public static void AttemptLogin(HeContext heContext, int inParamUserId, string inParamPassword, bool inParamPersistent, bool checkPassword)
{
string functionName = "Login" + (checkPassword ? "Password" : String.Empty);
int tenantId = heContext.Session.TenantId;
string username;
string hashedPassword;
if (!TryGetUsernameAndPassword(tenantId, inParamUserId, checkPassword, out username, out hashedPassword, functionName))
{
throw new InvalidLoginException("Invalid username or password");
}
if (checkPassword && !RuntimePlatformUtils.Hashing.ValidatePasswordAgainstHash(inParamPassword, hashedPassword))
{
throw new InvalidLoginException("Invalid username or password");
}
heContext.Session.ClearPermissions();
// set session variables
heContext.Session.SetUser(inParamUserId, username);
heContext.AppInfo.InjectionCache.RunCallbacks(heContext.AppInfo, heContext.Session, Callbacks.CallbackEvent.Login);
if (!heContext.AppInfo.IsMobileRuntime)
{
if (!heContext.IsReadOnlySessionRequest)
{
CookieActions.AddSessionFixationProtectionCookie(heContext);
// if it is a persistent login, refresh the entry and refresh the cookie
if (inParamPersistent)
{
CookieActions.AddOrRefreshPersistentLoginCookie(heContext, inParamUserId, functionName);
}
else
{
// always delete any persistent login entries, if a persistent cookie was sent and we did a regular login
CookieActions.DeletePersistentLoginEntryAndCookie(heContext, functionName);
}
}
}
else
{
MobileRuntime.SetLoginInfo(heContext, inParamUserId, tenantId, inParamPersistent, username);
}
var upgradePassword = WillUpgradePassword(heContext, checkPassword, inParamPassword, hashedPassword);
UpdateLastLoginAndPasswordIfNecessary(heContext, inParamUserId, tenantId, inParamPassword, upgradePassword, functionName);
}
public static void AutoLogin(HeContext heContext)
{
if (heContext == null || heContext.AppInfo == null || heContext.AppInfo.IsMobileRuntime)
{
return; // This method should never be called for Mobile Runtime modules as those do not use the same cookie mechanims.
}
if (heContext.Session.UserId == 0)
{
String persistentLoginValue = CookieActions.GetPersistentLoginValue(heContext);
if (!String.IsNullOrEmpty(persistentLoginValue))
{
using (Transaction trans = DatabaseAccess.ForSystemDatabase.GetRequestTransaction()) {
int userId = 0;
int tenantId = 0;
int existingPersistentLoginId = 0;
DateTime expirationDateTime;
CookieActions.GetPersistentLoginInfo(heContext, trans, persistentLoginValue, out userId, out tenantId, out existingPersistentLoginId, out expirationDateTime, "AutoLogin");
if (userId == 0 || existingPersistentLoginId == 0)
{
CookieActions.DeletePersistentLoginCookie(heContext);
}
else
{
string username;
string hashInDb;
if (!DBRuntimePlatform.Instance.GetUserInfoForLogin(trans, tenantId, userId, /*fetchDbHash*/ false, out username, out hashInDb, "AutoLogin"))
{
return;
}
heContext.Session.TenantId = tenantId;
heContext.Session.SetUser(userId, username);
heContext.AppInfo.InjectionCache.RunCallbacks(heContext.AppInfo, heContext.Session, Callbacks.CallbackEvent.Login);
if (!heContext.IsReadOnlySessionRequest)
{
// Add the generic session fixation protection cookie
CookieActions.AddSessionFixationProtectionCookie(heContext);
// Refresh Persistent Login cookie on successful Auto Login - this avoids "session fixation"-like problems for the Persistent Login cookie!
CookieActions.RefreshPersistentLoginCookie(heContext, existingPersistentLoginId, expirationDateTime, "AutoLogin");
}
if (Settings.GetBool(Settings.Configs.Authentication_UpdateUserLastLogin))
{
// update login date
// #798465, #1006905 Use a committable transaction to update the last login to avoid locking concurrent logins
try {
using (Transaction committableTrans = DatabaseAccess.ForSystemDatabase.GetCommitableTransaction()) {
if (DBRuntimePlatform.Instance.TryUpdateLastLoginAndPasswordIfNeeded(committableTrans, userId, tenantId, /*upgradePassword*/ false, /*newDbHash*/ null, "AutoLogin"))
{
committableTrans.Commit();
}
}
} catch (Exception e) {
ErrorLog.StaticWrite(DateTime.Now, heContext.SessionID, heContext.AppInfo.eSpaceId, tenantId, userId, e.Message, e.StackTrace, ErrorLog.GetStackEnvironmentInfo(heContext.AppInfo, heContext), "LOGIN");
}
}
}
}
}
}
}