private async Task <LoginUserDetails> AssociateCredential(AuthenticatedUser user)
        {
            var result = await _authService.ReadExternalLoginCredential(OwinContext);

            if (result.ExternalIdentity == null)
            {
                // User got here without an external login cookie (or an expired one)
                // Send them to the logon action
                return(null);
            }

            await _authService.AddCredential(user.User, result.Credential);

            await RemovePasswordCredential(user.User);

            // Notify the user of the change
            var emailMessage = new CredentialAddedMessage(
                _messageServiceConfiguration,
                user.User,
                _authService.DescribeCredential(result.Credential).GetCredentialTypeInfo());
            await _messageService.SendMessageAsync(emailMessage);

            return(new LoginUserDetails
            {
                AuthenticatedUser = new AuthenticatedUser(user.User, result.Credential),
                UsedMultiFactorAuthentication = result.LoginDetails?.WasMultiFactorAuthenticated ?? false
            });
        }
Example #2
0
        private async Task <AuthenticatedUser> AssociateCredential(AuthenticatedUser user)
        {
            var result = await _authService.ReadExternalLoginCredential(OwinContext);

            if (result.ExternalIdentity == null)
            {
                // User got here without an external login cookie (or an expired one)
                // Send them to the logon action
                return(null);
            }

            await _authService.AddCredential(user.User, result.Credential);

            var passwordCredential = user.User.GetPasswordCredential();

            if (passwordCredential != null)
            {
                await _authService.RemoveCredential(user.User, passwordCredential);
            }

            // Notify the user of the change
            _messageService.SendCredentialAddedNotice(user.User, _authService.DescribeCredential(result.Credential));

            return(new AuthenticatedUser(user.User, result.Credential));
        }
Example #3
0
        private async Task <Credential> GenerateApiKeyInternal(string description, ICollection <Scope> scopes, TimeSpan?expiration)
        {
            var user = GetCurrentUser();

            // Create a new API Key credential, and save to the database
            var newCredential = _credentialBuilder.CreateApiKey(expiration);

            newCredential.Description = description;
            newCredential.Scopes      = scopes;

            await _authService.AddCredential(user, newCredential);

            return(newCredential);
        }
Example #4
0
        private async Task <CredentialViewModel> GenerateApiKeyInternal(string description, ICollection <Scope> scopes, TimeSpan?expiration)
        {
            var user = GetCurrentUser();

            // Create a new API Key credential, and save to the database
            var newCredential = _credentialBuilder.CreateApiKey(expiration, out string plaintextApiKey);

            newCredential.Description = description;
            newCredential.Scopes      = scopes;

            await AuthenticationService.AddCredential(user, newCredential);

            var credentialViewModel = AuthenticationService.DescribeCredential(newCredential);

            credentialViewModel.Value = plaintextApiKey;

            return(credentialViewModel);
        }
Example #5
0
        public async virtual Task <ActionResult> CreatePackageVerificationKeyAsync(string id, string version)
        {
            // For backwards compatibility, we must preserve existing behavior where the client always pushes
            // symbols and the VerifyPackageKey callback returns the appropriate response. For this reason, we
            // always create a temp key scoped to the unverified package ID here and defer package and owner
            // validation until the VerifyPackageKey call.
            var credential = CredentialBuilder.CreatePackageVerificationApiKey(id);

            var user = GetCurrentUser();
            await AuthenticationService.AddCredential(user, credential);

            TelemetryService.TrackCreatePackageVerificationKeyEvent(id, version, user, User.Identity);

            return(Json(new
            {
                Key = credential.Value,
                Expires = credential.Expires.Value.ToString("O")
            }));
        }