public async Task <SearchUserAccountsResponse> SearchUserAccounts([FromBody] SearchUserAccountsRequest request) { var response = new SearchUserAccountsResponse(); if (response.InitializeFromModelStateIfInvalid(ModelState)) { return(response); } if (request.UserAccountSearchCriteria.SiteAccountID.HasValue) { string email = User.FindFirst(c => c.Type == ClaimTypes.Email)?.Value; UserAccount user = await _userAccountGetByEmail.ExecuteAsync(email, true); AuthorizationResult authResult = await _authorizationService.AuthorizeAsync(User, new SiteAccountUserAccountRoleModel { SiteAccountID = request.UserAccountSearchCriteria.SiteAccountID.Value, UserAccount = user }, new SiteAccountRoleRequirement(new Role[] { Role.AdminRole, Role.OwnerRole, Role.BasicRole })); if (!authResult.Succeeded) { return new SearchUserAccountsResponse { ResponseError = new ResponseError { ErrorMessage = "Not Authed" } } } ; } response.UserAccounts = _userAccountSearch.Execute(request.UserAccountSearchCriteria) .Select(user => user.RemoveSensitiveData()); return(response); } }
public async Task <DeletePostResponse> DeletePost([FromBody] DeletePostRequest deletePostRequest) { string email = User.FindFirst(c => c.Type == ClaimTypes.Email)?.Value; UserAccount user = await _userAccountGetByEmail.ExecuteAsync(email, true); AuthorizationResult authResult = await _authorizationService.AuthorizeAsync(User, new SiteAccountUserAccountRoleModel { SiteAccountID = deletePostRequest.SiteAccountID, UserAccount = user }, new SiteAccountRoleRequirement(new Role[] { Role.AdminRole, Role.OwnerRole, Role.BasicRole })); if (authResult.Succeeded) { await AzureStorage.DeletePostImage(deletePostRequest.PostID); await _postDelete.ExecuteAsync(deletePostRequest.PostID); } return(new DeletePostResponse { PostID = deletePostRequest.PostID }); }
public async Task <ValidateUserContextResponse> ValidateUserContext([FromBody] ValidateUserContextRequest request) { var response = new ValidateUserContextResponse(); if (response.InitializeFromModelStateIfInvalid(ModelState)) { return(response); } string authedEmail = User.FindFirst(c => c.Type == ClaimTypes.Email)?.Value; if (authedEmail != request.Email) { return(BuildErrorResponse(response, ResponseError.ResponseErrorType.ModelValidation, "invalid email")); } var user = await _userAccountGetByEmail.ExecuteAsync(request.Email); if (user == null) { return(BuildErrorResponse(response, ResponseError.ResponseErrorType.ModelValidation, "invalid email")); } // Try to pull out a cached key using the provided token string hashedToken = Cryptography.Hash(request.Token, user.UserAccountSalt); string serverToken = _cache.Get <string>(hashedToken); // Even if its there we will be using a new token next time so remove this one. _cache.Remove(hashedToken); if (serverToken != user.EmailAddress)// Make sure it matches the user making the request. { return(BuildErrorResponse(response, ResponseError.ResponseErrorType.ModelValidation, "invalid token")); } response.NewToken = Guid.NewGuid().ToString(); _cache.Set <string>(Cryptography.Hash(response.NewToken, user.UserAccountSalt), user.EmailAddress, TimeSpan.FromMinutes(30)); response.UserAcount = user;//.RemoveSensitiveData(); return(response); }
public async Task <SaveSiteAccountResponse> Save([FromBody] SaveSiteAccountRequest request) { SaveSiteAccountResponse response = new SaveSiteAccountResponse(); if (response.InitializeFromModelStateIfInvalid(ModelState)) { return(response); } if (request.ShouldUpdateAllProps) { await _siteAccountUpsert.ExecuteAsync(request.SiteAccount); } else { var existingSite = _siteAccountSearch.Execute(new SiteAccountSearchCriteria { IncludedSiteAccounts = new List <Guid> { request.SiteAccount.ID } }).First(); request.SiteAccount.CopyProperties(existingSite, (propInfo, source, target) => request.PropsToUpdate.Contains(propInfo.Name)); if (request.SiteAccountUserAccounts.Any(saua => saua.RoleID != Role.GuestRoleID || saua.IsActive)) { string email = User.FindFirst(c => c.Type == ClaimTypes.Email)?.Value; UserAccount user = await _userAccountGetByEmail.ExecuteAsync(email, true); AuthorizationResult authResult = await _authorizationService.AuthorizeAsync(User, new SiteAccountUserAccountRoleModel { SiteAccountID = request.SiteAccount.ID, UserAccount = user }, new SiteAccountRoleRequirement(new Role[] { Role.AdminRole, Role.OwnerRole, Role.BasicRole })); if (!authResult.Succeeded) { return new SaveSiteAccountResponse { ResponseError = new ResponseError { ErrorMessage = "Not Authed" } } } ; } foreach (var saua in request.SiteAccountUserAccounts) { saua.SiteAccountID = existingSite.ID; var existingSiteUser = existingSite.SiteAccountUserAccounts.FirstOrDefault(user => user.UserAccountID == saua.UserAccountID); if (existingSiteUser != null) { existingSite.SiteAccountUserAccounts.Remove(existingSiteUser); } existingSite.SiteAccountUserAccounts.Add(saua); } await _siteAccountUpsert.ExecuteAsync(existingSite); } return(response); } }
public static Func <OAuthCreatingTicketContext, Task> New(AuthenticationProvider provider) { async Task CreateTask(OAuthCreatingTicketContext context) { // Create the request for user data var request = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken); // Send Request and get response var response = await context.Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, context.HttpContext.RequestAborted); JObject contentJObject = JObject.Parse(await response.Content.ReadAsStringAsync()); UserAccount userAccount = new UserAccount(); // Parse the response for the email, names, and avatar url switch (provider) { case AuthenticationProvider.Github: userAccount.AddGitHubEmailAddress(contentJObject); break; case AuthenticationProvider.Google: userAccount.AddGoogleEmail(contentJObject) .AddGoogleNames(contentJObject) .AddGoogleAvatarLink(contentJObject); break; } // If an Email wasnt parsed fail out if (string.IsNullOrEmpty(userAccount.EmailAddress)) { context.Fail("No Email Provided."); return; } // Check for existing user. Create if not exists. update. UserAccountGetByEmail userAccountGetByEmail = new UserAccountGetByEmail(new IPManDataContext(ConfigurationService.Configuration)); UserAccountUpsert userAccountUpsert = new UserAccountUpsert(new IPManDataContext(ConfigurationService.Configuration)); UserAccount preExistingUser = await userAccountGetByEmail.ExecuteAsync(userAccount.EmailAddress, true); if (preExistingUser == null) { userAccount.AddCreatedData(); } else { userAccount = preExistingUser; } userAccount.AddLoginData(provider); await userAccountUpsert.ExecuteAsync(userAccount, preExistingUser == null); context.Identity.AddClaim(new Claim("TempSalt", userAccount.UserAccountSalt)); context.Success(); } return(CreateTask); }