Exemplo n.º 1
0
        public static async Task <Task> VerifyPayload(
            ServerState state,
            HTTPRequest request,
            Stream body,
            IProxyHTTPEncoder encoder)
        {
            var req = await Util.ReadJsonObjectFromStreamAsync <AuthVerifyPayloadRequest>(body, 1024 * 1024);

            var user = state.VerifyPayload(req.challenge, req.chash, req.phash);

            if (user == null)
            {
                return(await encoder.Response(403, "Authentication based on user failed.").SendNothing());
            }

            var resp = new AuthCheckResponse()
            {
                payload = "",
                success = true,
                user    = user,
            };

            return(await encoder.Response(200, "OK").ContentType_JSON().SendJsonFromObject(resp));
        }
Exemplo n.º 2
0
        public static async Task <Task> IsLoginValid(
            ServerState state,
            HTTPRequest request,
            Stream body,
            IProxyHTTPEncoder encoder)
        {
            var msg = await Util.ReadJsonObjectFromStreamAsync <Msg>(body, 1024);

            bool valid = false;

            User user;

            if (msg.payload == null || msg.auth.hash == null)
            {
                // Ensure the payload can never be accidentally used since this
                // authentication is without a payload hash.
                msg.payload = null;

                user = state.Verify(msg.auth.challenge, msg.auth.chash);

                if (user != null)
                {
                    valid = true;
                }
            }
            else
            {
                var payload_hash = BitConverter.ToString(
                    new SHA512Managed().ComputeHash(
                        Encoding.UTF8.GetBytes(msg.payload)
                        )
                    ).Replace("-", "").ToLower();

                user = state.VerifyPayload(
                    msg.auth.challenge,
                    msg.auth.chash,
                    payload_hash /* recompute it */
                    );

                if (user != null)
                {
                    valid = true;
                }
            }

            if (valid)
            {
                return(await encoder.Response(200, "Login Valid")
                       .CacheControlDoNotCache()
                       .ContentType_JSON()
                       .SendJsonFromObject(new AuthLoginValidResponse()
                {
                    success = true,
                    user = user,
                }));
            }
            else
            {
                return(await encoder.Response(403, "The login was not valid.")
                       .CacheControlDoNotCache()
                       .ContentType_JSON()
                       .SendJsonFromObject(new AuthLoginValidResponse()
                {
                    success = false,
                    user = null,
                }));
            }
        }