public override DbxObject GetObject(Instance instance, string type, object rawauthdata)
{
//bool create;
Dictionary<string, object> paramaters;
try {
paramaters = (Dictionary<string, object>)rawauthdata;
} catch {
throw new UserErrorException("parameter.invalid", "auth; Invalid structure");
}
if (!paramaters.ContainsKey("token")) throw new UserErrorException("parameter.missing", "auth[token]; Required field missing");
string token = ((string)paramaters["token"]);
if (String.IsNullOrEmpty(token)) throw new UserErrorException("parameter.invalid", "auth[token]; Token blank");
if (!Tokens.Validate(token)) throw new UserErrorException("parameter.invalid", "auth[token]; Invalid token");
// Locate user with email
var objs = instance.LocateEq(type, Locate.GenerateSimple("accesstoken", token));
if (objs.Count < 1) {
// User does not exist in database
throw new UserErrorException("auth.notregistered", "Token not registered");
} else if (objs.Count > 1) {
// Multiple matches
throw new UserErrorException("auth.ambigious", "Token ambigious"); // HACK: Need to manage race condition
}
// Load object
var obj = objs[0];
// Logon success
return obj;
}
// New object
public DbxObject(Instance instance, string type, Dictionary<string, object> properties, string srcuid, BlobDetails blob = null)
{
// Start createMode
createMode = true;
// Set magic property default
this.instance = instance;
this.magicOid = 0;
this.magicUid = Uids.Generate(type);
this.magicType = type;
this.magicSerial = Util.SerialNow();
this.magicPredecessor = 0;
this.magicCreator = srcuid;
// Check access
var userLevel = UserLevel(srcuid);
if (!DbxObject.Creatable(instance, srcuid, type)) throw new UserErrorException("access.create", "Access violation attempt while creating object '" + type + "' (object level " + userLevel + ")");
// Enable writing
writable = true;
// Prepare properties
this.properties = new Dictionary<string, object>();
// Make sure properties isn't null
if (null == properties) properties = new Dictionary<string, object>();
// If property is not defined - set it to be the detault. This is to make sure all triggers and particularly null constraints are fired
foreach (var item in Subschema.Properties) {
if (!properties.ContainsKey(item.Key) && AccessFields(srcuid, false, true).Contains(item.Key)) {
properties[item.Key] = item.Value.DefaultValue;
}
}
// Set properties
Set(properties, srcuid, true);
// Set blob data
if (null != Subschema.Blob) {
try {
SetBlob(srcuid, blob);
} catch (UserErrorException) {
// Error occured creating blob - rollback database entry
Delete("system");
// Throw error anyway
throw;
}
}
// Create trigger (PROBABLY SHOULD HAPPEN BEFORE SET, but validation wouldn't have happened yet)
instance.Mode.TriggerCreating(this, magicType, properties, blob, srcuid);
// Stop createMode
createMode = false;
}
public static Mode Select(string mode, Instance instance)
{
switch (mode) {
case "mp":
return (Mode)new MP(instance);
case "kpb":
return (Mode)new KPB(instance);
default:
throw new Exception("Invalid or unset mode");
}
}
public KPB(Instance instance)
{
this.instance = instance;
emailtransport = SendGridMail.Transport.Web.GetInstance(new NetworkCredential(GridMailUsername, GridMailPassword));
// Start queue timer
mailqueueTimer.Elapsed += new ElapsedEventHandler(ProcessMailqueueue);
mailqueueTimer.Enabled = true;
// Start the auto-payment timer
autopaymentTimer.Elapsed += new ElapsedEventHandler(ProcessAutopayment);
autopaymentTimer.Enabled = true;
}
// Load object
public DbxObject(Instance instance, long oid, string uid, string type, long serial, long predecessor, string creator, string properties)
{
// Load magic properties
this.instance = instance;
this.magicOid = oid;
this.magicUid = uid;
this.magicType = type;
this.magicSerial = serial;
this.magicPredecessor = predecessor;
this.magicCreator = creator;
// Load properties
this.properties = Util.JsonDeserialize<Dictionary<string, object>>(properties);
if (null == this.properties) this.properties = new Dictionary<string, object>();
}
public static DbxObject Register(Instance instance, string type, string email, string password)
{
// Check email isn't already in use
var objs = instance.LocateEq(type, Locate.GenerateSimple("email", email)); // TODO: Race condition?
if (objs.Count > 0) throw new UserErrorException("auth.ambigious", "Invalid address, email already in use '" + email + "'");
// Calculate auth factors
var salt = Util.GenerateSalt(32);
var authhash = GenerateAuthHash(email, password, salt);
// Create object
var properties = new Dictionary<string, object>();
properties["email"] = email;
properties["authhash"] = authhash;
properties["salt"] = salt;
return instance.Create(type, "system", properties);
}
public override DbxObject GetObject(Instance instance, string type, object rawauthdata)
{
//bool create;
Dictionary<string, object> paramaters;
try {
paramaters = (Dictionary<string, object>)rawauthdata;
//create = authdata.ContainsKey("create") ? (bool)authdata["create"] : false;
} catch {
throw new UserErrorException("parameter.invalid", "auth; Invalid structure");
}
if (!paramaters.ContainsKey("email")) throw new UserErrorException("parameter.missing", "auth[email]; Required field missing");
string email = ((string)paramaters["email"]).ToLowerInvariant();
if (!paramaters.ContainsKey("password")) throw new UserErrorException("parameter.missing", "auth[password]; Required field missing");
string password = (string)paramaters["password"];
// Locate user with email
var objs = instance.LocateEq(type, Locate.GenerateSimple("email", email));
if (objs.Count < 1) {
// User does not exist in database
// if (!create)
throw new UserErrorException("auth.notregistered", "email; Email address not registered '" + email + "'");
//return Register(type, email, password);
} else if (objs.Count > 1) {
// Multiple matches
throw new UserErrorException("auth.ambigious", "Ambigous match for email '" + email + "'"); // HACK: Need to manage race condition
}
// Load object
var obj = objs[0];
// Check if we can logon
var attempt = GenerateAuthHash(email, password, obj.GetProp("salt", "system").ToString());
if (attempt != obj.GetProp("authhash", "system").ToString()) throw new UserErrorException("auth.badpassword", "password mismatch"); // Invalid password
// Logon success
return obj;
}
public override object GetProgress(Instance instance, string type, object rawauthdata)
{
throw new NotImplementedException();
}
public MP(Instance instance)
{
this.instance = instance;
}
public static bool Creatable(Instance instance, string srcuid, string type)
{
// Allow system full access
if (srcuid == "system") return true;
// Allow DBAs full access
if (instance.Configuration.DBAs.Contains(srcuid)) return true;
// Load SchemaType
var st = instance.Configuration.Schema.Types[type];
// Calculate level required
var targetlevel = st.Security.Default.Create;
// Try and access with base level
if (st.Security.BaseUserLevel(null != srcuid, true) <= targetlevel) return true;
// No access
return false;
}
public abstract object GetProgress(Instance instance, string type, object rawauthdata);
public abstract DbxObject GetObject(Instance instance, string type, object rawauthdata);
public override DbxObject GetObject(Instance instance, string type, object rawauthdata)
{
DbxObject obj;
string access_token;
string partner = null;
bool tos = false;
try {
var authdata = (Dictionary<string, object>)rawauthdata;
// Get access_token
access_token = (string)authdata["access_token"];
// Try and get partneruid
if (authdata.ContainsKey("partner")) partner = (string)authdata["partner"];
// Try and get TOS
if (authdata.ContainsKey("tos")) tos = (bool)authdata["tos"];
} catch {
throw new UserErrorException("parameter.invalid", "auth; Invalid form");
}
// Perform FB query
string result;
try {
result = Facebook.WebGet("https://graph.facebook.com/me?fields=id,name,first_name,last_name,link,email,timezone,locale,verified,updated_time&access_token=" + Common.Util.UrlEncode(access_token));
} catch (OAuthException) {
throw new ObjectNotExistException();
}
// Convert response to objects
var ret = new Dictionary<string, object>();
try {
ret = Common.Util.JsonDeserialize<Dictionary<string, object>>(result);
} catch (Exception) {
throw new UserErrorException("upstream", "Unexpected response from Facebook");
}
// Extract key values
if (ret["id"].ToString() == "0" || ret["id"].ToString() == "") throw new UserErrorException("upstream", "Invalid FBID returned from Facebook");
var fbid = Util.ParseNumber(ret["id"]);
string email = "";
if (ret.ContainsKey("email")) email = ((string)ret["email"]).ToLowerInvariant();
// Calculate properties
var props = new Dictionary<string, object>();
props["email"] = email;
props["fbid"] = fbid;
props["creatorModule"] = "auth";
if (ret.ContainsKey("name")) props["dname"] = ret["name"];
if (ret.ContainsKey("name")) props["aname"] = ret["name"];
if (ret.ContainsKey("fbLink")) props["fbLink"] = ret["link"];
if (ret.ContainsKey("fbTimezone")) props["fbTimezone"] = ret["timezone"];
if (ret.ContainsKey("fbLocale")) props["fbLocale"] = ret["locale"];
if (ret.ContainsKey("fbVerified")) props["fbVerified"] = ret["verified"];
if (ret.ContainsKey("fbUpdated")) props["fbUpdated"] = ret["updated_time"];
if (tos) props["tos"] = true;
if (null != partner) {
// Check object exists
try {
obj = instance.Uid("partner$" + partner);
} catch (ObjectNotExistException) {
throw new UserErrorException("parameter.invalid", "Invalid partner reference in 'partner'");
}
// Set property
props["partner"] = "partner$" + partner;
}
// Plan A: Try search by ID
var objs = instance.LocateEq("user", Locate.GenerateSimple("fbid", fbid));
if (objs.Count == 0) {
// User not found, create
obj = instance.Create("user", "system", props);
} else {
// User found, update
// Find oldest record (HACK: To handle ambigious matches)
obj = objs[0];
foreach (var item in objs) {
if (item.Predecessor > 0 && item.Predecessor < obj.Predecessor) obj = item;
};
obj = obj.GetWritableInstance();
obj.Set(props, "system");
}
// Enforce TOS
if (!((bool)obj.GetProp("tos", "system"))) throw new UserErrorException("auth.prerequisite.tos", "Terms of Service has not yet been accepted");
return obj;
}
public override object GetProgress(Instance instance, string type, object rawauthdata)
{
return "reauthenticate";
}
