public bool UserHasAccessToLink(ExternalReviewLink externalReviewLink) { // check if PIN code option is enabled if (!_externalReviewOptions.PinCodeSecurity.Enabled) { return(true); } // check if PIN code is required for the link if (string.IsNullOrEmpty(externalReviewLink.PinCode)) { return(true); } var user = HttpContext.Current.User; if (user != null && user.Identity != null && user.Identity.IsAuthenticated) { // check if user is in role that allow to access link without PIN code if (_externalReviewOptions.PinCodeSecurity.RolesWithoutPin != null) { foreach (var role in _externalReviewOptions.PinCodeSecurity.RolesWithoutPin) { if (user.IsInRole(role)) { return(true); } } } // check if user is allowed to view the page if (user.Identity is ClaimsIdentity identity) { var claim = identity.FindFirst("ExternalReviewTokens"); if (claim != null) { if (!string.IsNullOrEmpty(claim.Value)) { var tokens = claim.Value.Split('|'); return(tokens.Contains(externalReviewLink.Token)); } } } } return(false); }
public PageData TryGetProjectPageVersion(ExternalReviewLink externalReviewLink, PageData routedContent, NameValueCollection queryString) { var contentReference = externalReviewLink.ContentLink; var page = _contentLoader.Get <PageData>(contentReference); // If not Project associate with the link then use the ContentLink stored in DDS if (!externalReviewLink.ProjectId.HasValue) { return(page); } // If the url is not generated, meaning if (!PreviewUrlResolver.IsGeneratedForProjectPreview(queryString)) { return(page); } var projectReference = GetProjectReference(routedContent.ContentLink, externalReviewLink.ProjectId.Value, page.LanguageBranch()); if (projectReference != null) { return(_contentLoader.Get <PageData>(projectReference)); } var reviewsContentLoader = ServiceLocator.Current.GetInstance <ReviewsContentLoader>(); if (routedContent.IsPublished()) { return(routedContent); } var unpublished = reviewsContentLoader.LoadUnpublishedVersion(routedContent.ContentLink); return(_contentLoader.Get <PageData>(unpublished)); }
public void RedirectToLoginPage(ExternalReviewLink externalReviewLink) { HttpContext.Current.Response.Redirect("/" + _externalReviewOptions.PinCodeSecurity.ExternalReviewLoginUrl + "?id=" + externalReviewLink.Token); }
public bool TryToSignIn(ExternalReviewLink externalReviewLink, string requestedPinCode) { // check if PIN code provided by user match link PIN code var hash = PinCodeHashGenerator.Hash(requestedPinCode, externalReviewLink.Token); if (externalReviewLink.PinCode != hash) { return(false); } var user = HttpContext.Current.User; // user is already authenticated. We need to add him new claims with access to link if (user != null && user.Identity != null && user.Identity.IsAuthenticated && user.Identity is ClaimsIdentity) { var identity = (ClaimsIdentity)user.Identity; var claim = identity.FindFirst("ExternalReviewTokens"); if (claim != null) { var tokens = new List <string>(); if (!string.IsNullOrEmpty(claim.Value)) { tokens.AddRange(claim.Value.Split('|')); } tokens.Add(externalReviewLink.Token); identity.RemoveClaim(claim); identity.AddClaim(new Claim("ExternalReviewTokens", string.Join("|", tokens))); } else { identity.AddClaim(new Claim("ExternalReviewTokens", externalReviewLink.Token)); } var authenticationManager = System.Web.HttpContext.Current.GetOwinContext().Authentication; authenticationManager.AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(identity), new AuthenticationProperties() { IsPersistent = true }); } else { // user is not authenticated, we need to authenticate and add claims to link var userName = DateTime.Now.ToString("yyyyMMddmmhhss"); var claims = new List <Claim>(); // create required claims claims.Add(new Claim(ClaimTypes.NameIdentifier, userName)); claims.Add(new Claim(ClaimTypes.Name, userName)); // custom – my serialized AppUserState object claims.Add(new Claim("ExternalReviewTokens", externalReviewLink.Token)); var identity = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie); var authenticationManager = System.Web.HttpContext.Current.GetOwinContext().Authentication; authenticationManager.SignIn(new AuthenticationProperties() { AllowRefresh = true, IsPersistent = true, ExpiresUtc = DateTime.UtcNow.Add(_externalReviewOptions.PinCodeSecurity.AuthenticationCookieLifeTime), RedirectUri = externalReviewLink.LinkUrl }, identity); } return(true); }