public ActionResult Change(ChangePasswordModel model)
{
var tokenCookie = Request.Cookies[Constants.COOKIE_NAME];
if (tokenCookie != null)
{
var tokenValidationService = new TokenValidationService();
if (tokenValidationService.VerifyToken(tokenCookie.Value, out var token))
{
if (ModelState.IsValid)
{
var activeDirectoryService = new ActiveDirectoryService();
if (activeDirectoryService.ChangePassword(User.Identity.Name, model.Password, model.NewPassword, out string errorReason))
{
return(RedirectToAction("Index", "Home"));
}
else
{
ModelState.AddModelError(string.Empty, errorReason);
}
}
else
{
ModelState.AddModelError(string.Empty, "Неверное имя пользователя или пароль");
}
return(View(model));
}
}
return(SignOut());
}
public ActionResult PostbackFromMfa(string accessToken)
{
var tokenValidationService = new TokenValidationService();
_logger.Debug($"Received MFA token: {accessToken}");
if (tokenValidationService.VerifyToken(accessToken, out var token))
{
_logger.Information($"User {token.Identity} authenticated");
//save token to cookie
var cookie = new HttpCookie(Constants.COOKIE_NAME)
{
Value = accessToken,
//Secure = true,
Expires = token.ValidTo
};
Response.Cookies.Add(cookie);
FormsAuthentication.SetAuthCookie(token.Identity, false);
if (token.MustChangePassword)
{
return(RedirectToAction("ChangePassword", "Home"));
}
return(RedirectToAction("Index", "Home"));
}
//invalid token, see logs
return(RedirectToAction("Login"));
}
public IActionResult Post(AccessTokenDTO auth)
{
string tmp = string.Empty;
try
{
TokenValidationService tm = new TokenValidationService(
_refreshService,
_configuration,
_tSLogger,
_tokenService,
_tokenServiceDbContext,
_encryptionService);
tmp = tm.VerifyToken(auth);
}
catch (InvalidTokenException exToken)
{
return(Unauthorized(new UnauthorizedError(exToken.Message)));
}
catch (Exception ex)
{
return(Unauthorized(new UnauthorizedError(ex.Message)));
}
return(Ok(tmp));
}
public ActionResult Change()
{
var tokenCookie = Request.Cookies[Constants.COOKIE_NAME];
if (tokenCookie != null)
{
var tokenValidationService = new TokenValidationService();
if (tokenValidationService.VerifyToken(tokenCookie.Value, out var token))
{
return(View());
}
}
return(SignOut());
}
public ActionResult PostbackFromMfa(string accessToken)
{
var tokenValidationService = new TokenValidationService();
if (tokenValidationService.VerifyToken(accessToken, out var userName, out bool mustChangePassword))
{
_logger.Information($"User {userName} authenticated");
FormsAuthentication.SetAuthCookie(userName, false);
if (mustChangePassword)
{
return(RedirectToAction("ChangePassword", "Home"));
}
return(RedirectToAction("Index", "Home"));
}
//invalid token, see logs
return(RedirectToAction("Login"));
}
public void TestAuthenticateAccessTokenFromRefreshToken()
{
ITSLogger log = new TSLogger();
AccessTokenDTO accessDTO = new AccessTokenDTO();
AuthorizationGrantRequestDTO authorizationGrantRequestDTO = new AuthorizationGrantRequestDTO
{
Client_Id = Guid.Parse("29bfd4b1-81c0-4db3-a615-4422d08f9792"),
Code = null,
Grant_Type = AuthorizationGrantType.refresh_token,
UserName = null,
Scope = null,
Password = null,
Redirect_Uri = null,
Refresh_Token = HttpUtility.UrlEncode("pgsoAvSXD3xYPV+/pSAe3khYZWOFidHPxpltwNDP4Xw="),
State = null
};
IAuthenticationService tm = new AuthenticationService(new RefreshToken(), configuration, log, new JWTToken(log, new EncryptionService(), configuration), context, new EncryptionService());
accessDTO.Authorization = accessDTO.Authorization = tm.Authenticate(authorizationGrantRequestDTO).access_token;
TokenValidationService tokenValidationService = new TokenValidationService(new RefreshToken(), configuration, log, new JWTToken(log, new EncryptionService(), configuration), context, new EncryptionService());
Assert.AreEqual(TokenConstants.ValidToken, tokenValidationService.VerifyToken(accessDTO));
}
