private async Task <bool> LoginUsingBasicAuth(UserSession userSession, HttpContext context,
IAuthenticationService authenticationService)
{
using (StopWatchTimer stopWatchTimer = StopWatchTimer.Initialise(_autoLoginBasicAuthLogin))
{
string authData = context.Request.Headers[SharedPluginFeatures.Constants.HeaderAuthorizationName];
if (!authData.StartsWith("Basic ", StringComparison.InvariantCultureIgnoreCase))
{
context.Response.StatusCode = 400;
return(false);
}
try
{
authData = System.Text.Encoding.GetEncoding("ISO-8859-1").GetString(Convert.FromBase64String(authData.Substring(6)));
}
catch (FormatException)
{
context.Response.StatusCode = 400;
return(false);
}
string[] authParts = authData.Split(':', StringSplitOptions.RemoveEmptyEntries);
if (authParts.Length != 2)
{
context.Response.StatusCode = 400;
return(false);
}
UserLoginDetails loginDetails = new UserLoginDetails();
LoginResult loginResult = _loginProvider.Login(authParts[0], authParts[1],
GetIpAddress(context), 1, ref loginDetails);
if (loginResult == LoginResult.Success)
{
userSession.Login(loginDetails.UserId, loginDetails.Username, loginDetails.Email);
await authenticationService.SignInAsync(context,
_loginControllerSettings.AuthenticationScheme,
new ClaimsPrincipal(_claimsProvider.GetUserClaims(loginDetails.UserId)),
_claimsProvider.GetAuthenticationProperties());
return(true);
}
else
{
context.Response.StatusCode = 401;
return(false);
}
}
}
public async Task Invoke(HttpContext context)
{
using (StopWatchTimer stopwatchTimer = StopWatchTimer.Initialise(_loginTimings))
{
UserSession userSession = GetUserSession(context);
if (userSession != null && String.IsNullOrEmpty(userSession.UserName) &&
CookieExists(context, _loginControllerSettings.RememberMeCookieName))
{
using (StopWatchTimer stopwatchAutoLogin = StopWatchTimer.Initialise(_autoLoginTimings))
{
string cookieValue = CookieValue(context, _loginControllerSettings.RememberMeCookieName,
_loginControllerSettings.EncryptionKey, String.Empty);
if (Int64.TryParse(cookieValue, out long userId))
{
UserLoginDetails loginDetails = new UserLoginDetails(userId, true);
LoginResult loginResult = _loginProvider.Login(String.Empty, String.Empty,
base.GetIpAddress(context), 1, ref loginDetails);
if (loginResult == LoginResult.Remembered)
{
userSession.Login(userId, loginDetails.Username, loginDetails.Email);
await _authenticationService.SignInAsync(context,
_loginControllerSettings.AuthenticationScheme,
new ClaimsPrincipal(_claimsProvider.GetUserClaims(loginDetails.UserId)),
_claimsProvider.GetAuthenticationProperties());
}
else
{
CookieDelete(context, _loginControllerSettings.RememberMeCookieName);
}
}
else
{
CookieDelete(context, _loginControllerSettings.RememberMeCookieName);
}
}
}
}
await _next(context);
}
public IActionResult Index(LoginViewModel model)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
LoginCacheItem loginCacheItem = GetCachedLoginAttempt(true);
if (!String.IsNullOrEmpty(loginCacheItem.CaptchaText))
{
if (!loginCacheItem.CaptchaText.Equals(model.CaptchaText))
{
ModelState.AddModelError(String.Empty, Languages.LanguageStrings.CodeNotValid);
}
}
loginCacheItem.LoginAttempts++;
model.ShowCaptchaImage = loginCacheItem.LoginAttempts >= _settings.CaptchaShowFailCount;
UserLoginDetails loginDetails = new UserLoginDetails();
model.Breadcrumbs = GetBreadcrumbs();
model.CartSummary = GetCartSummary();
LoginResult loginResult = _loginProvider.Login(model.Username, model.Password, GetIpAddress(),
loginCacheItem.LoginAttempts, ref loginDetails);
switch (loginResult)
{
case LoginResult.Success:
case LoginResult.PasswordChangeRequired:
RemoveLoginAttempt();
UserSession session = GetUserSession();
if (session != null)
{
session.Login(loginDetails.UserId, loginDetails.Username, loginDetails.Email);
}
if (model.RememberMe)
{
CookieAdd(_settings.RememberMeCookieName, Encrypt(loginDetails.UserId.ToString(),
_settings.EncryptionKey), _settings.LoginDays);
}
GetAuthenticationService().SignInAsync(HttpContext,
_settings.AuthenticationScheme,
new ClaimsPrincipal(_claimsProvider.GetUserClaims(loginDetails.UserId)),
_claimsProvider.GetAuthenticationProperties());
if (loginResult == LoginResult.PasswordChangeRequired)
{
return(Redirect(_settings.ChangePasswordUrl));
}
return(Redirect(model.ReturnUrl));
case LoginResult.AccountLocked:
return(RedirectToAction(nameof(AccountLocked), new { username = model.Username }));
case LoginResult.InvalidCredentials:
ModelState.AddModelError(String.Empty, Languages.LanguageStrings.InvalidUsernameOrPassword);
break;
}
if (model.ShowCaptchaImage)
{
loginCacheItem.CaptchaText = GetRandomWord(_settings.CaptchaWordLength, CaptchaCharacters);
}
return(View(model));
}