public AccountAuthenticationRequest(string accountName, string password)
{
WriteShort(1); // Packet id.
WriteDouble(VersionConfigurations.CLIENT_VERSION);
WriteString(accountName);
WriteString(SHA256Generator.Calculate(password));
}
public ActionResult Login(LoginModel loginModel)
{
if (ModelState.IsValid)
{
try
{
var senhaEncriptada = SHA256Generator.GetHash(loginModel.Senha);
var usuario = Context.Pessoas.FirstOrDefault(p => p.Usuario == loginModel.Usuario && p.Senha == senhaEncriptada);
if (usuario != null)
{
FormsAuthentication.SetAuthCookie(loginModel.Usuario, loginModel.Lembrar);
}
else
{
ModelState.AddModelError("", "Usuário ou senha inválidos");
return(View(loginModel));
}
return(RedirectToAction("Index", "Home"));
}
catch
{
return(View());
}
}
return(View(loginModel));
}
private void BtnGenerate_Click(object sender, RoutedEventArgs e)
{
Code = tbxCode.Text;
try
{
if (File.Exists(Filepath)) //Datei löschen, wenn Sie bereits exisitert
{
File.Delete(Filepath);
}
TextWriter file = new StreamWriter(Filepath, true);
key = SHA256Generator.CreateSHA256(Code);
file.WriteLine(key);
file.WriteLine("");
file.Close();
MessageBox.Show("Datei auf dem Desktop erstellt", "Erstellt", MessageBoxButton.OK, MessageBoxImage.Information);
}
catch (Exception ex)
{
MessageBox.Show("Fehler: " + ex.Message, "Exception", MessageBoxButton.OK, MessageBoxImage.Error);
}
}
public ActionResult Cadastro(CadastroModel loginModel)
{
ViewBag.Estabelecimentos = new SelectList(Context.Estabelecimentos.ToList(), "Id", "Nome");
loginModel.TipoUsuario = GetTipoUsuario();
if (loginModel.Tipo == TipoPessoa.Vendedor && loginModel.EstabelecimentoId.GetValueOrDefault(0) == 0)
{
ModelState.AddModelError("EstabelecimentoId", "O campo Estabelecimento é obrigatório");
}
if (ModelState.IsValid)
{
try
{
var pessoa = new Pessoa()
{
//Se tipo for diferente de null, então recebe tipo, se não tipo é cliente
Tipo = loginModel.Tipo.HasValue ? loginModel.Tipo.Value : TipoPessoa.Cliente,
Nome = loginModel.Nome,
Senha = SHA256Generator.GetHash(loginModel.Senha),
Usuario = loginModel.Email,
EstabelecimentoId = loginModel.EstabelecimentoId
};
Context.Pessoas.Add(pessoa);
var result = Context.SaveChanges() > 0;
if (!User.Identity.IsAuthenticated)
{
FormsAuthentication.SetAuthCookie(loginModel.Email, false);
return(RedirectToAction("Index", "Home"));
}
else
{
return(RedirectToAction("Usuarios"));
}
}
catch (DbUpdateException)
{
ModelState.AddModelError("", "E-mail já cadastrado");
loginModel.Email = "";
return(View(loginModel));
}
catch (Exception)
{
ModelState.AddModelError("", "Não foi possível salvar o cadastro");
return(View(loginModel));
}
}
return(View(loginModel));
}
public override void OnAuthorization(HttpActionContext actionContext)
{
base.OnAuthorization(actionContext);
var corrID = HttpHelper.GetHeaderValue(Headers.X_VOL_CORRELATION, actionContext.Request.Headers);
_logger.Info(String.Format("{0} - Validating Capability Request", corrID));
var content = actionContext.Request.Content.ReadAsStringAsync().Result;
var apiContext = new ApiContext(actionContext.Request.Headers);
var requestDate = DateTime.Parse(apiContext.Date, null, DateTimeStyles.AssumeUniversal).ToUniversalTime();
var currentDate = DateTime.UtcNow;
var diff = (currentDate - requestDate).TotalSeconds;
var hash = SHA256Generator.GetHash(AppAuthenticator.Instance.AppAuthInfo.SharedSecret, apiContext.Date, content);
if (hash == apiContext.HMACSha256 && diff <= MozuConfig.CapabilityTimeoutInSeconds)
{
return;
}
_logger.Debug(String.Format("{0} Unauthorized access : Header Hash - {1}, Computed Hash - {2}, Request Date - {3}", corrID, apiContext.HMACSha256, hash, apiContext.Date));
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
protected override void Seed(Bonificacao.Data.BonificacaoContext context)
{
if (!context.Pessoas.Any())
{
context.Pessoas.Add(
new Pessoa()
{
Usuario = "*****@*****.**",
Nome = "Anyelle",
Senha = SHA256Generator.GetHash("123456@"),
Tipo = TipoPessoa.Administrador
});
}
if (!context.Configuracoes.Any())
{
context.Configuracoes.Add(new Configuracao()
{
BonusPorLitro = 0.02M, NivelBonificacao = 2
});
}
}
public AccountAuthenticationRequest(string accountName, string password)
{
WriteShort(1); // Packet id.
WriteString(accountName);
WriteString(SHA256Generator.Calculate(password));
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
if (!ConfigurationAuth.IsRequestValid(filterContext.HttpContext.Request))
{
throw new SecurityException("Unauthorized");
}
var request = filterContext.RequestContext.HttpContext.Request;
var apiContext = new ApiContext(request.Headers); //try to load from headers
if (apiContext.TenantId == 0)
{
//try to load from body
apiContext = new ApiContext(request.Form);
}
if (apiContext.TenantId == 0) //if not found load from query string
{
var tenantId = request.QueryString.Get("tenantId");
if (String.IsNullOrEmpty(tenantId))
{
filterContext.HttpContext.Response.StatusCode = 401;
filterContext.HttpContext.Response.End();
}
apiContext = new ApiContext(int.Parse(tenantId));
}
var requestUri = filterContext.HttpContext.Request.Path.Split('/');
string path = "/" + requestUri[1] + "/" + apiContext.TenantId.ToString();
filterContext.HttpContext.Response.Cookies.Add(GetCookie("subNavLink", (String.IsNullOrEmpty(apiContext.UserId) ? "0" : "1"), path));
try
{
var tenantResource = new TenantResource();
var tenant = Task.Factory.StartNew(() => tenantResource.GetTenantAsync(apiContext.TenantId).Result, TaskCreationOptions.LongRunning).Result;
}
catch (ApiException exc)
{
_logger.Error(exc);
filterContext.HttpContext.Response.StatusCode = 401;
filterContext.HttpContext.Response.End();
}
string cookieToken;
string formToken;
AntiForgery.GetTokens(null, out cookieToken, out formToken);
filterContext.HttpContext.Response.Cookies.Add(GetCookie("formToken", HttpUtility.UrlEncode(formToken), path));
filterContext.HttpContext.Response.Cookies.Add(GetCookie("cookieToken", HttpUtility.UrlEncode(cookieToken), path));
filterContext.HttpContext.Response.Cookies.Add(GetCookie("tenantId", apiContext.TenantId.ToString(), path));
filterContext.HttpContext.Response.Cookies.Add(GetCookie(Headers.X_VOL_RETURN_URL, HttpUtility.UrlEncode(apiContext.ReturnUrl), path));
if (!string.IsNullOrEmpty(apiContext.UserId))
{
filterContext.HttpContext.Response.Cookies.Add(GetCookie(Headers.USERID, apiContext.UserId, path));
}
else
{
filterContext.HttpContext.Response.Cookies.Remove(Headers.USERID);
}
var hashString = string.Concat(apiContext.TenantId.ToString(), cookieToken, formToken);
if (!string.IsNullOrEmpty(apiContext.UserId))
{
_logger.Info("Adding userid to hash :" + apiContext.UserId);
hashString = string.Concat(hashString, apiContext.UserId);
}
var hash = SHA256Generator.GetHash(string.Empty, hashString);
_logger.Info("Computed Hash : " + hash);
filterContext.HttpContext.Response.Cookies.Add(GetCookie("hash", HttpUtility.UrlEncode(hash), path));
}
private async void Process(Object workItemState)
{
//create http objects used to read request
var request = _context.Request;
var response = _context.Response;
//get file path to use as comparison and determine when to take action on event
//load headers into apicontext
var apiContext = new ApiContext(request.Headers);
//read request into stream
var jsonRequest = string.Empty;
request.InputStream.Position = 0;
using (var inputStream = new StreamReader(request.InputStream))
{
jsonRequest = inputStream.ReadToEnd();
}
response.Clear();
response.ClearHeaders();
_log.Debug(String.Format("CorrelationId:{0},Headers : {1}", apiContext.CorrelationId, HttpHelper.GetAllheaders(request.Headers)));
_log.Debug(String.Format("CorrelationId:{0},Processing event : {1}", apiContext.CorrelationId, jsonRequest));
var requestDate = DateTime.Parse(apiContext.Date, null, DateTimeStyles.AssumeUniversal).ToUniversalTime();
var currentDate = DateTime.UtcNow;
_log.Info(String.Format("Current DateTime : {0}", currentDate));
_log.Info(String.Format("Request DateTime : {0}", requestDate));
var diff = (currentDate - requestDate).TotalSeconds;
if (SHA256Generator.GetHash(AppAuthenticator.Instance.AppAuthInfo.SharedSecret, apiContext.Date, jsonRequest) != apiContext.HMACSha256 || diff > MozuConfig.EventTimeoutInSeconds)
{
_log.Error(String.Format("CorrelationId:{0},Could not validate security token , request header HMACSHA256 : {1}", apiContext.CorrelationId, apiContext.HMACSha256));
response.StatusCode = 403;
}
else
{
try
{
var eventPayload = JsonConvert.DeserializeObject <Event>(jsonRequest);
if (string.IsNullOrEmpty(eventPayload.Id) && !String.IsNullOrEmpty(eventPayload.EventId))
{
eventPayload.Id = Guid.Parse(eventPayload.EventId).ToString("N");
}
var eventService = _eventServiceFactory.GetEventService();
if (string.IsNullOrEmpty(apiContext.CorrelationId))
{
apiContext.CorrelationId = eventPayload.CorrelationId;
}
await eventService.ProcessEventAsync(apiContext, eventPayload);
_log.Info(string.Format("CorrelationId:{0},Event processing done , EventId : {1}", apiContext.CorrelationId, eventPayload.Id));
response.StatusCode = 200;
response.StatusDescription = "OK";
}
catch (Exception exc)
{
response.StatusCode = 500;
response.StatusDescription = "Event Process Error";
//response.StatusDescription = exc.Message;
response.ContentType = _context.Request.ContentType;
_log.Error(exc.Message, exc);
//if (exc.InnerException != null)
// response.Write(JsonConvert.SerializeObject(exc.InnerException));
//else
dynamic jsonExc = new JObject();
jsonExc.message = exc.Message;
//jsonExc.exc = exc;
response.Write(JsonConvert.SerializeObject(jsonExc));
}
}
response.Flush();
_completed = true;
_callback(this);
}
