public bool UserHasAccessToLink(ExternalReviewLink externalReviewLink)
{
// check if PIN code option is enabled
if (!_externalReviewOptions.PinCodeSecurity.Enabled)
{
return(true);
}
// check if PIN code is required for the link
if (string.IsNullOrEmpty(externalReviewLink.PinCode))
{
return(true);
}
var user = HttpContext.Current.User;
if (user != null && user.Identity != null && user.Identity.IsAuthenticated)
{
// check if user is in role that allow to access link without PIN code
if (_externalReviewOptions.PinCodeSecurity.RolesWithoutPin != null)
{
foreach (var role in _externalReviewOptions.PinCodeSecurity.RolesWithoutPin)
{
if (user.IsInRole(role))
{
return(true);
}
}
}
// check if user is allowed to view the page
if (user.Identity is ClaimsIdentity identity)
{
var claim = identity.FindFirst("ExternalReviewTokens");
if (claim != null)
{
if (!string.IsNullOrEmpty(claim.Value))
{
var tokens = claim.Value.Split('|');
return(tokens.Contains(externalReviewLink.Token));
}
}
}
}
return(false);
}
public PageData TryGetProjectPageVersion(ExternalReviewLink externalReviewLink, PageData routedContent, NameValueCollection queryString)
{
var contentReference = externalReviewLink.ContentLink;
var page = _contentLoader.Get <PageData>(contentReference);
// If not Project associate with the link then use the ContentLink stored in DDS
if (!externalReviewLink.ProjectId.HasValue)
{
return(page);
}
// If the url is not generated, meaning
if (!PreviewUrlResolver.IsGeneratedForProjectPreview(queryString))
{
return(page);
}
var projectReference = GetProjectReference(routedContent.ContentLink,
externalReviewLink.ProjectId.Value, page.LanguageBranch());
if (projectReference != null)
{
return(_contentLoader.Get <PageData>(projectReference));
}
var reviewsContentLoader = ServiceLocator.Current.GetInstance <ReviewsContentLoader>();
if (routedContent.IsPublished())
{
return(routedContent);
}
var unpublished = reviewsContentLoader.LoadUnpublishedVersion(routedContent.ContentLink);
return(_contentLoader.Get <PageData>(unpublished));
}
public void RedirectToLoginPage(ExternalReviewLink externalReviewLink)
{
HttpContext.Current.Response.Redirect("/" + _externalReviewOptions.PinCodeSecurity.ExternalReviewLoginUrl + "?id=" + externalReviewLink.Token);
}
public bool TryToSignIn(ExternalReviewLink externalReviewLink, string requestedPinCode)
{
// check if PIN code provided by user match link PIN code
var hash = PinCodeHashGenerator.Hash(requestedPinCode, externalReviewLink.Token);
if (externalReviewLink.PinCode != hash)
{
return(false);
}
var user = HttpContext.Current.User;
// user is already authenticated. We need to add him new claims with access to link
if (user != null && user.Identity != null && user.Identity.IsAuthenticated && user.Identity is ClaimsIdentity)
{
var identity = (ClaimsIdentity)user.Identity;
var claim = identity.FindFirst("ExternalReviewTokens");
if (claim != null)
{
var tokens = new List <string>();
if (!string.IsNullOrEmpty(claim.Value))
{
tokens.AddRange(claim.Value.Split('|'));
}
tokens.Add(externalReviewLink.Token);
identity.RemoveClaim(claim);
identity.AddClaim(new Claim("ExternalReviewTokens", string.Join("|", tokens)));
}
else
{
identity.AddClaim(new Claim("ExternalReviewTokens", externalReviewLink.Token));
}
var authenticationManager = System.Web.HttpContext.Current.GetOwinContext().Authentication;
authenticationManager.AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(identity), new AuthenticationProperties()
{
IsPersistent = true
});
}
else
{
// user is not authenticated, we need to authenticate and add claims to link
var userName = DateTime.Now.ToString("yyyyMMddmmhhss");
var claims = new List <Claim>();
// create required claims
claims.Add(new Claim(ClaimTypes.NameIdentifier, userName));
claims.Add(new Claim(ClaimTypes.Name, userName));
// custom – my serialized AppUserState object
claims.Add(new Claim("ExternalReviewTokens", externalReviewLink.Token));
var identity = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
var authenticationManager = System.Web.HttpContext.Current.GetOwinContext().Authentication;
authenticationManager.SignIn(new AuthenticationProperties()
{
AllowRefresh = true,
IsPersistent = true,
ExpiresUtc = DateTime.UtcNow.Add(_externalReviewOptions.PinCodeSecurity.AuthenticationCookieLifeTime),
RedirectUri = externalReviewLink.LinkUrl
}, identity);
}
return(true);
}
