public async Task <IActionResult> Authenticate(string googleSignInIdToken, string returnUrl) { try { var webSignature = await GoogleJsonWebSignatureEx.ValidateAsync(googleSignInIdToken); if (!webSignature.Audience.Equals(ApiClientId)) { _log.Warning($"{nameof(ApiClientId)} doesn't match."); return(Content(string.Empty)); } if (string.IsNullOrWhiteSpace(webSignature.Email) || !webSignature.IsEmailValidated) { _log.Warning("Email is empty or not validated.", context: webSignature.Email); return(Content(string.Empty)); } if (!Regex.IsMatch(webSignature.Email, AvailableEmailsRegex)) { _log.Warning($"Email {webSignature.Email} failed regex validation", context: AvailableEmailsRegex); return(Content(string.Empty)); } var user = await _userRepository.GetUserByUserEmail(webSignature.Email); if (user == null) { _log.Warning("Coudn't find user by email", context: webSignature.Email); return(Content(string.Empty)); } if (!user.Active.HasValue || !user.Active.Value) { _log.Warning("User is not active."); return(Content(string.Empty)); } var claims = new List <Claim> { new Claim(ClaimTypes.Sid, webSignature.Email), new Claim("IsAdmin", user.Admin.ToString()), new Claim(ClaimTypes.Name, webSignature.Email.Trim()) }; var claimsIdentity = new ClaimsIdentity(claims, "password"); var claimsPrinciple = new ClaimsPrincipal(claimsIdentity); await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrinciple); await _userHistoryRepository.SaveUserLoginHistoryAsync(user, UserInfo.Ip); return(Content(Url.IsLocalUrl(returnUrl) ? returnUrl : "~/")); } catch (Exception ex) { _log.Error(ex, context: new { googleSignInIdToken, returnUrl }); return(Content(ex.ToString())); } }
public async Task <ActionResult> Authenticate(AuthenticateModel data) { try { var webSignature = await GoogleJsonWebSignatureEx.ValidateAsync(data.GoogleSignInIdToken); ActionResult checkError = CheckWebSignature(webSignature); if (checkError != null) { return(checkError); } var authenticationResult = await _backofficeMembershipClient.AuthenticateAsync( new AuthenticationDataModel { UserId = webSignature.Email, Code = data.Code, Ip = this.GetIp(), SessionId = this.GetSession(), UseTwoFactorVerification = _twoFactorVerificationSettings.UseVerification }); if (authenticationResult.Result == AuthenticationResult.UserNotRegistered || authenticationResult.Result == AuthenticationResult.SecondFactorIsFailed) { return(this.JsonFailResult(Phrases.UserNotRegistered, "#googleSignIn")); } if (authenticationResult.Result == AuthenticationResult.UserIsDisabled) { return(this.JsonFailResult(Phrases.UserIsDisabled, "#googleSignIn")); } await SignIn(authenticationResult.User); } catch (InvalidJwtException ex) { _log.Info($"Invalid Jwt: {ex}"); return(this.JsonFailResult(Phrases.InvalidJwt, "#googleSignIn")); } var divResult = Request.IsMobileBrowser() ? "#pamain" : "body"; _log.Info("Authenticate success"); return(this.JsonRequestResult(divResult, Url.Action(nameof(BackOfficeController.Layout), "BackOffice"))); }
public async Task <IActionResult> Authenticate(string googleSignInIdToken, string returnUrl) { try { var webSignature = await GoogleJsonWebSignatureEx.ValidateAsync(googleSignInIdToken); if (!webSignature.Audience.Equals(ApiClientId) || string.IsNullOrWhiteSpace(webSignature.Email) || !Regex.IsMatch(webSignature.Email, AvailableEmailsRegex) || !webSignature.IsEmailValidated) { return(Content(string.Empty)); } var user = await _userRepository.GetUserByUserEmail(webSignature.Email); if (user == null) { user = new UserEntity() { Email = webSignature.Email, Admin = false, Visible = true }; await _userRepository.SaveUser(user); } if (!user.HasCert.HasValue || !(bool)user.HasCert) { await _filesHelper.GenerateCertAsync(user, UserInfo.UserName, UserInfo.Ip); } var claims = new List <Claim> { new Claim(ClaimTypes.Sid, webSignature.Email), new Claim("Admin", user.Admin.ToString()), new Claim(ClaimTypes.Name, webSignature.Email.Trim()) }; var claimsIdentity = new ClaimsIdentity(claims, "password"); var claimsPrinciple = new ClaimsPrincipal(claimsIdentity); await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrinciple); //await _userHistoryRepository.SaveUserLoginHistoryAsync(user, UserInfo.Ip); return(Content(Url.IsLocalUrl(returnUrl) ? returnUrl : HomeUrl)); } catch (Exception ex) { return(Content(ex.ToString())); } }
public async Task <ActionResult> CheckTwoFactor(AuthenticateModel data) { if (!_twoFactorVerificationSettings.UseVerification) { return(Json(new TwoFactorInfo { UseVerification = false })); } try { var webSignature = await GoogleJsonWebSignatureEx.ValidateAsync(data.GoogleSignInIdToken); var checkError = CheckWebSignature(webSignature); if (checkError != null) { return(checkError); } string email = webSignature.Email; TwoFactorInfoModel twoFactorInfo = await _backofficeMembershipClient.CheckTwoFactorAsync( new CheckTwoFactorModel() { UserId = email, Ip = this.GetIp() }); if (twoFactorInfo.Result == CheckTwoFactorResult.UserNotRegistered) { _log.Info($"User {email} is not registered."); return(this.JsonFailResult(Phrases.UserNotRegistered, "#googleSignIn")); } if (twoFactorInfo.Result == CheckTwoFactorResult.UserIsDisabled) { _log.Info($"User {email} is disabled"); return(this.JsonFailResult(Phrases.UserIsDisabled, "#googleSignIn")); } if (twoFactorInfo.Result == CheckTwoFactorResult.SkipVerification) { return(Json(new TwoFactorInfo { UseVerification = false })); } return(Json(new TwoFactorInfo { UseVerification = true, ExistCode = twoFactorInfo.ExistCode, ImageUrl = twoFactorInfo.ImageUrl, TextKey = twoFactorInfo.TextKey })); } catch (InvalidJwtException ex) { _log.Info($"Invalid Jwt: {ex}"); return(this.JsonFailResult(Phrases.InvalidJwt, "#googleSignIn")); } }