/// <summary>
/// Do parameter validation.
/// </summary>
/// <param name="parameters"></param>
/// <param name="unresolvedPropertyNames"></param>
/// <param name="errors"></param>
protected override void BeforeExecute(
JsonToDbParameters parameters,
HashSet <string> unresolvedPropertyNames,
ErrorDetailList errors)
{
UsernamePassword up = parameters.UsernamePassword;
if (up.WindowsAuthentication)
{
if (up.Password != null || up.UserName != null)
{
errors.AddError("UsernamePassword", "You can specify either WindowsAuthentication OR Username/Password.");
}
}
else // NO Windows Authentication ==> Username AND Password required
{
if (up.UserName == null)
{
errors.AddError("UsernamePassword", "You must specify a Username.");
}
if (up.Password == null)
{
errors.AddError("Password", "You must specify a Password.");
}
}
//if (errors.HasErrors()) return;
// Command will NOT be executed when errors contains messages
}
public string GetToken(UsernamePassword usernamePassword)
{
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SymmetricSecurityKey"]));
var user = new UserRepository(MonilyzerContext).GetUser(usernamePassword.Username, usernamePassword.Password);
var claims = new List <Claim> {
new Claim(ClaimTypes.Name, user.Username),
new Claim(JwtRegisteredClaimNames.Email, user.Email),
new Claim("DisplayName", user.Displayname)
};
foreach (var role in user.UserRoles)
{
claims.Add(new Claim(ClaimTypes.Role, role?.RoleName));
}
var token = new JwtSecurityToken(
issuer: "monilyzer.api",
audience: "monilyzer.api clients",
claims: claims.ToArray(),
notBefore: DateTime.Now,
expires: DateTime.Now.AddHours(4),
signingCredentials: new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256)
);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
private string AppendUsernamePassword(string connectionString, UsernamePassword usernamePassword)
{
connectionString = connectionString.Trim();
if (!connectionString.EndsWith(';'))
{
connectionString += ";";
}
return(connectionString + $"User Id={usernamePassword.Username};Password={usernamePassword.Password}");
}
/// <summary>
/// A fully featured upload-event handler
/// </summary>
protected virtual UploadHandlerReturnVal UploadHandler(TraceListenerUploadableBase sender, string logTitle,
string logDetails, string uploadToWithoutPageNumber, List <LogEntry> linksToLog, bool openInBrowser,
bool addToWatchlist, string username, string logHeader, string editSummary,
string logSummaryEditSummary, Plugin.IAutoWikiBrowser awb,
UsernamePassword loginDetails)
{
UploadHandlerReturnVal retval = new UploadHandlerReturnVal {
Success = false
};
if (StartingUpload(sender))
{
string pageName = uploadToWithoutPageNumber + " " + sender.TraceStatus.PageNumber;
UploadingPleaseWaitForm waitForm = new UploadingPleaseWaitForm();
LogUploader uploader = new LogUploader(awb.TheSession.Editor);
waitForm.Show();
try
{
uploader.LogIn(loginDetails);
Application.DoEvents();
retval.PageRetVals = uploader.LogIt(sender.TraceStatus.LogUpload, logTitle, logDetails, pageName, linksToLog,
sender.TraceStatus.PageNumber, sender.TraceStatus.StartDate, openInBrowser,
addToWatchlist, username, "{{log|name=" + uploadToWithoutPageNumber + "|page=" +
sender.TraceStatus.PageNumber + "}}" + Environment.NewLine + logHeader,
false, editSummary, logSummaryEditSummary, ApplicationName, true, awb);
retval.Success = true;
}
catch (Exception ex)
{
ErrorHandler.Handle(ex);
retval.Success = false;
}
finally
{
if (retval.Success)
{
sender.WriteCommentAndNewLine("Log uploaded to " + pageName);
}
else
{
sender.WriteCommentAndNewLine(
"LOG UPLOADING FAILED. Please manually upload this section to " + pageName);
}
}
waitForm.Dispose();
FinishedUpload();
}
return(retval);
}
/// <summary>
/// A fully featured upload-event handler
/// </summary>
protected virtual UploadHandlerReturnVal UploadHandler(TraceListenerUploadableBase Sender, string LogTitle,
string LogDetails, string UploadToWithoutPageNumber, List <LogEntry> LinksToLog, bool OpenInBrowser,
bool AddToWatchlist, string Username, string LogHeader, string EditSummary,
string LogSummaryEditSummary, WikiFunctions.Plugin.IAutoWikiBrowser AWB,
UsernamePassword LoginDetails)
{
UploadHandlerReturnVal retval = new UploadHandlerReturnVal();
retval.Success = false;
if (StartingUpload(Sender))
{
string pageName = UploadToWithoutPageNumber + " " + Sender.TraceStatus.PageNumber.ToString();
UploadingPleaseWaitForm waitForm = new UploadingPleaseWaitForm();
LogUploader uploader = new LogUploader();
waitForm.Show();
try
{
uploader.LogIn(LoginDetails);
Application.DoEvents();
retval.PageRetVals = uploader.LogIt(Sender.TraceStatus.LogUpload, LogTitle, LogDetails, pageName, LinksToLog,
Sender.TraceStatus.PageNumber, Sender.TraceStatus.StartDate, OpenInBrowser,
AddToWatchlist, Username, "{{log|name=" + UploadToWithoutPageNumber + "|page=" +
Sender.TraceStatus.PageNumber.ToString() + "}}" + System.Environment.NewLine + LogHeader,
false, EditSummary, LogSummaryEditSummary, ApplicationName, true, AWB);
retval.Success = true;
}
catch (Exception ex)
{
ErrorHandler.Handle(ex);
retval.Success = false;
}
finally
{
if (retval.Success)
{
Sender.WriteCommentAndNewLine("Log uploaded to " + pageName);
}
else
{
Sender.WriteCommentAndNewLine(
"LOG UPLOADING FAILED. Please manually upload this section to " + pageName);
}
}
waitForm.Dispose();
FinishedUpload();
}
return(retval);
}
public virtual IActionResult Siginout([FromBody] UsernamePassword usernamePassword)
{
//TODO: Uncomment the next line to return response 204 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
// return StatusCode(204);
//TODO: Uncomment the next line to return response 400 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
// return StatusCode(400, default(Error));
throw new NotImplementedException();
}
public async Task <IHttpActionResult> PostForLogin(JObject usrpwdata)
{
List <System.Net.Http.Headers.CookieHeaderValue> x = Request.Headers.GetCookies("mymy").ToList();
if (x.Count == 1)
{
//If login cookie exists:Return error to indicate that user already logged in
return(BadRequest("ท่านได้เข้าสู่ระบบอยู่แล้ว"));
}
UsernamePassword data = new UsernamePassword();
data.username = usrpwdata["username"].ToString();
data.password = usrpwdata["password"].ToString();
if (data.username == "" && data.password == "")
{
return(BadRequest("กรุณาใส่ชื่อผู้ใช้และรหัสผ่านที่ต้องการเข้าสู่ระบบ"));
}
else if (data.username == "")
{
return(BadRequest("กรุณาใส่ชื่อผู้ใช้งานที่ต้องการเข้าสู่ระบบ"));
}
else if (data.password == "")
{
return(BadRequest("กรุณาใส่รหัสผ่านที่ใช้ในการเข้าสู่ระบบ"));
}
oUsers context = new oUsers();
data.username = data.username.ToLower();
object result = await context.SelectUser(data.username);
//Check whether login is success?
if (result.GetType().ToString() != "System.String")
{
User_information_with_privilege_information u = (User_information_with_privilege_information)result;
string oldpassword = data.password;
data.password = u.information.GetPassword();
if (data.isMatchPassword(oldpassword))
{
return(Ok(u));
}
else
{
return(BadRequest("ชื่อผู้ใช้งานหรือรหัสผ่านไม่ถูกต้อง"));
}
}
else
{
return(BadRequest("ชื่อผู้ใช้งานหรือรหัสผ่านไม่ถูกต้อง"));
}
}
private string Encode(UsernamePassword item)
{
StringBuilder sb = new StringBuilder();
foreach (char cur in item.UserName)
{
if (cur != escape && cur != sep)
{
sb.Append(cur);
}
else
{
if (cur == escape)
{
sb.Append(escape);
sb.Append(escape);
}
else
{
sb.Append(escape);
sb.Append(sep);
}
}
}
sb.Append(sep); //separates user from pass
foreach (char cur in item.Password)
{
if (cur != escape && cur != sep)
{
sb.Append(cur);
}
else
{
if (cur == escape)
{
sb.Append(escape);
sb.Append(escape);
}
else
{
sb.Append(escape);
sb.Append(sep);
}
}
}
return(sb.ToString());
}
/// <summary>
///
/// </summary>
/// <exception cref="Org.OpenAPITools.Client.ApiException">Thrown when fails to make API call</exception>
/// <param name="usernamePassword"></param>
/// <returns>ApiResponse of Object(void)</returns>
public Org.OpenAPITools.Client.ApiResponse <Object> SiginoutWithHttpInfo(UsernamePassword usernamePassword)
{
// verify the required parameter 'usernamePassword' is set
if (usernamePassword == null)
{
throw new Org.OpenAPITools.Client.ApiException(400, "Missing required parameter 'usernamePassword' when calling DefaultApi->Siginout");
}
Org.OpenAPITools.Client.RequestOptions requestOptions = new Org.OpenAPITools.Client.RequestOptions();
String[] @contentTypes = new String[] {
"application/json"
};
// to determine the Accept header
String[] @accepts = new String[] {
"application/json"
};
foreach (var contentType in @contentTypes)
{
requestOptions.HeaderParameters.Add("Content-Type", contentType);
}
foreach (var accept in @accepts)
{
requestOptions.HeaderParameters.Add("Accept", accept);
}
requestOptions.Data = usernamePassword;
// make the HTTP request
var response = this.Client.Post <Object>("/signout", requestOptions, this.Configuration);
if (this.ExceptionFactory != null)
{
Exception exception = this.ExceptionFactory("Siginout", response);
if (exception != null)
{
throw exception;
}
}
return(response);
}
public async Task <IHttpActionResult> PostForCreateNewAdmin(JObject data)
{
const string chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
RNGCryptoServiceProvider gen = new RNGCryptoServiceProvider();
byte[] num = new byte[8];
//GENERATE PASSWORD 8 CHARS
string password = "";
gen.GetBytes(num);
for (int j = 0; j < 8; j++)
{
num[j] %= (byte)chars.Length;
password += chars[num[j]];
}
//=========================
string emaillower = data["email"].ToString();
emaillower = emaillower.ToLower();
UsernamePassword u = new UsernamePassword(emaillower, password);
datacontext.admin_creator_id = Convert.ToInt32(data["user_id"]);
datacontext.username = emaillower;
datacontext.password = u.password;
datacontext.t_name = data["t_name"].ToString();
object result = await datacontext.InsertWithSelect();
if (result.GetType().ToString() != "System.String")
{
object sendresult = await MailingUtils.sendUsernamePasswordMailForAdmin(emaillower, password, datacontext.t_name);
if (sendresult == null)
{
return(Ok(result));
}
else
{
return(InternalServerError((Exception)sendresult));
}
}
else
{
return(BadRequest(result.ToString()));
}
}
public bool AddCredential(IUserIdentity user, Security.ICredential credential)
{
if (user != null && credential != null)
{
UserPasswordCredential up = credential as UserPasswordCredential; //this is the only type of credential we can use
if (up != null)
{
UsernamePassword hist = up.ToHistoryPair(); //this is what we store in history
if (UserPasswordProviderFactory.Instance.ComplexityChecker.IsValid(up.password)) //validate it meets complexity rules
{
//get the existing credential this will replace, or this may be all together new
PersistedCredential curCred = GetPersisted(user.Uid, hist.UserName);
if (curCred != null)
{
PasswordHistory <UsernamePassword> history = GetHistory(user.Uid, hist.UserName);
if (!history.MatchesHistory(UsernamePassword.Matches, hist)) //can't add this since it's matching a current history in range
{
history.Add(hist);
//delete and set the new password
if (ReplaceCredential(user.Uid, hist.UserName, hist.Password))
{
this.historyProvider.Update(user.Uid, history);
return(true);
}
}
}
else //no existing cred, so this is a new one - but already meets complexity rule
{
PasswordHistory <UsernamePassword> history = GetHistory(user.Uid, hist.UserName);
if (!history.MatchesHistory(UsernamePassword.Matches, hist)) //can't add this since it's matching a current history in range
{
history.Add(hist);
//delete and set the new password
if (this.storeProvider.AddCredential(user.Uid, this, hist.UserName, hist.Password)) //the hist is already salted
{
this.historyProvider.Update(user.Uid, history); //update the history
return(true);
}
}
}
} //inside this level we have a valid password by complexity
}
}
return(false);
}
public bool ReplaceCredential(IUserIdentity user, Security.ICredential existing, Security.ICredential proposed)
{
if (user != null && existing != null && proposed != null)
{
UserPasswordCredential toRemove = existing as UserPasswordCredential; //this is the only type of credential we can use
UserPasswordCredential toAdd = proposed as UserPasswordCredential; //this is the only type of credential we can use
if (toRemove != null && toAdd != null)
{
PersistedCredential cred = GetPersisted(user.Uid, toRemove.UserName.ToLowerInvariant());
if (cred != null && toRemove.Matches(cred)) //has to be currently valid to do a replace
{
UsernamePassword up = toAdd.ToHistoryPair();
if (toRemove.UserName.ToLowerInvariant().Equals(toAdd.UserName.ToLowerInvariant()))
{
PasswordHistory <UsernamePassword> hist = GetHistory(user.Uid, up.UserName);
if (!hist.MatchesHistory(UsernamePassword.Matches, up)) //check for historic collision
{
if (ReplaceCredential(user.Uid, up.UserName, up.Password))
{
hist.Add(up);
this.historyProvider.Update(user.Uid, hist);
return(true);
}
}
}
else //different usernames being used
{
if (this.storeProvider.DeleteCredential(user.Uid, this, toRemove.UserName.ToLowerInvariant()))
{
this.historyProvider.Delete(user.Uid); //TODO -- this we need to fix by userId,type
if (this.storeProvider.AddCredential(user.Uid, this, up.UserName, up.Password))
{
PasswordHistory <UsernamePassword> hist = GetHistory(user.Uid, up.UserName);
this.historyProvider.Update(user.Uid, hist);
return(true);
}
}
}
}
}
}
return(false);
}
public string GetToken([FromBody] UsernamePassword uspas)
{
var temp = uspas;
User d = context.Users.FirstOrDefault(item => item.Username == uspas.Username);
if (d != null && d.Password == uspas.Password)
{
Tokens token = TokensGenerateVer.TK();
this.context.Tokens.Add(token);
this.context.SaveChanges();
return(token.text);
}
else
{
return(null);
}
}
public async Task <List <ApiResponse> > RegisterPassword(string username, string plainPassword)
{
// we need to use the password service for generating the password
IHashService hashService = new HashService();
// get a password model with the HASHED plain password
Password password = hashService.GenerateHashedPassword(plainPassword);
// create tayo ng POST Model para i-send ung username at password
UsernamePassword userPassword = new UsernamePassword()
{
PsUsername = username,
UPassword = password
};
string url = ApiUri.RegisterPassword.ToUrl();
var response = await httpService.PostReadResponse
<IEnumerable <ApiResponse>, UsernamePassword> (url, userPassword);
return(response.ToList());
}
public UserNamePasswordWindow(Cursor cursor) : base(cursor)
{
SelectedObject = new UsernamePassword();
#region Create the OK button
Button okButton = new Button(mCursor);
okButton.Text = "Ok";
okButton.Click += OnOkClick;
okButton.ScaleX = 5;
this.AddWindow(okButton);
#endregion
#region Create the cancel button
Button cancelButton = new Button(mCursor);
cancelButton.Text = "Cancel";
cancelButton.Click += OnCancelClick;
cancelButton.ScaleX = 5;
this.AddWindow(cancelButton);
#endregion
GetUIElementForMember("UserName").ScaleX = 20;
#region Adjust the Password textbox
TextBox asTextBox = GetUIElementForMember("Password") as TextBox;
asTextBox.ScaleX = 20;
asTextBox.HideCharacters = true;
#endregion
}
/// <summary>
///
/// </summary>
/// <param name="usernamePassword"></param>
/// <returns></returns>
public void Siginout(UsernamePassword usernamePassword)
{
// verify the required parameter 'usernamePassword' is set
if (usernamePassword == null)
{
throw new ApiException(400, "Missing required parameter 'usernamePassword' when calling Siginout");
}
var path = "/signout";
path = path.Replace("{format}", "json");
var queryParams = new Dictionary <String, String>();
var headerParams = new Dictionary <String, String>();
var formParams = new Dictionary <String, String>();
var fileParams = new Dictionary <String, FileParameter>();
String postBody = null;
postBody = ApiClient.Serialize(usernamePassword); // http body (model) parameter
// authentication setting, if any
String[] authSettings = new String[] { };
// make the HTTP request
IRestResponse response = (IRestResponse)ApiClient.CallApi(path, Method.POST, queryParams, postBody, headerParams, formParams, fileParams, authSettings);
if (((int)response.StatusCode) >= 400)
{
throw new ApiException((int)response.StatusCode, "Error calling Siginout: " + response.Content, response.Content);
}
else if (((int)response.StatusCode) == 0)
{
throw new ApiException((int)response.StatusCode, "Error calling Siginout: " + response.ErrorMessage, response.ErrorMessage);
}
return;
}
public virtual void Siginout(NancyContext context, UsernamePassword usernamePassword)
{
Siginout(usernamePassword);
}
/// <summary>
///
/// </summary>
/// <exception cref="Org.OpenAPITools.Client.ApiException">Thrown when fails to make API call</exception>
/// <param name="usernamePassword"></param>
/// <returns></returns>
public void Siginout(UsernamePassword usernamePassword)
{
SiginoutWithHttpInfo(usernamePassword);
}
public string Register([FromBody] UsernamePassword request)
{
HttpContext.Session.Set("active", new byte[] { 1 });
return(GetUserActions()
.Register(Guid.Parse(HttpContext.Session.Id), request.Username, request.Password));
}
/// <summary>
///
/// </summary>
/// <exception cref="Org.OpenAPITools.Client.ApiException">Thrown when fails to make API call</exception>
/// <param name="usernamePassword"></param>
/// <returns>Task of void</returns>
public async System.Threading.Tasks.Task SiginoutAsync(UsernamePassword usernamePassword)
{
await SiginoutAsyncWithHttpInfo(usernamePassword);
}
public string Post([FromBody] UsernamePassword usernamePassword)
{
return(new TokenRepository(MonilyzerContext, Configuration).GetToken(usernamePassword));
}
protected abstract void Siginout(UsernamePassword usernamePassword);
