DocSpace-buildtools/web/ASC.Web.Core/Helpers/AuthorizationHelper.cs

91 lines
3.9 KiB
C#
Raw Normal View History

2019-06-07 08:59:07 +00:00
/*
*
* (c) Copyright Ascensio System Limited 2010-2018
*
* This program is freeware. You can redistribute it and/or modify it under the terms of the GNU
* General Public License (GPL) version 3 as published by the Free Software Foundation (https://www.gnu.org/copyleft/gpl.html).
* In accordance with Section 7(a) of the GNU GPL its Section 15 shall be amended to the effect that
* Ascensio System SIA expressly excludes the warranty of non-infringement of any third-party rights.
*
* THIS PROGRAM IS DISTRIBUTED WITHOUT ANY WARRANTY; WITHOUT EVEN THE IMPLIED WARRANTY OF MERCHANTABILITY OR
* FITNESS FOR A PARTICULAR PURPOSE. For more details, see GNU GPL at https://www.gnu.org/copyleft/gpl.html
*
* You can contact Ascensio System SIA by email at sales@onlyoffice.com
*
* The interactive user interfaces in modified source and object code versions of ONLYOFFICE must display
* Appropriate Legal Notices, as required under Section 5 of the GNU GPL version 3.
*
* Pursuant to Section 7 § 3(b) of the GNU GPL you must retain the original ONLYOFFICE logo which contains
* relevant author attributions when distributing the software. If the display of the logo in its graphic
* form is not reasonably feasible for technical reasons, you must include the words "Powered by ONLYOFFICE"
* in every copy of the program you distribute.
* Pursuant to Section 7 § 3(e) we decline to grant you any rights under trademark law for use of our trademarks.
*
*/
using System;
using System.Text;
2019-08-15 12:04:42 +00:00
using ASC.Core;
using Microsoft.AspNetCore.Http;
2019-06-07 08:59:07 +00:00
namespace ASC.Web.Core.Helpers
{
public class AuthorizationHelper
{
2019-09-09 12:56:33 +00:00
public AuthorizationHelper(IHttpContextAccessor httpContextAccessor, UserManager userManager, SecurityContext securityContext)
2019-06-07 08:59:07 +00:00
{
2019-09-09 12:56:33 +00:00
HttpContextAccessor = httpContextAccessor;
UserManager = userManager;
SecurityContext = securityContext;
2019-06-07 08:59:07 +00:00
}
2020-08-12 09:58:08 +00:00
private IHttpContextAccessor HttpContextAccessor { get; }
private UserManager UserManager { get; }
private SecurityContext SecurityContext { get; }
2019-09-09 12:56:33 +00:00
public bool ProcessBasicAuthorization(out string authCookie)
2019-06-07 08:59:07 +00:00
{
authCookie = null;
try
{
//Try basic
2019-09-09 12:56:33 +00:00
var authorization = HttpContextAccessor.HttpContext.Request.Headers["Authorization"].ToString();
2019-06-07 08:59:07 +00:00
if (string.IsNullOrEmpty(authorization))
{
return false;
}
authorization = authorization.Trim();
if (0 <= authorization.IndexOf("Basic", 0))
{
var arr = Encoding.ASCII.GetString(Convert.FromBase64String(authorization.Substring(6))).Split(new[] { ':' });
var username = arr[0];
var password = arr[1];
var u = UserManager.GetUserByEmail(username);
2019-06-07 08:59:07 +00:00
if (u != null && u.ID != ASC.Core.Users.Constants.LostUser.ID)
{
authCookie = SecurityContext.AuthenticateMe(u.Email, password);
}
}
else if (0 <= authorization.IndexOf("Bearer", 0))
{
authorization = authorization.Substring("Bearer ".Length);
if (SecurityContext.AuthenticateMe(authorization))
{
authCookie = authorization;
}
}
else
{
if (SecurityContext.AuthenticateMe(authorization))
{
authCookie = authorization;
}
}
}
catch (Exception) { }
return SecurityContext.IsAuthenticated;
}
}
}