private XmlDocument CreateResponseDocument(ApiKey apiKey, LogonToken token, string operation)
{
if (apiKey == null)
throw new ArgumentNullException("apiKey");
if (operation == null)
throw new ArgumentNullException("operation");
if (operation.Length == 0)
throw new ArgumentException("'operation' is zero-length.");
// create...
XmlDocument doc = new XmlDocument();
// root...
XmlElement root = doc.CreateElement(RootKey);
doc.AppendChild(root);
// defer...
PopulateResponse(apiKey, token, operation, root);
// ok...
XmlHelper.AddElement(root, HasExceptionKey, false);
// return...
return doc;
}
private void ProcessLogoff(ApiKey api, LogonToken token, XmlElement root)
{
if (token != null)
{
token.MarkForDeletion();
token.SaveChanges();
}
// return...
XmlHelper.AddElement(root, ResultKey, LogoffResult.LogoffOk);
}
protected override void PopulateResponse(ApiKey api, LogonToken token, string operation, XmlElement root)
{
if(api == null)
throw new ArgumentNullException("api");
if (operation == null)
throw new ArgumentNullException("operation");
if (root == null)
throw new ArgumentNullException("foo");
// if...
if (string.Compare(operation, "logon", true, Cultures.System) == 0)
ProcessLogon(api, token, root);
else if (string.Compare(operation, "logoff", true, Cultures.System) == 0)
ProcessLogoff(api, token, root);
else
throw new NotSupportedException(string.Format("Cannot handle '{0}'.", operation));
}
/// <summary>
/// Gets the API.
/// </summary>
/// <remarks>If we have a token of the form 'a-{username}', i.e. we're trying to log on the API, this returns the API
/// with the given name. If we have a token of the form 't-{username}', we'll validate the logon token that was created
/// in the database. In either case, we'll throw an exception if the account is inactive.</remarks>
/// <returns></returns>
internal ApiKey GetApi(ref LogonToken token)
{
// reset...
token = null;
// do we have a full token?
ApiKey api = null;
string tokenString = this.ApiToken;
if (!(string.IsNullOrEmpty(tokenString)))
{
token = LogonToken.GetByToken(tokenString);
if (token == null)
throw new InvalidOperationException(string.Format("The token '{0}' is invalid.", tokenString));
// update...
token.UpdateExpiry(true);
// set...
api = token.ApiKey;
if (api == null)
throw new InvalidOperationException("'api' is null.");
}
else
{
string username = this.ApiUsername;
if (!(string.IsNullOrEmpty(username)))
{
api = ApiKey.GetByUsername(username);
if(api == null)
throw new InvalidOperationException(string.Format("An API with username '{0}' was not found.", username));
}
else
throw new InvalidOperationException("Neither a logon token nor API key were provided in the request. Ensure a token was provided in the URL.");
}
// check...
if(!(api.IsActive))
throw new InvalidOperationException(string.Format("The API account '{0}' is inactive.", api.Username));
// return...
return api;
}
public HttpResponseMessage Login([FromUri] string username, [FromUri] string pass)
{
if (serkanISG.LoginApiAuth.UserNameandPassword(username, pass))
{
//1- LogonUser
var logonUser = new LogonToken()
{
userName = username,
Password = pass
};
//2-JsonString
var jsonString = JsonConvert.SerializeObject(logonUser);
//Şifreleme
var token = FTH.Extension.Encrypter.Encrypt(jsonString, serkanISG.LoginApiAuth.Password);
return(Request.CreateResponse(HttpStatusCode.OK, token));
}
else
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Kullanıcı adı veya şifresi yanlıştır"));
}
}
private void ProcessLogon(ApiKey api, LogonToken token, XmlElement root)
{
if (api == null)
throw new ArgumentNullException("api");
if (root == null)
throw new ArgumentNullException("root");
// get the password...
string password = this.Request.Params["password"];
if (password == null)
throw new InvalidOperationException("'password' is null.");
if (password.Length == 0)
throw new InvalidOperationException("'password' is zero-length.");
// check...
string hashed = EncryptionHelper.HashPasswordToBase64String(password, api.PasswordSalt);
if (hashed == api.PasswordHash)
{
// create a new token...
token = new LogonToken();
token.ApiKey = api;
token.GenerateToken();
token.UpdateExpiry(false);
// save...
token.SaveChanges();
// set...
XmlHelper.AddElement(root, ResultKey, LogonResult.LogonOk);
XmlHelper.AddElement(root, TokenKey, token.Token.ToString());
}
else
{
XmlHelper.AddElement(root, ResultKey, LogonResult.InvalidPassword);
XmlHelper.AddElement(root, MessageKey, "The password is invalid.");
}
}
private void ProcessLogon(ApiKey api, LogonToken token, XmlElement root)
{
if (api == null)
throw new ArgumentNullException("api");
if (token == null)
throw new ArgumentNullException("token");
if (root == null)
throw new ArgumentNullException("root");
// reset...
token.User = null;
token.SaveChanges();
// get...
string username = this.Request.Params["username"];
if (username == null)
throw new InvalidOperationException("'username' is null.");
if (username.Length == 0)
throw new InvalidOperationException("'username' is zero-length.");
string password = this.Request.Params["password"];
if (password == null)
throw new InvalidOperationException("'password' is null.");
if (password.Length == 0)
throw new InvalidOperationException("'password' is zero-length.");
// find a user...
UserItem user = UserItem.GetByUsernameAndApiKeyId(username, api.ApiKeyId);
if (user != null)
{
// active?
if (user.IsActive)
{
// check...
string hash = EncryptionHelper.HashPasswordToBase64String(password, user.PasswordSalt);
if (user.PasswordHash == hash)
{
// save...
token.User = user;
token.SaveChanges();
// ok...
XmlHelper.AddElement(root, ResultKey, LogonResult.LogonOk);
XmlHelper.AddElement(root, TokenKey, token.Token);
}
else
{
XmlHelper.AddElement(root, ResultKey, LogonResult.InvalidPassword);
XmlHelper.AddElement(root, MessageKey, "The password is invalid.");
}
}
else
{
XmlHelper.AddElement(root, ResultKey, LogonResult.AccountDisabled);
XmlHelper.AddElement(root, MessageKey, "The account is not active.");
}
}
else
{
XmlHelper.AddElement(root, ResultKey, LogonResult.InvalidUsername);
XmlHelper.AddElement(root, MessageKey, "The username is invalid.");
}
}
/// <summary>
/// Handles the logoff operation.
/// </summary>
/// <param name="api"></param>
/// <param name="token"></param>
/// <param name="root"></param>
private void ProcessLogoff(ApiKey api, LogonToken token, XmlElement root)
{
if (token != null)
{
token.User = null;
token.SaveChanges();
}
// send...
XmlHelper.AddElement(root, ResultKey, LogoffResult.LogoffOk);
}
public static void ClearLogonToken()
{
_logonToken = new LogonToken {
Status = false, UserName = "", Role = ""
};
}
protected virtual void PopulateResponse(ApiKey apiItem, LogonToken token, string operation, XmlElement root)
{
throw new NotImplementedException();
}
