public LoginResponse Login (WebServiceLogin login)
{
LoginResponse response = new LoginResponse ();
using (DB db = new DB ()) {
Authenticate (db, login, response);
response.User = login.User;
return response;
}
}
public LoginResponse LoginOpenId (WebServiceLogin login, string email, string ip4)
{
LoginResponse response = new LoginResponse ();
using (DB db = new DB ()) {
VerifyUserInRole (db, login, Roles.Administrator);
DBLogin_Extensions.LoginOpenId (db, response, email, ip4);
return response;
}
}
public LoginResponse LoginOpenId (WebServiceLogin login, string email, string ip4)
{
LoginResponse response = new LoginResponse ();
using (DB db = new DB ()) {
try {
VerifyUserInRole (db, login, Roles.Administrator);
db.Audit (login, "WebServices.LoginOpenId (email: {0}, ip4: {1})", email, ip4);
DBLogin_Extensions.LoginOpenId (db, response, email, ip4);
} catch (Exception ex) {
response.Exception = new WebServiceException (ex);
}
return response;
}
}
public static void GitHubLogin (DB db, LoginResponse response, string ip4, List<string[]> userOrgs, string gitHubLogin = "") {
var userrole = Configuration.GitHubOrganizationList.FirstOrDefault(node => {
var split = node.Split (':');
var roleSpecCheck = split[0];
var roles = split[1];
var orgAndTeamString = roleSpecCheck.Split ('*');
// If we only have an org, just check for that.
return orgAndTeamString.Length == 1 ?
userOrgs.Any (org => org[0] == orgAndTeamString[0]) :
userOrgs.Any (org => org[0] == orgAndTeamString[0] && org[1] == orgAndTeamString[1]);
});
if (userrole == null) {
throw new Exception ("No valid organizations or teams available for logging in");
}
LoginDB (db, response, gitHubLogin, userrole.Split(':')[1], ip4);
}
public static void Login (DB db, LoginResponse response, string email, string ip4)
{
string [] specs;
// email is used when using OpenID/Google Auth,
// and is checked against the OpenIdRoles in the Wrench Config.
// For GitHub auth, userOrgs is used to store the users
// GitHub organizations which are checked against the configs.
// Setting the useGitHub flag will pick which format to auth against,
// GitHub or OpenID/Google.
// Note: username is NOT used for checking for authorization.
// It is used for adding that users name as the users Wrench account name
string username = email;
specs = Configuration.OpenIdRoles;
foreach (var spec in specs) {
// org:role1,role2
// email:role1,role2
string [] split = spec.Split (':');
if (split.Length != 2) {
log.ErrorFormat ("AuthenticateLogin: Invalid role spec: {0}", spec);
continue;
}
if (string.IsNullOrEmpty (split [1])) {
log.ErrorFormat ("AuthenticateLogin: No roles specified for {0}", split [0]);
continue;
}
var roleSpecCheck = split[0];
var roles = split[1];
if (!Regex.IsMatch (email, roleSpecCheck))
continue;
LoginDB (db, response, username, roles, ip4);
return;
}
throw new Exception ("The provided email address is not allowed to log in");
}
public static void LoginDB (DB db, LoginResponse response, string username, string roles, string ip4) {
// We now create an account with an empty password and the specified roles.
// Note that it is not possible to log into an account with an empty password
// using the normal login procedure.
DBPerson open_person = null;
using (IDbCommand cmd = db.CreateCommand ()) {
cmd.CommandText = @"SELECT * FROM Person WHERE login = @login;";
DB.CreateParameter (cmd, "login", username);
using (var reader = cmd.ExecuteReader ()) {
if (reader.Read ())
open_person = new DBPerson (reader);
}
}
if (open_person == null) {
open_person = new DBPerson ();
open_person.login = username;
open_person.roles = roles;
open_person.Save (db);
} else {
// only save if something has changed
if (open_person.roles != roles) {
open_person.roles = roles;
open_person.Save (db);
}
}
WebServiceLogin login = new WebServiceLogin ();
login.Ip4 = ip4;
login.User = open_person.login;
db.Audit (login, "DBLogin_Extensions.Login (username: {0}, ip4: {1})", username, ip4);
var result = new DBLogin ();
result.person_id = open_person.id;
result.ip4 = ip4;
result.cookie = CreateCookie ();
result.expires = DateTime.Now.AddDays (1);
result.Save (db);
response.User = username;
response.UserName = username;
response.UserRoles = open_person.Roles;
response.Cookie = result.cookie;
}
public static void LoginOpenId (DB db, LoginResponse response, string email, string ip4)
{
if (string.IsNullOrEmpty (Configuration.OpenIdProvider) && string.IsNullOrEmpty (Configuration.OauthClientId))
throw new Exception ("No OpenId provider available");
if (string.IsNullOrEmpty (Configuration.OpenIdRoles))
throw new Exception ("No OpenId roles specified");
if (string.IsNullOrEmpty (email))
throw new Exception ("OpenId authentication requires an email");
string [] specs = Configuration.OpenIdRoles.Split (';');
foreach (var spec in specs) {
// email:role1,role2
string [] split = spec.Split (':');
if (split.Length != 2) {
log.ErrorFormat ("AuthenticateOpenId: Invalid role spec: {0}", spec);
continue;
}
if (string.IsNullOrEmpty (split [1])) {
log.ErrorFormat ("AuthenticateOpenId: No roles specified for {0}", split [0]);
continue;
}
if (!Regex.IsMatch (email, split [0]))
continue;
// We now create an account with an empty password and the specified roles.
// Note that it is not possible to log into an account with an empty password
// using the normal login procedure.
DBPerson open_person = null;
using (IDbCommand cmd = db.CreateCommand ()) {
cmd.CommandText = @"SELECT * FROM Person WHERE login = @login;";
DB.CreateParameter (cmd, "login", email);
using (var reader = cmd.ExecuteReader ()) {
if (reader.Read ())
open_person = new DBPerson (reader);
}
}
if (open_person == null) {
open_person = new DBPerson ();
open_person.login = email;
open_person.roles = split [1];
open_person.Save (db);
} else {
// only save if something has changed
if (open_person.roles != split [1]) {
open_person.roles = split [1];
open_person.Save (db);
}
}
WebServiceLogin login = new WebServiceLogin ();
login.Ip4 = ip4;
login.User = open_person.login;
db.Audit (login, "DBLogin_Extensions.LoginOpenId (email: {0}, ip4: {1})", email, ip4);
var result = new DBLogin ();
result.person_id = open_person.id;
result.ip4 = ip4;
result.cookie = CreateCookie ();
result.expires = DateTime.Now.AddDays (1);
result.Save (db);
response.User = email;
response.UserName = email;
response.UserRoles = open_person.Roles;
response.Cookie = result.cookie;
return;
}
throw new Exception ("The provided email address is not allowed to log in");
}
