protected override void ProcessRequest(HttpListenerContext context)
        {
            var tokenCookie = context.Request.Cookies[RegisterHandler.TokenCookieName];

            if (tokenCookie == null || string.IsNullOrEmpty(tokenCookie.Value))
            {
                ProcessUnauthorizedRequest(context);
                return;
            }

            var token = CommonUtils.TryOrDefault(() => JsonHelper.ParseJson <Token>(TokenCrypt.Decrypt(HttpUtility.UrlDecode(tokenCookie.Value))));

            if (token == null)
            {
                ProcessForbiddenRequest(context);
                return;
            }
            var user = authController.FindUserAuthorized(token.Login);

            if (user == null)
            {
                ProcessUserNotFoundRequest(context);
                return;
            }

            ProcessAuthorizedRequest(context, user);
        }
Exemplo n.º 2
0
        protected override void ProcessRequest(HttpListenerContext context)
        {
            context.Request.AssertMethod(WebRequestMethods.Http.Post);
            var form = context.Request.GetPostData();

            string login, pass;

            if (!form.TryGetValue("login", out login) || string.IsNullOrEmpty(login))
            {
                throw new HttpException(HttpStatusCode.BadRequest, "Empty 'login' value");
            }

            if (!form.TryGetValue("pass", out pass) || string.IsNullOrEmpty(pass))
            {
                throw new HttpException(HttpStatusCode.BadRequest, "Empty 'pass' value");
            }

            if (login.Length > MaxLength || pass.Length > MaxLength)
            {
                throw new HttpException(HttpStatusCode.BadRequest, string.Format("Too large login/pass (max len {0})", MaxLength));
            }

            if (!Regex.IsMatch(login, @"^\w+$"))
            {
                throw new HttpException(HttpStatusCode.BadRequest, @"Only \w chars allowed in login");
            }

            string publicMessage;

            form.TryGetValue("publicMessage", out publicMessage);

            string privateNotes;

            form.TryGetValue("privateNotes", out privateNotes);

            if ((authController.AddUser(login, pass, publicMessage.TrimToNull(), privateNotes.TrimToNull())) == null)
            {
                throw new HttpException(HttpStatusCode.Conflict, string.Format("User '{0}' already exists", login));
            }

            context.Response.SetCookie(LoginCookieName, login);
            context.Response.SetCookie(TokenCookieName, TokenCrypt.Encrypt(new Token {
                Login = login
            }.ToJsonString()), true);

            WriteString(context, "Register OK");

            log.InfoFormat("Registered user '{0}'", login);
        }
Exemplo n.º 3
0
        protected override void ProcessRequest(HttpListenerContext context)
        {
            context.Request.AssertMethod(WebRequestMethods.Http.Post);
            var form = context.Request.GetPostData();

            User   user;
            string login, pass;

            if (!form.TryGetValue("login", out login) || !form.TryGetValue("pass", out pass) || string.IsNullOrEmpty(login) || string.IsNullOrEmpty(pass) || (user = authController.FindUser(login, pass)) == null)
            {
                throw new HttpException(HttpStatusCode.Forbidden, "Invalid credentials");
            }

            context.Response.SetCookie(RegisterHandler.LoginCookieName, login);
            context.Response.SetCookie(RegisterHandler.TokenCookieName, TokenCrypt.Encrypt(new Token {
                Login = login
            }.ToJsonString()), true);

            WriteString(context, "Login OK");

            log.InfoFormat("Logged in user '{0}'", login);
        }