Ejemplo n.º 1
 public ToDoService(
     IToDoCommands toDoCommands,
     IToDoQueries toDoQueries,
     IUserContextResolver userContextResolver,
     ILogger <ToDoService> logger
     _toDoCommands        = toDoCommands;
     _toDoQueries         = toDoQueries;
     _userContextResolver = userContextResolver;
     _log = logger;
Ejemplo n.º 2
 public AuthorNameResolver(IUserContextResolver userContextResolver)
     userResolver = userContextResolver;
        public async Task Invoke(
            HttpContext context,
            SiteContext currentSite,
            IOptions <MultiTenantOptions> multiTenantOptionsAccessor,
            IUserContextResolver userResolver,
            IAccountService accountService
            var multiTenantOptions = multiTenantOptionsAccessor.Value;
            var folderSegment      = "";

            if (multiTenantOptions.Mode == MultiTenantMode.FolderName)
                if (!string.IsNullOrWhiteSpace(currentSite.SiteFolderName))
                    folderSegment = "/" + currentSite.SiteFolderName;
            var userContext = await userResolver.GetCurrentUser();

            // enforce SiteRules

            if (userContext != null)
                // handle roles changes - basically sets RolesChanged flag to false then sign out and in again to get new roles in cookie
                if (userContext.RolesChanged)
                    await accountService.HandleUserRolesChanged(context.User);

                // handle user still authenticated after lockout or delete
                if (userContext.IsLockedOut || userContext.IsDeleted)
                    await accountService.SignOutAsync();

                //handle must change password
                if (userContext.MustChangePwd)
                    var changePasswordUrl = folderSegment + "/manage/changepassword";

                    if (!context.Request.Path.StartsWithSegments(changePasswordUrl))
                        var logMessage = $"user {userContext.Email} has must change password so redirecting to change password page from requested path {context.Request.Path}";
                //userContext is null, make sure user is not signed in, ie if account was deleted but user was currently logged in we need to catch that
                if (context.User.Identity.IsAuthenticated)
                    await accountService.SignOutAsync();

            // handle site closed
            if (currentSite.SiteIsClosed &&
                !context.User.IsInRole("Administrators") &&
                !context.User.IsInRole("Content Administrators")
                var closedUrl = folderSegment + "/closed";
                // not redirecting for account urls because admin needs to be able to login to unclose the site
                if (
                    (!context.Request.Path.StartsWithSegments(closedUrl)) &&
                    (!context.Request.Path.StartsWithSegments(folderSegment + "/account"))
                    var logMessage = $"site closed so redirecting to closed for requested path {context.Request.Path}";

            // handle must agree to terms
            if (userContext != null &&
                (!string.IsNullOrWhiteSpace(currentSite.RegistrationAgreement)) &&
                (userContext.AgreementAcceptedUtc == null || userContext.AgreementAcceptedUtc < currentSite.TermsUpdatedUtc) &&
                !context.User.IsInRole("Administrators") &&
                !context.User.IsInRole("Content Administrators")
                var agreementUrl = folderSegment + "/account/termsofuse";

                if (
                    (!context.Request.Path.StartsWithSegments(agreementUrl)) &&
                    (!context.Request.Path.StartsWithSegments("/oops/error")) &&
                    (!context.Request.Path.StartsWithSegments("/account/logoff")) &&
                    (!context.Request.Path.Value.EndsWith("css.map"))    //css.map
                    var logMessage = $"user {userContext.Email} has not accepted terms of use so redirecting to terms of use acceptance page from requested path {context.Request.Path}";

            await _next(context);
Ejemplo n.º 4
        public async Task Invoke(
            HttpContext context,
            SiteContext currentSite,
            IOptions <MultiTenantOptions> multiTenantOptionsAccessor,
            IUserContextResolver userResolver,
            IAccountService accountService
            var multiTenantOptions = multiTenantOptionsAccessor.Value;
            var folderSegment      = "";

            if (multiTenantOptions.Mode == MultiTenantMode.FolderName)
                if (!string.IsNullOrWhiteSpace(currentSite.SiteFolderName))
                    folderSegment = "/" + currentSite.SiteFolderName;

            var userContext = await userResolver.GetCurrentUser();

            //userContext is null, make sure user is not signed in, ie if account was deleted but user was currently logged in we need to catch that
            if (userContext == null && context.User.Identity.IsAuthenticated)
                await accountService.SignOutAsync();

            // handle roles changes - basically sets RolesChanged flag to false then sign out and in again to get new roles in cookie
            if (userContext != null && userContext.RolesChanged)
                await accountService.HandleUserRolesChanged(context.User);

            // handle user still authenticated after lockout
            if (userContext != null && userContext.IsLockedOut)
                await accountService.SignOutAsync();

            if (userContext != null && currentSite.SingleBrowserSessions && !string.IsNullOrWhiteSpace(userContext.BrowserKey))
                var browserKeyClaim = context.User.Claims.Where(x => x.Type == "browser-key").FirstOrDefault();
                if (browserKeyClaim == null || browserKeyClaim.Value != userContext.BrowserKey)
                    var logMessage = $"user {userContext.Email} BrowserKey doesn't match claim so signing user out";
                    await accountService.SignOutAsync();

            // handle site closed
            if (currentSite.SiteIsClosed &&
                !context.User.IsInRole("Administrators") &&
                !context.User.IsInRole("Content Administrators")
                var closedUrl = folderSegment + "/closed";
                // not redirecting for account urls because admin needs to be able to login to unclose the site
                if (
                    (!context.Request.Path.StartsWithSegments(closedUrl)) &&
                    (!context.Request.Path.StartsWithSegments(folderSegment + "/account"))
                    var logMessage = $"site closed so redirecting to closed for requested path {context.Request.Path}";

            else if (userContext != null && string.IsNullOrWhiteSpace(userContext.Email))
                var setEmailUrl = folderSegment + "/manage/emailrequired";

                if (!context.Request.Path.StartsWithSegments(setEmailUrl))
                    var logMessage = $"user {userContext.UserName} has must provide an email adddress so redirecting to email required page from requested path {context.Request.Path}";

            //handle must change password
            else if (userContext != null && userContext.MustChangePwd)
                var changePasswordUrl = folderSegment + "/manage/changepassword";

                if (!context.Request.Path.StartsWithSegments(changePasswordUrl))
                    var logMessage = $"user {userContext.Email} has must change password so redirecting to change password page from requested path {context.Request.Path}";

            else if (userContext != null && currentSite.Require2FA && !userContext.TwoFactorEnabled && !context.User.IsInRole("Administrators"))
                var twoFactorUrl1 = folderSegment + "/manage/twofactorauthentication";
                var twoFactorUrl2 = folderSegment + "/manage/enableauthenticator";

                if (!context.Request.Path.StartsWithSegments(twoFactorUrl1) && !context.Request.Path.StartsWithSegments(twoFactorUrl2))
                    var logMessage = $"user {userContext.Email} has must setup 2fa so redirecting to 2fa path from requested path {context.Request.Path}";

            // handle must agree to terms
            else if (userContext != null &&
                     (!string.IsNullOrWhiteSpace(currentSite.RegistrationAgreement)) &&
                     (userContext.AgreementAcceptedUtc == null || userContext.AgreementAcceptedUtc < currentSite.TermsUpdatedUtc) &&
                     !context.User.IsInRole("Administrators") &&
                     !context.User.IsInRole("Content Administrators")
                var agreementUrl = folderSegment + "/account/termsofuse";

                if (
                    (!context.Request.Path.StartsWithSegments(agreementUrl)) &&
                    (!context.Request.Path.StartsWithSegments("/oops/error")) &&
                    (!context.Request.Path.StartsWithSegments("/account/logoff")) &&
                    (!context.Request.Path.Value.EndsWith("css.map"))    //css.map
                    var logMessage = $"user {userContext.Email} has not accepted terms of use so redirecting to terms of use acceptance page from requested path {context.Request.Path}";

            await _next(context);
Ejemplo n.º 5
 public FormPrepopulator(IUserContextResolver userResolver)
     _userResolver = userResolver;