public JsonResult RefreshAuthorizationToken(string token, string refreshToken, string authHash) { //Create the response model MobileAppValidationModel response = new MobileAppValidationModel() { Success = false, Message = "" }; /*---------------------------------Token Validation Begin-----------------------------------*/ #region Validate the Token //Get the current token from the database UnitOfWork work = new UnitOfWork(); external_token currentToken = work.SystemRepository.GetAuthorizationToken(token); //Invalid token if (currentToken == null || currentToken.refresh_token != refreshToken) { response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid); return(Json(response, JsonRequestBehavior.AllowGet)); } //Build the string to be hashed string salt = currentToken.refresh_token; string paramString = "token=" + token + "&refreshToken=" + refreshToken; string stringToHash = salt + "?" + paramString; //Invalid hash if (!ValidateHash(stringToHash, authHash)) { response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureHash); return(Json(response)); } #endregion /*----------------------------------Token Validation End------------------------------------*/ //Refresh the token currentToken = work.SystemRepository.RefreshAuthorizationToken(token, refreshToken); //Build the response and return if (currentToken != null) { response.Success = true; response.Message = GetTokenValidationResultMessage(TokenValidationResult.Success); response.Token = currentToken.token; response.Refresh = currentToken.refresh_token; return(Json(response)); } else { response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureOther); return(Json(response)); } }
public JsonResult RefreshAuthorizationToken(string token, string refreshToken, string authHash) { //Create the response model MobileAppValidationModel response = new MobileAppValidationModel() { Success = false, Message = "" }; /*---------------------------------Token Validation Begin-----------------------------------*/ #region Validate the Token //Get the current token from the database UnitOfWork work = new UnitOfWork(); external_token currentToken = work.SystemRepository.GetAuthorizationToken(token); //Invalid token if (currentToken == null || currentToken.refresh_token != refreshToken) { response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid); return Json(response, JsonRequestBehavior.AllowGet); } //Build the string to be hashed string salt = currentToken.refresh_token; string paramString = "token=" + token + "&refreshToken=" +refreshToken; string stringToHash = salt + "?" + paramString; //Invalid hash if (!ValidateHash(stringToHash, authHash)) { response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureHash); return Json(response); } #endregion /*----------------------------------Token Validation End------------------------------------*/ //Refresh the token currentToken = work.SystemRepository.RefreshAuthorizationToken(token, refreshToken); //Build the response and return if (currentToken != null) { response.Success = true; response.Message = GetTokenValidationResultMessage(TokenValidationResult.Success); response.Token = currentToken.token; response.Refresh = currentToken.refresh_token; return Json(response); } else { response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureOther); return Json(response); } }
public JsonResult Login(string username, string password, string devPassword, string authHash) { //Create the response model MobileAppValidationModel response = new MobileAppValidationModel() { Success = false, Message = "" }; /*---------------------------------Hash Validation Begin-----------------------------------*/ #region Hash Validation //Build the string that will be hashed string salt = Request.Url.GetLeftPart(UriPartial.Authority).ToString() + username; string paramString = bool.Parse((JPPConstants.SiteSettings.GetValue(JPPConstants.SiteSettings.DevPasswordEnabled))) ? "devPassword="******"&": ""; paramString += "password="******"&username="******"?" + paramString; //Invalid hash if (!ValidateHash(stringToHash, authHash)) { response.Message = GetLoginResultMessage(LoginValidationResult.FailureHash); return(Json(response)); } #endregion /*----------------------------------Hash Validation End------------------------------------*/ //Attempt to validate the user if (Membership.ValidateUser(username, password)) { //Check the user's roles to see if they have permission to assign achievments if (!Roles.IsUserInRole(username, JPPConstants.Roles.AssignIndividualAchievements) && !Roles.IsUserInRole(username, JPPConstants.Roles.FullAdmin)) { response.Message = GetLoginResultMessage(LoginValidationResult.FailurePermissions); return(Json(response)); } //Create a new token for the user UnitOfWork work = new UnitOfWork(); external_token token = work.SystemRepository.GenerateAuthorizationToken(username, Request.UserHostAddress); //Make sure the token exists if (token == null) { response.Success = false; response.Message = GetLoginResultMessage(LoginValidationResult.FailureOther); } else { response.Success = true; response.Message = GetLoginResultMessage(LoginValidationResult.Success); response.Token = token.token; response.Refresh = token.refresh_token; } //Return Success if token exists or FailureOther if token was null return(Json(response)); } //Invalid username/password response.Message = GetLoginResultMessage(LoginValidationResult.FailureInvalid); return(Json(response)); }
public JsonResult Login(string username, string password, string devPassword, string authHash) { //Create the response model MobileAppValidationModel response = new MobileAppValidationModel() { Success = false, Message = "" }; /*---------------------------------Hash Validation Begin-----------------------------------*/ #region Hash Validation //Build the string that will be hashed string salt = Request.Url.GetLeftPart(UriPartial.Authority).ToString() + username; string paramString = bool.Parse((JPPConstants.SiteSettings.GetValue(JPPConstants.SiteSettings.DevPasswordEnabled))) ? "devPassword="******"&": ""; paramString += "password="******"&username="******"?" + paramString; //Invalid hash if (!ValidateHash(stringToHash, authHash)) { response.Message = GetLoginResultMessage(LoginValidationResult.FailureHash); return Json(response); } #endregion /*----------------------------------Hash Validation End------------------------------------*/ //Attempt to validate the user if (Membership.ValidateUser(username, password)) { //Check the user's roles to see if they have permission to assign achievments if (!Roles.IsUserInRole(username, JPPConstants.Roles.AssignIndividualAchievements) && !Roles.IsUserInRole(username, JPPConstants.Roles.FullAdmin)) { response.Message = GetLoginResultMessage(LoginValidationResult.FailurePermissions); return Json(response); } //Create a new token for the user UnitOfWork work = new UnitOfWork(); external_token token = work.SystemRepository.GenerateAuthorizationToken(username, Request.UserHostAddress); //Make sure the token exists if (token == null) { response.Success = false; response.Message = GetLoginResultMessage(LoginValidationResult.FailureOther); } else { response.Success = true; response.Message = GetLoginResultMessage(LoginValidationResult.Success); response.Token = token.token; response.Refresh = token.refresh_token; } //Return Success if token exists or FailureOther if token was null return Json(response); } //Invalid username/password response.Message = GetLoginResultMessage(LoginValidationResult.FailureInvalid); return Json(response); }