private LoginResultData UpdateToken(string renewalToken, PersistedToken ptoken, UserInfo userInfo)
{
var expiry = DateTime.UtcNow.AddMinutes(SessionTokenTtl);
if (expiry > ptoken.RenewalExpiry)
{
// don't extend beyond renewal expiry and make sure it is marked in UTC
expiry = new DateTime(ptoken.RenewalExpiry.Ticks, DateTimeKind.Utc);
}
ptoken.TokenExpiry = expiry;
#pragma warning disable 618 // Obsolete
var obsoletePortalSettings = PortalController.Instance.GetCurrentPortalSettings();
#pragma warning restore 618 // Obsolete
IPortalSettings portalSettings = obsoletePortalSettings;
IPortalAliasInfo portalAlias = obsoletePortalSettings.PortalAlias;
var secret = ObtainSecret(ptoken.TokenId, portalSettings.GUID, userInfo.Membership.LastPasswordChangeDate);
var jwt = CreateJwtToken(secret, portalAlias.HttpAlias, ptoken, userInfo.Roles);
var accessToken = jwt.RawData;
// save hash values in DB so no one with access can create JWT header from existing data
ptoken.TokenHash = GetHashedStr(accessToken);
this.DataProvider.UpdateToken(ptoken);
return(new LoginResultData
{
UserId = userInfo.UserID,
DisplayName = userInfo.DisplayName,
AccessToken = accessToken,
RenewalToken = renewalToken,
});
}
public PortalAliasInfo(IPortalAliasInfo alias)
{
this.ThisAsInterface.HttpAlias = alias.HttpAlias;
this.ThisAsInterface.PortalAliasId = alias.PortalAliasId;
this.ThisAsInterface.PortalId = alias.PortalId;
this.IsPrimary = alias.IsPrimary;
this.Redirect = alias.Redirect;
this.ThisAsInterface.BrowserType = alias.BrowserType;
this.CultureCode = alias.CultureCode;
this.Skin = alias.Skin;
}
/// <inheritdoc />
void IPortalAliasService.DeletePortalAlias(IPortalAliasInfo portalAlias)
{
// Delete Alias
DataProvider.Instance().DeletePortalAlias(portalAlias.PortalAliasId);
// Log Event
LogEvent(portalAlias, EventLogController.EventLogType.PORTALALIAS_DELETED);
// clear portal alias cache
ClearCache(false, portalAlias.PortalId);
}
public string GetRouteName(string moduleFolderName, string routeName, IPortalAliasInfo portalAlias)
{
var alias = portalAlias.HttpAlias;
string appPath = TestableGlobals.Instance.ApplicationPath;
if (!string.IsNullOrEmpty(appPath))
{
int i = alias.IndexOf(appPath, StringComparison.OrdinalIgnoreCase);
if (i > 0)
{
alias = alias.Remove(i, appPath.Length);
}
}
return(this.GetRouteName(moduleFolderName, routeName, CalcAliasPrefixCount(alias)));
}
/// <inheritdoc/>
string IPortalAliasService.GetPortalAliasByPortal(int portalId, string portalAlias)
{
string retValue = string.Empty;
bool foundAlias = false;
var portalAliasInfo = this.ThisAsInterface.GetPortalAlias(portalAlias, portalId);
if (portalAliasInfo != null)
{
retValue = portalAliasInfo.HttpAlias;
foundAlias = true;
}
if (!foundAlias)
{
// searching from longest to shortest alias ensures that the most specific portal is matched first
// In some cases this method has been called with "portalaliases" that were not exactly the real portal alias
// the startswith behaviour is preserved here to support those non-specific uses
var controller = new PortalAliasController();
var portalAliases = controller.GetPortalAliasesInternal();
var portalAliasCollection = portalAliases.OrderByDescending(k => k.Key.Length);
foreach (var currentAlias in portalAliasCollection)
{
// check if the alias key starts with the portal alias value passed in - we use
// StartsWith because child portals are redirected to the parent portal domain name
// eg. child = 'www.domain.com/child' and parent is 'www.domain.com'
// this allows the parent domain name to resolve to the child alias ( the tabid still identifies the child portalid )
IPortalAliasInfo currentAliasInfo = currentAlias.Value;
string httpAlias = currentAliasInfo.HttpAlias.ToLowerInvariant();
if (httpAlias.StartsWith(portalAlias.ToLowerInvariant()) && currentAliasInfo.PortalId == portalId)
{
retValue = currentAliasInfo.HttpAlias;
break;
}
httpAlias = httpAlias.StartsWith("www.") ? httpAlias.Replace("www.", string.Empty) : string.Concat("www.", httpAlias);
if (httpAlias.StartsWith(portalAlias.ToLowerInvariant()) && currentAliasInfo.PortalId == portalId)
{
retValue = currentAliasInfo.HttpAlias;
break;
}
}
}
return(retValue);
}
/// <inheritdoc />
void IPortalAliasService.UpdatePortalAlias(IPortalAliasInfo portalAlias)
{
// Update Alias
DataProvider.Instance().UpdatePortalAliasInfo(
portalAlias.PortalAliasId,
portalAlias.PortalId,
portalAlias.HttpAlias.ToLowerInvariant().Trim('/'),
portalAlias.CultureCode,
portalAlias.Skin,
portalAlias.BrowserType.ToString(),
portalAlias.IsPrimary,
UserController.Instance.GetCurrentUserInfo().UserID);
// Log Event
LogEvent(portalAlias, EventLogController.EventLogType.PORTALALIAS_UPDATED);
// clear portal alias cache
ClearCache(false);
}
public RouteValueDictionary GetAllRouteValues(IPortalAliasInfo portalAliasInfo, object routeValues)
{
var allRouteValues = new RouteValueDictionary(routeValues);
var segments = portalAliasInfo.HttpAlias.Split('/');
if (segments.Length <= 1)
{
return(allRouteValues);
}
for (var i = 1; i < segments.Length; i++)
{
var key = "prefix" + (i - 1).ToString(CultureInfo.InvariantCulture);
var value = segments[i];
allRouteValues.Add(key, value);
}
return(allRouteValues);
}
/// <inheritdoc />
int IPortalAliasService.AddPortalAlias(IPortalAliasInfo portalAlias)
{
// Add Alias
var dataProvider = DataProvider.Instance();
int Id = dataProvider.AddPortalAlias(
portalAlias.PortalId,
portalAlias.HttpAlias.ToLowerInvariant().Trim('/'),
portalAlias.CultureCode,
portalAlias.Skin,
portalAlias.BrowserType.ToString(),
portalAlias.IsPrimary,
UserController.Instance.GetCurrentUserInfo().UserID);
// Log Event
LogEvent(portalAlias, EventLogController.EventLogType.PORTALALIAS_CREATED);
// clear portal alias cache
ClearCache(true);
return(Id);
}
/// <inheritdoc/>
public LoginResultData LoginUser(HttpRequestMessage request, LoginData loginData)
{
if (!JwtAuthMessageHandler.IsEnabled)
{
Logger.Trace(this.SchemeType + " is not registered/enabled in web.config file");
return(EmptyWithError("disabled"));
}
#pragma warning disable 618 // Obsolete
var obsoletePortalSettings = PortalController.Instance.GetCurrentPortalSettings();
#pragma warning restore 618 // Obsolete
IPortalSettings portalSettings = obsoletePortalSettings;
if (portalSettings == null)
{
Logger.Trace("portalSettings = null");
return(EmptyWithError("no-portal"));
}
IPortalAliasInfo portalAlias = obsoletePortalSettings.PortalAlias;
var status = UserLoginStatus.LOGIN_FAILURE;
var ipAddress = request.GetIPAddress() ?? string.Empty;
var userInfo = UserController.ValidateUser(
portalSettings.PortalId,
loginData.Username,
loginData.Password,
"DNN",
string.Empty,
AuthScheme,
ipAddress,
ref status);
if (userInfo == null)
{
Logger.Trace("user = null");
return(EmptyWithError("bad-credentials"));
}
var valid =
status == UserLoginStatus.LOGIN_SUCCESS ||
status == UserLoginStatus.LOGIN_SUPERUSER ||
#pragma warning disable 618 // Obsolete
status == UserLoginStatus.LOGIN_INSECUREADMINPASSWORD ||
status == UserLoginStatus.LOGIN_INSECUREHOSTPASSWORD;
#pragma warning restore 618 // Obsolete
if (!valid)
{
Logger.Trace("login status = " + status);
return(EmptyWithError("bad-credentials"));
}
// save hash values in DB so no one with access can create JWT header from existing data
var sessionId = NewSessionId;
var now = DateTime.UtcNow;
var renewalToken = EncodeBase64(Hasher.ComputeHash(Guid.NewGuid().ToByteArray()));
var ptoken = new PersistedToken
{
TokenId = sessionId,
UserId = userInfo.UserID,
TokenExpiry = now.AddMinutes(SessionTokenTtl),
RenewalExpiry = now.AddDays(RenewalTokenTtl),
RenewalHash = GetHashedStr(renewalToken),
};
var secret = ObtainSecret(sessionId, portalSettings.GUID, userInfo.Membership.LastPasswordChangeDate);
var jwt = CreateJwtToken(
secret,
portalAlias.HttpAlias,
ptoken,
userInfo.Roles);
var accessToken = jwt.RawData;
ptoken.TokenHash = GetHashedStr(accessToken);
this.DataProvider.AddToken(ptoken);
return(new LoginResultData
{
UserId = userInfo.UserID,
DisplayName = userInfo.DisplayName,
AccessToken = accessToken,
RenewalToken = renewalToken,
});
}
private IPortalAliasInfo GetPortalAliasInternal(string httpAlias)
{
string strPortalAlias;
// try the specified alias first
IPortalAliasInfo portalAlias = this.GetPortalAliasLookupInternal(httpAlias.ToLowerInvariant());
// domain.com and www.domain.com should be synonymous
if (portalAlias == null)
{
if (httpAlias.StartsWith("www.", StringComparison.InvariantCultureIgnoreCase))
{
// try alias without the "www." prefix
strPortalAlias = httpAlias.Replace("www.", string.Empty);
}
else // try the alias with the "www." prefix
{
strPortalAlias = string.Concat("www.", httpAlias);
}
// perform the lookup
portalAlias = this.GetPortalAliasLookupInternal(strPortalAlias.ToLowerInvariant());
}
// allow domain wildcards
if (portalAlias == null)
{
// remove the domain prefix ( ie. anything.domain.com = domain.com )
if (httpAlias.IndexOf(".", StringComparison.Ordinal) != -1)
{
strPortalAlias = httpAlias.Substring(httpAlias.IndexOf(".", StringComparison.Ordinal) + 1);
}
else // be sure we have a clean string (without leftovers from preceding 'if' block)
{
strPortalAlias = httpAlias;
}
// try an explicit lookup using the wildcard entry ( ie. *.domain.com )
portalAlias = this.GetPortalAliasLookupInternal("*." + strPortalAlias.ToLowerInvariant()) ??
this.GetPortalAliasLookupInternal(strPortalAlias.ToLowerInvariant());
if (portalAlias == null)
{
// try a lookup using "www." + raw domain
portalAlias = this.GetPortalAliasLookupInternal("www." + strPortalAlias.ToLowerInvariant());
}
}
if (portalAlias == null)
{
// check if this is a fresh install ( no alias values in collection )
var controller = new PortalAliasController();
var portalAliases = controller.GetPortalAliasesInternal();
if (portalAliases.Keys.Count == 0 || (portalAliases.Count == 1 && portalAliases.ContainsKey("_default")))
{
// relate the PortalAlias to the default portal on a fresh database installation
DataProvider.Instance().UpdatePortalAlias(httpAlias.ToLowerInvariant().Trim('/'), UserController.Instance.GetCurrentUserInfo().UserID);
EventLogController.Instance.AddLog(
"PortalAlias",
httpAlias,
PortalController.Instance.GetCurrentSettings(),
UserController.Instance.GetCurrentUserInfo().UserID,
EventLogController.EventLogType.PORTALALIAS_UPDATED);
// clear the cachekey "GetPortalByAlias" otherwise portalalias "_default" stays in cache after first install
DataCache.RemoveCache("GetPortalByAlias");
// try again
portalAlias = this.GetPortalAliasLookupInternal(httpAlias.ToLowerInvariant());
}
}
return(portalAlias);
}
private static void LogEvent(IPortalAliasInfo portalAlias, EventLogController.EventLogType logType)
{
int userId = UserController.Instance.GetCurrentUserInfo().UserID;
EventLogController.Instance.AddLog(portalAlias, PortalController.Instance.GetCurrentSettings(), userId, string.Empty, logType);
}
