public static LoginResponse Authenticate(Login login) { // Ensure that we have what we need if (login == null || string.IsNullOrEmpty(login.Email) || string.IsNullOrEmpty(login.Password)) { return(null); } USERS loginUser = null; // Read directly from the database; UserManager does not read password and salt, in order to keep them more private using (var db = new CSET_Context()) { loginUser = db.USERS.Where(x => x.PrimaryEmail == login.Email).FirstOrDefault(); if (loginUser == null) { return(null); } } // Validate the supplied password against the hashed password and its salt bool success = PasswordHash.ValidatePassword(login.Password, loginUser.Password, loginUser.Salt); if (!success) { return(null); } // Generate a token for this user string token = TransactionSecurity.GenerateToken(loginUser.UserId, login.TzOffset, -1, null, null, login.Scope); // Build response object LoginResponse resp = new LoginResponse { Token = token, UserId = loginUser.UserId, Email = login.Email, UserFirstName = loginUser.FirstName, UserLastName = loginUser.LastName, IsSuperUser = loginUser.IsSuperUser, ResetRequired = loginUser.PasswordResetRequired ?? true, ExportExtension = IOHelper.GetExportFileExtension(login.Scope), ImportExtensions = IOHelper.GetImportFileExtensions(login.Scope) }; return(resp); }
/// <summary> /// Emulates credential authentication without requiring credentials. /// The Windows file system is consulted to see if a certain file was placed there /// during the stand-alone install process. /// </summary> /// <param name="login"></param> /// <returns></returns> public static LoginResponse AuthenticateStandalone(Login login) { int userIdSO = 100; string primaryEmailSO = ""; // Read the file system for the LOCAL-INSTALLATION file put there at install time if (!IsLocalInstallation(login.Scope)) { return(null); } String name = WindowsIdentity.GetCurrent().Name; name = string.IsNullOrWhiteSpace(name) ? "Local" : name; primaryEmailSO = name; using (var db = new CSET_Context()) { //check for legacy default email for local installation and set to new standard var userOrg = db.USERS.Where(x => x.PrimaryEmail == primaryEmailSO + "@myorg.org").FirstOrDefault(); if (userOrg != null) { string tmp = userOrg.PrimaryEmail.Split('@')[0]; userOrg.PrimaryEmail = tmp; if (db.USERS.Where(x => x.PrimaryEmail == tmp).FirstOrDefault() == null) { db.SaveChanges(); } primaryEmailSO = userOrg.PrimaryEmail; } var user = db.USERS.Where(x => x.PrimaryEmail == primaryEmailSO).FirstOrDefault(); if (user == null) { UserManager um = new UserManager(); UserDetail ud = new UserDetail() { Email = primaryEmailSO, FirstName = name, LastName = "" }; UserCreateResponse userCreateResponse = um.CreateUser(ud); db.SaveChanges(); //update the userid 1 to the new user var tempu = db.USERS.Where(x => x.PrimaryEmail == primaryEmailSO).FirstOrDefault(); if (tempu != null) { userIdSO = tempu.UserId; } determineIfUpgradedNeededAndDoSo(userIdSO); } else { userIdSO = user.UserId; } } if (string.IsNullOrEmpty(primaryEmailSO)) { return(null); } // Generate a token for this user string token = TransactionSecurity.GenerateToken(userIdSO, login.TzOffset, -1, null, null, login.Scope); // Build response object LoginResponse resp = new LoginResponse { Token = token, Email = primaryEmailSO, UserFirstName = name, UserLastName = "", IsSuperUser = false, ResetRequired = false, ExportExtension = IOHelper.GetExportFileExtension(login.Scope), ImportExtensions = IOHelper.GetImportFileExtensions(login.Scope) }; return(resp); }