internal void RefreshAuthCookie(SystemUserSession Session)
{
Cookie cookie = GetSignInCookie();
if (cookie == null)
{
return;
}
Db.Transact(() =>
{
Session.Token = SystemUser.RenewAuthToken(Session.Token);
if (Session.Token.IsPersistent)
{
Session.Token.Expires = DateTime.UtcNow.AddDays(RememberMeDays);
}
});
cookie.Value = Session.Token.Token;
if (Session.Token.IsPersistent)
{
cookie.Expires = Session.Token.Expires;
}
Handle.AddOutgoingCookie(cookie.Name, cookie.GetFullValueString());
}
static public SystemUser GetCurrentSystemUser()
{
SystemUserSession userSession = Db.SQL <SystemUserSession>("SELECT o FROM Simplified.Ring5.SystemUserSession o WHERE o.SessionIdString=?", Session.Current.SessionIdString).First;
if (userSession == null)
{
return(null);
}
if (userSession.Token == null)
{
return(null);
}
return(userSession.Token.User);
}
protected void HandleSignIn(string Username, string Password, string RememberMe)
{
Username = Uri.UnescapeDataString(Username);
SystemUserSession session = SystemUser.SignInSystemUser(Username, Password);
if (session == null)
{
MasterPage master = mainHandlers.GetMaster();
string message = "Invalid username or password!";
if (master.SignInPage != null)
{
master.SignInPage.Message = message;
}
if (master.Partial is MainFormPage)
{
MainFormPage page = (MainFormPage)master.Partial;
if (page.CurrentForm is SignInFormPage)
{
SignInFormPage form = (SignInFormPage)page.CurrentForm;
form.Message = message;
}
}
if (master.Partial is SignInFormPage)
{
SignInFormPage page = master.Partial as SignInFormPage;
page.Message = message;
}
}
else
{
if (RememberMe == "true")
{
Db.Transact(() =>
{
session.Token.Expires = DateTime.UtcNow.AddDays(cookieHelper.rememberMeDays);
session.Token.IsPersistent = true;
});
}
cookieHelper.SetAuthCookie(session.Token);
}
}
public void RefreshSignInState()
{
SystemUserSession userSession = SystemUser.GetCurrentSystemUserSession();
if (this.RequireSignIn && userSession != null)
{
this.Partial = Self.GET(this.url);
}
else if (this.RequireSignIn && userSession == null)
{
this.Partial = Self.GET("/signin/partial/accessdenied-form");
}
else if (userSession == null && !string.IsNullOrEmpty(this.url))
{
this.Partial = Self.GET(this.url);
}
else if (!string.IsNullOrEmpty(this.OriginalUrl))
{
this.Partial = null;
this.RedirectUrl = this.OriginalUrl;
this.OriginalUrl = null;
}
else if (userSession != null)
{
this.Partial = Self.GET("/signin/partial/alreadyin-form");
}
SignInPage sip = this.SignInPage;
if (sip != null)
{
if (
(userSession == null && sip.Data != null) || //switching state to signed in
(userSession != null && !userSession.Equals(sip.Data)) //switching state to signed out
)
{
sip.Data = userSession;
}
}
}
internal void Register()
{
Application.Current.Use(new HtmlFromJsonProvider());
Application.Current.Use(new PartialToStandaloneHtmlProvider());
Application.Current.Use((Request req) =>
{
Cookie cookie = CookieHelpers.GetSignInCookie();
if (cookie != null)
{
Session.Ensure();
SystemUserSession session = SystemUser.SignInSystemUser(cookie.Value);
if (session != null)
{
CookieHelpers.RefreshAuthCookie(session);
}
}
return(null);
});
}
public UserSessionUtility()
{
this.userSession=new SystemUserSession();
}
/// <summary>
/// The setup session.
/// </summary>
/// <param name="user">
/// The user.
/// </param>
private void SetupSession(System_User user)
{
var topMenus = new List<MenuModel>();
var leftMenus = new List<MenuModel>();
var userRights = new SystemRightsService().QueryUserRight(user.ID);
var systemMenuService = new SystemMenuService();
var userTopMenus = systemMenuService.GetUserTopMenus(userRights);
foreach (var systemMenu in userTopMenus)
{
topMenus.Add(DataTransfer.Transfer<MenuModel>(systemMenu, typeof(System_Menu)));
}
var userLeftMenus = systemMenuService.GetUserLeftMenus(userRights);
foreach (var systemMenu in userLeftMenus)
{
leftMenus.Add(DataTransfer.Transfer<MenuModel>(systemMenu, typeof(System_Menu)));
}
var systemUserSession = new SystemUserSession
{
SessionID = this.Session.SessionID,
SystemUserID = user.ID,
// EmployeeID = user.ID, //暂时将EmployeeID设置为SystemUserId,未来将修改数据表,将EmployeeId改为SystemUserID
Name = user.Name,
LoginName = user.LoginName,
RoleID = user.RoleID,
TopMenus = topMenus,
LeftMenus = leftMenus,
Permissions = userRights,
LastVisitTime = DateTime.Now
};
MongoDBHelper.RefreshSystemUserSession(systemUserSession);
}
public void Register()
{
Application.Current.Use(new HtmlFromJsonProvider());
Application.Current.Use(new PartialToStandaloneHtmlProvider());
//Testing JWT
/*Handle.GET("/signin/jwt/{?}/{?}", (string Username, string Password) => {
* string message;
* SystemUserSession session = SignInOut.SignInSystemUser(Username, Password, null, out message);
*
* if (session != null) {
* string jwt = JWT.JsonWebToken.Encode(new { Username = Username, Issuer = "Polyjuice.SignIn" }, session.Token.User.Password, JWT.JwtHashAlgorithm.HS256);
* Handle.AddOutgoingHeader("x-jwt", jwt);
* }
*
* return 200;
* });*/
Application.Current.Use((Request req) =>
{
Cookie cookie = GetSignInCookie();
if (cookie != null)
{
if (Session.Current == null)
{
Session.Current = new Session(SessionOptions.PatchVersioning);
}
SystemUserSession session = SystemUser.SignInSystemUser(cookie.Value);
if (session != null)
{
RefreshAuthCookie(session);
}
}
return(null);
});
Handle.GET("/signin/user", () =>
{
MasterPage master = this.GetMaster();
if (master.SignInPage != null)
{
return(master.SignInPage);
}
Cookie cookie = GetSignInCookie();
SignInPage page = new SignInPage()
{
Data = null
};
master.SignInPage = page;
if (cookie != null)
{
SystemUser.SignInSystemUser(cookie.Value);
master.RefreshSignInState();
}
//Testing JWT
/*if (Handle.IncomingRequest.HeadersDictionary.ContainsKey("x-jwt")) {
* System.Web.Script.Serialization.JavaScriptSerializer serializer = new System.Web.Script.Serialization.JavaScriptSerializer();
* string jwt = Handle.IncomingRequest.HeadersDictionary["x-jwt"];
* Dictionary<string, string> payload = JWT.JsonWebToken.DecodeToObject<Dictionary<string, string>>(jwt, string.Empty, false);
* string username = payload["Username"];
* SystemUser user = Db.SQL<SystemUser>("SELECT su FROM Simplified.Ring3.SystemUser su WHERE su.Username = ?", username).First;
*
* try {
* JWT.JsonWebToken.DecodeToObject<Dictionary<string, string>>(jwt, user.Password, true);
* page.SetAuthorizedState(SignInOut.SignInSystemUser(user));
* } catch (JWT.SignatureVerificationException) {
* }
* }*/
return(page);
});
Handle.GET("/signin/partial/signout", HandleSignOut, new HandlerOptions()
{
SkipRequestFilters = true
});
Handle.GET("/signin/signinuser", HandleSignInForm);
Handle.GET <string>("/signin/signinuser?{?}", HandleSignInForm);
Handle.GET("/signin/profile", () =>
{
MasterPage master = this.GetMaster();
master.RequireSignIn = true;
master.Open("/signin/partial/profile-form");
return(master);
});
Handle.GET("/signin/partial/signin-form", () => new SignInFormPage()
{
Data = null
}, new HandlerOptions()
{
SelfOnly = true
});
Handle.GET("/signin/partial/alreadyin-form", () => new AlreadyInPage()
{
Data = null
},
new HandlerOptions()
{
SelfOnly = true
});
Handle.GET("/signin/partial/restore-form", () => new RestorePasswordFormPage(),
new HandlerOptions()
{
SelfOnly = true
});
Handle.GET("/signin/partial/profile-form", () => new ProfileFormPage()
{
Data = null
},
new HandlerOptions()
{
SelfOnly = true
});
Handle.GET("/signin/partial/accessdenied-form", () => new AccessDeniedPage(),
new HandlerOptions()
{
SelfOnly = true
});
Handle.GET("/signin/partial/main-form", () => new MainFormPage()
{
Data = null
},
new HandlerOptions()
{
SelfOnly = true
});
Handle.GET("/signin/partial/user/image", () => new UserImagePage());
Handle.GET("/signin/partial/user/image/{?}", (string objectId) => new Json(),
new HandlerOptions {
SelfOnly = true
});
Handle.GET("/signin/generateadminuser", (Request request) =>
{
if (Db.SQL("SELECT o FROM Simplified.Ring3.SystemUser o").First != null)
{
Handle.SetOutgoingStatusCode(403);
return("Unable to generate admin user: database is not empty!");
}
string ip = request.ClientIpAddress.ToString();
if (ip == "127.0.0.1" || ip == "localhost")
{
SignInOut.AssureAdminSystemUser();
return("Default admin user has been successfully generated.");
}
Handle.SetOutgoingStatusCode(403);
return("Access denied.");
}, new HandlerOptions()
{
SkipRequestFilters = true
});
Handle.POST("/signin/partial/signin", (Request request) =>
{
NameValueCollection values = HttpUtility.ParseQueryString(request.Body);
string username = values["username"];
string password = values["password"];
string rememberMe = values["rememberMe"];
HandleSignIn(username, password, rememberMe);
Session.Current.CalculatePatchAndPushOnWebSocket();
return(200);
}, new HandlerOptions()
{
SkipRequestFilters = true
});
Handle.GET("/signin/admin/settings", (Request request) =>
{
Json page;
if (!AuthorizationHelper.TryNavigateTo("/signin/admin/settings", request, out page))
{
return(page);
}
return(Db.Scope(() =>
{
var settingsPage = new SettingsPage
{
Html = "/SignIn/viewmodels/SettingsPage.html",
Uri = request.Uri,
Data = MailSettingsHelper.GetSettings()
};
return settingsPage;
}));
});
// Reset password
Handle.GET("/signin/user/resetpassword?{?}", (string query, Request request) =>
{
NameValueCollection queryCollection = HttpUtility.ParseQueryString(query);
string token = queryCollection.Get("token");
MasterPage master = this.GetMaster();
if (token == null)
{
// TODO:
master.Partial = null; // (ushort)System.Net.HttpStatusCode.NotFound;
return(master);
}
// Retrive the resetPassword instance
ResetPassword resetPassword = Db.SQL <ResetPassword>("SELECT o FROM Simplified.Ring6.ResetPassword o WHERE o.Token=? AND o.Expire>?", token, DateTime.UtcNow).First;
if (resetPassword == null)
{
// TODO: Show message "Reset token already used or expired"
master.Partial = null; // (ushort)System.Net.HttpStatusCode.NotFound;
return(master);
}
if (resetPassword.User == null)
{
// TODO: Show message "User deleted"
master.Partial = null; // (ushort)System.Net.HttpStatusCode.NotFound;
return(master);
}
SystemUser systemUser = resetPassword.User;
ResetPasswordPage page = new ResetPasswordPage()
{
Html = "/SignIn/viewmodels/ResetPasswordPage.html",
Uri = "/signin/user/resetpassword"
//Uri = request.Uri // TODO:
};
page.ResetPassword = resetPassword;
if (systemUser.WhoIs != null)
{
page.FullName = systemUser.WhoIs.FullName;
}
else
{
page.FullName = systemUser.Username;
}
master.Partial = page;
return(master);
});
Handle.GET("/signin/user/authentication/settings/{?}", (string userid, Request request) =>
{
Json page;
if (!AuthorizationHelper.TryNavigateTo("/signin/user/authentication/settings/{?}", request, out page))
{
return(new Json());
}
// Get system user
SystemUser user = Db.SQL <SystemUser>("SELECT o FROM Simplified.Ring3.SystemUser o WHERE o.ObjectID = ?", userid).FirstOrDefault();
if (user == null)
{
// TODO: Return a "User not found" page
return(new Json());
//return (ushort)System.Net.HttpStatusCode.NotFound;
}
SystemUser systemUser = SystemUser.GetCurrentSystemUser();
SystemUserGroup adminGroup = Db.SQL <SystemUserGroup>("SELECT o FROM Simplified.Ring3.SystemUserGroup o WHERE o.Name = ?",
AuthorizationHelper.AdminGroupName).FirstOrDefault();
// Check if current user has permission to get this user instance
if (AuthorizationHelper.IsMemberOfGroup(systemUser, adminGroup))
{
if (user.WhoIs is Person)
{
page = Db.Scope(() => new SystemUserAuthenticationSettings
{
Html = "/SignIn/viewmodels/SystemUserAuthenticationSettings.html",
Uri = request.Uri,
Data = user,
UserPassword = Self.GET("/signin/user/authentication/password/" + user.GetObjectID())
});
return(page);
}
}
return(new Json());
}, new HandlerOptions {
SelfOnly = true
});
Handle.GET("/signin/user/authentication/password/{?}", (string userid, Request request) =>
{
// Get system user
SystemUser user = Db.SQL <SystemUser>("SELECT o FROM Simplified.Ring3.SystemUser o WHERE o.ObjectID = ?", userid).FirstOrDefault();
if (user == null)
{
return(new Json());
}
Json page = Db.Scope(() => new SetPasswordPage
{
Html = "/SignIn/viewmodels/SetPasswordPage.html",
Data = user
});
return(page);
}, new HandlerOptions {
SelfOnly = true
});
Blender.MapUri("/signin/user", "user"); //expandable icon; used in Launcher
Blender.MapUri("/signin/signinuser", "userform"); //inline form; used in RSE Launcher
Blender.MapUri("/signin/signinuser?{?}", "userform-return"); //inline form; used in UserAdmin
Blender.MapUri("/signin/admin/settings", "settings");
Blender.MapUri("/signin/user/authentication/password/{?}", "authentication-password");
Blender.MapUri("/signin/user/authentication/settings/{?}", "authentication-settings");
Blender.MapUri("/signin/partial/user/image", "userimage-default"); // default user image
}
/// <summary>
/// The on action executing.
/// </summary>
/// <param name="filterContext">
/// The filter context.
/// </param>
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
string resourceKey = string.Empty;
string resourceDescription = string.Empty;
var mongoDbStore = new MongoDbStore<SystemUserSession>("SystemUserSessions");
systemUserSession = mongoDbStore.Single(item => item.SessionID == Session.SessionID);
if (systemUserSession == null)
{
HandleSessionLost(filterContext);
}
else
{
// todo: 会话失效判断
//this.HandleSessionState(filterContext, mongoDbStore);
var systemRightService = new SystemRightsService();
resourceKey = this.GetResourceKey(filterContext);
resourceDescription = systemRightService.GetResourceDescriptionByKey(resourceKey);
if (!systemRightService.ValidateRight(resourceKey, this.systemUserSession.Permissions))
{
if (!this.ValidateAjaxRequest(filterContext))
{
filterContext.Result =
this.Content("<script type='text/javascript'>alert('对不起,您没有此操作权限!');</script>");
}
else
{
Response.StatusCode = 610;
filterContext.Result = this.Json(new AjaxResponse(-403, "无操作权限"), JsonRequestBehavior.AllowGet);
}
LogUtils.Log(
"无操作权限" + resourceDescription,
"OnActionExecuting",
Category.Info,
systemUserSession.SessionID,
systemUserSession.SystemUserID,
"Enter");
}
}
if (systemUserSession == null)
{
LogUtils.Log("未登录", "OnActionExecuting");
}
else
{
LogUtils.Log(
"用户“" + systemUserSession.Name + "”,正在操作:" + resourceDescription,
"OnActionExecuting",
Category.Info,
systemUserSession.SessionID,
systemUserSession.SystemUserID,
"Enter");
}
base.OnActionExecuting(filterContext);
}
