async Task <bool> ValidateToken(string token, string nonce)
{
var x509Str = await GetSigningCertAsync();
var cert = new X509Certificate2(Convert.FromBase64String(x509Str));
var parameters = new TokenValidationParameters
{
ValidAudience = _urls.ClientId,
ValidIssuers = new List <string> {
_urls.BaseIdSrvUrl, "https://parcelfor.me", "https://dev.parcelfor.me"
},
IssuerSigningToken = new X509SecurityToken(cert)
};
SecurityToken jwt;
var principal = new JwtSecurityTokenHandler().ValidateToken(token, parameters, out jwt);
// validate nonce
var nonceClaim = principal.FindFirst("nonce");
P4MHelpers.RemoveCookie(Response, "p4mNonce");
if (!string.Equals(nonceClaim.Value, nonce, StringComparison.Ordinal))
{
throw new Exception("invalid nonce");
}
return(true);
}
public ActionResult GetAccessToken()
{
// state should be validated here - get from cookie
string stateFromCookie, nonceFromCookie;
var state = Request.Params.GetValues("state").FirstOrDefault();
GetTempState(out stateFromCookie, out nonceFromCookie);
P4MHelpers.RemoveCookie(Response, "p4mState");
if (state.Equals(stateFromCookie, StringComparison.Ordinal))
{
var token = Request.Params.GetValues("access_token").FirstOrDefault();
var expiresInStr = Request.Params.GetValues("expires_in").FirstOrDefault();
int expiresIn = 0;
int.TryParse(expiresInStr, out expiresIn);
var expires = DateTime.UtcNow.AddSeconds(expiresIn);
Response.Cookies["p4mToken"].Value = token;
//Response.Cookies["p4mToken"].Expires = expires; only expire this when the browser is closed
Response.Cookies["p4mTokenExpires"].Value = expires.ToString("s") + "Z";
//Response.Cookies["p4mTokenExpires"].Expires = expires; only expire this when the browser is closed
Response.Cookies["p4mHasAccount"].Value = "Y";
Response.Cookies["p4mHasAccount"].Expires = DateTime.UtcNow.AddYears(1);
return(View("~/Views/P4M/ClosePopup.cshtml"));
}
// error occurred so try to recover
Logoff(Response);
return(View("~/Views/P4M/ClosePopupAndRefresh.cshtml"));
}
public async Task <ActionResult> SignUp()
{
// if the user is logged in the we can save their details before redirecting to the SignUp controller
var result = new LoginMessage();
try
{
var authUser = AuthenticationManager.User;
if (authUser == null || !authUser.Identity.IsAuthenticated)
{
result.RedirectUrl = _urls.BaseIdSrvUiUrl + "signup";
}
else
{
// user is logged in so we can send details to P4M
var clientToken = await P4MHelpers.GetClientTokenAsync();
// now create a consumer from the local user details
var consumer = await GetConsumerFromAppUserAsync(authUser.Identity.GetUserId());
// we can also save their most recent cart
var cart = GetMostRecentCart(authUser.Identity.GetUserName());
// ready to send
_httpClient.SetBearerToken(clientToken.AccessToken);
_httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var registerMessage = new ConsumerAndCartMessage {
Consumer = consumer, Cart = cart
};
var content = new ObjectContent <ConsumerAndCartMessage>(registerMessage, new JsonMediaTypeFormatter());
var apiResult = await _httpClient.PostAsync(_urls.BaseApiAddress + "registerConsumer", content);
// check the result
apiResult.EnsureSuccessStatusCode();
var messageString = await apiResult.Content.ReadAsStringAsync();
var registerResult = JsonConvert.DeserializeObject <ConsumerIdMessage>(messageString);
result.RedirectUrl = registerResult.RedirectUrl;
}
}
catch (Exception e)
{
result.Error = e.Message;
return(View("Error"));
}
return(Redirect(result.RedirectUrl));
}
//private string ParsedJwt(string token)
//{
// if (!token.Contains("."))
// {
// return token;
// }
// var parts = token.Split('.');
// var part = Encoding.UTF8.GetString(Base64Url.Decode(parts[1]));
// var jwt = JObject.Parse(part);
// return jwt.ToString();
//}
public static void Logoff(HttpResponseBase response)
{
// clear the local P4M cookies
P4MHelpers.RemoveCookie(response, "p4mToken");
P4MHelpers.RemoveCookie(response, "p4mTokenExpires");
P4MHelpers.RemoveCookie(response, "p4mAvatarUrl");
P4MHelpers.RemoveCookie(response, "p4mGivenName");
P4MHelpers.RemoveCookie(response, "p4mLocalLogin");
P4MHelpers.RemoveCookie(response, "p4mState");
P4MHelpers.RemoveCookie(response, "p4mNonce");
P4MHelpers.RemoveCookie(response, "p4mOfferCartRestore");
P4MHelpers.RemoveCookie(response, "p4mLocale");
P4MHelpers.RemoveCookie(response, "p4mConsumer");
P4MHelpers.RemoveCookie(response, "p4mPrefAddress");
P4MHelpers.RemoveCookie(response, "p4mCart");
P4MHelpers.RemoveCookie(response, "p4mCartAddress");
P4MHelpers.RemoveCookie(response, "gfsCheckoutToken");
}
async Task <bool> GetGuestTokenAsync()
{
// consumer is unknown so if we're in exclusive mode we need a guest token to access the P4M API
var clientToken = await P4MHelpers.GetClientTokenAsync();
_httpClient.SetBearerToken(clientToken.AccessToken);
_httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var locale = Request.Cookies["p4mLocale"].Value;
var result = await _httpClient.GetAsync($"{_p4mConsts.BaseApiAddress}guestAccessToken/{locale}");
var messageString = await result.Content.ReadAsStringAsync();
var message = JsonConvert.DeserializeObject <TokenMessage>(messageString);
if (message.Success)
{
Response.Cookies["p4mToken"].Value = message.Token;
//Response.Cookies["p4mTokenType"].Value = "Guest";
}
return(message.Success);
}
public async Task <ActionResult> CheckEmail(string email, string name)
{
// this is triggered in guest mode when a consumer enters their email address
// this endpoint should be loaded in a popup window
// first we check with P4M for their status:
// - if known and confirmed, unknown, we close the popup immediately and continue as guest
// - if known but not confirmed we redirect them to the sign up server to ask them to confirm their email
try
{
var clientToken = await P4MHelpers.GetClientTokenAsync();
// ready to check
_httpClient.SetBearerToken(clientToken.AccessToken);
_httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var apiResult = await _httpClient.GetAsync($"{_urls.BaseIdSrvUrl}/consumerStatus/{email}");
// check the result
apiResult.EnsureSuccessStatusCode();
var messageString = await apiResult.Content.ReadAsStringAsync();
var statusResult = JsonConvert.DeserializeObject <ConsumerStatusMessage>(messageString);
if (!statusResult.Success)
{
throw new Exception(statusResult.Error);
}
if (statusResult.IsGuest)
{
var host = Uri.EscapeDataString("http://localhost:3000/");
return(Redirect($"{_urls.BaseIdSrvUiUrl}confirmGuest?id={statusResult.UserId}&email={email}&name={name}&host={host}"));
}
else
{
return(View("~/Views/P4M/ClosePopup.cshtml"));
}
}
catch (Exception e)
{
return(View("Error"));
}
}
