public virtual CredentialViewModel DescribeCredential(Credential credential)
{
var kind = GetCredentialKind(credential.Type);
Authenticator auther = null;
if (kind == CredentialKind.External)
{
string providerName = credential.Type.Split('.')[1];
if (!Authenticators.TryGetValue(providerName, out auther))
{
auther = null;
}
}
return(new CredentialViewModel
{
Type = credential.Type,
TypeCaption = FormatCredentialType(credential.Type),
Identity = credential.Identity,
Value = kind == CredentialKind.Token ? credential.Value : String.Empty,
Created = credential.Created,
Expires = credential.Expires,
Kind = kind,
AuthUI = auther?.GetUI()
});
}
public virtual CredentialViewModel DescribeCredential(Credential credential)
{
var kind = GetCredentialKind(credential.Type);
Authenticator auther = null;
if (kind == CredentialKind.External)
{
string providerName = credential.Type.Split('.')[1];
Authenticators.TryGetValue(providerName, out auther);
}
var credentialViewModel = new CredentialViewModel
{
Key = credential.Key,
Type = credential.Type,
TypeCaption = FormatCredentialType(credential.Type),
Identity = credential.Identity,
Created = credential.Created,
Expires = credential.Expires,
Kind = kind,
AuthUI = auther?.GetUI(),
// Set the description as the value for legacy API keys
Description = credential.Description,
Value = kind == CredentialKind.Token && credential.Description == null ? credential.Value : null,
Scopes = credential.Scopes.Select(s => new ScopeViewModel(s.Subject, NuGetScopes.Describe(s.AllowedAction))).ToList(),
ExpirationDuration = credential.ExpirationTicks != null ? new TimeSpan?(new TimeSpan(credential.ExpirationTicks.Value)) : null
};
credentialViewModel.HasExpired = credential.HasExpired ||
(credentialViewModel.IsNonScopedV1ApiKey &&
!credential.HasBeenUsedInLastDays(_config.ExpirationInDaysForApiKeyV1));
return(credentialViewModel);
}
private string FormatExternalCredentialType(string externalType)
{
Authenticator authenticator;
if (!Authenticators.TryGetValue(externalType, out authenticator))
{
return(externalType);
}
var ui = authenticator.GetUI();
return(ui == null ? authenticator.Name : ui.AccountNoun);
}
public virtual async Task <AuthenticateExternalLoginResult> ReadExternalLoginCredential(IOwinContext context)
{
var result = await context.Authentication.AuthenticateAsync(AuthenticationTypes.External);
if (result == null)
{
_trace.Information("No external login found.");
return(new AuthenticateExternalLoginResult());
}
var idClaim = result.Identity.FindFirst(ClaimTypes.NameIdentifier);
if (idClaim == null)
{
_trace.Error("External Authentication is missing required claim: " + ClaimTypes.NameIdentifier);
return(new AuthenticateExternalLoginResult());
}
var nameClaim = result.Identity.FindFirst(ClaimTypes.Name);
if (nameClaim == null)
{
_trace.Error("External Authentication is missing required claim: " + ClaimTypes.Name);
return(new AuthenticateExternalLoginResult());
}
var emailClaim = result.Identity.FindFirst(ClaimTypes.Email);
string emailSuffix = emailClaim == null ? String.Empty : (" <" + emailClaim.Value + ">");
var tenantIdClaim = result.Identity.FindFirst(tenantIdClaimType);
Authenticator auther;
string authenticationType = idClaim.Issuer;
if (!Authenticators.TryGetValue(idClaim.Issuer, out auther))
{
foreach (var authenticator in Authenticators.Values)
{
if (authenticator.TryMapIssuerToAuthenticationType(idClaim.Issuer, out authenticationType))
{
auther = authenticator;
break;
}
}
}
return(new AuthenticateExternalLoginResult()
{
Authentication = null,
ExternalIdentity = result.Identity,
Authenticator = auther,
Credential = _credentialBuilder.CreateExternalCredential(authenticationType, idClaim.Value, nameClaim.Value + emailSuffix, tenantIdClaim?.Value)
});
}
public virtual CredentialViewModel DescribeCredential(Credential credential)
{
var kind = GetCredentialKind(credential.Type);
Authenticator authenticator = null;
if (kind == CredentialKind.External)
{
if (string.IsNullOrEmpty(credential.TenantId))
{
string providerName = credential.Type.Split('.')[1];
Authenticators.TryGetValue(providerName, out authenticator);
}
else
{
authenticator = Authenticators
.Values
.FirstOrDefault(provider => provider.Name.Equals(AzureActiveDirectoryV2Authenticator.DefaultAuthenticationType, StringComparison.OrdinalIgnoreCase));
}
}
var credentialViewModel = new CredentialViewModel
{
Key = credential.Key,
Type = credential.Type,
TypeCaption = FormatCredentialType(credential.Type),
Identity = credential.Identity,
Created = credential.Created,
Expires = credential.Expires,
Kind = kind,
AuthUI = authenticator?.GetUI(),
// Set the description as the value for legacy API keys
Description = credential.Description,
Value = kind == CredentialKind.Token && credential.Description == null ? credential.Value : null,
Scopes = credential.Scopes.Select(s => new ScopeViewModel(
s.Owner?.Username ?? credential.User.Username,
s.Subject,
NuGetScopes.Describe(s.AllowedAction)))
.ToList(),
ExpirationDuration = credential.ExpirationTicks != null ? new TimeSpan?(new TimeSpan(credential.ExpirationTicks.Value)) : null
};
credentialViewModel.HasExpired = credential.HasExpired ||
(credentialViewModel.IsNonScopedApiKey &&
!credential.HasBeenUsedInLastDays(_config.ExpirationInDaysForApiKeyV1));
credentialViewModel.Description = credentialViewModel.IsNonScopedApiKey
? Strings.NonScopedApiKeyDescription : credentialViewModel.Description;
return(credentialViewModel);
}
public virtual CredentialViewModel DescribeCredential(Credential credential)
{
var kind = GetCredentialKind(credential.Type);
Authenticator authenticator = null;
if (kind == CredentialKind.External)
{
if (string.IsNullOrEmpty(credential.TenantId))
{
string providerName = credential.Type.Split('.')[1];
Authenticators.TryGetValue(providerName, out authenticator);
}
else
{
authenticator = Authenticators
.Values
.FirstOrDefault(provider => provider.Name.Equals(AzureActiveDirectoryV2Authenticator.DefaultAuthenticationType, StringComparison.OrdinalIgnoreCase));
}
}
var credentialViewModel = new CredentialViewModel
{
Key = credential.Key,
Type = credential.Type,
TypeCaption = FormatCredentialType(credential.Type),
Identity = credential.Identity,
Created = credential.Created,
Expires = credential.Expires,
Kind = kind,
AuthUI = authenticator?.GetUI(),
Description = credential.Description,
Scopes = credential.Scopes.Select(s => new ScopeViewModel(
s.Owner?.Username ?? credential.User.Username,
s.Subject,
NuGetScopes.Describe(s.AllowedAction)))
.ToList(),
ExpirationDuration = credential.ExpirationTicks != null ? new TimeSpan?(new TimeSpan(credential.ExpirationTicks.Value)) : null,
RevocationSource = credential.RevocationSourceKey != null?Enum.GetName(typeof(CredentialRevocationSource), credential.RevocationSourceKey) : null,
};
credentialViewModel.HasExpired = IsCredentialExpiredOrNonScopedApiKeyNotUsedInLastDays(credential);
credentialViewModel.Description = credentialViewModel.IsNonScopedApiKey
? ServicesStrings.NonScopedApiKeyDescription : credentialViewModel.Description;
return(credentialViewModel);
}
public async virtual Task <AuthenticateExternalLoginResult> ReadExternalLoginCredential(IOwinContext context)
{
var result = await context.Authentication.AuthenticateAsync(AuthenticationTypes.External);
if (result == null)
{
Trace.Information("No external login found.");
return(new AuthenticateExternalLoginResult());
}
var idClaim = result.Identity.FindFirst(ClaimTypes.NameIdentifier);
if (idClaim == null)
{
Trace.Error("External Authentication is missing required claim: " + ClaimTypes.NameIdentifier);
return(new AuthenticateExternalLoginResult());
}
var nameClaim = result.Identity.FindFirst(ClaimTypes.Name);
if (nameClaim == null)
{
Trace.Error("External Authentication is missing required claim: " + ClaimTypes.Name);
return(new AuthenticateExternalLoginResult());
}
var emailClaim = result.Identity.FindFirst(ClaimTypes.Email);
string emailSuffix = emailClaim == null ? String.Empty : (" <" + emailClaim.Value + ">");
Authenticator auther;
if (!Authenticators.TryGetValue(idClaim.Issuer, out auther))
{
auther = null;
}
return(new AuthenticateExternalLoginResult()
{
Authentication = null,
ExternalIdentity = result.Identity,
Authenticator = auther,
Credential = CredentialBuilder.CreateExternalCredential(idClaim.Issuer, idClaim.Value, nameClaim.Value + emailSuffix)
});
}
public virtual ActionResult Challenge(string providerName, string redirectUrl)
{
Authenticator provider;
if (!Authenticators.TryGetValue(providerName, out provider))
{
throw new InvalidOperationException(String.Format(
CultureInfo.CurrentCulture,
Strings.UnknownAuthenticationProvider,
providerName));
}
if (!provider.BaseConfig.Enabled)
{
throw new InvalidOperationException(String.Format(
CultureInfo.CurrentCulture,
Strings.AuthenticationProviderDisabled,
providerName));
}
return(provider.Challenge(redirectUrl));
}
