Exemplo n.º 1
0
        public User Authenticate(HttpRequest request, IAuthenticationAttributes authAttributes)
        {
            var req  = new WebSocketSharpRequest(request, null, request.Path, _logger);
            var user = ValidateUser(req, authAttributes);

            return(user);
        }
Exemplo n.º 2
0
        private void ValidateUserAccess(User user, IRequest request,
                                        IAuthenticationAttributes authAttribtues,
                                        AuthorizationInfo auth)
        {
            if (user.Policy.IsDisabled)
            {
                throw new SecurityException("User account has been disabled.")
                      {
                          SecurityExceptionType = SecurityExceptionType.Unauthenticated
                      };
            }

            if (!user.Policy.EnableRemoteAccess && !NetworkManager.IsInLocalNetwork(request.RemoteIp))
            {
                throw new SecurityException("User account has been disabled.")
                      {
                          SecurityExceptionType = SecurityExceptionType.Unauthenticated
                      };
            }

            if (!user.Policy.IsAdministrator &&
                !authAttribtues.EscapeParentalControl &&
                !user.IsParentalScheduleAllowed())
            {
                request.Response.AddHeader("X-Application-Error-Code", "ParentalControl");

                throw new SecurityException("This user account is not allowed access at this time.")
                      {
                          SecurityExceptionType = SecurityExceptionType.ParentalControl
                      };
            }
        }
Exemplo n.º 3
0
        private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, IRequest request, AuthenticationInfo tokenInfo)
        {
            if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard)
            {
                return(true);
            }

            if (authAttribtues.AllowLocal && request.IsLocal)
            {
                return(true);
            }

            if (authAttribtues.AllowLocalOnly && request.IsLocal)
            {
                return(true);
            }

            if (string.IsNullOrEmpty(auth.Token))
            {
                return(true);
            }

            if (tokenInfo != null && tokenInfo.UserId.Equals(Guid.Empty))
            {
                return(true);
            }

            return(false);
        }
Exemplo n.º 4
0
        private void ValidateUserAccess(
            User user,
            IRequest request,
            IAuthenticationAttributes authAttributes,
            AuthorizationInfo auth)
        {
            if (user.HasPermission(PermissionKind.IsDisabled))
            {
                throw new SecurityException("User account has been disabled.");
            }

            if (!user.HasPermission(PermissionKind.EnableRemoteAccess) && !_networkManager.IsInLocalNetwork(request.RemoteIp))
            {
                throw new SecurityException("User account has been disabled.");
            }

            if (!user.HasPermission(PermissionKind.IsAdministrator) &&
                !authAttributes.EscapeParentalControl &&
                !user.IsParentalScheduleAllowed())
            {
                request.Response.Headers.Add("X-Application-Error-Code", "ParentalControl");

                throw new SecurityException("This user account is not allowed access at this time.");
            }
        }
Exemplo n.º 5
0
        private void ValidateUserAccess(User user, IServiceRequest request,
                                        IAuthenticationAttributes authAttribtues,
                                        AuthorizationInfo auth)
        {
            if (user.Policy.IsDisabled)
            {
                throw new SecurityException("User account has been disabled.")
                      {
                          SecurityExceptionType = SecurityExceptionType.Unauthenticated
                      };
            }

            if (!user.Policy.IsAdministrator &&
                !authAttribtues.EscapeParentalControl &&
                !user.IsParentalScheduleAllowed())
            {
                request.AddResponseHeader("X-Application-Error-Code", "ParentalControl");

                throw new SecurityException("This user account is not allowed access at this time.")
                      {
                          SecurityExceptionType = SecurityExceptionType.ParentalControl
                      };
            }

            if (!string.IsNullOrWhiteSpace(auth.DeviceId))
            {
                if (!DeviceManager.CanAccessDevice(user.Id.ToString("N"), auth.DeviceId))
                {
                    throw new SecurityException("User is not allowed access from this device.")
                          {
                              SecurityExceptionType = SecurityExceptionType.ParentalControl
                          };
                }
            }
        }
Exemplo n.º 6
0
        private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues)
        {
            if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard)
            {
                return(true);
            }

            return(false);
        }
Exemplo n.º 7
0
        private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues)
        {
            if (!_config.Configuration.IsStartupWizardCompleted &&
                authAttribtues.AllowBeforeStartupWizard)
            {
                return(true);
            }

            return(_config.Configuration.InsecureApps7.Contains(auth.Client ?? string.Empty,
                                                                StringComparer.OrdinalIgnoreCase));
        }
Exemplo n.º 8
0
        private void ValidateUser(IRequest request, IAuthenticationAttributes authAttribtues)
        {
            // This code is executed before the service
            var auth = AuthorizationContext.GetAuthorizationInfo(request);

            if (!IsExemptFromAuthenticationToken(auth, authAttribtues, request))
            {
                var valid = IsValidConnectKey(auth.Token);

                if (!valid)
                {
                    ValidateSecurityToken(request, auth.Token);
                }
            }

            if (authAttribtues.AllowLocalOnly && !request.IsLocal)
            {
                throw new SecurityException("Operation not found.");
            }

            var user = auth.User;

            if (user == null & !auth.UserId.Equals(Guid.Empty))
            {
                throw new SecurityException("User with Id " + auth.UserId + " not found");
            }

            if (user != null)
            {
                ValidateUserAccess(user, request, authAttribtues, auth);
            }

            var info = GetTokenInfo(request);

            if (!IsExemptFromRoles(auth, authAttribtues, request, info))
            {
                var roles = authAttribtues.GetRoles();

                ValidateRoles(roles, user);
            }

            if (!string.IsNullOrEmpty(auth.DeviceId) &&
                !string.IsNullOrEmpty(auth.Client) &&
                !string.IsNullOrEmpty(auth.Device))
            {
                SessionManager.LogSessionActivity(auth.Client,
                                                  auth.Version,
                                                  auth.DeviceId,
                                                  auth.Device,
                                                  request.RemoteIp,
                                                  user);
            }
        }
Exemplo n.º 9
0
        private void ValidateUser(IServiceRequest request,
            IAuthenticationAttributes authAttribtues)
        {
            // This code is executed before the service
            var auth = AuthorizationContext.GetAuthorizationInfo(request);

            if (!IsExemptFromAuthenticationToken(auth, authAttribtues))
            {
                var valid = IsValidConnectKey(auth.Token);

                if (!valid)
                {
                    ValidateSecurityToken(request, auth.Token);
                }
            }

            var user = string.IsNullOrWhiteSpace(auth.UserId)
                ? null
                : UserManager.GetUserById(auth.UserId);

            if (user == null & !string.IsNullOrWhiteSpace(auth.UserId))
            {
                throw new SecurityException("User with Id " + auth.UserId + " not found");
            }

            if (user != null)
            {
                ValidateUserAccess(user, request, authAttribtues, auth);
            }

            var info = GetTokenInfo(request);

            if (!IsExemptFromRoles(auth, authAttribtues, info))
            {
                var roles = authAttribtues.GetRoles().ToList();

                ValidateRoles(roles, user);
            }

            if (!string.IsNullOrWhiteSpace(auth.DeviceId) &&
                !string.IsNullOrWhiteSpace(auth.Client) &&
                !string.IsNullOrWhiteSpace(auth.Device))
            {
                SessionManager.LogSessionActivity(auth.Client,
                    auth.Version,
                    auth.DeviceId,
                    auth.Device,
                    request.RemoteIp,
                    user);
            }
        }
Exemplo n.º 10
0
        private void ValidateUser(IServiceRequest request,
                                  IAuthenticationAttributes authAttribtues)
        {
            // This code is executed before the service
            var auth = AuthorizationContext.GetAuthorizationInfo(request);

            if (!IsExemptFromAuthenticationToken(auth, authAttribtues))
            {
                var valid = IsValidConnectKey(auth.Token);

                if (!valid)
                {
                    ValidateSecurityToken(request, auth.Token);
                }
            }

            var user = string.IsNullOrWhiteSpace(auth.UserId)
                ? null
                : UserManager.GetUserById(auth.UserId);

            if (user == null & !string.IsNullOrWhiteSpace(auth.UserId))
            {
                throw new SecurityException("User with Id " + auth.UserId + " not found");
            }

            if (user != null)
            {
                ValidateUserAccess(user, request, authAttribtues, auth);
            }

            var info = GetTokenInfo(request);

            if (!IsExemptFromRoles(auth, authAttribtues, info))
            {
                var roles = authAttribtues.GetRoles().ToList();

                ValidateRoles(roles, user);
            }

            if (!string.IsNullOrWhiteSpace(auth.DeviceId) &&
                !string.IsNullOrWhiteSpace(auth.Client) &&
                !string.IsNullOrWhiteSpace(auth.Device))
            {
                SessionManager.LogSessionActivity(auth.Client,
                                                  auth.Version,
                                                  auth.DeviceId,
                                                  auth.Device,
                                                  request.RemoteIp,
                                                  user);
            }
        }
Exemplo n.º 11
0
        private bool IsExemptFromAuthenticationToken(IAuthenticationAttributes authAttribtues, IRequest request)
        {
            if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard)
            {
                return(true);
            }

            if (authAttribtues.AllowLocal && request.IsLocal)
            {
                return(true);
            }
            if (authAttribtues.AllowLocalOnly && request.IsLocal)
            {
                return(true);
            }

            return(false);
        }
Exemplo n.º 12
0
        private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, AuthenticationInfo tokenInfo)
        {
            if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard)
            {
                return(true);
            }

            if (string.IsNullOrWhiteSpace(auth.Token))
            {
                return(true);
            }

            if (tokenInfo != null && string.IsNullOrWhiteSpace(tokenInfo.UserId))
            {
                return(true);
            }

            return(false);
        }
Exemplo n.º 13
0
 public void Authenticate(IServiceRequest request,
     IAuthenticationAttributes authAttribtues)
 {
     ValidateUser(request, authAttribtues);
 }
Exemplo n.º 14
0
        private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, AuthenticationInfo tokenInfo)
        {
            if (!_config.Configuration.IsStartupWizardCompleted &&
                authAttribtues.AllowBeforeStartupWizard)
            {
                return true;
            }

            if (string.IsNullOrWhiteSpace(auth.Token))
            {
                return true;
            }

            if (tokenInfo != null && string.IsNullOrWhiteSpace(tokenInfo.UserId))
            {
                return true;
            }

            return false;
        }
Exemplo n.º 15
0
        private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues)
        {
            if (!_config.Configuration.IsStartupWizardCompleted &&
                authAttribtues.AllowBeforeStartupWizard)
            {
                return true;
            }

            return _config.Configuration.InsecureApps9.Contains(auth.Client ?? string.Empty,
                StringComparer.OrdinalIgnoreCase);
        }
Exemplo n.º 16
0
        private void ValidateUser(IServiceRequest request,
                                  IAuthenticationAttributes authAttribtues)
        {
            // This code is executed before the service
            var auth = AuthorizationContext.GetAuthorizationInfo(request);

            if (!IsExemptFromAuthenticationToken(auth, authAttribtues))
            {
                var valid = IsValidConnectKey(auth.Token);

                if (!valid)
                {
                    ValidateSecurityToken(request, auth.Token);
                }
            }

            var user = string.IsNullOrWhiteSpace(auth.UserId)
                ? null
                : UserManager.GetUserById(auth.UserId);

            if (user == null & !string.IsNullOrWhiteSpace(auth.UserId))
            {
                throw new SecurityException("User with Id " + auth.UserId + " not found");
            }

            if (user != null)
            {
                if (user.Configuration.IsDisabled)
                {
                    throw new SecurityException("User account has been disabled.")
                          {
                              SecurityExceptionType = SecurityExceptionType.Unauthenticated
                          };
                }

                if (!user.Configuration.IsAdministrator &&
                    !authAttribtues.EscapeParentalControl &&
                    !user.IsParentalScheduleAllowed())
                {
                    request.AddResponseHeader("X-Application-Error-Code", "ParentalControl");
                    throw new SecurityException("This user account is not allowed access at this time.")
                          {
                              SecurityExceptionType = SecurityExceptionType.ParentalControl
                          };
                }
            }

            if (!IsExemptFromRoles(auth, authAttribtues))
            {
                var roles = authAttribtues.GetRoles().ToList();

                ValidateRoles(roles, user);
            }

            if (!string.IsNullOrWhiteSpace(auth.DeviceId) &&
                !string.IsNullOrWhiteSpace(auth.Client) &&
                !string.IsNullOrWhiteSpace(auth.Device))
            {
                SessionManager.LogSessionActivity(auth.Client,
                                                  auth.Version,
                                                  auth.DeviceId,
                                                  auth.Device,
                                                  request.RemoteIp,
                                                  user);
            }
        }
Exemplo n.º 17
0
 public void Authenticate(IServiceRequest request,
                          IAuthenticationAttributes authAttribtues)
 {
     ValidateUser(request, authAttribtues);
 }
Exemplo n.º 18
0
        private void ValidateUser(IServiceRequest request,
            IAuthenticationAttributes authAttribtues)
        {
            // This code is executed before the service
            var auth = AuthorizationContext.GetAuthorizationInfo(request);

            if (!IsExemptFromAuthenticationToken(auth, authAttribtues))
            {
                var valid = IsValidConnectKey(auth.Token);

                if (!valid)
                {
                    ValidateSecurityToken(request, auth.Token);
                }
            }

            var user = string.IsNullOrWhiteSpace(auth.UserId)
                ? null
                : UserManager.GetUserById(auth.UserId);

            if (user == null & !string.IsNullOrWhiteSpace(auth.UserId))
            {
                throw new SecurityException("User with Id " + auth.UserId + " not found");
            }

            if (user != null)
            {
                if (user.Configuration.IsDisabled)
                {
                    throw new SecurityException("User account has been disabled.")
                    {
                        SecurityExceptionType = SecurityExceptionType.Unauthenticated
                    };
                }

                if (!user.Configuration.IsAdministrator &&
                    !authAttribtues.EscapeParentalControl &&
                    !user.IsParentalScheduleAllowed())
                {
                    request.AddResponseHeader("X-Application-Error-Code", "ParentalControl");
                    throw new SecurityException("This user account is not allowed access at this time.")
                    {
                        SecurityExceptionType = SecurityExceptionType.ParentalControl
                    };
                }
            }

            if (!IsExemptFromRoles(auth, authAttribtues))
            {
                var roles = authAttribtues.GetRoles().ToList();

                ValidateRoles(roles, user);
            }

            if (!string.IsNullOrWhiteSpace(auth.DeviceId) &&
                !string.IsNullOrWhiteSpace(auth.Client) &&
                !string.IsNullOrWhiteSpace(auth.Device))
            {
                SessionManager.LogSessionActivity(auth.Client,
                    auth.Version,
                    auth.DeviceId,
                    auth.Device,
                    request.RemoteIp,
                    user);
            }
        }
Exemplo n.º 19
0
        private void ValidateUserAccess(User user, IServiceRequest request,
            IAuthenticationAttributes authAttribtues,
            AuthorizationInfo auth)
        {
            if (user.Policy.IsDisabled)
            {
                throw new SecurityException("User account has been disabled.")
                {
                    SecurityExceptionType = SecurityExceptionType.Unauthenticated
                };
            }

            if (!user.Policy.IsAdministrator &&
                !authAttribtues.EscapeParentalControl &&
                !user.IsParentalScheduleAllowed())
            {
                request.AddResponseHeader("X-Application-Error-Code", "ParentalControl");

                throw new SecurityException("This user account is not allowed access at this time.")
                {
                    SecurityExceptionType = SecurityExceptionType.ParentalControl
                };
            }

            if (!string.IsNullOrWhiteSpace(auth.DeviceId))
            {
                if (!DeviceManager.CanAccessDevice(user.Id.ToString("N"), auth.DeviceId))
                {
                    throw new SecurityException("User is not allowed access from this device.")
                    {
                        SecurityExceptionType = SecurityExceptionType.ParentalControl
                    };
                }
            }
        }
Exemplo n.º 20
0
        private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues)
        {
            if (!_config.Configuration.IsStartupWizardCompleted &&
                authAttribtues.AllowBeforeStartupWizard)
            {
                return true;
            }

            return false;
        }