Browse Source

Added Auth Token to Users and API calls

pull/50/head
Teknikode 6 years ago
parent
commit
b3b0277582
  1. 34
      Teknik/Areas/API/Controllers/APIv1Controller.cs
  2. 6
      Teknik/Areas/API/Models/APIv1BaseModel.cs
  3. 25
      Teknik/Areas/User/Models/AuthToken.cs
  4. 3
      Teknik/Areas/User/Models/User.cs
  5. 23
      Teknik/Areas/User/Utility/UserHelper.cs
  6. 2
      Teknik/Models/TeknikEntities.cs
  7. 1
      Teknik/Teknik.csproj

34
Teknik/Areas/API/Controllers/APIv1Controller.cs

@ -15,6 +15,8 @@ using Teknik.Areas.Shortener.Models; @@ -15,6 +15,8 @@ using Teknik.Areas.Shortener.Models;
using nClam;
using Teknik.Filters;
using Teknik.Areas.API.Models;
using Teknik.Areas.Users.Models;
using Teknik.Areas.Users.Utility;
namespace Teknik.Areas.API.Controllers
{
@ -117,6 +119,18 @@ namespace Teknik.Areas.API.Controllers @@ -117,6 +119,18 @@ namespace Teknik.Areas.API.Controllers
if (upload != null)
{
// Associate this with the user if they provided an auth key
if (!string.IsNullOrEmpty(model.authToken))
{
User foundUser = UserHelper.GetUserFromToken(db, Config, model.authToken);
if (foundUser != null)
{
upload.UserId = foundUser.UserId;
db.Entry(upload).State = EntityState.Modified;
db.SaveChanges();
}
}
// Generate delete key if asked to
if (model.genDeletionKey)
{
@ -169,6 +183,16 @@ namespace Teknik.Areas.API.Controllers @@ -169,6 +183,16 @@ namespace Teknik.Areas.API.Controllers
{
Paste.Models.Paste paste = PasteHelper.CreatePaste(model.code, model.title, model.syntax, model.expireUnit, model.expireLength, model.password, model.hide);
// Associate this with the user if they provided an auth key
if (!string.IsNullOrEmpty(model.authToken))
{
User foundUser = UserHelper.GetUserFromToken(db, Config, model.authToken);
if (foundUser != null)
{
paste.UserId = foundUser.UserId;
}
}
db.Pastes.Add(paste);
db.SaveChanges();
@ -204,6 +228,16 @@ namespace Teknik.Areas.API.Controllers @@ -204,6 +228,16 @@ namespace Teknik.Areas.API.Controllers
{
ShortenedUrl newUrl = Shortener.Shortener.ShortenUrl(model.url, Config.ShortenerConfig.UrlLength);
// Associate this with the user if they provided an auth key
if (!string.IsNullOrEmpty(model.authToken))
{
User foundUser = UserHelper.GetUserFromToken(db, Config, model.authToken);
if (foundUser != null)
{
newUrl.UserId = foundUser.UserId;
}
}
db.ShortenedUrls.Add(newUrl);
db.SaveChanges();

6
Teknik/Areas/API/Models/APIv1BaseModel.cs

@ -9,9 +9,15 @@ namespace Teknik.Areas.API.Models @@ -9,9 +9,15 @@ namespace Teknik.Areas.API.Models
{
public bool doNotTrack { get; set; }
public string username { get; set; }
public string authToken { get; set; }
public APIv1BaseModel()
{
doNotTrack = false;
username = string.Empty;
authToken = string.Empty;
}
}
}

25
Teknik/Areas/User/Models/AuthToken.cs

@ -0,0 +1,25 @@ @@ -0,0 +1,25 @@
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations.Schema;
using System.Linq;
using System.Web;
using Teknik.Attributes;
namespace Teknik.Areas.Users.Models
{
public class AuthToken
{
public int AuthTokenId { get; set; }
public int UserId { get; set; }
public virtual User User { get; set; }
public string Name { get; set; }
[CaseSensitive]
public string HashedToken { get; set; }
public DateTime LastDateUsed { get; set; }
}
}

3
Teknik/Areas/User/Models/User.cs

@ -35,6 +35,8 @@ namespace Teknik.Areas.Users.Models @@ -35,6 +35,8 @@ namespace Teknik.Areas.Users.Models
public virtual ICollection<TrustedDevice> TrustedDevices { get; set; }
public virtual ICollection<AuthToken> AuthTokens { get; set; }
public virtual ICollection<Upload.Models.Upload> Uploads { get; set; }
public virtual ICollection<Paste.Models.Paste> Pastes { get; set; }
@ -48,6 +50,7 @@ namespace Teknik.Areas.Users.Models @@ -48,6 +50,7 @@ namespace Teknik.Areas.Users.Models
LastSeen = DateTime.Now;
Groups = new List<Group>();
TrustedDevices = new List<TrustedDevice>();
AuthTokens = new List<AuthToken>();
}
}
}

23
Teknik/Areas/User/Utility/UserHelper.cs

@ -134,6 +134,22 @@ namespace Teknik.Areas.Users.Utility @@ -134,6 +134,22 @@ namespace Teknik.Areas.Users.Utility
}
}
public static string GenerateAuthToken(Config config, User user)
{
try
{
string username = user.Username.ToLower();
byte[] hashBytes = SHA384.Hash(username, StringHelper.RandomString(24));
string hash = hashBytes.ToHex();
return hash;
}
catch (Exception ex)
{
throw new Exception("Unable to generate user auth token.", ex);
}
}
public static void AddAccount(TeknikEntities db, Config config, User user, string password)
{
try
@ -212,6 +228,13 @@ namespace Teknik.Areas.Users.Utility @@ -212,6 +228,13 @@ namespace Teknik.Areas.Users.Utility
return user;
}
public static User GetUserFromToken(TeknikEntities db, Config config, string token)
{
string hashedToken = SHA256.Hash(token);
User foundUser = db.Users.FirstOrDefault(u => u.AuthTokens.Select(a => a.HashedToken).Contains(hashedToken));
return foundUser;
}
public static bool UserExists(TeknikEntities db, string username)
{
User user = GetUser(db, username);

2
Teknik/Models/TeknikEntities.cs

@ -23,6 +23,7 @@ namespace Teknik.Models @@ -23,6 +23,7 @@ namespace Teknik.Models
public DbSet<Group> Groups { get; set; }
public DbSet<Role> Roles { get; set; }
public DbSet<TrustedDevice> TrustedDevices { get; set; }
public DbSet<AuthToken> AuthTokens { get; set; }
public DbSet<TransferType> TransferTypes { get; set; }
// User Settings
public DbSet<UserSettings> UserSettings { get; set; }
@ -113,6 +114,7 @@ namespace Teknik.Models @@ -113,6 +114,7 @@ namespace Teknik.Models
modelBuilder.Entity<Group>().ToTable("Groups");
modelBuilder.Entity<Role>().ToTable("Roles");
modelBuilder.Entity<TrustedDevice>().ToTable("TrustedDevices");
modelBuilder.Entity<AuthToken>().ToTable("AuthTokens");
modelBuilder.Entity<TransferType>().ToTable("TransferTypes");
modelBuilder.Entity<RecoveryEmailVerification>().ToTable("RecoveryEmailVerifications");
modelBuilder.Entity<ResetPasswordVerification>().ToTable("ResetPasswordVerifications");

1
Teknik/Teknik.csproj

@ -238,6 +238,7 @@ @@ -238,6 +238,7 @@
<Compile Include="Areas\User\Models\ResetPasswordVerification.cs" />
<Compile Include="Areas\User\Models\RecoveryEmailVerification.cs" />
<Compile Include="Areas\User\Models\SecuritySettings.cs" />
<Compile Include="Areas\User\Models\AuthToken.cs" />
<Compile Include="Areas\User\Models\TrustedDevice.cs" />
<Compile Include="Areas\User\ViewModels\TwoFactorViewModel.cs" />
<Compile Include="Attributes\TeknikAuthorizeAttribute.cs" />

Loading…
Cancel
Save