protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken) { Guid SessionToken = GetSessionToken(Request); if (!SessionToken.Equals(Guid.Empty)) { UserDataStore Users = new UserDataStore(); IUser FoundUser = (await Users.Get("SessionToken", SessionToken)).FirstOrDefault(); if (null != FoundUser) { if (DateTime.UtcNow < FoundUser.SessionExpires) { Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(FoundUser), null); Request.GetRequestContext().Principal = Thread.CurrentPrincipal; } else { // We previously sent expired tokens back with a 401. // This was causing errors with password retreval. // So, just don't validate an expired token and let // the Authorize attributes handle the 401 return(await base.SendAsync(Request, CancelToken)); } } HttpResponseMessage Response = await base.SendAsync(Request, CancelToken); await Users.UpdateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity); return(Response); } return(await base.SendAsync(Request, CancelToken)); }
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken) { if (null != Request.Headers.Authorization) { if (Request.Headers.Authorization.Scheme.ToUpper() == "FORCE") { Guid Token; if (!Guid.TryParse(Request.Headers.Authorization.Parameter, out Token)) { return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)); } AuthTokenDataStore Tokens = new AuthTokenDataStore(); await Tokens.Delete(0); IAuthToken ValidToken = (await Tokens.Get("Token", Token)).FirstOrDefault(); if (null == ValidToken) { return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)); } UserDataStore Users = new UserDataStore(); IUser User = await Users.Get(ValidToken.UserId); if (null == User) { return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)); } Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(User), null); Request.GetRequestContext().Principal = Thread.CurrentPrincipal; await Tokens.Update(ValidToken.UpdateExpires(DateTime.UtcNow.AddMinutes(-1))); // Complete the request. We'll set the login cookie on the way out HttpResponseMessage Response = await base.SendAsync(Request, CancelToken); CookieHeaderValue SessionCookie = new CookieHeaderValue("SessionToken", (await Users.CreateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity)).SessionToken.ToString()); #if DEBUG == false SessionCookie.Secure = true; #endif SessionCookie.HttpOnly = true; Response.Headers.AddCookies(new CookieHeaderValue[] { SessionCookie }); return(Response); } } return(await base.SendAsync(Request, CancelToken)); }
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken) { if (null != Request.Headers.Authorization) { // IF we have a "Basic" Authorization header, we need to login // ELSE we need to let the SessionToken cookie have a wack at it, so we do nothing if (Request.Headers.Authorization.Scheme.ToUpper() == "BASIC") { string authData = Encoding.UTF8.GetString(Convert.FromBase64String(Request.Headers.Authorization.Parameter)); // Do Basic Auth UserDataStore Users = new UserDataStore(); IUser FoundUser = (await Users.Get("EmailAddress", authData.Substring(0, authData.IndexOf(':')))).FirstOrDefault(); // EmailAddress is a unique key, so we can only find one if (null != FoundUser) { ScryptEncoder scryptEncoder = new ScryptEncoder(); // IF Basic Auth Succeeds if (scryptEncoder.Compare(Encoding.UTF8.GetString(Convert.FromBase64String(Request.Headers.Authorization.Parameter)), FoundUser.PasswordHash)) { // Set Principle Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(FoundUser), null); Request.GetRequestContext().Principal = Thread.CurrentPrincipal; } // ELSE Basic Auth Fails else { // return 401 return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)); } } // Complete the request. We'll set the login cookie on the way out HttpResponseMessage Response = await base.SendAsync(Request, CancelToken); CookieHeaderValue SessionCookie = new CookieHeaderValue("SessionToken", (await Users.CreateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity)).SessionToken.ToString()); #if DEBUG == false SessionCookie.Secure = true; #endif SessionCookie.HttpOnly = true; Response.Headers.AddCookies(new CookieHeaderValue[] { SessionCookie }); return(Response); } } return(await base.SendAsync(Request, CancelToken)); }
public void Create(NewRequestFormDto requestFormDto) { // todo wrap to transaction var category = CategoryDataStore.Get(requestFormDto.CategoryId); var newRequest = new Request { Category = category, Comment = requestFormDto.Comment, Author = UserDataStore.Get(requestFormDto.AuthorId), ConsumerName = requestFormDto.CustemerFio, Date = DateTime.UtcNow, Phone = requestFormDto.PhoneNumber, State = EState.Registered }; RequestDataStore.Save(newRequest); }