.Payload.JwtTokenId));
if (key == null)
{
return(Response.AsJson(false));
}
if (Jwt.Validate(token.Replace("\"",
string.Empty), key))
{
return(Response.AsJson(true, HttpStatusCode.OK));
}
//return error here
return(Response.AsJson(false, HttpStatusCode.OK));
};
Post ["/validateauthtoken"] = parameters =>
{
Guid domainKey =
Guid.Parse(Request.Headers [_headerDomainKey].FirstOrDefault());
Guid token = Guid.Parse(Request.Form ["AuthToken"]);
string IP = Request.Form ["IP"];
User user = null;
user = repository.Validate(token, domainKey, IP);
if (user == null)
{
var e = new Error();
e.Detail = "AuthToken is not valid or expired.Re-Authenticate user";
e.Status = (int)HttpStatusCode.UnprocessableEntity;
e.Title = "Invalid";
e.Source = new Source("/validateauthtoken");
return(Response.AsJson(e,
Nancy.HttpStatusCode.Forbidden));
}
var header = new Header();
header.Algorithm = "HS256";
header.Type = "JWT";
var payload = new Payload();
payload.Issuer = "autheticate.technology";
payload.Audience = user.DomainId.ToString();
payload.JwtTokenId = user.AuthToken.ToString();
payload.Username = user.UserName;
payload.Email = user.Email;
var jwt = new Jwt(header, payload);
var u = new
{
Username = user.UserName,
Email = user.Email,
Jwt = Jwt.ToToken(jwt, repository.GetKey(user.AuthToken)),
AuthToken = user.AuthToken,
Claims = user.GetClaims(),
Roles = user.GetRoles()
};
return(Response.AsJson(u, HttpStatusCode.OK));
};
Post ["/disable"] = parameters =>
{
var token =
Request.Headers [_authorization].FirstOrDefault();
var jwt = Jwt.ToObject(token.Replace("\"", string.Empty));
Guid domainKey = Guid.Parse(jwt.Payload.Audience);
var key = Guid.Parse(jwt.Payload.JwtTokenId);
return(Response.AsJson(repository.Disable(key, domainKey),
HttpStatusCode.OK));
};
Post ["/authenticate"] = parameters =>
{
var domainKey =
Guid.Parse(Request.Headers [_headerDomainKey]
.FirstOrDefault());
User user = null;
string username = Request.Form ["Username"];
string secret = Request.Form ["Secret"];
string IP = Request.Form ["IP"];
user = repository.Authenticate(domainKey,
username, secret,
IP);
if (user == null)
{
var e = new Error();
e.Detail = "Authentication failed. User not found.";
e.Status = (int)HttpStatusCode.Forbidden;
e.Title = "Unauthorized";
e.Source = new Source("/authenticate");
return(Response.AsJson(e,
HttpStatusCode.Forbidden));
}
var header = new Header();
header.Algorithm = "HS256";
header.Type = "JWT";
var payload = new Payload();
payload.Issuer = "autheticate.technology";
payload.Audience = domainKey.ToString();
payload.JwtTokenId = user.AuthToken.ToString();
payload.Username = user.UserName;
payload.Email = user.Email;
var jwt = new Jwt(header, payload);
return(Response.AsJson(Jwt.ToToken(jwt,
user.Key), HttpStatusCode.OK));
};
Post ["/user"] = parameters =>
{
var domainKey =
Guid.Parse(Request.Headers [_headerDomainKey]
.FirstOrDefault());
var user = new User();
try
{
if (Request.Form ["Email"] != null &&
Request.Form ["Email"] != "" &&
repository.EmailExists(domainKey, Request.Form ["Email"]))
{
var e = new Error();
e.Detail = "Email is already used.";
e.Status = (int)HttpStatusCode.UnprocessableEntity;
e.Title = "Duplicate";
e.Source = new Source("/user");
return(Response.AsJson(e,
HttpStatusCode.UnprocessableEntity));
}
user = repository.CreateUser(domainKey,
Request.Form ["Username"],
Request.Form ["Secret"],
Request.Form ["Email"]);
}
catch (Exception exc)
{
var e = new Error();
e.Detail = exc.Message;
e.Status = (int)HttpStatusCode.UnprocessableEntity;
e.Title = "Duplicate";
e.Source = new Source("/user");
return(Response.AsJson(e,
HttpStatusCode.UnprocessableEntity));
}
return(Response.AsJson(true, HttpStatusCode.OK));
};
}