public object Post(LoginRequestWithCredentials LoginDetails)
{
Uri referrerURI = Request.GetReferrerURI();
Uri current = new Uri(Request.AbsoluteUri);
string userPassword = LoginDetails.password;
//unset the password so we can use the LoginDetails in the resulting display if there is an error
LoginDetails.password = null;
Request.Items.Add("Model", LoginDetails);
//CRSF protection
if (!referrerURI.SchemeHostPathMatch(current))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", LoginDetails);
}
if (string.IsNullOrWhiteSpace(LoginDetails.username) || string.IsNullOrWhiteSpace(userPassword))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Missing Username or Password", LoginDetails);
}
OAuth2.DataModels.ResourceOwner owner = null;
List <SWGEmuAPI.Model.Account.AccountResponse> accounts = AccountModel.GetAccount(LoginDetails.username, userPassword);
if (accounts == null || accounts.Count == 0)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Username or Password", LoginDetails);
}
try
{
owner = ResourceOwnerModel.CreateOrUpdateFromAccountModel(accounts.FirstOrDefault());
}
catch (System.Data.Common.DbException dbex)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error Storing Resource Owner Details", LoginDetails, null, dbex);
}
Session.Set <OAuth2.DataModels.ResourceOwner>("AuthResourceOwner", owner);
Uri redirectURI = null;
bool valid = Uri.TryCreate(LoginDetails.redirect, UriKind.RelativeOrAbsolute, out redirectURI);
if (!valid || (redirectURI.IsAbsoluteUri && current.Host != redirectURI.Host))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", LoginDetails);
}
return(new HttpResult(LoginDetails)
{
StatusCode = System.Net.HttpStatusCode.Redirect,
Headers = { { HttpHeaders.Location, LoginDetails.redirect } },
});
}
} //injected by IOC
public T Authorize <T>(DataModels.ITokenRequest Request, OAuth2.DataModels.Client Client = null)
where T : DataModels.Token, new()
{
var accounts = AccountModel.GetAccount(Request.username, Request.password);
if (accounts == null || accounts.Count == 0)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid username or password", Request);
}
DataModels.ResourceOwner owner = new DataModels.ResourceOwner()
{
id = accounts[0].username,
time = DateTime.UtcNow.Millisecond,
attributes = accounts[0].ToDictonary(),
};
ResourceOwnerModel.CreateOrUpdate(owner);
T token =
TokenModel.InsertToken <T>(
TokenHelper.CreateAccessToken(),
DataModels.TokenTypes.bearer,
3600,
DateTime.UtcNow.GetTotalSeconds(),
Client,
TokenHelper.IntersectScopes(Request.scope, Client.allowed_scope),
owner);
if (token == null)
{
throw new OAuth2.DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Unable to store access token");
}
return(token);
}
public object Get(ApprovalRequest ApprovalRequest)
{
Uri redirectURI = null;
Uri current = new Uri(Request.AbsoluteUri);
ApprovalData data = new ApprovalData();
if (!Uri.TryCreate(ApprovalRequest.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data);
}
data.Redirect = ApprovalRequest.redirect;
DataModels.ResourceOwner user = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
if (user == null)
{
UriBuilder bldr = new UriBuilder(Request.GetApplicationUrl());
bldr.Path += "/auth/login";
bldr.Query = "redirect=" + Request.AbsoluteUri.UrlEncode();
return(new HttpResult(data)
{
Headers = { { "Location", bldr.ToString() } },
StatusCode = System.Net.HttpStatusCode.Redirect,
});
}
data.User = user;
DataModels.Client client = ClientModel.GetClientByID(ApprovalRequest.client_id);
if (client == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data);
}
if (!string.IsNullOrWhiteSpace(client.owned_by))
{
data.Owner = ResourceOwnerModel.GetByID(client.owned_by);
}
data.Client = client;
string[] scopes = ApprovalRequest.scope == null ? new string[] {} : ApprovalRequest.scope.Split(new char[] { ' ', ';', ',' }, StringSplitOptions.RemoveEmptyEntries);
List <DataModels.Scope> scopeDetails = ScopeModel.GetScopeDetails(scopes).ToList();
if (scopeDetails.Count != scopes.Length)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_scope, "Invalid Scope(s) requested", data);
}
data.RequestedScopes = scopeDetails;
return((IApprovalData)data);
}
public object Post(ApprovalResponse ApprovalResponse)
{
ApprovalData data = new ApprovalData();
data.User = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
Request.Items.Add("Model", data);
data.Redirect = ApprovalResponse.redirect;
Uri referrerURI = Request.GetReferrerURI();
Uri current = new Uri(Request.AbsoluteUri);
//CRSF protection
if (!referrerURI.SchemeHostPathMatch(current))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", ApprovalResponse);
}
Uri redirectURI = null;
if (!Uri.TryCreate(ApprovalResponse.redirect, UriKind.RelativeOrAbsolute, out redirectURI) ||
(redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data);
}
data.Redirect = redirectURI.ToString();
DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
if (owner == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.access_denied, "Not Authenticated", data);
}
data.Owner = owner;
DataModels.Client client = ClientModel.GetClientByID(ApprovalResponse.client_id);
if (client == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data);
}
data.Client = client;
List <DataModels.Scope> scopes = ScopeModel.GetScopeDetails(ApprovalResponse.approved_scopes).ToList();
string scope = "";
if (scopes != null)
{
scopes.ForEach((cur) => scope += cur.scope_name + " ");
}
data.RequestedScopes = scopes;
DataModels.Approval approval = new DataModels.Approval()
{
client_id = client.id,
resource_owner_id = owner.id,
type = DataModels.ApprovalTypes.user_granted,
scope = scope,
};
if (!ApprovalModel.AddOrUpdateApproval(approval))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error storing approval", data);
}
return(new HttpResult(data)
{
StatusCode = System.Net.HttpStatusCode.Redirect,
Location = ApprovalResponse.redirect
});
}
