public ActionResult <LoginResponse> ChangePassword([Required, FromBody] ChangePasswordRequest request)
{
if (string.IsNullOrEmpty(request.oldPassword))
{
return(ModelError("oldPassword", AuthMessage.PasswordMustHaveAValue.NiceToString()));
}
if (string.IsNullOrEmpty(request.newPassword))
{
return(ModelError("newPassword", AuthMessage.PasswordMustHaveAValue.NiceToString()));
}
var user = UserEntity.Current;
if (!user.PasswordHash.SequenceEqual(Security.EncodePassword(request.oldPassword)))
{
return(ModelError("oldPassword", AuthMessage.InvalidPassword.NiceToString()));
}
user.PasswordHash = Security.EncodePassword(request.newPassword);
using (AuthLogic.Disable())
user.Execute(UserOperation.Save);
return(new LoginResponse {
userEntity = user, token = AuthTokenServer.CreateToken(UserEntity.Current)
});
}
public LoginResponse LoginFromApiKey(string apiKey)
{
var token = AuthTokenServer.CreateToken(UserEntity.Current);
return(new LoginResponse {
userEntity = UserEntity.Current, token = token, authenticationType = "api-key"
});
}
public LoginResponse LoginFromApiKey(string apiKey)
{
string message = AuthLogic.OnLoginMessage();
var token = AuthTokenServer.CreateToken(UserEntity.Current);
return(new LoginResponse {
message = message, userEntity = UserEntity.Current, token = token
});
}
public LoginResponse?LoginWithAzureAD([FromBody, Required] string jwt, [FromQuery] bool throwErrors = true)
{
if (!AzureADAuthenticationServer.LoginAzureADAuthentication(ControllerContext, jwt, throwErrors))
{
return(null);
}
var token = AuthTokenServer.CreateToken(UserEntity.Current);
return(new LoginResponse {
userEntity = UserEntity.Current, token = token, authenticationType = "azureAD"
});
}
public LoginResponse?LoginWithAzureAD([FromBody, Required] string jwt)
{
if (!AzureADAuthenticationServer.LoginAzureADAuthentication(ControllerContext, jwt))
{
return(null);
}
var token = AuthTokenServer.CreateToken(UserEntity.Current);
return(new LoginResponse {
message = null, userEntity = UserEntity.Current, token = token, authenticationType = "azureAD"
});
}
public ActionResult <LoginResponse> ResetPassword([Required, FromBody] ResetPasswordRequest request)
{
if (string.IsNullOrEmpty(request.newPassword))
{
return(ModelError("newPassword", AuthMessage.PasswordMustHaveAValue.NiceToString()));
}
var rpr = ResetPasswordRequestLogic.ResetPasswordRequestExecute(request.code, request.newPassword);
return(new LoginResponse {
userEntity = rpr.User, token = AuthTokenServer.CreateToken(rpr.User), authenticationType = "resetPassword"
});
}
public LoginResponse?LoginFromCookie()
{
if (!UserTicketServer.LoginFromCookie(ControllerContext))
{
return(null);
}
var token = AuthTokenServer.CreateToken(UserEntity.Current);
return(new LoginResponse {
userEntity = UserEntity.Current, token = token, authenticationType = "cookie"
});
}
public LoginResponse?LoginWithAzureAD([FromBody, Required] string jwt)
{
using (ScopeSessionFactory.OverrideSession())
{
if (!AzureADAuthenticationServer.LoginAzureADAuthentication(ControllerContext, jwt))
{
return(null);
}
var token = AuthTokenServer.CreateToken(UserEntity.Current);
return(new LoginResponse {
message = null, userEntity = UserEntity.Current, token = token
});
}
}
public LoginResponse?LoginWindowsAuthentication()
{
using (ScopeSessionFactory.OverrideSession())
{
if (!WindowsAuthenticationServer.LoginWindowsAuthentication(ControllerContext))
{
return(null);
}
var token = AuthTokenServer.CreateToken(UserEntity.Current);
return(new LoginResponse {
message = null, userEntity = UserEntity.Current, token = token
});
}
}
public LoginResponse?LoginFromCookie()
{
using (ScopeSessionFactory.OverrideSession())
{
if (!UserTicketServer.LoginFromCookie(ControllerContext))
{
return(null);
}
string?message = AuthLogic.OnLoginMessage();
var token = AuthTokenServer.CreateToken(UserEntity.Current);
return(new LoginResponse {
message = message, userEntity = UserEntity.Current, token = token, authenticationType = "cookie"
});
}
}
public LoginResponse LoginFromCookie()
{
using (ScopeSessionFactory.OverrideSession())
{
if (!UserTicketServer.LoginFromCookie())
{
return(null);
}
string message = AuthLogic.OnLoginMessage();
var token = AuthTokenServer.CreateToken(UserEntity.Current);
return(new LoginResponse {
message = message, userEntity = UserEntity.Current, token = token
});
}
}
public ActionResult <LoginResponse> ChangePassword([Required, FromBody] ChangePasswordRequest request)
{
if (string.IsNullOrEmpty(request.newPassword))
{
return(ModelError("newPassword", LoginAuthMessage.PasswordMustHaveAValue.NiceToString()));
}
var error = UserEntity.OnValidatePassword(request.newPassword);
if (error.HasText())
{
return(ModelError("newPassword", error));
}
var user = UserEntity.Current;
if (string.IsNullOrEmpty(request.oldPassword))
{
if (user.PasswordHash != null)
{
return(ModelError("oldPassword", LoginAuthMessage.PasswordMustHaveAValue.NiceToString()));
}
}
else
{
if (user.PasswordHash == null || !user.PasswordHash.SequenceEqual(Security.EncodePassword(request.oldPassword)))
{
return(ModelError("oldPassword", LoginAuthMessage.InvalidPassword.NiceToString()));
}
}
user.PasswordHash = Security.EncodePassword(request.newPassword);
using (AuthLogic.Disable())
using (OperationLogic.AllowSave <UserEntity>())
{
user.Save();
}
return(new LoginResponse {
userEntity = user, token = AuthTokenServer.CreateToken(UserEntity.Current), authenticationType = "changePassword"
});
}
public async Task <LoginResponse> MakeAssertion([FromBody][Required] MakeAssertionRequest request)
{
using (AuthLogic.Disable())
using (Transaction tr = new Transaction())
{
var assertionOptions = Database.Retrieve <WebAuthnAssertionOptionsEntity>(request.AssertionOptionsId);
var options = AssertionOptions.FromJson(assertionOptions.Json);
var cred = Database.Query <WebAuthnCredentialEntity>().SingleEx(cred => cred.CredentialId == request.AssertionRawResponse.Id);
var res = await fido2.MakeAssertionAsync(request.AssertionRawResponse, options, cred.PublicKey, (uint)cred.Counter, (args) =>
{
if (!MemoryExtensions.SequenceEqual <byte>(cred.CredentialId, args.CredentialId))
{
return(Task.FromResult(false));
}
var userId = Encoding.UTF8.GetBytes(cred.User.Id.ToString());
if (!MemoryExtensions.SequenceEqual <byte>(userId, args.UserHandle))
{
return(Task.FromResult(false));
}
return(Task.FromResult(true));
});
cred.Counter++;
cred.Save();
var user = cred.User.RetrieveAndForget();
AuthServer.OnUserPreLogin(ControllerContext, user);
AuthServer.AddUserSession(ControllerContext, user);
var token = AuthTokenServer.CreateToken(user);
return(tr.Commit(new LoginResponse {
userEntity = user, token = token, authenticationType = "webauthn"
}));
}
}
public LoginResponse?LoginWindowsAuthentication(bool throwError)
{
string?error = WindowsAuthenticationServer.LoginWindowsAuthentication(ControllerContext);
if (error != null)
{
if (throwError)
{
throw new InvalidOperationException(error);
}
return(null);
}
var token = AuthTokenServer.CreateToken(UserEntity.Current);
return(new LoginResponse {
userEntity = UserEntity.Current, token = token, authenticationType = "windows"
});
}
public LoginResponse?LoginWindowsAuthentication(bool throwError)
{
using (ScopeSessionFactory.OverrideSession())
{
string?error = WindowsAuthenticationServer.LoginWindowsAuthentication(ControllerContext);
if (error != null)
{
if (throwError)
{
throw new InvalidOperationException(error);
}
return(null);
}
var token = AuthTokenServer.CreateToken(UserEntity.Current);
return(new LoginResponse {
message = null, userEntity = UserEntity.Current, token = token
});
}
}
public ActionResult <LoginResponse> Login([Required, FromBody] LoginRequest data)
{
if (string.IsNullOrEmpty(data.userName))
{
return(ModelError("userName", LoginAuthMessage.UserNameMustHaveAValue.NiceToString()));
}
if (string.IsNullOrEmpty(data.password))
{
return(ModelError("password", LoginAuthMessage.PasswordMustHaveAValue.NiceToString()));
}
string authenticationType;
// Attempt to login
UserEntity user;
try
{
if (AuthLogic.Authorizer == null)
{
user = AuthLogic.Login(data.userName, Security.EncodePassword(data.password), out authenticationType);
}
else
{
user = AuthLogic.Authorizer.Login(data.userName, data.password, out authenticationType);
}
}
catch (Exception e) when(e is IncorrectUsernameException || e is IncorrectPasswordException)
{
if (AuthServer.MergeInvalidUsernameAndPasswordMessages)
{
return(ModelError("login", LoginAuthMessage.InvalidUsernameOrPassword.NiceToString()));
}
else if (e is IncorrectUsernameException)
{
return(ModelError("userName", LoginAuthMessage.InvalidUsername.NiceToString()));
}
else if (e is IncorrectPasswordException)
{
return(ModelError("password", LoginAuthMessage.InvalidPassword.NiceToString()));
}
throw;
}
catch (Exception e)
{
return(ModelError("login", e.Message));
}
AuthServer.OnUserPreLogin(ControllerContext, user);
AuthServer.AddUserSession(ControllerContext, user);
if (data.rememberMe == true)
{
UserTicketServer.SaveCookie(ControllerContext);
}
var token = AuthTokenServer.CreateToken(user);
return(new LoginResponse {
userEntity = user, token = token, authenticationType = authenticationType
});
}
public LoginResponse Login([FromBody] LoginRequest data)
{
if (string.IsNullOrEmpty(data.userName))
{
throw ModelException("userName", AuthMessage.UserNameMustHaveAValue.NiceToString());
}
if (string.IsNullOrEmpty(data.password))
{
throw ModelException("password", AuthMessage.PasswordMustHaveAValue.NiceToString());
}
// Attempt to login
UserEntity user = null;
try
{
user = AuthLogic.Login(data.userName, Security.EncodePassword(data.password));
}
catch (Exception e) when(e is IncorrectUsernameException || e is IncorrectPasswordException)
{
if (AuthServer.MergeInvalidUsernameAndPasswordMessages)
{
ModelState.AddModelError("userName", AuthMessage.InvalidUsernameOrPassword.NiceToString());
ModelState.AddModelError("password", AuthMessage.InvalidUsernameOrPassword.NiceToString());
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.BadRequest, this.ModelState));
}
else if (e is IncorrectUsernameException)
{
throw ModelException("userName", AuthMessage.InvalidUsername.NiceToString());
}
else if (e is IncorrectPasswordException)
{
throw ModelException("password", AuthMessage.InvalidPassword.NiceToString());
}
}
catch (IncorrectPasswordException)
{
throw ModelException("password", AuthServer.MergeInvalidUsernameAndPasswordMessages ?
AuthMessage.InvalidUsernameOrPassword.NiceToString() :
AuthMessage.InvalidPassword.NiceToString());
}
using (UserHolder.UserSession(user))
{
if (data.rememberMe == true)
{
UserTicketServer.SaveCookie();
}
AuthServer.AddUserSession(user);
string message = AuthLogic.OnLoginMessage();
var token = AuthTokenServer.CreateToken(user);
return(new LoginResponse {
message = message, userEntity = user, token = token
});
}
}