This commit is contained in:
2
.vscode/launch.json
vendored
2
.vscode/launch.json
vendored
@@ -53,7 +53,7 @@
|
||||
"AYANOVA_FOLDER_USER_FILES": "c:\\temp\\RavenTestData\\userfiles",
|
||||
"AYANOVA_FOLDER_BACKUP_FILES": "c:\\temp\\RavenTestData\\backupfiles",
|
||||
"AYANOVA_FOLDER_TEMPORARY_SERVER_FILES": "c:\\temp\\RavenTestData\\tempfiles",
|
||||
"AYANOVA_SERVER_TEST_MODE": "true",
|
||||
"AYANOVA_SERVER_TEST_MODE": "false",
|
||||
"AYANOVA_SERVER_TEST_MODE_SEEDLEVEL": "small",
|
||||
"AYANOVA_SERVER_TEST_MODE_TZ_OFFSET": "-7",
|
||||
"AYANOVA_BACKUP_PG_DUMP_PATH": "C:\\data\\code\\postgres_13\\bin\\"
|
||||
|
||||
@@ -168,111 +168,32 @@ namespace AyaNova.Api.Controllers
|
||||
string hashed = Hasher.hash(u.Salt, creds.Password);
|
||||
if (hashed == u.Password)
|
||||
{
|
||||
//Valid password, user is effectively authorized at this point
|
||||
//TWO FACTOR ENABLED??
|
||||
//if 2fa enabled then need to validate it before sending token, so we're halfway there and need to send a 2fa prompt
|
||||
if (u.TwoFactorEnabled)
|
||||
{
|
||||
//Generate a temporary token to identify and verify this is the same user
|
||||
u.TempToken = Hasher.GenerateSalt().Replace("=", "").Replace("+", "");
|
||||
await ct.SaveChangesAsync();
|
||||
|
||||
List<string> TranslationKeysToFetch = new List<string> { "AuthTwoFactor", "AuthEnterPin", "AuthVerifyCode", "Cancel" };
|
||||
var LT = await TranslationBiz.GetSubsetStaticAsync(TranslationKeysToFetch, u.UserOptions.TranslationId);
|
||||
|
||||
return Ok(ApiOkResponse.Response(new
|
||||
{
|
||||
AuthTwoFactor = LT["AuthTwoFactor"],
|
||||
AuthEnterPin = LT["AuthEnterPin"],
|
||||
AuthVerifyCode = LT["AuthVerifyCode"],
|
||||
Cancel = LT["Cancel"],
|
||||
tfa = true,
|
||||
tt = u.TempToken
|
||||
}));
|
||||
}
|
||||
|
||||
//Not 2fa, Valid password, user is authorized
|
||||
return await ReturnUserCredsOnSuccessfulAuthentication(u);
|
||||
|
||||
// //check if server available to SuperUser account only (closed or migrate mode)
|
||||
// //if it is it means we got here either because there is no license
|
||||
// //and only *the* SuperUser account can login now or we're in migrate mode
|
||||
// if (serverState.IsClosed || serverState.IsMigrateMode)
|
||||
// {
|
||||
// //if not SuperUser account then boot closed
|
||||
// //SuperUser account is always ID 1
|
||||
// if (u.Id != 1)
|
||||
// {
|
||||
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
// }
|
||||
// }
|
||||
// //Restrict auth due to server state?
|
||||
// //If we're here the server state is not closed, but it might be ops only
|
||||
|
||||
// //If the server is ops only then this user needs to be ops or else they are not allowed in
|
||||
// if (serverState.IsOpsOnly &&
|
||||
// !u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdminFull) &&
|
||||
// !u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdminLimited))
|
||||
// {
|
||||
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
// }
|
||||
|
||||
|
||||
// //TWO FACTOR ENABLED??
|
||||
// //if 2fa enabled then need to validate it before sending token, so we're halfway there and need to send a 2fa prompt
|
||||
// if (u.TwoFactorEnabled)
|
||||
// {
|
||||
// //Generate a temporary token to identify and verify this is the same user
|
||||
// u.TempToken = Hasher.GenerateSalt().Replace("=", "").Replace("+", "");
|
||||
// await ct.SaveChangesAsync();
|
||||
|
||||
// List<string> TranslationKeysToFetch = new List<string> { "AuthTwoFactor", "AuthEnterPin", "AuthVerifyCode", "Cancel" };
|
||||
// var LT = await TranslationBiz.GetSubsetStaticAsync(TranslationKeysToFetch, u.UserOptions.TranslationId);
|
||||
|
||||
// return Ok(ApiOkResponse.Response(new
|
||||
// {
|
||||
// AuthTwoFactor = LT["AuthTwoFactor"],
|
||||
// AuthEnterPin = LT["AuthEnterPin"],
|
||||
// AuthVerifyCode = LT["AuthVerifyCode"],
|
||||
// Cancel = LT["Cancel"],
|
||||
// tfa = true,
|
||||
// tt = u.TempToken
|
||||
// }));
|
||||
// }
|
||||
|
||||
|
||||
// //build the key (JWT set in startup.cs)
|
||||
// byte[] secretKey = System.Text.Encoding.ASCII.GetBytes(ServerBootConfig.AYANOVA_JWT_SECRET);
|
||||
|
||||
// //create a new datetime offset of now in utc time
|
||||
// var iat = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero);//timespan zero means zero time off utc / specifying this is a UTC datetime
|
||||
// var exp = new DateTimeOffset(DateTime.Now.AddDays(JWT_LIFETIME_DAYS).ToUniversalTime(), TimeSpan.Zero);
|
||||
|
||||
|
||||
// //=============== download token ===================
|
||||
// //Generate a download token and store it with the user account
|
||||
// //string DownloadToken = Convert.ToBase64String(Guid.NewGuid().ToByteArray());
|
||||
// string DownloadToken = Hasher.GenerateSalt();
|
||||
// DownloadToken = DownloadToken.Replace("=", "");
|
||||
// DownloadToken = DownloadToken.Replace("+", "");
|
||||
// u.DlKey = DownloadToken;
|
||||
// u.DlKeyExpire = exp.DateTime;
|
||||
|
||||
// //=======================================================
|
||||
|
||||
// var payload = new Dictionary<string, object>()
|
||||
// {
|
||||
// // { "iat", iat.ToUnixTimeSeconds().ToString() },
|
||||
// { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard
|
||||
// { "iss", "ayanova.com" },
|
||||
// { "id", u.Id.ToString() }
|
||||
// };
|
||||
|
||||
|
||||
// //NOTE: probably don't need Jose.JWT as am using Microsoft jwt stuff to validate routes so it should also be able to
|
||||
// //issue tokens as well, but it looked cmplex and this works so unless need to remove in future keeping it.
|
||||
// string token = Jose.JWT.Encode(payload, secretKey, Jose.JwsAlgorithm.HS256);
|
||||
|
||||
// //save auth token to ensure single sign on only
|
||||
// u.CurrentAuthToken = token;
|
||||
|
||||
// u.LastLogin = DateTime.UtcNow;
|
||||
|
||||
// await ct.SaveChangesAsync();
|
||||
|
||||
// //KEEP this, masked version of IP address
|
||||
// //Not sure if this is necessary or not but if it turns out to be then make it a boot option
|
||||
// // log.LogInformation($"User number \"{u.Id}\" logged in from \"{Util.StringUtil.MaskIPAddress(HttpContext.Connection.RemoteIpAddress.ToString())}\" ok");
|
||||
|
||||
// log.LogInformation($"User \"{u.Name}\" logged in from \"{HttpContext.Connection.RemoteIpAddress.ToString()}\" ok");
|
||||
|
||||
|
||||
// return Ok(ApiOkResponse.Response(new
|
||||
// {
|
||||
// token = token,
|
||||
// name = u.Name,
|
||||
// usertype = u.UserType,
|
||||
// roles = ((int)u.Roles).ToString(),
|
||||
// dlt = DownloadToken,
|
||||
// tfa = u.TwoFactorEnabled
|
||||
// }));
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ namespace AyaNova.Util
|
||||
//!!!!WARNING: BE SURE TO UPDATE THE DbUtil::EmptyBizDataFromDatabaseForSeedingOrImporting WHEN NEW TABLES ADDED!!!!
|
||||
private const int DESIRED_SCHEMA_LEVEL = 15;
|
||||
|
||||
internal const long EXPECTED_COLUMN_COUNT = 790;
|
||||
internal const long EXPECTED_COLUMN_COUNT = 791;
|
||||
internal const long EXPECTED_INDEX_COUNT = 130;
|
||||
internal const long EXPECTED_CHECK_CONSTRAINTS = 359;
|
||||
internal const long EXPECTED_FOREIGN_KEY_CONSTRAINTS = 78;
|
||||
|
||||
Reference in New Issue
Block a user