private IActionResult ValidateOktaUserRole()
{
string UserName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("preferred_username").Value;
PayoutUser payoutUser = _userManager.FindByEmailAsync(UserName).Result;
if (payoutUser != null)
{
try
{
string OktaUserId = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault();
string UserRole = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId, _optionOktaKeys.APIKey).Keys.FirstOrDefault();
var IsInRoleResult = _userManager.IsInRoleAsync(payoutUser, UserRole).Result;
if (!IsInRoleResult)
{
SetUserRole(new UserRoleViewModel {
Username = payoutUser.Email, Role = UserRole
});
}
}
catch
{
return(Ok("NotInGroup"));
}
}
return(BadRequest());
}
public IActionResult SetUserRole([FromBody] UserRoleViewModel objUserRoleViewModel)
{
try
{
PayoutUser payoutUser = _userManager.FindByEmailAsync(objUserRoleViewModel.Username).Result;
var roles = _userManager.GetRolesAsync(payoutUser).Result;
var result = _userManager.RemoveFromRolesAsync(payoutUser, roles.ToArray()).Result;
Dictionary <string, string> OktaUserId = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, objUserRoleViewModel.Username);
if (objUserRoleViewModel.IsOkta)
{
Dictionary <string, string> GroupsUser = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId.FirstOrDefault().Value, _optionOktaKeys.APIKey);
foreach (string GroupId in GroupsUser.Values)
{
if (!OktaRequests.RemoveUserFromGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, GroupId, OktaUserId.FirstOrDefault().Value))
{
return(StatusCode((int)HttpStatusCode.InternalServerError, "error unassigning role from user in Okta"));
}
}
}
result = _userManager.AddToRoleAsync(payoutUser, objUserRoleViewModel.Role).Result;
if (objUserRoleViewModel.IsOkta)
{
string OktaGroup = OktaRequests.GetGroupIdFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, objUserRoleViewModel.Role);
if (!OktaRequests.AddUserToGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, OktaGroup, OktaUserId.FirstOrDefault().Value))
{
return(StatusCode((int)HttpStatusCode.InternalServerError, "error while setting role to user in Okta"));
}
}
if (result.Succeeded)
{
return(Ok(result));
}
foreach (var error in result.Errors)
{
ModelState.AddModelError("error", error.Description);
}
}
catch (Exception ex)
{
_logger.LogError($"error while setting role to user: {ex}");
return(StatusCode((int)HttpStatusCode.InternalServerError, "error while setting role to user: " + ex.Message));
}
return(BadRequest());
}
public async Task <IActionResult> CreateToken()
{
try
{
string UserName = "";
string OktaUserId = "";
string UserRole = "";
if (System.Threading.Thread.CurrentPrincipal != null && ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).Claims.Count() > 0)
{
UserName = ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).FindFirst("preferred_username").Value;
UserRole = ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).Claims.Where(x => x.Type.Contains("identity/claims/role")).Select(x => x.Value).FirstOrDefault();
}
else
{
UserName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("preferred_username").Value;
}
PayoutUser user = await _userManager.FindByNameAsync(UserName);
if (((ClaimsIdentity)HttpContext.User.Identity).Claims.Count() > 0)
{
OktaUserId = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault();
UserRole = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId, _optionOktaKeys.APIKey).Keys.FirstOrDefault();
if (user == null)
{
user = new PayoutUser();
user.Email = UserName;
user.UserName = UserName;
user.FirstName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("given_name").Value;
user.LastName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("family_name").Value;
var result = CreateUserFromOkta(user, UserRole).Result;
}
}
var userClaims = await _userManager.GetClaimsAsync(user);
return(Redirect(CreateToken(user, UserRole).Result));
}
catch (Exception ex)
{
_logger.LogError($"error while creating token: {ex}");
return(StatusCode((int)HttpStatusCode.InternalServerError, "error while creating token"));
}
}
public IActionResult ChangeOktaUserGroups(string UserName, bool IsChecked = false)
{
//string IdProvider = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault();
Dictionary <string, string> OktaGroupsFromUser = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, UserName, _optionOktaKeys.APIKey);
Dictionary <string, string> OktaUser = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserName);
if (OktaUser.Count == 0)
{
PayoutUser User = _userManager.FindByEmailAsync(UserName).Result;
OktaRequests.CreateUserInOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, User);
OktaUser = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserName);
}
foreach (KeyValuePair <string, string> UserRole in OktaGroupsFromUser)
{
if (!OktaRequests.RemoveUserFromGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserRole.Value, OktaUser.First().Value))
{
return(BadRequest());
}
}
if (IsChecked)
{
string RS_Role = _userManager.GetRolesAsync(_userManager.FindByEmailAsync(UserName).Result).Result.FirstOrDefault();
string OktaGroup = OktaRequests.GetGroupIdFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, RS_Role);
if (!OktaRequests.AddUserToGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, OktaGroup, OktaUser.First().Value))
{
return(BadRequest());
}
}
return(Ok());
}