Added Auth Token to Users and API calls

2023-08-02 14:16:22 +02:00 · 2017-01-18 22:51:58 -08:00 · 2017-01-18 22:51:58 -08:00 · b3b0277582
commit b3b0277582
parent 7214185167
7 changed files with 94 additions and 0 deletions
--- a/Teknik/Areas/API/Controllers/APIv1Controller.cs
+++ b/Teknik/Areas/API/Controllers/APIv1Controller.cs
@ -15,6 +15,8 @@ using Teknik.Areas.Shortener.Models;
 using nClam;
 using Teknik.Filters;
 using Teknik.Areas.API.Models;
+using Teknik.Areas.Users.Models;
+using Teknik.Areas.Users.Utility;

 namespace Teknik.Areas.API.Controllers
 {
@ -117,6 +119,18 @@ namespace Teknik.Areas.API.Controllers

                        if (upload != null)
                        {
+                            // Associate this with the user if they provided an auth key
+                            if (!string.IsNullOrEmpty(model.authToken))
+                            {
+                                User foundUser = UserHelper.GetUserFromToken(db, Config, model.authToken);
+                                if (foundUser != null)
+                                {
+                                    upload.UserId = foundUser.UserId;
+                                    db.Entry(upload).State = EntityState.Modified;
+                                    db.SaveChanges();
+                                }
+                            }
+
                            // Generate delete key if asked to
                            if (model.genDeletionKey)
                            {
@ -169,6 +183,16 @@ namespace Teknik.Areas.API.Controllers
                {
                    Paste.Models.Paste paste = PasteHelper.CreatePaste(model.code, model.title, model.syntax, model.expireUnit, model.expireLength, model.password, model.hide);

+                    // Associate this with the user if they provided an auth key
+                    if (!string.IsNullOrEmpty(model.authToken))
+                    {
+                        User foundUser = UserHelper.GetUserFromToken(db, Config, model.authToken);
+                        if (foundUser != null)
+                        {
+                            paste.UserId = foundUser.UserId;
+                        }
+                    }
+
                    db.Pastes.Add(paste);
                    db.SaveChanges();

@ -204,6 +228,16 @@ namespace Teknik.Areas.API.Controllers
                {
                    ShortenedUrl newUrl = Shortener.Shortener.ShortenUrl(model.url, Config.ShortenerConfig.UrlLength);

+                    // Associate this with the user if they provided an auth key
+                    if (!string.IsNullOrEmpty(model.authToken))
+                    {
+                        User foundUser = UserHelper.GetUserFromToken(db, Config, model.authToken);
+                        if (foundUser != null)
+                        {
+                            newUrl.UserId = foundUser.UserId;
+                        }
+                    }
+
                    db.ShortenedUrls.Add(newUrl);
                    db.SaveChanges();

--- a/Teknik/Areas/API/Models/APIv1BaseModel.cs
+++ b/Teknik/Areas/API/Models/APIv1BaseModel.cs
@ -9,9 +9,15 @@ namespace Teknik.Areas.API.Models
    {
        public bool doNotTrack { get; set; }

+        public string username { get; set; }
+
+        public string authToken { get; set; }
+
        public APIv1BaseModel()
        {
            doNotTrack = false;
+            username = string.Empty;
+            authToken = string.Empty;
        }
    }
 }
--- a/Teknik/Areas/User/Models/AuthToken.cs
+++ b/Teknik/Areas/User/Models/AuthToken.cs
@ -0,0 +1,25 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations.Schema;
+using System.Linq;
+using System.Web;
+using Teknik.Attributes;
+
+namespace Teknik.Areas.Users.Models
+{
+    public class AuthToken
+    {
+        public int AuthTokenId { get; set; }
+
+        public int UserId { get; set; }
+
+        public virtual User User { get; set; }
+
+        public string Name { get; set; }
+
+        [CaseSensitive]
+        public string HashedToken { get; set; }
+
+        public DateTime LastDateUsed { get; set; }
+    }
+}
--- a/Teknik/Areas/User/Models/User.cs
+++ b/Teknik/Areas/User/Models/User.cs
@ -35,6 +35,8 @@ namespace Teknik.Areas.Users.Models

        public virtual ICollection<TrustedDevice> TrustedDevices { get; set; }

+        public virtual ICollection<AuthToken> AuthTokens { get; set; }
+
        public virtual ICollection<Upload.Models.Upload> Uploads { get; set; }

        public virtual ICollection<Paste.Models.Paste> Pastes { get; set; }
@ -48,6 +50,7 @@ namespace Teknik.Areas.Users.Models
            LastSeen = DateTime.Now;
            Groups = new List<Group>();
            TrustedDevices = new List<TrustedDevice>();
+            AuthTokens = new List<AuthToken>();
        }
    }
 }
--- a/Teknik/Areas/User/Utility/UserHelper.cs
+++ b/Teknik/Areas/User/Utility/UserHelper.cs
@ -134,6 +134,22 @@ namespace Teknik.Areas.Users.Utility
            }
        }

+        public static string GenerateAuthToken(Config config, User user)
+        {
+            try
+            {
+                string username = user.Username.ToLower();
+                byte[] hashBytes = SHA384.Hash(username, StringHelper.RandomString(24));
+                string hash = hashBytes.ToHex();
+
+                return hash;
+            }
+            catch (Exception ex)
+            {
+                throw new Exception("Unable to generate user auth token.", ex);
+            }
+        }
+
        public static void AddAccount(TeknikEntities db, Config config, User user, string password)
        {
            try
@ -212,6 +228,13 @@ namespace Teknik.Areas.Users.Utility
            return user;
        }

+        public static User GetUserFromToken(TeknikEntities db, Config config, string token)
+        {
+            string hashedToken = SHA256.Hash(token);
+            User foundUser = db.Users.FirstOrDefault(u => u.AuthTokens.Select(a => a.HashedToken).Contains(hashedToken));
+            return foundUser;
+        }
+
        public static bool UserExists(TeknikEntities db, string username)
        {
            User user = GetUser(db, username);
--- a/Teknik/Models/TeknikEntities.cs
+++ b/Teknik/Models/TeknikEntities.cs
@ -23,6 +23,7 @@ namespace Teknik.Models
        public DbSet<Group> Groups { get; set; }
        public DbSet<Role> Roles { get; set; }
        public DbSet<TrustedDevice> TrustedDevices { get; set; }
+        public DbSet<AuthToken> AuthTokens { get; set; }
        public DbSet<TransferType> TransferTypes { get; set; }
        // User Settings
        public DbSet<UserSettings> UserSettings { get; set; }
@ -113,6 +114,7 @@ namespace Teknik.Models
            modelBuilder.Entity<Group>().ToTable("Groups");
            modelBuilder.Entity<Role>().ToTable("Roles");
            modelBuilder.Entity<TrustedDevice>().ToTable("TrustedDevices");
+            modelBuilder.Entity<AuthToken>().ToTable("AuthTokens");
            modelBuilder.Entity<TransferType>().ToTable("TransferTypes");
            modelBuilder.Entity<RecoveryEmailVerification>().ToTable("RecoveryEmailVerifications");
            modelBuilder.Entity<ResetPasswordVerification>().ToTable("ResetPasswordVerifications");
--- a/Teknik/Teknik.csproj
+++ b/Teknik/Teknik.csproj
@ -238,6 +238,7 @@
    <Compile Include="Areas\User\Models\ResetPasswordVerification.cs" />
    <Compile Include="Areas\User\Models\RecoveryEmailVerification.cs" />
    <Compile Include="Areas\User\Models\SecuritySettings.cs" />
+    <Compile Include="Areas\User\Models\AuthToken.cs" />
    <Compile Include="Areas\User\Models\TrustedDevice.cs" />
    <Compile Include="Areas\User\ViewModels\TwoFactorViewModel.cs" />
    <Compile Include="Attributes\TeknikAuthorizeAttribute.cs" />