Beispiel #1
0
        private Task <bool> AddClaimsAsync(UserWithClaims user, ExternalLoginInfo externalLogin, string email, bool isFirst = false)
        {
            var newClaims = new List <Claim>();

            void AddClaim(Claim claim)
            {
                newClaims.Add(claim);

                user.Claims.Add(claim);
            }

            foreach (var squidexClaim in externalLogin.Principal.GetSquidexClaims())
            {
                AddClaim(squidexClaim);
            }

            if (!user.HasPictureUrl())
            {
                AddClaim(new Claim(SquidexClaimTypes.PictureUrl, GravatarHelper.CreatePictureUrl(email)));
            }

            if (!user.HasDisplayName())
            {
                AddClaim(new Claim(SquidexClaimTypes.DisplayName, email));
            }

            if (isFirst)
            {
                AddClaim(new Claim(SquidexClaimTypes.Permissions, Permissions.Admin));
            }

            return(MakeIdentityOperation(() => userManager.SyncClaimsAsync(user.Identity, newClaims)));
        }
Beispiel #2
0
 private static Client CreateClientFromUser(UserWithClaims user)
 {
     return(new Client
     {
         ClientId = user.Id,
         ClientName = $"{user.Email} Client",
         ClientClaimsPrefix = null,
         ClientSecrets = new List <Secret>
         {
             new Secret(user.ClientSecret().Sha256())
         },
         AccessTokenLifetime = (int)TimeSpan.FromDays(30).TotalSeconds,
         AllowedGrantTypes = GrantTypes.ClientCredentials,
         AllowedScopes = new List <string>
         {
             Constants.ApiScope,
             Constants.RoleScope,
             Constants.PermissionsScope
         },
         Claims = new List <Claim>
         {
             new Claim(OpenIdClaims.Subject, user.Id)
         }
     });
 }
        private async Task <ProfileVM> GetProfileVM(UserWithClaims user, ChangeProfileModel model = null, string errorMessage = null, string successMessage = null)
        {
            var taskForProviders = signInManager.GetExternalProvidersAsync();
            var taskForPassword  = userManager.HasPasswordAsync(user.Identity);
            var taskForLogins    = userManager.GetLoginsAsync(user.Identity);

            await Task.WhenAll(taskForProviders, taskForPassword, taskForLogins);

            var result = new ProfileVM
            {
                Id                = user.Id,
                Email             = user.Email,
                ErrorMessage      = errorMessage,
                ExternalLogins    = taskForLogins.Result,
                ExternalProviders = taskForProviders.Result,
                DisplayName       = user.DisplayName(),
                IsHidden          = user.IsHidden(),
                HasPassword       = taskForPassword.Result,
                HasPasswordAuth   = identityOptions.Value.AllowPasswordAuth,
                SuccessMessage    = successMessage
            };

            if (model != null)
            {
                SimpleMapper.Map(model, result);
            }

            return(result);
        }
Beispiel #4
0
        private Task <bool> LockAsync(UserWithClaims user, bool isFirst)
        {
            if (isFirst || !identityOptions.LockAutomatically)
            {
                return(Task.FromResult(true));
            }

            return(MakeIdentityOperation(() => userManager.SetLockoutEndDateAsync(user.Identity, DateTimeOffset.UtcNow.AddYears(100))));
        }
Beispiel #5
0
        private async Task <bool> AddClaimsAsync(UserWithClaims user, ExternalLoginInfo externalLogin, string email, bool isFirst = false)
        {
            var update = new UserValues
            {
                CustomClaims = externalLogin.Principal.GetSquidexClaims().ToList()
            };

            if (!user.HasPictureUrl())
            {
                update.PictureUrl = GravatarHelper.CreatePictureUrl(email);
            }

            if (!user.HasDisplayName())
            {
                update.DisplayName = email;
            }

            if (isFirst)
            {
                update.Permissions = new PermissionSet(Permissions.Admin);
            }

            return(await MakeIdentityOperation(() => userManager.SyncClaims(user.Identity, update)));
        }
Beispiel #6
0
 private Task <bool> AddUserAsync(UserWithClaims user)
 {
     return(MakeIdentityOperation(() => userManager.CreateAsync(user.Identity)));
 }
Beispiel #7
0
 private Task <bool> AddLoginAsync(UserWithClaims user, UserLoginInfo externalLogin)
 {
     return(MakeIdentityOperation(() => userManager.AddLoginAsync(user.Identity, externalLogin)));
 }
Beispiel #8
0
        public async Task <IActionResult> ExternalCallback(string?returnUrl = null)
        {
            var externalLogin = await signInManager.GetExternalLoginInfoWithDisplayNameAsync();

            if (externalLogin == null)
            {
                return(RedirectToAction(nameof(Login)));
            }

            var result = await signInManager.ExternalLoginSignInAsync(externalLogin.LoginProvider, externalLogin.ProviderKey, true);

            if (!result.Succeeded && result.IsLockedOut)
            {
                return(View(nameof(LockedOut)));
            }

            var isLoggedIn = result.Succeeded;

            UserWithClaims?user;

            if (isLoggedIn)
            {
                user = await userManager.FindByLoginWithClaimsAsync(externalLogin.LoginProvider, externalLogin.ProviderKey);
            }
            else
            {
                var email = externalLogin.Principal.FindFirst(ClaimTypes.Email).Value;

                user = await userManager.FindByEmailWithClaimsAsync(email);

                if (user != null)
                {
                    isLoggedIn =
                        await AddLoginAsync(user, externalLogin) &&
                        await AddClaimsAsync(user, externalLogin, email) &&
                        await LoginAsync(externalLogin);
                }
                else
                {
                    user = new UserWithClaims(userFactory.Create(email), new List <Claim>());

                    var isFirst = userManager.Users.LongCount() == 0;

                    isLoggedIn =
                        await AddUserAsync(user) &&
                        await AddLoginAsync(user, externalLogin) &&
                        await AddClaimsAsync(user, externalLogin, email, isFirst) &&
                        await LockAsync(user, isFirst) &&
                        await LoginAsync(externalLogin);

                    userEvents.OnUserRegistered(user);

                    if (await userManager.IsLockedOutAsync(user.Identity))
                    {
                        return(View(nameof(LockedOut)));
                    }
                }
            }

            if (!isLoggedIn)
            {
                return(RedirectToAction(nameof(Login)));
            }
            else if (user != null && !user.HasConsent() && !identityOptions.NoConsent)
            {
                return(RedirectToAction(nameof(Consent), new { returnUrl }));
            }
            else
            {
                return(RedirectToReturnUrl(returnUrl));
            }
        }
        private async Task <IdentityResult> UpdatePictureAsync(List <IFormFile> file, UserWithClaims user)
        {
            if (file.Count != 1)
            {
                return(IdentityResult.Failed(new IdentityError {
                    Description = "Please upload a single file."
                }));
            }

            var thumbnailStream = new MemoryStream();

            try
            {
                await assetThumbnailGenerator.CreateThumbnailAsync(file[0].OpenReadStream(), thumbnailStream, 128, 128, "Crop");

                thumbnailStream.Position = 0;
            }
            catch
            {
                return(IdentityResult.Failed(new IdentityError {
                    Description = "Picture is not a valid image."
                }));
            }

            await userPictureStore.UploadAsync(user.Id, thumbnailStream);

            return(await userManager.UpdateSafeAsync(user.Identity, new UserValues { PictureUrl = SquidexClaimTypes.PictureUrlStore }));
        }
        private async Task <IdentityResult> AddLoginAsync(UserWithClaims user)
        {
            var externalLogin = await signInManager.GetExternalLoginInfoWithDisplayNameAsync(userManager.GetUserId(User));

            return(await userManager.AddLoginAsync(user.Identity, externalLogin));
        }