/// <summary> /// Adds user authentication details to the HTTP request /// </summary> /// <param name="user"></param> /// <param name="request"></param> public static void ApplyAuthenticationToRequest(string hostName, User user, System.Net.HttpWebRequest request) { var config = ServiceLocator.Get<IConfigurationManagerService>().Get(hostName); if (config != null) { if (config.EvolutionCredentials != null) { request.Credentials = config.EvolutionCredentials; if (user != null) { request.Headers["OAuth-Authorization"] = user.OAuthToken; } } else if (user != null) { request.Headers["Authorization"] = "OAuth " + user.OAuthToken; } } }
public User GetDefaultUser(IOAuthClientConfiguration configuration) { User defaultUser = null; defaultUser = configuration.Items[_defaultUserItemKey] as User; if (defaultUser != null && defaultUser.TokenExpiresUtc.Subtract(DateTime.UtcNow).TotalMinutes >= Constants.RefreshMarginMinutes) return defaultUser; lock (_defaultUserLock) { if (defaultUser != null && defaultUser.TokenExpiresUtc.Subtract(DateTime.UtcNow).TotalMinutes >= Constants.RefreshMarginMinutes) return defaultUser; var request = (HttpWebRequest)WebRequest.Create(configuration.EvolutionBaseUrl.OriginalString + "api.ashx/v2/oauth/token"); request.Timeout = Constants.RequestTimeoutMilliseconds; if (configuration.EvolutionCredentials != null) request.Credentials = configuration.EvolutionCredentials; request.Method = "POST"; string data = string.Concat( "client_id=", Uri.EscapeDataString(configuration.OAuthClientId), "&client_secret=", Uri.EscapeDataString(configuration.OAuthClientSecret), "&grant_type=client_credentials&username="******"application/x-www-form-urlencoded"; request.ContentLength = bytes.Length; using (var requestStream = request.GetRequestStream()) { requestStream.Write(bytes, 0, bytes.Length); requestStream.Close(); } string rawResponse = null; try { using (HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse()) { using (var reader = new StreamReader(webResponse.GetResponseStream())) { rawResponse = reader.ReadToEnd(); } } } catch (Exception e) { throw new Exception("An error occured while attempting to authorize the default user", e); } var serializer = new System.Web.Script.Serialization.JavaScriptSerializer(); var response = serializer.Deserialize<OAuthResponse>(rawResponse); if (!string.IsNullOrEmpty(response.error)) throw new Exception(response.error); var user = new User(configuration.DefaultUserName, GetUserIdByAccessToken(configuration, response.access_token), configuration.DefaultUserLanguageKey); user.OAuthToken = response.access_token; user.RefreshToken = response.refresh_token; user.TokenExpiresUtc = DateTime.UtcNow.AddSeconds(response.expires_in); defaultUser = user; configuration.Items[_defaultUserItemKey] = user; return defaultUser; } }
internal static User Deserialize(string serializedUser, string signature) { var signatureAndMessage = serializedUser.Split(':'); if (signatureAndMessage.Length != 2) return null; var hash = Convert.FromBase64String(signatureAndMessage[0]); var message = Convert.FromBase64String(signatureAndMessage[1]); var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(signature)); var validateHash = hmac.ComputeHash(message); bool valid = false; if (validateHash.Length == hash.Length) { for (int i = 0; i < hash.Length; i++) { if (hash[i] != validateHash[i]) break; if (i == hash.Length - 1) valid = true; } } if (!valid) return null; string[] data = Encoding.UTF8.GetString(message).Split('?'); if (data.Length != 7) return null; var user = new User(Uri.UnescapeDataString(data[0]), int.Parse(Uri.UnescapeDataString(data[1])), Uri.UnescapeDataString(data[2])); user.SynchronizedUserName = Uri.UnescapeDataString(data[3]); user.OAuthToken = Uri.UnescapeDataString(data[4]); user.RefreshToken = Uri.UnescapeDataString(data[5]); user.TokenExpiresUtc = new DateTime(long.Parse(Uri.UnescapeDataString(data[6])), DateTimeKind.Utc); return user; }
private bool IsEmailInUse(IUserCreatableOAuthClientConfiguration configuration, User managementAccount) { var request = (HttpWebRequest)WebRequest.Create(configuration.EvolutionBaseUrl.OriginalString + "api.ashx/v2/users.xml?PageIndex=0&PageSize=1&EmailAddress=" + HttpUtility.UrlEncode(configuration.LocalUserEmailAddress)); request.Timeout = Constants.RequestTimeoutMilliseconds; if (configuration.EvolutionCredentials != null) { request.Credentials = configuration.EvolutionCredentials; request.Headers["OAuth-Authorization"] = managementAccount.OAuthToken; } else request.Headers["Authorization"] = "OAuth " + managementAccount.OAuthToken; request.Method = "GET"; string rawResponse = null; try { using (HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse()) { using (var reader = new StreamReader(webResponse.GetResponseStream())) { rawResponse = reader.ReadToEnd(); } } } catch { return false; // We didn't get a user but something went wrong } try { var xml = XElement.Parse(rawResponse); var user = xml.Descendants("User").FirstOrDefault(); // If we have a user node then its a duplicate return user != null; } catch { return false; // We got a response but not in the expected format } }
private User GetToken(IUserCreatableOAuthClientConfiguration configuration, string username) { var request = (HttpWebRequest)WebRequest.Create(configuration.EvolutionBaseUrl.OriginalString + "api.ashx/v2/oauth/token"); request.Timeout = Constants.RequestTimeoutMilliseconds; if (configuration.EvolutionCredentials != null) request.Credentials = configuration.EvolutionCredentials; request.Method = "POST"; string data = string.Concat( "client_id=", Uri.EscapeDataString(configuration.OAuthClientId), "&client_secret=", Uri.EscapeDataString(configuration.OAuthClientSecret), "&grant_type=client_credentials&username="******"application/x-www-form-urlencoded"; request.ContentLength = bytes.Length; using (var requestStream = request.GetRequestStream()) { requestStream.Write(bytes, 0, bytes.Length); requestStream.Close(); } string rawResponse = null; using (HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse()) { using (var reader = new StreamReader(webResponse.GetResponseStream())) { rawResponse = reader.ReadToEnd(); } } var serializer = new System.Web.Script.Serialization.JavaScriptSerializer(); var response = serializer.Deserialize<OAuthResponse>(rawResponse); if (!string.IsNullOrEmpty(response.error)) return null; var user = new User(configuration.DefaultUserName,-1, configuration.DefaultUserLanguageKey); user.OAuthToken = response.access_token; user.RefreshToken = response.refresh_token; user.TokenExpiresUtc = DateTime.UtcNow.AddSeconds(response.expires_in); return user; }
private User ValidateAgainstUserSynchronization(IUserSynchronizedOAuthClientConfiguration configuration, User user, NameValueCollection state, Action<Uri> redirect) { if (!configuration.EnableEvolutionUserSynchronization || redirect == null) return user; var evolutionUserName = GetEvolutionAuthenticatedUserName(configuration); if (string.IsNullOrEmpty(evolutionUserName)) { if (user != null) return null; } else if (user == null || (string.CompareOrdinal(evolutionUserName, user.UserName) != 0 && string.CompareOrdinal(evolutionUserName, user.SynchronizedUserName) != 0)) { state[Constants.SynchronizedUserNameQueryStringKey] = evolutionUserName; IUserCreatableOAuthClientConfiguration userCreateClient = configuration as IUserCreatableOAuthClientConfiguration; userCreateClient = (IUserCreatableOAuthClientConfiguration)configuration; if (userCreateClient != null && userCreateClient.EnableEvolutionUserCreation) { if (user == null) redirect(GetEvolutionLogOutUrl(configuration, state)); else redirect(GetAuthenticatedRedirectUrlInternal(configuration, user.UserName, GetLoginUrl(configuration, state).OriginalString)); return user; } else { redirect(GetLoginUrl(configuration, state)); return null; } } return user; }
private User ValidateAgainstLocalUser(IUserCreatableOAuthClientConfiguration configuration, User user, NameValueCollection state, Action<Uri> redirect) { if (!configuration.EnableEvolutionUserCreation) return user; if(!string.IsNullOrEmpty(configuration.LocalUserName)) { if (user == null || string.CompareOrdinal(user.UserName, configuration.LocalUserName) != 0) if (_userSyncService.GetCreateUser(configuration)) { IUserSynchronizedOAuthClientConfiguration syncClient = configuration as IUserSynchronizedOAuthClientConfiguration; if (syncClient != null && syncClient.EnableEvolutionUserSynchronization && redirect != null) { redirect(GetAuthenticatedRedirectUrlInternal(syncClient, syncClient.LocalUserName, GetLoginUrl(syncClient, state).OriginalString)); return null; } else return GetUserByUserName(configuration, configuration.LocalUserName); } } else { if(user != null && string.CompareOrdinal(user.UserName, configuration.DefaultUserName) != 0) { return null; } } return user; }
private User RefreshOAuthToken(IOAuthClientConfiguration configuration, User user) { lock (user.SyncRoot) { if (user.TokenExpiresUtc.Subtract(DateTime.UtcNow).TotalMinutes >= Constants.RefreshMarginMinutes) return user; var request = (HttpWebRequest)WebRequest.Create(configuration.EvolutionBaseUrl.OriginalString + "api.ashx/v2/oauth/token"); request.Timeout = Constants.RequestTimeoutMilliseconds; ApplyHeaders(configuration, request, null); request.Method = "POST"; string data = string.Concat( "client_id=", Uri.EscapeDataString(configuration.OAuthClientId), "&client_secret=", Uri.EscapeDataString(configuration.OAuthClientSecret), "&grant_type=refresh_token&refresh_token=", Uri.EscapeDataString(user.RefreshToken), "&redirect_uri=", Uri.EscapeDataString(configuration.LocalOAuthClientHttpHandlerUrl.OriginalString) ); byte[] bytes = Encoding.UTF8.GetBytes(data); request.ContentType = "application/x-www-form-urlencoded"; request.ContentLength = bytes.Length; using (var requestStream = request.GetRequestStream()) { requestStream.Write(bytes, 0, bytes.Length); requestStream.Close(); } string rawResponse = null; try { using (HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse()) { using (var reader = new StreamReader(webResponse.GetResponseStream())) { rawResponse = reader.ReadToEnd(); } } } catch { return null; } var serializer = new System.Web.Script.Serialization.JavaScriptSerializer(); var response = serializer.Deserialize<OAuthResponse>(rawResponse); if (!string.IsNullOrEmpty(response.error)) throw new Exception(response.error); user.OAuthToken = response.access_token; user.RefreshToken = response.refresh_token; user.TokenExpiresUtc = DateTime.UtcNow.AddSeconds(response.expires_in); return user; } }