// Given id and password, authenticate the user
public static bool Authenticate(HttpContext context)
{
bool authenticated = false;
// get user id and password
string id = WebTools.Get(context, "id");
string password = WebTools.Get(context, "password");
string navigation_id = WebTools.GetNavigationId(context);
if (string.IsNullOrEmpty(id) == false && string.IsNullOrEmpty(navigation_id) == false)
{
// find user with matching id and password
var db = (SQL)context.Items["db"];
var param = new Dictionary <string, object>();
param["id"] = id; param["navigation_id"] = navigation_id;
var users = db.Query(
"SELECT * FROM core_user WHERE id = @id AND navigation_id = @navigation_id"
, param);
if (users != null && users.Count() == 1)
{
var user = users.First();
bool valid = false;
// if password is DBNull and also empty then pass
if (user.Get("password") is DBNull || string.IsNullOrEmpty($"{user.Get("password")}"))
{
valid = true;
}
// Verify the password
else if (SecurePasswordHasher.Verify(password, $"{user.Get("password")}"))
{
valid = true;
}
if (valid)
{
// create a new token
var token = JwtTool.CreateToken(
context
, $"{user["id"]}"
, $"{user["name"]}"
, RolesOfUser(context, $"{user["_id"]}")
);
RefreshHeader(context, token);
// is authenticated
authenticated = true;
}
}
}
return(authenticated);
}
public static bool IsAuthenticated(HttpContext context)
{
bool authenticated = false;
// do the JWT toekn thingy
string token = null;
if (context.Request.Headers.ContainsKey("Authorization"))
{
token = context.Request.Headers["Authorization"];
token = token.Replace("Bearer ", "");
}
// if headers not given check cooikes - only if it is get and file download
else if (
context.Request.Cookies.ContainsKey("Authorization") &&
context.Request.Method == "GET")
{
token = context.Request.Cookies["Authorization"];
token = token.Replace("Bearer ", "");
}
else if (
context.Request.Query.ContainsKey("Bearer") &&
context.Request.Method == "GET")
{
token = context.Request.Query["Bearer"];
}
if (string.IsNullOrEmpty(token) == false)
{
try
{
// decoded token will be saved as token in the res.locals
var decodedToken = JwtTool.Verify(token, $"{context.Items["secret"]}");
context.Items["token"] = decodedToken;
if (decodedToken != null)
{
// if authentication is expiring soon then issue a new token
// if half of the time is passed then renew
var exp = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
exp = exp.AddSeconds((Int64)decodedToken["exp"]);
if (exp < DateTime.Now.AddDays(-1))
{
// new token
var newToken = JwtTool.CreateToken(
context
, $"{decodedToken["unique_name"]}"
, $"{decodedToken["nameid"]}"
, (string[])decodedToken["roles"]
);
}
RefreshHeader(context, token);
// authenticated
authenticated = true;
}
}
catch
{
authenticated = false;
}
}
return(authenticated);
}