protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken)
{
if (null != Request.Headers.Authorization)
{
// IF we have a "Basic" Authorization header, we need to login
// ELSE we need to let the SessionToken cookie have a wack at it, so we do nothing
if (Request.Headers.Authorization.Scheme.ToUpper() == "BASIC")
{
string authData = Encoding.UTF8.GetString(Convert.FromBase64String(Request.Headers.Authorization.Parameter));
// Do Basic Auth
UserDataStore Users = new UserDataStore();
IUser FoundUser = (await Users.Get("EmailAddress", authData.Substring(0, authData.IndexOf(':')))).FirstOrDefault();
// EmailAddress is a unique key, so we can only find one
if (null != FoundUser)
{
ScryptEncoder scryptEncoder = new ScryptEncoder();
// IF Basic Auth Succeeds
if (scryptEncoder.Compare(Encoding.UTF8.GetString(Convert.FromBase64String(Request.Headers.Authorization.Parameter)), FoundUser.PasswordHash))
{
// Set Principle
Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(FoundUser), null);
Request.GetRequestContext().Principal = Thread.CurrentPrincipal;
}
// ELSE Basic Auth Fails
else
{
// return 401
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
}
// Complete the request. We'll set the login cookie on the way out
HttpResponseMessage Response = await base.SendAsync(Request, CancelToken);
CookieHeaderValue SessionCookie = new CookieHeaderValue("SessionToken", (await Users.CreateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity)).SessionToken.ToString());
#if DEBUG == false
SessionCookie.Secure = true;
#endif
SessionCookie.HttpOnly = true;
Response.Headers.AddCookies(new CookieHeaderValue[] { SessionCookie });
return(Response);
}
}
return(await base.SendAsync(Request, CancelToken));
}
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken)
{
if (null != Request.Headers.Authorization)
{
if (Request.Headers.Authorization.Scheme.ToUpper() == "FORCE")
{
Guid Token;
if (!Guid.TryParse(Request.Headers.Authorization.Parameter, out Token))
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
AuthTokenDataStore Tokens = new AuthTokenDataStore();
await Tokens.Delete(0);
IAuthToken ValidToken = (await Tokens.Get("Token", Token)).FirstOrDefault();
if (null == ValidToken)
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
UserDataStore Users = new UserDataStore();
IUser User = await Users.Get(ValidToken.UserId);
if (null == User)
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(User), null);
Request.GetRequestContext().Principal = Thread.CurrentPrincipal;
await Tokens.Update(ValidToken.UpdateExpires(DateTime.UtcNow.AddMinutes(-1)));
// Complete the request. We'll set the login cookie on the way out
HttpResponseMessage Response = await base.SendAsync(Request, CancelToken);
CookieHeaderValue SessionCookie = new CookieHeaderValue("SessionToken", (await Users.CreateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity)).SessionToken.ToString());
#if DEBUG == false
SessionCookie.Secure = true;
#endif
SessionCookie.HttpOnly = true;
Response.Headers.AddCookies(new CookieHeaderValue[] { SessionCookie });
return(Response);
}
}
return(await base.SendAsync(Request, CancelToken));
}
