/// <summary>是否续期Token</summary>
public static bool IsRenewToken(this HttpContextBase context, IPKSPrincipal principal, ISecurityService service)
{
var tokenExpireSettings = service.GetTokenExpireSettings();
var loginInterval = DateTime.Now - principal.CreateTime;
return(loginInterval.TotalMinutes >= tokenExpireSettings.RenewInterval.TotalMinutes);
}
/// <summary>自动认证登录</summary>
private bool AutoLogin(string returnUrl)
{
var context = this.Context.GetHttpContextWrapper();
string token = null;
IPKSPrincipal principal = null;
if (!context.IsLogined(null, ref token, out principal))
{
var redirectUrl = context.GetRedirectUrlToPortalLogin(returnUrl);
this.Context.Response.Redirect(redirectUrl);
this.Context.Response.End();
return(true);
}
var userName = principal.Identity.Name;
var user = Users.GetUserInfo(userName);
var config = GeneralConfigs.GetConfig();
if (user == null)
{
user = context.CreateUser(config, principal, false);
}
ForumUtils.WriteUserCookie(user.Uid, ForumExtension.ExpireMinutes, config.Passwordkey);
if (user.Groupid == 1)
{
var admin = user;
var adminGroup = AdminUserGroups.AdminGetUserGroupInfo(admin.Groupid);
this.Context.AddAdminCookie(config, admin.Uid, admin.Password, admin.Secques, ForumExtension.ExpireMinutes);
//AdminVistLogs.InsertLog(admin.Uid, admin.Username, admin.Groupid, adminGroup.Grouptitle, DNTRequest.GetIP(), "后台管理员登陆", "");
}
else
{
this.Context.Response.AppendCookie(new HttpCookie("dntadmin"));
}
return(false);
}
/// <summary>When overridden, provides an entry point for custom authorization checks.</summary>
/// <returns>true if the user is authorized; otherwise, false.</returns>
/// <param name="context">The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.</param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="context" /> parameter is null.</exception>
protected override bool AuthorizeCore(HttpContextBase context)
{
if (context.Request.Url.AbsolutePath.StartsWith("/Account/Login", StringComparison.OrdinalIgnoreCase))
{
return(true);
}
string token = null;
IPKSPrincipal principal = null;
if (!context.IsLogined(this.SecurityService, ref token, out principal))
{
return(false);
}
return(true);
}
/// <summary>单点登录</summary>
public ActionResult Login(string token, string returnUrl)
{
returnUrl = returnUrl.UrlDecode();
IPKSPrincipal principal = null;
if (returnUrl.IsNullOrEmpty())
{
returnUrl = this.HttpContext.Request.Url.GetDomainUrl();
}
if (token.IsNullOrEmpty() || !this.HttpContext.IsLogined(_securityService, ref token, out principal))
{
var redirectUrl = this.HttpContext.GetRedirectUrlToPortalLogin(returnUrl);
return(Redirect(redirectUrl));
}
if (returnUrl.IsNullOrEmpty())
{
returnUrl = "/";
}
return(Redirect(returnUrl));
}
/// <summary>When overridden, provides an entry point for custom authorization checks.</summary>
/// <returns>true if the user is authorized; otherwise, false.</returns>
/// <param name="httpContext">The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.</param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="httpContext" /> parameter is null.</exception>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
string token = null;
IPKSPrincipal principal = null;
if (!httpContext.IsLogined(this.SecurityService, ref token, out principal))
{
return(false);
}
if (httpContext.Request.IsAjaxRequest())
{
return(true);
}
// TODO: 用于测试
if (httpContext.Request.IsLocal)
{
return(true);
}
var requestUrl = httpContext.GetControllerContext().GetAuthorizeUrl();
return(this.SecurityService.HasMenuPermission(principal.Identity.Id.ToInt32(), requestUrl));
}
/// <summary>检查是否登录</summary>
public static bool OnAuthorization(HttpContext httpContext, OnlineUserInfo userInfo)
{
var context = httpContext.GetHttpContextWrapper();
string token = null;
IPKSPrincipal principal = null;
if (!context.IsLogined(null, ref token, out principal))
{
var redirectUrl = context.GetForumRedirectUrlToPortalLogin();
httpContext.Response.Redirect(redirectUrl);
httpContext.Response.End();
return(false);
}
if (userInfo == null || userInfo.Userid <= 0 || userInfo.Username != principal.Identity.Name)
{
var redirectUrl = context.GetForumRedirectUrlToAuth();
httpContext.Response.Redirect(redirectUrl);
httpContext.Response.End();
return(false);
}
return(true);
}
/// <summary>登录</summary>
public ActionResult Login(bool?autoLogin, string returnUrl)
{
returnUrl = returnUrl.UrlDecode();
var isAutoLogin = false;
if (autoLogin.HasValue)
{
isAutoLogin = autoLogin.Value;
}
else if (!returnUrl.IsNullOrEmpty())
{
isAutoLogin = true;
}
if (isAutoLogin)
{
string token = null;
IPKSPrincipal principal = null;
if (this.HttpContext.IsLogined(_securityService, ref token, out principal))
{
var redirectUrl = this.HttpContext.GetPortalLoginReturnUrl(_securityService, token, principal, returnUrl);
return(Redirect(redirectUrl));
}
if (PKSMvcExtension.AuthenticationConfig.IsWindowsAuthentication)
{
var result = this.HttpContext.WindowsAutoLogin(_securityService);
if (result != null && result.Succeed)
{
var redirectUrl = this.HttpContext.GetPortalLoginReturnUrl(_securityService, result.Token, result.Principal, returnUrl);
return(Redirect(redirectUrl));
}
}
}
ViewBag.UserName = this.HttpContext.GetLoginUserName();
ViewBag.ReturnUrl = returnUrl;
ViewBag.IsAutoLogin = isAutoLogin;
ViewBag.IsWindowsAuthentication = PKSMvcExtension.AuthenticationConfig.IsMixedAuthentication;
return(View());
}
/// <summary>加入授权Cookie</summary>
public static void AddAuthCookie(this HttpContextBase context, string token, IPKSPrincipal principal, bool?isPersistent = null)
{
var ticket = context.Items[PKSWebConsts.HttpContext_FormsAuthenticationTicket].As <FormsAuthenticationTicket>();
if (ticket == null)
{
ticket = new FormsAuthenticationTicket("", false, 0);
}
var persistent = isPersistent.HasValue ? isPersistent.Value : ticket.IsPersistent;
var newTicket = new FormsAuthenticationTicket(ticket.Version, principal.Identity.Name, principal.CreateTime, principal.ExpireTime, persistent, token);
string text = FormsAuthentication.Encrypt(newTicket);
var httpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, text);
httpCookie.HttpOnly = true;
httpCookie.Path = FormsAuthentication.FormsCookiePath;
httpCookie.Secure = FormsAuthentication.RequireSSL;
httpCookie.Domain = FormsAuthentication.CookieDomain;
if (persistent)
{
httpCookie.Expires = newTicket.Expiration;
}
context.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
context.Response.Cookies.Add(httpCookie);
}
/// <summary>续期</summary>
/// <param name="request"></param>
/// <returns></returns>
public async Task <LoginResult> RenewAsync(string token, IPKSPrincipal principal, TimeSpan tokenExpireInterval)
{
var userAuthSessionsRepository = GetService <IRepository <UserAuthSessions> >();
var userSession = await LoadSessionFromToken(userAuthSessionsRepository, token);
if (userSession == null || !userSession.Valid)
{
return(null);
}
var userInfo = await GetUserInfo(userSession.UserName);
var newPrincipal = BuildPrincipal(userInfo, userSession.AuthenticationType);
var newToken = Guid.NewGuid().ToString();
var now = DateTime.Now;
var newUserSession = new UserAuthSessions
{
SessionKey = newToken,
AppKey = userSession.AppKey,
UserName = userInfo.USERNAME,
AuthenticationType = userSession.AuthenticationType,
Valid = true,
CreateTime = now,
InvalidTime = now + tokenExpireInterval,
IPAddress = userSession.IPAddress,
};
userAuthSessionsRepository.Add(newUserSession);
newPrincipal.CreateTime = newUserSession.CreateTime;
newPrincipal.ExpireTime = newUserSession.InvalidTime;
var result = new LoginResult();
result.Token = newToken;
result.Principal = newPrincipal;
result.Succeed = true;
return(result);
}
/// <summary>检查Cookies中是否存在认证票据</summary>
public static bool ExistsTicketFromCookies(this HttpContextBase context, IPKSPrincipal principal)
{
FormsAuthenticationTicket ticket;
if (context.User != null && context.User.Identity is FormsIdentity)
{
var identity = context.User.Identity.As <FormsIdentity>();
if (identity.Name != principal.Identity.Name)
{
return(false);
}
ticket = identity.Ticket;
}
else
{
ticket = context.Request.Cookies.ExtractTicketFromCookie();
if (ticket == null || ticket.Name != principal.Identity.Name)
{
return(false);
}
}
context.Items[PKSWebConsts.HttpContext_FormsAuthenticationTicket] = ticket;
return(true);
}
/// <summary>获得门户登录返回地址</summary>
public static string GetPortalLoginReturnUrl(this HttpContextBase context, ISecurityService service, string token, IPKSPrincipal principal, string returnUrl)
{
if (returnUrl.IsNullOrEmpty())
{
returnUrl = GetRoleDefaultUrl(context, service, principal);
}
return(GetRedirectUrlToReturnUrl(context, service, token, returnUrl));
}
/// <summary>获得某个角色默认地址</summary>
public static string GetRoleDefaultUrl(this HttpContextBase context, ISecurityService service, IPKSPrincipal principal)
{
var portalMenu = GetPortalMenu(context, service, principal);
return(portalMenu.DefaultUrl);
}
/// <summary>获得某个角色门户菜单</summary>
public static PortalMenu GetPortalMenu(this HttpContextBase context, ISecurityService service, IPKSPrincipal principal)
{
if (service == null)
{
service = GetService <ISecurityService>();
}
var sRoleId = principal.Roles.First().Id;
var iRoleId = 1;
if (sRoleId.IsNullOrEmpty() || !int.TryParse(sRoleId, out iRoleId))
{
iRoleId = 1;
}
return(service.GetPortalMenu(iRoleId));
}
/// <summary>是否已登录</summary>
public static bool IsLogined(this HttpContextBase context, ISecurityService service, ref string token, out IPKSPrincipal principal)
{
principal = null;
var refreshSessionToken = false;
var refreshCookiesToken = false;
var checkCookiesToken = true;
if (token.IsNullOrEmpty())
{
token = context.GetTokenFromSession();
if (token.IsNullOrEmpty())
{
refreshSessionToken = true;
token = context.GetTokenFromCookies();
if (token.IsNullOrEmpty())
{
return(false);
}
checkCookiesToken = false;
}
}
else
{
refreshSessionToken = true;
}
if (service == null)
{
service = GetService <ISecurityService>();
}
principal = context.GetPrincipal(service, token);
if (principal == null)
{
return(false);
}
if (!principal.NewToken.IsNullOrEmpty())
{
principal = context.GetPrincipal(service, principal.NewToken);
if (principal == null)
{
return(false);
}
token = principal.NewToken;
refreshSessionToken = true;
context.Items[PKSWebConsts.HttpContext_Principal] = principal;
}
if (!context.Request.IsAjaxRequest() && context.IsRenewToken(principal, service))
{
var result = service.Renew(token);
if (result != null && result.Succeed)
{
token = result.Token;
principal = result.Principal;
refreshSessionToken = true;
refreshCookiesToken = true;
context.Items[PKSWebConsts.HttpContext_Principal] = principal;
}
}
if (refreshSessionToken)
{
context.Session[PKSWebConsts.Session_Authentication] = token;
}
if (!refreshCookiesToken && checkCookiesToken && !ExistsTicketFromCookies(context, principal))
{
refreshCookiesToken = true;
}
if (refreshCookiesToken)
{
AddAuthCookie(context, token, principal);
}
return(true);
}
/// <summary>创建用户</summary>
public static UserInfo CreateUser(this HttpContextBase context, GeneralConfigInfo config, IPKSPrincipal principal, bool isAdmin)
{
var userInfo = CreateUser(config, principal, isAdmin);
#region 发送欢迎信息
if (config.Welcomemsg == 1)
{
// 收件箱
PrivateMessageInfo privatemessageinfo = new PrivateMessageInfo();
privatemessageinfo.Message = config.Welcomemsgtxt;
privatemessageinfo.Subject = "欢迎您的加入! (请勿回复本信息)";
privatemessageinfo.Msgto = userInfo.Username;
privatemessageinfo.Msgtoid = userInfo.Uid;
privatemessageinfo.Msgfrom = PrivateMessages.SystemUserName;
privatemessageinfo.Msgfromid = 0;
privatemessageinfo.New = 1;
privatemessageinfo.Postdatetime = userInfo.Joindate;
privatemessageinfo.Folder = 0;
PrivateMessages.CreatePrivateMessage(privatemessageinfo, 0);
}
#endregion
//发送同步数据给应用程序
Sync.UserRegister(userInfo.Uid, userInfo.Username, userInfo.Password, "");
//SetUrl("index.aspx");
//SetShowBackLink(false);
//SetMetaRefresh(config.Regverify == 0 ? 2 : 5);
Statistics.ReSetStatisticsCache();
//if (inviteCode != null)
//{
// Invitation.UpdateInviteCodeSuccessCount(inviteCode.InviteId);
// if (config.Regstatus == 3)
// {
// if (inviteCode.SuccessCount + 1 >= inviteCode.MaxCount)
// Invitation.DeleteInviteCode(inviteCode.InviteId);
// }
//}
var oluserinfo = OnlineUsers.UpdateInfo(config.Passwordkey, config.Onlinetimeout);
if (config.Regverify == 0)
{
UserCredits.UpdateUserCredits(userInfo.Uid);
//ForumUtils.WriteUserCookie(user, -1, config.Passwordkey);
OnlineUsers.UpdateAction(oluserinfo.Olid, UserAction.Register.ActionID, 0, config.Onlinetimeout);
//MsgForward("register_succeed");
//AddMsgLine("注册成功, 返回登录页");
}
else
{
if (config.Regverify == 1)
{
//AddMsgLine("注册成功, 请您到您的邮箱中点击激活链接来激活您的帐号");
}
else if (config.Regverify == 2)
{
//AddMsgLine("注册成功, 但需要系统管理员审核您的帐户后才可登录使用");
}
}
//ManyouApplications.AddUserLog(userInfo.Uid, UserLogActionEnum.Add);
return(userInfo);
}
/// <summary>
/// 菜单Url
/// </summary>
/// <returns></returns>
private string GetPortalMenuUrl(string siteUrl, IPKSPrincipal principal)
{
return(siteUrl + "/api/SecurityService/GetPortalMenu?roleId=" + principal.Roles.FirstOrDefault().Id);
}
/// <summary>创建用户信息</summary>
private static UserInfo CreateUser(GeneralConfigInfo config, IPKSPrincipal principal, bool isAdmin)
{
var tmpUsername = principal.Identity.Name;
// 如果找不到0积分的用户组则用户自动成为待验证用户
UserInfo userinfo = new UserInfo();
userinfo.Username = tmpUsername;
userinfo.Nickname = tmpUsername;
userinfo.Password = Guid.NewGuid().ToString();
userinfo.Secques = "";
userinfo.Gender = 0;
userinfo.Adminid = isAdmin ? 1 : 0;
userinfo.Groupexpiry = 0;
userinfo.Extgroupids = "";
userinfo.Regip = DNTRequest.GetIP();
userinfo.Joindate = Discuz.Common.Utils.GetDateTime();
userinfo.Lastip = userinfo.Regip;
userinfo.Lastvisit = userinfo.Joindate;
userinfo.Lastactivity = userinfo.Joindate;
userinfo.Lastpost = userinfo.Joindate;
userinfo.Lastpostid = 0;
userinfo.Lastposttitle = "";
userinfo.Posts = 0;
userinfo.Digestposts = 0;
userinfo.Oltime = 0;
userinfo.Pageviews = 0;
userinfo.Credits = 0;
userinfo.Extcredits1 = Scoresets.GetScoreSet(1).Init;
userinfo.Extcredits2 = Scoresets.GetScoreSet(2).Init;
userinfo.Extcredits3 = Scoresets.GetScoreSet(3).Init;
userinfo.Extcredits4 = Scoresets.GetScoreSet(4).Init;
userinfo.Extcredits5 = Scoresets.GetScoreSet(5).Init;
userinfo.Extcredits6 = Scoresets.GetScoreSet(6).Init;
userinfo.Extcredits7 = Scoresets.GetScoreSet(7).Init;
userinfo.Extcredits8 = Scoresets.GetScoreSet(8).Init;
//userinfo.Avatarshowid = 0;
userinfo.Email = principal.Identity.Email ?? "";
userinfo.Bday = "";
userinfo.Sigstatus = 1;
userinfo.Tpp = 0;
userinfo.Ppp = 0;
userinfo.Templateid = 0;
userinfo.Pmsound = 0;
userinfo.Showemail = 0;
userinfo.Salt = "";
int receivepmsetting = 3;//关于短信息枚举值的设置看ReceivePMSettingType类型注释,此处不禁止用户接受系统短信息
//foreach (string rpms in DNTRequest.GetString("receivesetting").Split(','))
//{
// if (!Utils.StrIsNullOrEmpty(rpms))
// receivepmsetting = receivepmsetting | int.Parse(rpms);
//}
//if (config.Regadvance == 0)
// receivepmsetting = 7;
userinfo.Newsletter = (ReceivePMSettingType)receivepmsetting;
userinfo.Invisible = 0;
userinfo.Newpm = config.Welcomemsg == 1 ? 1 : 0;
userinfo.Medals = "";
userinfo.Accessmasks = 0;
userinfo.Website = "";
userinfo.Icq = "";
userinfo.Qq = "";
userinfo.Yahoo = "";
userinfo.Msn = "";
userinfo.Skype = "";
userinfo.Location = "";
userinfo.Customstatus = "";
//userinfo.Avatar = @"avatars\common\0.gif";
//userinfo.Avatarwidth = 0;
//userinfo.Avatarheight = 0;
userinfo.Bio = "";
userinfo.Signature = "";
var usergroupid = isAdmin ? 1 : 7;
var usergroupinfo = UserGroups.GetUserGroupInfo(usergroupid);
PostpramsInfo postpramsinfo = new PostpramsInfo();
postpramsinfo.Usergroupid = usergroupid;
postpramsinfo.Attachimgpost = config.Attachimgpost;
postpramsinfo.Showattachmentpath = config.Showattachmentpath;
postpramsinfo.Hide = 0;
postpramsinfo.Price = 0;
postpramsinfo.Sdetail = userinfo.Signature;
postpramsinfo.Smileyoff = 1;
postpramsinfo.Bbcodeoff = 1 - usergroupinfo.Allowsigbbcode;
postpramsinfo.Parseurloff = 1;
postpramsinfo.Showimages = usergroupinfo.Allowsigimgcode;
postpramsinfo.Allowhtml = 0;
postpramsinfo.Smiliesinfo = Smilies.GetSmiliesListWithInfo();
postpramsinfo.Customeditorbuttoninfo = Editors.GetCustomEditButtonListWithInfo();
postpramsinfo.Smiliesmax = config.Smiliesmax;
userinfo.Sightml = UBB.UBBToHTML(postpramsinfo);
userinfo.Authtime = userinfo.Joindate;
if (isAdmin)
{
userinfo.Authstr = "";
userinfo.Authflag = 0;
userinfo.Groupid = usergroupid;
}
//邮箱激活链接验证
else if (config.Regverify == 1)
{
userinfo.Authstr = ForumUtils.CreateAuthStr(20);
userinfo.Authflag = 1;
userinfo.Groupid = 8;
//SendEmail(tmpUsername, DNTRequest.GetString("password").Trim(), DNTRequest.GetString(config.Antispamregisteremail).Trim(), userinfo.Authstr);
//Emails.DiscuzSmtpMail(tmpUsername, emailaddress, password, authstr);
}
//系统管理员进行后台验证
else if (config.Regverify == 2)
{
userinfo.Authstr = "";
userinfo.Groupid = 8;
userinfo.Authflag = 1;
}
else
{
userinfo.Authstr = "";
userinfo.Authflag = 0;
userinfo.Groupid = UserCredits.GetCreditsUserGroupId(0).Groupid;
}
userinfo.Realname = "";
userinfo.Idcard = "";
userinfo.Mobile = "";
userinfo.Phone = principal.Identity.PhoneNumber;
//第三方加密验证模式
if (config.Passwordmode > 1 && PasswordModeProvider.GetInstance() != null)
{
userinfo.Uid = PasswordModeProvider.GetInstance().CreateUserInfo(userinfo);
}
else
{
userinfo.Password = Discuz.Common.Utils.MD5(userinfo.Password);
userinfo.Uid = Users.CreateUser(userinfo);
}
return(userinfo);
}
