Fixes to security
This commit is contained in:
parent
d7f61da1b6
commit
8bb359abbd
|
@ -1,11 +1,6 @@
|
|||
using System;
|
||||
using System.Collections;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Collections;
|
||||
using Core.Main;
|
||||
using Core.Helper;
|
||||
using Core.Main.DataObjects.PTMagicData;
|
||||
using Core.MarketAnalyzer;
|
||||
|
||||
namespace Monitor.Pages {
|
||||
public class DownloadFileModel : _Internal.BasePageModelSecure {
|
||||
|
@ -14,8 +9,12 @@ namespace Monitor.Pages {
|
|||
// Initialize Config
|
||||
base.Init();
|
||||
|
||||
// Check we have a log in
|
||||
if (base.IsLoggedIn(this.HttpContext))
|
||||
{
|
||||
InitializeDownload();
|
||||
}
|
||||
}
|
||||
|
||||
private void InitializeDownload() {
|
||||
string fileName = GetStringParameter("f", "");
|
||||
|
|
|
@ -7,13 +7,48 @@ namespace Monitor._Internal
|
|||
{
|
||||
public class BasePageModelSecure : BasePageModel
|
||||
{
|
||||
// The string to redirect to if it fails security
|
||||
protected string _redirectUrl;
|
||||
|
||||
public BasePageModelSecure(string redirect = null)
|
||||
{
|
||||
// Configure redirect URL
|
||||
_redirectUrl = !String.IsNullOrEmpty(redirect) ? redirect : "Login";
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Must be called from inheritting pages to check security
|
||||
/// </summary>
|
||||
public void Init()
|
||||
{
|
||||
// Initialise base class
|
||||
base.PreInit();
|
||||
|
||||
if (String.IsNullOrEmpty(HttpContext.Session.GetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString())) && PTMagicConfiguration.GeneralSettings.Monitor.IsPasswordProtected)
|
||||
// Security check
|
||||
if (!IsLoggedIn(this.HttpContext))
|
||||
{
|
||||
bool redirectToLogin = true;
|
||||
HttpContext.Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + _redirectUrl);
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Check to see a user if logged in interactively
|
||||
/// </summary>
|
||||
/// <returns>Boolean - User logged in or not</returns>
|
||||
protected Boolean IsLoggedIn(HttpContext context)
|
||||
{
|
||||
bool isLoggedIn = false;
|
||||
|
||||
if (PTMagicConfiguration.GeneralSettings.Monitor.IsPasswordProtected)
|
||||
{
|
||||
// Do we have a session active?
|
||||
if (!String.IsNullOrEmpty(context.Session.GetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString())))
|
||||
{
|
||||
isLoggedIn = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Do we have a auto login cookie?
|
||||
if (Request.Cookies.ContainsKey("PTMRememberMeKey"))
|
||||
{
|
||||
string rememberMeKey = Request.Cookies["PTMRememberMeKey"];
|
||||
|
@ -22,17 +57,22 @@ namespace Monitor._Internal
|
|||
string encryptedPassword = EncryptionHelper.Decrypt(Request.Cookies["PTMRememberMeKey"]);
|
||||
if (encryptedPassword.Equals(PTMagicConfiguration.SecureSettings.MonitorPassword))
|
||||
{
|
||||
HttpContext.Session.SetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString(), DateTime.UtcNow.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'"));
|
||||
redirectToLogin = false;
|
||||
context.Session.SetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString(), DateTime.UtcNow.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'"));
|
||||
isLoggedIn = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// No password required
|
||||
isLoggedIn = true;
|
||||
}
|
||||
|
||||
if (redirectToLogin)
|
||||
{
|
||||
HttpContext.Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + "Login");
|
||||
}
|
||||
}
|
||||
return isLoggedIn;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -1,49 +1,12 @@
|
|||
using System;
|
||||
using System.IO;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.Mvc.RazorPages;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Newtonsoft.Json;
|
||||
using Core.Main;
|
||||
using Core.Helper;
|
||||
using Core.Main.DataObjects.PTMagicData;
|
||||
using Core.MarketAnalyzer;
|
||||
using Core.ProfitTrailer;
|
||||
using Microsoft.Extensions.Primitives;
|
||||
|
||||
namespace Monitor._Internal
|
||||
namespace Monitor._Internal
|
||||
{
|
||||
|
||||
public class BasePageModelSecureAJAX : BasePageModel
|
||||
public class BasePageModelSecureAJAX : BasePageModelSecure
|
||||
{
|
||||
public void Init()
|
||||
{
|
||||
base.PreInit();
|
||||
|
||||
if (String.IsNullOrEmpty(HttpContext.Session.GetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString())) && PTMagicConfiguration.GeneralSettings.Monitor.IsPasswordProtected)
|
||||
{
|
||||
bool redirectToLogin = true;
|
||||
if (Request.Cookies.ContainsKey("PTMRememberMeKey"))
|
||||
{
|
||||
string rememberMeKey = Request.Cookies["PTMRememberMeKey"];
|
||||
if (!rememberMeKey.Equals(""))
|
||||
{
|
||||
string encryptedPassword = EncryptionHelper.Decrypt(Request.Cookies["PTMRememberMeKey"]);
|
||||
if (encryptedPassword.Equals(PTMagicConfiguration.SecureSettings.MonitorPassword))
|
||||
{
|
||||
HttpContext.Session.SetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString(), DateTime.UtcNow.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'"));
|
||||
redirectToLogin = false;
|
||||
}
|
||||
}
|
||||
public BasePageModelSecureAJAX() : base(@"_get/ReturnToLogin") {
|
||||
// Logic in base class
|
||||
}
|
||||
|
||||
if (redirectToLogin)
|
||||
{
|
||||
HttpContext.Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + "_get/ReturnToLogin");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue