public List <OAuthGrant> GetByUser(int userId, OAuthGrantFilter filter = null) { using (var context = new DeviceHiveContext()) { return(context.OAuthGrants .Include(e => e.Client) .Include(e => e.AccessKey.Permissions) .Where(e => e.UserID == userId) .Filter(filter).ToList()); } }
public static IQueryable <OAuthGrant> Filter(this IQueryable <OAuthGrant> query, OAuthGrantFilter filter) { if (filter == null) { return(query); } if (filter.Start != null) { var start = DateTime.SpecifyKind(filter.Start.Value, DateTimeKind.Utc); query = query.Where(e => e.Timestamp >= start); } if (filter.End != null) { var end = DateTime.SpecifyKind(filter.End.Value, DateTimeKind.Utc); query = query.Where(e => e.Timestamp <= end); } if (filter.ClientID != null) { query = query.Where(e => e.ClientID == filter.ClientID.Value); } if (filter.ClientOAuthID != null) { query = query.Where(e => e.Client.OAuthID == filter.ClientOAuthID); } if (filter.Type != null) { query = query.Where(e => e.Type == filter.Type.Value); } if (filter.Scope != null) { query = query.Where(e => e.Scope == filter.Scope); } if (filter.RedirectUri != null) { query = query.Where(e => e.RedirectUri == filter.RedirectUri); } if (filter.AccessType != null) { query = query.Where(e => e.AccessType == filter.AccessType.Value); } if (filter.SortField != OAuthGrantSortField.None) { switch (filter.SortField) { case OAuthGrantSortField.Timestamp: query = query.OrderBy(e => e.Timestamp, filter.SortOrder); break; } } if (filter.Skip != null) { query = query.Skip(filter.Skip.Value); } if (filter.Take != null) { query = query.Take(filter.Take.Value); } return(query); }
public List <OAuthGrant> GetByUser(int userId, OAuthGrantFilter filter = null) { return(_mongo.OAuthGrants.AsQueryable().Where(e => e.UserID == userId).Filter(filter).ToList()); }
public JObject Token(FormDataCollection request) { var client = AuthenticateClient(Request, request); AccessKey accessKey = null; var grantType = GetRequiredParameter(request, "grant_type"); switch (grantType) { case "authorization_code": { var code = GetRequiredParameter(request, "code"); var redirectUri = GetRequiredParameter(request, "redirect_uri"); Guid authCode; if (!Guid.TryParse(code, out authCode)) { ThrowHttpResponse(HttpStatusCode.Forbidden, "Invalid authorization code!"); } // find a valid grant by authorization code var grant = DataContext.OAuthGrant.Get(authCode); if (grant == null || grant.ClientID != client.ID || grant.Type != (int)OAuthGrantType.Code || grant.RedirectUri != redirectUri) { ThrowHttpResponse(HttpStatusCode.Forbidden, "Invalid authorization code!"); } if (DateTime.UtcNow > grant.Timestamp.AddMinutes(10)) { ThrowHttpResponse(HttpStatusCode.Forbidden, "Invalid authorization code!"); } grant.AuthCode = null; // deny subsequent requests with the same authorization code DataContext.OAuthGrant.Save(grant); accessKey = grant.AccessKey; } break; case "password": { var scope = GetRequiredParameter(request, "scope"); var username = GetRequiredParameter(request, "username"); var password = GetRequiredParameter(request, "password"); // authenticate user User user = null; try { user = _authenticationManager.AuthenticateByPassword(username, password); } catch (AuthenticationException) { ThrowHttpResponse(HttpStatusCode.Unauthorized, "Invalid credentials or account is disabled!"); } // issue or renew grant var filter = new OAuthGrantFilter { ClientID = client.ID, Scope = scope, Type = (int)OAuthGrantType.Password, }; var grant = DataContext.OAuthGrant.GetByUser(user.ID, filter).FirstOrDefault() ?? new OAuthGrant(client, user.ID, new AccessKey(), (int)OAuthGrantType.Password, scope); RenewGrant(grant); DataContext.AccessKey.Save(grant.AccessKey); DataContext.OAuthGrant.Save(grant); accessKey = grant.AccessKey; } break; default: ThrowHttpResponse(HttpStatusCode.BadRequest, "Invalid grant_type parameter!"); break; } return(new JObject( new JProperty("access_token", accessKey.Key), new JProperty("token_type", "Bearer"), new JProperty("expires_in", accessKey.ExpirationDate == null ? null : (int?)(int)accessKey.ExpirationDate.Value.Subtract(DateTime.UtcNow).TotalSeconds))); }