protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken)
{
Guid SessionToken = GetSessionToken(Request);
if (!SessionToken.Equals(Guid.Empty))
{
UserDataStore Users = new UserDataStore();
IUser FoundUser = (await Users.Get("SessionToken", SessionToken)).FirstOrDefault();
if (null != FoundUser)
{
if (DateTime.UtcNow < FoundUser.SessionExpires)
{
Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(FoundUser), null);
Request.GetRequestContext().Principal = Thread.CurrentPrincipal;
}
else
{
// We previously sent expired tokens back with a 401.
// This was causing errors with password retreval.
// So, just don't validate an expired token and let
// the Authorize attributes handle the 401
return(await base.SendAsync(Request, CancelToken));
}
}
HttpResponseMessage Response = await base.SendAsync(Request, CancelToken);
await Users.UpdateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity);
return(Response);
}
return(await base.SendAsync(Request, CancelToken));
}
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken)
{
if (null != Request.Headers.Authorization)
{
if (Request.Headers.Authorization.Scheme.ToUpper() == "FORCE")
{
Guid Token;
if (!Guid.TryParse(Request.Headers.Authorization.Parameter, out Token))
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
AuthTokenDataStore Tokens = new AuthTokenDataStore();
await Tokens.Delete(0);
IAuthToken ValidToken = (await Tokens.Get("Token", Token)).FirstOrDefault();
if (null == ValidToken)
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
UserDataStore Users = new UserDataStore();
IUser User = await Users.Get(ValidToken.UserId);
if (null == User)
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(User), null);
Request.GetRequestContext().Principal = Thread.CurrentPrincipal;
await Tokens.Update(ValidToken.UpdateExpires(DateTime.UtcNow.AddMinutes(-1)));
// Complete the request. We'll set the login cookie on the way out
HttpResponseMessage Response = await base.SendAsync(Request, CancelToken);
CookieHeaderValue SessionCookie = new CookieHeaderValue("SessionToken", (await Users.CreateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity)).SessionToken.ToString());
#if DEBUG == false
SessionCookie.Secure = true;
#endif
SessionCookie.HttpOnly = true;
Response.Headers.AddCookies(new CookieHeaderValue[] { SessionCookie });
return(Response);
}
}
return(await base.SendAsync(Request, CancelToken));
}
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken)
{
if (null != Request.Headers.Authorization)
{
// IF we have a "Basic" Authorization header, we need to login
// ELSE we need to let the SessionToken cookie have a wack at it, so we do nothing
if (Request.Headers.Authorization.Scheme.ToUpper() == "BASIC")
{
string authData = Encoding.UTF8.GetString(Convert.FromBase64String(Request.Headers.Authorization.Parameter));
// Do Basic Auth
UserDataStore Users = new UserDataStore();
IUser FoundUser = (await Users.Get("EmailAddress", authData.Substring(0, authData.IndexOf(':')))).FirstOrDefault();
// EmailAddress is a unique key, so we can only find one
if (null != FoundUser)
{
ScryptEncoder scryptEncoder = new ScryptEncoder();
// IF Basic Auth Succeeds
if (scryptEncoder.Compare(Encoding.UTF8.GetString(Convert.FromBase64String(Request.Headers.Authorization.Parameter)), FoundUser.PasswordHash))
{
// Set Principle
Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(FoundUser), null);
Request.GetRequestContext().Principal = Thread.CurrentPrincipal;
}
// ELSE Basic Auth Fails
else
{
// return 401
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
}
// Complete the request. We'll set the login cookie on the way out
HttpResponseMessage Response = await base.SendAsync(Request, CancelToken);
CookieHeaderValue SessionCookie = new CookieHeaderValue("SessionToken", (await Users.CreateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity)).SessionToken.ToString());
#if DEBUG == false
SessionCookie.Secure = true;
#endif
SessionCookie.HttpOnly = true;
Response.Headers.AddCookies(new CookieHeaderValue[] { SessionCookie });
return(Response);
}
}
return(await base.SendAsync(Request, CancelToken));
}
public void Create(NewRequestFormDto requestFormDto)
{
// todo wrap to transaction
var category = CategoryDataStore.Get(requestFormDto.CategoryId);
var newRequest = new Request
{
Category = category,
Comment = requestFormDto.Comment,
Author = UserDataStore.Get(requestFormDto.AuthorId),
ConsumerName = requestFormDto.CustemerFio,
Date = DateTime.UtcNow,
Phone = requestFormDto.PhoneNumber,
State = EState.Registered
};
RequestDataStore.Save(newRequest);
}
