示例#1
0
        public void HandleTechMainLogin(dynamic JsonData)
        {
            try
            {
                if (BadLoginAttempts >= 3)
                {
                    JsonData.Status = "temp ban";
                    Send(Json.Encode(JsonData));
                    return;
                }
                if (Config.Current.Demo_Mode && JsonData.UserID.ToLower() == "demo" && JsonData.Password == "tech")
                {
                    var authToken = Guid.NewGuid().ToString().Replace("-", "");
                    AuthenticationTokens.Add(authToken);
                    TechAccount = new Tech_Account()
                    {
                        UserID         = "demo",
                        FirstName      = "Demo",
                        LastName       = "Tech",
                        HashedPassword = Crypto.HashPassword(JsonData.Password),
                        AccessLevel    = Tech_Account.Access_Levels.Admin
                    };
                    if (JsonData.RememberMe == true)
                    {
                        TechAccount.AuthenticationTokens.AddRange(AuthenticationTokens);
                    }
                    TechAccount.Save();
                    JsonData.Status = "ok";
                    JsonData.AuthenticationToken = authToken;
                    Send(Json.Encode(JsonData));
                    return;
                }
                //else if (Config.Current.Active_Directory_Enabled)
                //{
                //    // TODO: AD authentication.
                //}
                else
                {
                    if (!Directory.Exists(Utilities.App_Data + "Tech_Accounts"))
                    {
                        Directory.CreateDirectory(Utilities.App_Data + "Tech_Accounts");
                    }
                    if (!File.Exists(Utilities.App_Data + "Tech_Accounts\\" + JsonData.UserID + ".json"))
                    {
                        BadLoginAttempts++;
                        JsonData.Status = "invalid";
                        Send(Json.Encode(JsonData));
                        return;
                    }
                    Tech_Account account = Json.Decode <Tech_Account>(File.ReadAllText(Utilities.App_Data + "Tech_Accounts\\" + JsonData.UserID + ".json"));
                    while (account.AuthenticationTokens.Count > 10)
                    {
                        account.AuthenticationTokens.RemoveAt(0);
                    }

                    if (account.BadLoginAttempts >= 3)
                    {
                        if (DateTime.Now - account.LastBadLogin > TimeSpan.FromMinutes(10))
                        {
                            BadLoginAttempts = 0;
                        }
                        else
                        {
                            JsonData.Status = "locked";
                            Send(Json.Encode(JsonData));
                            return;
                        }
                    }
                    if (String.IsNullOrEmpty(JsonData.Password))
                    {
                        BadLoginAttempts++;
                        account.BadLoginAttempts++;
                        account.LastBadLogin = DateTime.Now;
                        account.Save();
                        JsonData.Status = "invalid";
                        Send(Json.Encode(JsonData));
                        return;
                    }
                    if (JsonData.Password == account.TempPassword)
                    {
                        if (String.IsNullOrEmpty(JsonData.NewPassword))
                        {
                            JsonData.Status = "new required";
                            Send(Json.Encode(JsonData));
                            return;
                        }
                        else if (JsonData.NewPassword != JsonData.ConfirmNewPassword)
                        {
                            JsonData.Status = "password mismatch";
                            Send(Json.Encode(JsonData));
                            return;
                        }
                        else if (JsonData.NewPassword.Length < 8 || JsonData.NewPassword.Length > 20)
                        {
                            JsonData.Status = "password length";
                            Send(Json.Encode(JsonData));
                            return;
                        }
                        else
                        {
                            var authToken = Guid.NewGuid().ToString().Replace("-", "");
                            AuthenticationTokens.Add(authToken);
                            account.TempPassword     = "";
                            account.HashedPassword   = Crypto.HashPassword(JsonData.ConfirmNewPassword);
                            account.BadLoginAttempts = 0;
                            if (JsonData.RememberMe == true)
                            {
                                account.AuthenticationTokens.Add(authToken);
                            }
                            account.Save();
                            if (SocketCollection.Exists(sock => sock?.TechAccount?.UserID == account.UserID))
                            {
                                foreach (var login in SocketCollection.FindAll(sock => sock?.TechAccount?.UserID == account.UserID))
                                {
                                    var request = new
                                    {
                                        Type = "NewLogin"
                                    };
                                    login.Send(Json.Encode(request));
                                    login.Close();
                                }
                            }
                            TechAccount     = account;
                            JsonData.Status = "ok";
                            JsonData.Access = TechAccount.AccessLevel.ToString();
                            JsonData.AuthenticationToken = authToken;
                            Send(Json.Encode(JsonData));
                            return;
                        }
                    }
                    if (Crypto.VerifyHashedPassword(account.HashedPassword, JsonData.Password))
                    {
                        var authToken = Guid.NewGuid().ToString().Replace("-", "");
                        AuthenticationTokens.Add(authToken);
                        account.BadLoginAttempts = 0;
                        account.TempPassword     = "";
                        if (JsonData.RememberMe == true)
                        {
                            account.AuthenticationTokens.Add(authToken);
                        }
                        account.Save();
                        if (SocketCollection.Exists(sock => sock?.TechAccount?.UserID == account.UserID))
                        {
                            foreach (var login in SocketCollection.FindAll(sock => sock?.TechAccount?.UserID == account.UserID))
                            {
                                var request = new
                                {
                                    Type = "NewLogin"
                                };
                                login.Send(Json.Encode(request));
                                login.Close();
                            }
                        }
                        TechAccount     = account;
                        JsonData.Status = "ok";
                        JsonData.Access = TechAccount.AccessLevel.ToString();
                        JsonData.AuthenticationToken = authToken;
                        Send(Json.Encode(JsonData));
                        return;
                    }
                    if (!String.IsNullOrEmpty(JsonData.AuthenticationToken))
                    {
                        if (AuthenticationTokens.Contains(JsonData.AuthenticationToken) || account.AuthenticationTokens.Contains(JsonData.AuthenticationToken))
                        {
                            var authToken = Guid.NewGuid().ToString().Replace("-", "");
                            account.AuthenticationTokens.Remove(JsonData.AuthenticationToken);
                            AuthenticationTokens.Add(authToken);
                            if (JsonData.RememberMe == true)
                            {
                                account.AuthenticationTokens.Add(authToken);
                            }
                            account.Save();
                            account.BadLoginAttempts = 0;
                            account.TempPassword     = "";
                            account.Save();
                            if (SocketCollection.Exists(sock => sock?.TechAccount?.UserID == account.UserID))
                            {
                                foreach (var login in SocketCollection.FindAll(sock => sock?.TechAccount?.UserID == account.UserID))
                                {
                                    var request = new
                                    {
                                        Type = "NewLogin"
                                    };
                                    login.Send(Json.Encode(request));
                                    login.Close();
                                }
                            }
                            TechAccount     = account;
                            JsonData.Status = "ok";
                            JsonData.Access = TechAccount.AccessLevel.ToString();
                            JsonData.AuthenticationToken = authToken;
                            Send(Json.Encode(JsonData));
                        }
                        else
                        {
                            BadLoginAttempts++;
                            JsonData.Status = "expired";
                            Send(Json.Encode(JsonData));
                        }
                        return;
                    }
                    // Bad login attempt.
                    BadLoginAttempts++;
                    account.BadLoginAttempts++;
                    account.LastBadLogin = DateTime.Now;
                    account.Save();
                    JsonData.Status = "invalid";
                    Send(Json.Encode(JsonData));
                    return;
                }
            }
            catch (Exception ex)
            {
                Utilities.WriteToLog(ex);
            }
        }
示例#2
0
 public Task CreateAsync(AuthenticationToken authenticationToken)
 {
     return(Task.Run(() => AuthenticationTokens.Add(authenticationToken)));
 }