Exemplo n.º 1
0
        /// <summary>
        /// Create login for user. Throws exceptions if invalid, username exists or fails
        /// </summary>
        public static void CreateLoginForUser(User user, string name, string pwdhash, RmLoginSettings settings, RmContext context)
        {
            if (user == null || String.IsNullOrWhiteSpace(name) || String.IsNullOrWhiteSpace(pwdhash))
            {
                throw new ArgumentNullException();
            }

            var existing = context.UserLogins.FirstOrDefault(u => u.Name == name);

            if (existing != null)
            {
                throw new Exception("username exists");
            }

            var hash  = HashFromPwdHash(pwdhash, settings);
            var login = new UserLogin
            {
                Name   = name,
                Hash   = hash,
                UserId = user.UserId
            };

            try
            {
                context.UserLogins.Add(login);
                context.SaveChanges();
            }
            catch (Exception ex)
            {
                throw new Exception("operation failed", ex);
            }
        }
Exemplo n.º 2
0
 private static string HashFromPwdHash(string pwdhash, RmLoginSettings settings)
 {
     return(CryptoHelper.GetMd5String(
                CryptoHelper.GetMd5String(pwdhash + settings.HashSalt) + settings.HashSalt
                ));
 }
Exemplo n.º 3
0
        public static bool LoginWithCredentials(ISession session, string name, string pwdhash, RmLoginSettings settings, RmContext context)
        {
            var hash  = HashFromPwdHash(pwdhash, settings);
            var login = context.UserLogins.Include(u => u.User).FirstOrDefault(u => u.Name == name && u.Hash == hash);

            if (login?.User != null)
            {
                AssignUser(session, login.User);
                return(true);
            }
            return(false);
        }
Exemplo n.º 4
0
        public static string ThirdPartyLogin(string itsc, string timestr, string hash, RmLoginSettings settings, RmContext context)
        {
            // verify third party identity
            DateTime time;

            if (!DateTime.TryParseExact(timestr, "yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture,
                                        DateTimeStyles.None, out time))
            {
                return("R_INVALID_TIME");
            }

            var diff = (DateTime.UtcNow - time).TotalSeconds;

            if (diff < 0)
            {
                return("R_FUTURE_TIME");
            }
            else if (diff > 10)
            {
                return("R_TIME_EXPIRED");
            }

            var target = CryptoHelper.GetMd5String(itsc + timestr + settings.ThirdPartyPsk);

            if (hash != target)
            {
                return("R_HASH_REJECTED");
            }

            lock (_loginHashLock)
            {
                if (_acceptedHashes.Contains(hash))
                {
                    return("R_REPLAY");
                }

                _acceptedHashes.Add(hash);
            }

            var token = GenerateToken();

            lock (_loginEntryLock)
            {
                var tuple = _thirdPartyLogins.FirstOrDefault(t => t.Item2 == itsc);
                if (tuple != null)
                {
                    _thirdPartyLogins.Remove(tuple);
                }

                tuple = new Tuple <DateTime, string, string>(time, itsc, token);
                _thirdPartyLogins.Add(tuple);
            }

            return(token);
        }
Exemplo n.º 5
0
 public ApiUserController(RmContext context, IOptions <RmSettings> options, IOptions <RmLoginSettings> loginOptions) : base(context, options)
 {
     _loginSettings = loginOptions.Value;
 }