public virtual IHttpActionResult RequestRefresh([FromBody] RefreshParams rp)
{
return(ExecuteValidatedAction(() =>
{
// manually validating, as api is no longer wired up...
ValidatorHelpers.ValidateAndThrow(rp, new RefreshParamsValidator());
// validate AuthClient and RefreshToken
JwtConfig config = new JwtConfig(true, RequestLeftPart);
AuthClient client = ValidateClient(rp);
AuthToken rt = AuthService.RetrieveToken(rp.AuthUserId, rp.AuthClientId, rp.TokenIdentifier);
AddNoCacheHeader();
if (client == null || rt == null || rt.AuthClientId != client.Id ||
!JsonWebToken.GrantNewAccess(config, rt.Token))
{
return ImATeapot();
}
// get user
AuthUser user = AuthService.GetByIdForLogin(rt.AuthUserId);
if (user == null)
{
return ImATeapot();
}
CheckSetRoleManager(user); // make sure state is set in RoleManager
ILoginResultDto loginResult = CreateTokenResult(user, client, config); // create new tokens, return result
return loginResult != null ? (IHttpActionResult)Ok(loginResult) : ImATeapot();
}));
}
public virtual IHttpActionResult ResetPassword([FromBody] ResetPasswordParams rpp)
{
return(ExecuteValidatedAction(() =>
{
ValidatorHelpers.ValidateAndThrow(rpp, new ResetPasswordParamsValidator());
// validate client
AuthClient client = ValidateClient(rpp);
if (client == null)
{
return ImATeapot();
}
// validate user
AuthUser user = AuthService.ValidateReset(rpp.AuthUserId, rpp.ResetKey);
if (user == null)
{
return BadRequest();
}
// change password
AuthService.UpdatePassword(user, rpp.Password);
CheckSetRoleManager(user); // make sure state is set in RoleManager
ILoginResultDto result = CreateTokenResult(user, client); // return token
AuthService.MarkResetInvalid(rpp.AuthUserId);
return result != null ? (IHttpActionResult)Ok(result) : ImATeapot();
}));
}
private static void ValidatePasswordStrength(string password)
{
if (ValidatorHelpers.BeAStrongPassword(password))
{
return;
}
var ex = new ValidationException(RegexPatterns.PasswordErrorMsg)
{
Source = "Password"
};
throw ex;
}
/// <summary>
/// Updates a user's password.
/// Call this from inherited controller so that you can
/// apply custom attributes / routes with custom protection.
/// </summary>
protected IHttpActionResult _UpdatePassword([FromBody] UpdatePasswordParams upp)
{
return(ExecuteValidatedAction(() =>
{
ValidatorHelpers.ValidateAndThrow(upp, new UpdatePasswordValidator());
var user = AuthService.ValidateLogin(upp.AuthUserId, upp.OldPassword);
if (user == null)
{
return ImATeapot();
}
AuthService.UpdatePassword(user, upp.Password);
RoleManager.StampAuthUser(upp.AuthUserId); // require other tokens to refresh
return Ok();
}));
}
public virtual IHttpActionResult UpdateUsername(UpdateUsernameParams upp)
{
return(ExecuteValidatedAction(() =>
{
ValidatorHelpers.ValidateAndThrow(upp, new UpdateUsernameValidator());
var user = AuthService.GetById(upp.AuthUserId);
if (user == null)
{
return ImATeapot();
}
user.Username = upp.Username;
AuthService.Update(user);
return Ok();
}));
}
public virtual IHttpActionResult RequestToken([FromBody] LoginParams lp)
{
return(ExecuteValidatedAction(() =>
{
ValidatorHelpers.ValidateAndThrow(lp, new LoginParamsValidator());
var client = ValidateClient(lp);
if (client == null)
{
return ImATeapot();
}
bool isDomainEmail = IsLoginDomainEmail(lp.Username);
if (!isDomainEmail && lp.Password == null)
{
return ImATeapot();
}
AddNoCacheHeader();
// check valid login
var authUser = AuthService.ValidateLogin(lp.Username, lp.Password);
if (authUser != null)
{
CheckSetRoleManager(authUser); // make sure state is set in RoleManager
ILoginResultDto loginResult = CreateTokenResult(authUser, client); // issue the token
return loginResult != null ? (IHttpActionResult)Ok(loginResult) : ImATeapot();
}
// check valid email domain
if (!isDomainEmail)
{
return ImATeapot();
}
AuthService.SendDomainEmailAccess(lp.Username);
return Ok(new DomainEmailLoginResult {
Email = lp.Username, SentEmail = true
});
}));
}
public virtual IHttpActionResult GrantAdminDomainEmailAccess([FromBody] DomainEmailPasswordParams depp)
{
return(ExecuteValidatedAction(() =>
{
ValidatorHelpers.ValidateAndThrow(depp, new DomainEmailPasswordParamsValidator());
AuthClient client = ValidateClient(depp);
if (client == null)
{
return ImATeapot();
}
AuthUser au = AuthService.ValidateDomainEmailLogin(depp.ResetKey);
if (au == null)
{
return ImATeapot();
}
CheckSetRoleManager(au);
ILoginResultDto result = CreateTokenResult(au, client); // return token
return result != null ? (IHttpActionResult)Ok(result) : ImATeapot();
}));
}
private IField ReadFieldFromTable(DataRow dr, string elementName, SortedList <string, int> bitmapLows, SortedList <string, int> bitmapHighs)
{
FieldLength length;
Enum.TryParse <FieldLength>((string)dr["FieldLength"], out length);
FieldFormat format;
Enum.TryParse <FieldFormat>((string)dr["FieldFormat"], out format);
Messages.Core.Field.Empty empty;
if (elementName != "Group" && Convert.ToBoolean(dr["Bitmap"]))
{
if (Convert.ToBoolean(dr["HexBitmap"]))
{
empty = new BitmapHex(Convert.ToInt32(dr["BitmapFirst"]));
}
else
{
empty = new Bitmap(Convert.ToInt32(dr["BitmapFirst"]));
}
bitmapLows.Add((string)dr[elementName], Convert.ToInt32(dr["BitmapStartRange"]));
bitmapHighs.Add((string)dr[elementName], Convert.ToInt32(dr["BitmapEndRange"]));
}
else
{
empty = new Messages.Core.Field.Empty();
}
empty.Configure((string)dr[elementName], Convert.ToInt32(dr["Size"]), Convert.ToInt32(dr["Number"]), length, format, FormatHelpers.GetFormatter((string)dr["Formatter"]), ValidatorHelpers.GetValidator((string)dr["Validator"]), ParserHelpers.GetParser((string)dr["Parser"]));
return(empty);
}
public void AddDefaultExpand <TProperty>(Expression <Func <T, TProperty> > exp)
{
_defaultExpands.Add(ValidatorHelpers.GetExpandString(exp.ToString()));
}
public IField Configure(string Name, int Size, int Number, FieldLength Length, FieldFormat Format)
{
this.Init(Name, Size, Number, Length, Format, FormatHelpers.GetFormatter(Length), ValidatorHelpers.GetValidator(Format), ParserHelpers.GetParser(Length));
return(this);
}
/// <summary>
/// Wrapper to validate and throw for testing.
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="entity"></param>
/// <param name="validator"></param>
protected static void ValidateAndThrow <T>(T entity, IValidator <T> validator)
{
ValidatorHelpers.ValidateAndThrow(entity, validator);
}
