public virtual async Task<ActionResult> SignIn(LogOnViewModel model, string returnUrl, bool linkingAccount)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[Constants.ReturnUrlViewDataKey] = returnUrl;
if (Request.IsAuthenticated)
{
TempData["Message"] = Strings.AlreadyLoggedIn;
return SafeRedirect(returnUrl);
}
if (!ModelState.IsValid)
{
return LogOnView(model);
}
var user = await AuthService.Authenticate(model.SignIn.UserNameOrEmail, model.SignIn.Password);
if (user == null)
{
ModelState.AddModelError(
"SignIn",
Strings.UsernameAndPasswordNotFound);
return LogOnView(model);
}
if (linkingAccount)
{
// Link with an external account
user = await AssociateCredential(user);
if (user == null)
{
return ExternalLinkExpired();
}
}
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, user, returnUrl, out challenge))
{
return challenge;
}
// Create session
AuthService.CreateSession(OwinContext, user.User);
return SafeRedirect(returnUrl);
}
public virtual async Task<ActionResult> SignIn(LogOnViewModel model, string returnUrl, bool linkingAccount)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[Constants.ReturnUrlViewDataKey] = returnUrl;
if (Request.IsAuthenticated)
{
TempData["Message"] = Strings.AlreadyLoggedIn;
return SafeRedirect(returnUrl);
}
if (!ModelState.IsValid)
{
return LogOnView(model);
}
var user = await AuthService.Authenticate(model.SignIn.UserNameOrEmail, model.SignIn.Password);
if (user == null)
{
ModelState.AddModelError(
"SignIn",
Strings.UsernameAndPasswordNotFound);
return LogOnView(model);
}
if (linkingAccount)
{
// Link with an external account
user = await AssociateCredential(user);
if (user == null)
{
return ExternalLinkExpired();
}
}
// Now log in!
AuthService.CreateSession(OwinContext, user.User);
return SafeRedirect(returnUrl);
}
public async virtual Task<ActionResult> LinkExternalAccount(string returnUrl)
{
// Extract the external login info
var result = await AuthService.AuthenticateExternalLogin(OwinContext);
if (result.ExternalIdentity == null)
{
// User got here without an external login cookie (or an expired one)
// Send them to the logon action
return ExternalLinkExpired();
}
if (result.Authentication != null)
{
AuthService.CreateSession(OwinContext, result.Authentication.User);
return SafeRedirect(returnUrl);
}
else
{
// Gather data for view model
var authUI = result.Authenticator.GetUI();
var email = result.ExternalIdentity.GetClaimOrDefault(ClaimTypes.Email);
var name = result
.ExternalIdentity
.GetClaimOrDefault(ClaimTypes.Name);
// Check for a user with this email address
User existingUser = null;
if (!string.IsNullOrEmpty(email))
{
existingUser = UserService.FindByEmailAddress(email);
}
var external = new AssociateExternalAccountViewModel()
{
ProviderAccountNoun = authUI.AccountNoun,
AccountName = name,
FoundExistingUser = existingUser != null
};
var model = new LogOnViewModel
{
External = external,
SignIn = new SignInViewModel
{
UserNameOrEmail = email
},
Register = new RegisterViewModel
{
EmailAddress = email
}
};
return LogOnView(model);
}
}
public async virtual Task<ActionResult> Register(LogOnViewModel model, string returnUrl, bool linkingAccount)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[Constants.ReturnUrlViewDataKey] = returnUrl;
if (Request.IsAuthenticated)
{
TempData["Message"] = Strings.AlreadyLoggedIn;
return SafeRedirect(returnUrl);
}
if (linkingAccount)
{
ModelState.Remove("Register.Password");
}
if (!ModelState.IsValid)
{
return LogOnView(model);
}
AuthenticatedUser user;
try
{
if (linkingAccount)
{
var result = await AuthService.ReadExternalLoginCredential(OwinContext);
if (result.ExternalIdentity == null)
{
return ExternalLinkExpired();
}
user = await AuthService.Register(
model.Register.Username,
model.Register.EmailAddress,
result.Credential);
}
else
{
user = await AuthService.Register(
model.Register.Username,
model.Register.EmailAddress,
CredentialBuilder.CreatePbkdf2Password(model.Register.Password));
}
}
catch (EntityException ex)
{
ModelState.AddModelError("Register", ex.Message);
return LogOnView(model);
}
// Send a new account email
if(NuGetContext.Config.Current.ConfirmEmailAddresses && !String.IsNullOrEmpty(user.User.UnconfirmedEmailAddress))
{
MessageService.SendNewAccountEmail(
new MailAddress(user.User.UnconfirmedEmailAddress, user.User.Username),
Url.ConfirmationUrl(
"Confirm",
"Users",
user.User.Username,
user.User.EmailConfirmationToken));
}
// We're logging in!
AuthService.CreateSession(OwinContext, user.User);
return RedirectFromRegister(returnUrl);
}
public virtual async Task <ActionResult> SignIn(LogOnViewModel model, string returnUrl, bool linkingAccount)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[Constants.ReturnUrlViewDataKey] = returnUrl;
if (Request.IsAuthenticated)
{
TempData["Message"] = Strings.AlreadyLoggedIn;
return(SafeRedirect(returnUrl));
}
if (!ModelState.IsValid)
{
return(SignInOrExternalLinkView(model, linkingAccount));
}
var authenticationResult = await _authService.Authenticate(model.SignIn.UserNameOrEmail, model.SignIn.Password);
if (authenticationResult.Result != PasswordAuthenticationResult.AuthenticationResult.Success)
{
string modelErrorMessage = string.Empty;
if (authenticationResult.Result == PasswordAuthenticationResult.AuthenticationResult.BadCredentials)
{
modelErrorMessage = Strings.UsernameAndPasswordNotFound;
}
else if (authenticationResult.Result == PasswordAuthenticationResult.AuthenticationResult.AccountLocked)
{
string timeRemaining =
authenticationResult.LockTimeRemainingMinutes == 1
? Strings.AMinute
: string.Format(CultureInfo.CurrentCulture, Strings.Minutes,
authenticationResult.LockTimeRemainingMinutes);
modelErrorMessage = string.Format(CultureInfo.CurrentCulture, Strings.UserAccountLocked, timeRemaining);
}
ModelState.AddModelError("SignIn", modelErrorMessage);
return(SignInOrExternalLinkView(model, linkingAccount));
}
var user = authenticationResult.AuthenticatedUser;
if (linkingAccount)
{
// Link with an external account
user = await AssociateCredential(user);
if (user == null)
{
return(ExternalLinkExpired());
}
}
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, user, returnUrl, out challenge))
{
return(challenge);
}
// Create session
await _authService.CreateSessionAsync(OwinContext, user);
return(SafeRedirect(returnUrl));
}
private ActionResult LinkExternalView(LogOnViewModel existingModel)
{
return(AuthenticationView("LinkExternal", existingModel));
}
public virtual async Task <ActionResult> LinkExternalAccount(string returnUrl)
{
// Extract the external login info
var result = await _authService.AuthenticateExternalLogin(OwinContext);
if (result.ExternalIdentity == null)
{
// User got here without an external login cookie (or an expired one)
// Send them to the logon action
return(ExternalLinkExpired());
}
if (result.Authentication != null)
{
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, result.Authentication, returnUrl, out challenge))
{
return(challenge);
}
if (ShouldEnforceMultiFactorAuthentication(result))
{
// Invoke the authentication again enforcing multi-factor authentication for the same provider.
return(ChallengeAuthentication(
Url.LinkExternalAccount(returnUrl),
result.Authenticator.Name,
new AuthenticationPolicy()
{
Email = result.LoginDetails.EmailUsed, EnforceMultiFactorAuthentication = true
}));
}
// Remove the password login if the password logins are deprecated and enforced discontinuation.
if (NuGetContext.Config.Current.DeprecateNuGetPasswordLogins &&
_contentObjectService.LoginDiscontinuationConfiguration.IsPasswordLoginDiscontinuedForAll() &&
result.Authentication.CredentialUsed.IsExternal() &&
result.Authentication.User.HasPasswordCredential())
{
// Remove password logins when a user signs in with an external login.
TempData["Message"] = string.Format(Strings.DiscontinuedLogin_PasswordRemoved, NuGetContext.Config.Current.Brand);
await RemovePasswordCredential(result.Authentication.User);
}
// Create session
await _authService.CreateSessionAsync(OwinContext,
result.Authentication,
wasMultiFactorAuthenticated : result?.LoginDetails?.WasMultiFactorAuthenticated ?? false);
// Update the 2FA if used during login but user does not have it set on their account. Only for personal microsoft accounts.
if (result?.LoginDetails != null &&
result.LoginDetails.WasMultiFactorAuthenticated &&
!result.Authentication.User.EnableMultiFactorAuthentication &&
CredentialTypes.IsMicrosoftAccount(result.Credential.Type))
{
await _userService.ChangeMultiFactorAuthentication(result.Authentication.User, enableMultiFactor : true);
OwinContext.AddClaim(NuGetClaims.EnabledMultiFactorAuthentication);
TempData["Message"] = Strings.MultiFactorAuth_LoginUpdate;
}
return(SafeRedirect(returnUrl));
}
else
{
// Gather data for view model
string name = null;
string email = null;
var authUI = result.Authenticator.GetUI();
try
{
var userInfo = result.Authenticator.GetIdentityInformation(result.ExternalIdentity);
name = userInfo.Name;
email = userInfo.Email;
}
catch (Exception)
{
// Consume the exception for now, for backwards compatibility to previous MSA provider.
email = result.ExternalIdentity.GetClaimOrDefault(ClaimTypes.Email);
name = result.ExternalIdentity.GetClaimOrDefault(ClaimTypes.Name);
}
// Check for a user with this email address
User existingUser = null;
if (!string.IsNullOrEmpty(email))
{
existingUser = _userService.FindByEmailAddress(email);
}
var foundExistingUser = existingUser != null;
var existingUserLinkingError = AssociateExternalAccountViewModel.ExistingUserLinkingErrorType.None;
if (foundExistingUser)
{
if (existingUser is Organization)
{
existingUserLinkingError = AssociateExternalAccountViewModel.ExistingUserLinkingErrorType.AccountIsOrganization;
}
else if (existingUser.Credentials.Any(c => c.IsExternal()) && !existingUser.IsAdministrator)
{
existingUserLinkingError = AssociateExternalAccountViewModel.ExistingUserLinkingErrorType.AccountIsAlreadyLinked;
}
}
var external = new AssociateExternalAccountViewModel()
{
ProviderAccountNoun = authUI.AccountNoun,
AccountName = name,
FoundExistingUser = foundExistingUser,
ExistingUserLinkingError = existingUserLinkingError
};
var model = new LogOnViewModel
{
External = external,
SignIn = new SignInViewModel
{
UserNameOrEmail = email
},
Register = new RegisterViewModel
{
EmailAddress = email
}
};
return(LinkExternalView(model));
}
}
private ActionResult LogOnView(LogOnViewModel existingModel)
{
// Fill the providers list
existingModel.Providers = GetProviders();
// Reinitialize any nulled-out sub models
existingModel.SignIn = existingModel.SignIn ?? new SignInViewModel();
existingModel.Register = existingModel.Register ?? new RegisterViewModel();
return View("LogOn", existingModel);
}
private ActionResult SignInFailure(LogOnViewModel model, bool linkingAccount, string modelErrorMessage)
{
ModelState.AddModelError("SignIn", modelErrorMessage);
return(SignInOrExternalLinkView(model, linkingAccount));
}
public virtual async Task <ActionResult> Register(LogOnViewModel model, string returnUrl, bool linkingAccount)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[Constants.ReturnUrlViewDataKey] = returnUrl;
if (Request.IsAuthenticated)
{
TempData["Message"] = Strings.AlreadyLoggedIn;
return(SafeRedirect(returnUrl));
}
if (linkingAccount)
{
ModelState.Remove("Register.Password");
}
if (!ModelState.IsValid)
{
return(RegisterOrExternalLinkView(model, linkingAccount));
}
AuthenticatedUser user;
var usedMultiFactorAuthentication = false;
try
{
if (linkingAccount)
{
var result = await _authService.ReadExternalLoginCredential(OwinContext);
if (result.ExternalIdentity == null)
{
return(ExternalLinkExpired());
}
usedMultiFactorAuthentication = result.LoginDetails?.WasMultiFactorAuthenticated ?? false;
user = await _authService.Register(
model.Register.Username,
model.Register.EmailAddress,
result.Credential,
(result.Credential.IsExternal() && string.Equals(result.UserInfo?.Email, model.Register.EmailAddress))
);
}
else
{
user = await _authService.Register(
model.Register.Username,
model.Register.EmailAddress,
_credentialBuilder.CreatePasswordCredential(model.Register.Password));
}
}
catch (EntityException ex)
{
ModelState.AddModelError("Register", ex.Message);
return(RegisterOrExternalLinkView(model, linkingAccount));
}
// Send a new account email
if (NuGetContext.Config.Current.ConfirmEmailAddresses && !string.IsNullOrEmpty(user.User.UnconfirmedEmailAddress))
{
var message = new NewAccountMessage(
_messageServiceConfiguration,
user.User,
Url.ConfirmEmail(
user.User.Username,
user.User.EmailConfirmationToken,
relativeUrl: false));
await _messageService.SendMessageAsync(message);
}
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, user, returnUrl, out challenge))
{
return(challenge);
}
// Create session
await _authService.CreateSessionAsync(OwinContext, user, usedMultiFactorAuthentication);
return(RedirectFromRegister(returnUrl));
}
public virtual async Task <ActionResult> SignIn(LogOnViewModel model, string returnUrl, bool linkingAccount)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[Constants.ReturnUrlViewDataKey] = returnUrl;
if (Request.IsAuthenticated)
{
return(LoggedInRedirect(returnUrl));
}
if (!ModelState.IsValid)
{
return(SignInOrExternalLinkView(model, linkingAccount));
}
var authenticationResult = await _authService.Authenticate(model.SignIn.UserNameOrEmail, model.SignIn.Password);
if (authenticationResult.Result != PasswordAuthenticationResult.AuthenticationResult.Success)
{
string modelErrorMessage = string.Empty;
if (authenticationResult.Result == PasswordAuthenticationResult.AuthenticationResult.BadCredentials)
{
modelErrorMessage = Strings.UsernameAndPasswordNotFound;
}
else if (authenticationResult.Result == PasswordAuthenticationResult.AuthenticationResult.AccountLocked)
{
string timeRemaining =
authenticationResult.LockTimeRemainingMinutes == 1
? Strings.AMinute
: string.Format(CultureInfo.CurrentCulture, Strings.Minutes,
authenticationResult.LockTimeRemainingMinutes);
modelErrorMessage = string.Format(CultureInfo.CurrentCulture, Strings.UserAccountLocked, timeRemaining);
}
return(SignInFailure(model, linkingAccount, modelErrorMessage));
}
var authenticatedUser = authenticationResult.AuthenticatedUser;
bool usedMultiFactorAuthentication = false;
if (linkingAccount)
{
// Verify account has no other external accounts
if (authenticatedUser.User.Credentials.Any(c => c.IsExternal()) && !authenticatedUser.User.IsAdministrator)
{
var message = string.Format(
CultureInfo.CurrentCulture,
Strings.AccountIsLinkedToAnotherExternalAccount,
authenticatedUser.User.EmailAddress);
return(SignInFailure(model, linkingAccount, message));
}
// Link with an external account
var loginUserDetails = await AssociateCredential(authenticatedUser);
authenticatedUser = loginUserDetails?.AuthenticatedUser;
if (authenticatedUser == null)
{
return(ExternalLinkExpired());
}
usedMultiFactorAuthentication = loginUserDetails.UsedMultiFactorAuthentication;
}
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, authenticatedUser, returnUrl, out challenge))
{
return(challenge);
}
// Create session
await _authService.CreateSessionAsync(OwinContext, authenticatedUser, usedMultiFactorAuthentication);
TempData["ShowPasswordDeprecationWarning"] = true;
return(SafeRedirect(returnUrl));
}
public async virtual Task <ActionResult> LinkExternalAccount(string returnUrl)
{
// Extract the external login info
var result = await AuthService.AuthenticateExternalLogin(OwinContext);
if (result.ExternalIdentity == null)
{
// User got here without an external login cookie (or an expired one)
// Send them to the logon action
return(ExternalLinkExpired());
}
if (result.Authentication != null)
{
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, result.Authentication, returnUrl, out challenge))
{
return(challenge);
}
// Create session
await AuthService.CreateSessionAsync(OwinContext, result.Authentication);
return(SafeRedirect(returnUrl));
}
else
{
// Gather data for view model
var authUI = result.Authenticator.GetUI();
var email = result.ExternalIdentity.GetClaimOrDefault(ClaimTypes.Email);
var name = result
.ExternalIdentity
.GetClaimOrDefault(ClaimTypes.Name);
// Check for a user with this email address
User existingUser = null;
if (!string.IsNullOrEmpty(email))
{
existingUser = UserService.FindByEmailAddress(email);
}
var external = new AssociateExternalAccountViewModel()
{
ProviderAccountNoun = authUI.AccountNoun,
AccountName = name,
FoundExistingUser = existingUser != null
};
var model = new LogOnViewModel
{
External = external,
SignIn = new SignInViewModel
{
UserNameOrEmail = email
},
Register = new RegisterViewModel
{
EmailAddress = email
}
};
return(LogOnView(model));
}
}
public async virtual Task <ActionResult> Register(LogOnViewModel model, string returnUrl, bool linkingAccount)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[Constants.ReturnUrlViewDataKey] = returnUrl;
if (Request.IsAuthenticated)
{
TempData["Message"] = Strings.AlreadyLoggedIn;
return(SafeRedirect(returnUrl));
}
if (linkingAccount)
{
ModelState.Remove("Register.Password");
}
if (!ModelState.IsValid)
{
return(LogOnView(model));
}
AuthenticatedUser user;
try
{
if (linkingAccount)
{
var result = await AuthService.ReadExternalLoginCredential(OwinContext);
if (result.ExternalIdentity == null)
{
return(ExternalLinkExpired());
}
user = await AuthService.Register(
model.Register.Username,
model.Register.EmailAddress,
result.Credential);
}
else
{
user = await AuthService.Register(
model.Register.Username,
model.Register.EmailAddress,
CredentialBuilder.CreatePbkdf2Password(model.Register.Password));
}
}
catch (EntityException ex)
{
ModelState.AddModelError("Register", ex.Message);
return(LogOnView(model));
}
// Send a new account email
if (NuGetContext.Config.Current.ConfirmEmailAddresses && !String.IsNullOrEmpty(user.User.UnconfirmedEmailAddress))
{
MessageService.SendNewAccountEmail(
new MailAddress(user.User.UnconfirmedEmailAddress, user.User.Username),
Url.ConfirmationUrl(
"Confirm",
"Users",
user.User.Username,
user.User.EmailConfirmationToken));
}
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, user, returnUrl, out challenge))
{
return(challenge);
}
// Create session
await AuthService.CreateSessionAsync(OwinContext, user);
return(RedirectFromRegister(returnUrl));
}
public virtual async Task<ActionResult> Register(LogOnViewModel model, string returnUrl, bool linkingAccount)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[Constants.ReturnUrlViewDataKey] = returnUrl;
if (Request.IsAuthenticated)
{
TempData["Message"] = Strings.AlreadyLoggedIn;
return SafeRedirect(returnUrl);
}
if (linkingAccount)
{
ModelState.Remove("Register.Password");
}
if (!ModelState.IsValid)
{
return LogOnView(model);
}
AuthenticatedUser user;
try
{
if (linkingAccount)
{
var result = await _authService.ReadExternalLoginCredential(OwinContext);
if (result.ExternalIdentity == null)
{
return ExternalLinkExpired();
}
user = await _authService.Register(
model.Register.Username,
model.Register.EmailAddress,
result.Credential);
}
else
{
user = await _authService.Register(
model.Register.Username,
model.Register.EmailAddress,
_credentialBuilder.CreatePasswordCredential(model.Register.Password));
}
}
catch (EntityException ex)
{
ModelState.AddModelError("Register", ex.Message);
return LogOnView(model);
}
// Send a new account email
if (NuGetContext.Config.Current.ConfirmEmailAddresses && !string.IsNullOrEmpty(user.User.UnconfirmedEmailAddress))
{
_messageService.SendNewAccountEmail(
new MailAddress(user.User.UnconfirmedEmailAddress, user.User.Username),
Url.ConfirmationUrl(
"Confirm",
"Users",
user.User.Username,
user.User.EmailConfirmationToken));
}
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, user, returnUrl, out challenge))
{
return challenge;
}
// Create session
await _authService.CreateSessionAsync(OwinContext, user);
return RedirectFromRegister(returnUrl);
}
private ActionResult RegisterView(LogOnViewModel existingModel)
{
return(AuthenticationView("Register", existingModel));
}
public virtual async Task<ActionResult> LinkExternalAccount(string returnUrl)
{
// Extract the external login info
var result = await _authService.AuthenticateExternalLogin(OwinContext);
if (result.ExternalIdentity == null)
{
// User got here without an external login cookie (or an expired one)
// Send them to the logon action
return ExternalLinkExpired();
}
if (result.Authentication != null)
{
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, result.Authentication, returnUrl, out challenge))
{
return challenge;
}
// Create session
await _authService.CreateSessionAsync(OwinContext, result.Authentication);
return SafeRedirect(returnUrl);
}
else
{
// Gather data for view model
var authUI = result.Authenticator.GetUI();
var email = result.ExternalIdentity.GetClaimOrDefault(ClaimTypes.Email);
var name = result
.ExternalIdentity
.GetClaimOrDefault(ClaimTypes.Name);
// Check for a user with this email address
User existingUser = null;
if (!string.IsNullOrEmpty(email))
{
existingUser = _userService.FindByEmailAddress(email);
}
var external = new AssociateExternalAccountViewModel()
{
ProviderAccountNoun = authUI.AccountNoun,
AccountName = name,
FoundExistingUser = existingUser != null
};
var model = new LogOnViewModel
{
External = external,
SignIn = new SignInViewModel
{
UserNameOrEmail = email
},
Register = new RegisterViewModel
{
EmailAddress = email
}
};
return LogOnView(model);
}
}
private ActionResult SignInNuGetAccountView(LogOnViewModel existingModel)
{
return(AuthenticationView("SignInNuGetAccount", existingModel));
}
public virtual async Task<ActionResult> SignIn(LogOnViewModel model, string returnUrl, bool linkingAccount)
{
// I think it should be obvious why we don't want the current URL to be the return URL here ;)
ViewData[Constants.ReturnUrlViewDataKey] = returnUrl;
if (Request.IsAuthenticated)
{
TempData["Message"] = Strings.AlreadyLoggedIn;
return SafeRedirect(returnUrl);
}
if (!ModelState.IsValid)
{
return LogOnView(model);
}
var authenticationResult = await _authService.Authenticate(model.SignIn.UserNameOrEmail, model.SignIn.Password);
if (authenticationResult.Result != PasswordAuthenticationResult.AuthenticationResult.Success)
{
string modelErrorMessage = string.Empty;
if (authenticationResult.Result == PasswordAuthenticationResult.AuthenticationResult.BadCredentials)
{
modelErrorMessage = Strings.UsernameAndPasswordNotFound;
}
else if (authenticationResult.Result == PasswordAuthenticationResult.AuthenticationResult.AccountLocked)
{
string timeRemaining =
authenticationResult.LockTimeRemainingMinutes == 1
? Strings.AMinute
: string.Format(CultureInfo.CurrentCulture, Strings.Minutes,
authenticationResult.LockTimeRemainingMinutes);
modelErrorMessage = string.Format(CultureInfo.CurrentCulture, Strings.UserAccountLocked, timeRemaining);
}
ModelState.AddModelError("SignIn", modelErrorMessage);
return LogOnView(model);
}
var user = authenticationResult.AuthenticatedUser;
if (linkingAccount)
{
// Link with an external account
user = await AssociateCredential(user);
if (user == null)
{
return ExternalLinkExpired();
}
}
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, user, returnUrl, out challenge))
{
return challenge;
}
// Create session
await _authService.CreateSessionAsync(OwinContext, user);
return SafeRedirect(returnUrl);
}
public virtual async Task <ActionResult> LinkExternalAccount(string returnUrl)
{
// Extract the external login info
var result = await _authService.AuthenticateExternalLogin(OwinContext);
if (result.ExternalIdentity == null)
{
// User got here without an external login cookie (or an expired one)
// Send them to the logon action
return(ExternalLinkExpired());
}
if (result.Authentication != null)
{
// If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
// to require a specific authentication provider, challenge that provider if needed.
ActionResult challenge;
if (ShouldChallengeEnforcedProvider(
NuGetContext.Config.Current.EnforcedAuthProviderForAdmin, result.Authentication, returnUrl, out challenge))
{
return(challenge);
}
if (ShouldEnforceMultiFactorAuthentication(result))
{
// Invoke the authentication again enforcing multi-factor authentication for the same provider.
return(ChallengeAuthentication(
Url.LinkExternalAccount(returnUrl),
result.Authenticator.Name,
new AuthenticationPolicy()
{
Email = result.LoginDetails.EmailUsed, EnforceMultiFactorAuthentication = true
}));
}
// Create session
await _authService.CreateSessionAsync(OwinContext, result.Authentication);
return(SafeRedirect(returnUrl));
}
else
{
// Gather data for view model
string name = null;
string email = null;
var authUI = result.Authenticator.GetUI();
try
{
var userInfo = result.Authenticator.GetIdentityInformation(result.ExternalIdentity);
name = userInfo.Name;
email = userInfo.Email;
}
catch (Exception)
{
// Consume the exception for now, for backwards compatibility to previous MSA provider.
email = result.ExternalIdentity.GetClaimOrDefault(ClaimTypes.Email);
name = result.ExternalIdentity.GetClaimOrDefault(ClaimTypes.Name);
}
// Check for a user with this email address
User existingUser = null;
if (!string.IsNullOrEmpty(email))
{
existingUser = _userService.FindByEmailAddress(email);
}
var foundExistingUser = existingUser != null;
var existingUserLinkingError = AssociateExternalAccountViewModel.ExistingUserLinkingErrorType.None;
if (foundExistingUser)
{
if (existingUser is Organization)
{
existingUserLinkingError = AssociateExternalAccountViewModel.ExistingUserLinkingErrorType.AccountIsOrganization;
}
else if (existingUser.Credentials.Any(c => c.IsExternal()) && !existingUser.IsAdministrator)
{
existingUserLinkingError = AssociateExternalAccountViewModel.ExistingUserLinkingErrorType.AccountIsAlreadyLinked;
}
}
var external = new AssociateExternalAccountViewModel()
{
ProviderAccountNoun = authUI.AccountNoun,
AccountName = name,
FoundExistingUser = foundExistingUser,
ExistingUserLinkingError = existingUserLinkingError
};
var model = new LogOnViewModel
{
External = external,
SignIn = new SignInViewModel
{
UserNameOrEmail = email
},
Register = new RegisterViewModel
{
EmailAddress = email
}
};
return(LinkExternalView(model));
}
}
