示例#1
0
        public static void AttemptLogin(HeContext heContext, int inParamUserId, string inParamPassword, bool inParamPersistent, bool checkPassword)
        {
            string functionName = "Login" + (checkPassword ? "Password" : String.Empty);
            int    tenantId     = heContext.Session.TenantId;

            string username;
            string hashedPassword;

            if (!TryGetUsernameAndPassword(tenantId, inParamUserId, checkPassword, out username, out hashedPassword, functionName))
            {
                throw new InvalidLoginException("Invalid username or password");
            }

            if (checkPassword && !RuntimePlatformUtils.Hashing.ValidatePasswordAgainstHash(inParamPassword, hashedPassword))
            {
                throw new InvalidLoginException("Invalid username or password");
            }

            heContext.Session.ClearPermissions();

            // set session variables
            heContext.Session.SetUser(inParamUserId, username);
            heContext.AppInfo.InjectionCache.RunCallbacks(heContext.AppInfo, heContext.Session, Callbacks.CallbackEvent.Login);

            if (!heContext.AppInfo.IsMobileRuntime)
            {
                if (!heContext.IsReadOnlySessionRequest)
                {
                    CookieActions.AddSessionFixationProtectionCookie(heContext);

                    // if it is a persistent login, refresh the entry and refresh the cookie
                    if (inParamPersistent)
                    {
                        CookieActions.AddOrRefreshPersistentLoginCookie(heContext, inParamUserId, functionName);
                    }
                    else
                    {
                        // always delete any persistent login entries, if a persistent cookie was sent and we did a regular login
                        CookieActions.DeletePersistentLoginEntryAndCookie(heContext, functionName);
                    }
                }
            }
            else
            {
                MobileRuntime.SetLoginInfo(heContext, inParamUserId, tenantId, inParamPersistent, username);
            }

            var upgradePassword = WillUpgradePassword(heContext, checkPassword, inParamPassword, hashedPassword);

            UpdateLastLoginAndPasswordIfNecessary(heContext, inParamUserId, tenantId, inParamPassword, upgradePassword, functionName);
        }
示例#2
0
        public static void AutoLogin(HeContext heContext)
        {
            if (heContext == null || heContext.AppInfo == null || heContext.AppInfo.IsMobileRuntime)
            {
                return; // This method should never be called for Mobile Runtime modules as those do not use the same cookie mechanims.
            }

            if (heContext.Session.UserId == 0)
            {
                String persistentLoginValue = CookieActions.GetPersistentLoginValue(heContext);
                if (!String.IsNullOrEmpty(persistentLoginValue))
                {
                    using (Transaction trans = DatabaseAccess.ForSystemDatabase.GetRequestTransaction()) {
                        int      userId   = 0;
                        int      tenantId = 0;
                        int      existingPersistentLoginId = 0;
                        DateTime expirationDateTime;

                        CookieActions.GetPersistentLoginInfo(heContext, trans, persistentLoginValue, out userId, out tenantId, out existingPersistentLoginId, out expirationDateTime, "AutoLogin");

                        if (userId == 0 || existingPersistentLoginId == 0)
                        {
                            CookieActions.DeletePersistentLoginCookie(heContext);
                        }
                        else
                        {
                            string username;
                            string hashInDb;
                            if (!DBRuntimePlatform.Instance.GetUserInfoForLogin(trans, tenantId, userId, /*fetchDbHash*/ false, out username, out hashInDb, "AutoLogin"))
                            {
                                return;
                            }

                            heContext.Session.TenantId = tenantId;
                            heContext.Session.SetUser(userId, username);
                            heContext.AppInfo.InjectionCache.RunCallbacks(heContext.AppInfo, heContext.Session, Callbacks.CallbackEvent.Login);

                            if (!heContext.IsReadOnlySessionRequest)
                            {
                                // Add the generic session fixation protection cookie
                                CookieActions.AddSessionFixationProtectionCookie(heContext);

                                // Refresh Persistent Login cookie on successful Auto Login - this avoids "session fixation"-like problems for the Persistent Login cookie!
                                CookieActions.RefreshPersistentLoginCookie(heContext, existingPersistentLoginId, expirationDateTime, "AutoLogin");
                            }

                            if (Settings.GetBool(Settings.Configs.Authentication_UpdateUserLastLogin))
                            {
                                // update login date
                                // #798465, #1006905 Use a committable transaction to update the last login to avoid locking concurrent logins
                                try {
                                    using (Transaction committableTrans = DatabaseAccess.ForSystemDatabase.GetCommitableTransaction()) {
                                        if (DBRuntimePlatform.Instance.TryUpdateLastLoginAndPasswordIfNeeded(committableTrans, userId, tenantId, /*upgradePassword*/ false, /*newDbHash*/ null, "AutoLogin"))
                                        {
                                            committableTrans.Commit();
                                        }
                                    }
                                } catch (Exception e) {
                                    ErrorLog.StaticWrite(DateTime.Now, heContext.SessionID, heContext.AppInfo.eSpaceId, tenantId, userId, e.Message, e.StackTrace, ErrorLog.GetStackEnvironmentInfo(heContext.AppInfo, heContext), "LOGIN");
                                }
                            }
                        }
                    }
                }
            }
        }