public async Task <IActionResult> Authenticate(string googleSignInIdToken, string returnUrl)
{
try
{
var webSignature = await GoogleJsonWebSignatureEx.ValidateAsync(googleSignInIdToken);
if (!webSignature.Audience.Equals(ApiClientId))
{
_log.Warning($"{nameof(ApiClientId)} doesn't match.");
return(Content(string.Empty));
}
if (string.IsNullOrWhiteSpace(webSignature.Email) || !webSignature.IsEmailValidated)
{
_log.Warning("Email is empty or not validated.", context: webSignature.Email);
return(Content(string.Empty));
}
if (!Regex.IsMatch(webSignature.Email, AvailableEmailsRegex))
{
_log.Warning($"Email {webSignature.Email} failed regex validation", context: AvailableEmailsRegex);
return(Content(string.Empty));
}
var user = await _userRepository.GetUserByUserEmail(webSignature.Email);
if (user == null)
{
_log.Warning("Coudn't find user by email", context: webSignature.Email);
return(Content(string.Empty));
}
if (!user.Active.HasValue || !user.Active.Value)
{
_log.Warning("User is not active.");
return(Content(string.Empty));
}
var claims = new List <Claim>
{
new Claim(ClaimTypes.Sid, webSignature.Email),
new Claim("IsAdmin", user.Admin.ToString()),
new Claim(ClaimTypes.Name, webSignature.Email.Trim())
};
var claimsIdentity = new ClaimsIdentity(claims, "password");
var claimsPrinciple = new ClaimsPrincipal(claimsIdentity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrinciple);
await _userHistoryRepository.SaveUserLoginHistoryAsync(user, UserInfo.Ip);
return(Content(Url.IsLocalUrl(returnUrl) ? returnUrl : "~/"));
}
catch (Exception ex)
{
_log.Error(ex, context: new { googleSignInIdToken, returnUrl });
return(Content(ex.ToString()));
}
}
public async Task <ActionResult> Authenticate(AuthenticateModel data)
{
try
{
var webSignature = await GoogleJsonWebSignatureEx.ValidateAsync(data.GoogleSignInIdToken);
ActionResult checkError = CheckWebSignature(webSignature);
if (checkError != null)
{
return(checkError);
}
var authenticationResult = await _backofficeMembershipClient.AuthenticateAsync(
new AuthenticationDataModel
{
UserId = webSignature.Email,
Code = data.Code,
Ip = this.GetIp(),
SessionId = this.GetSession(),
UseTwoFactorVerification = _twoFactorVerificationSettings.UseVerification
});
if (authenticationResult.Result == AuthenticationResult.UserNotRegistered ||
authenticationResult.Result == AuthenticationResult.SecondFactorIsFailed)
{
return(this.JsonFailResult(Phrases.UserNotRegistered, "#googleSignIn"));
}
if (authenticationResult.Result == AuthenticationResult.UserIsDisabled)
{
return(this.JsonFailResult(Phrases.UserIsDisabled, "#googleSignIn"));
}
await SignIn(authenticationResult.User);
}
catch (InvalidJwtException ex)
{
_log.Info($"Invalid Jwt: {ex}");
return(this.JsonFailResult(Phrases.InvalidJwt, "#googleSignIn"));
}
var divResult = Request.IsMobileBrowser() ? "#pamain" : "body";
_log.Info("Authenticate success");
return(this.JsonRequestResult(divResult, Url.Action(nameof(BackOfficeController.Layout), "BackOffice")));
}
public async Task <IActionResult> Authenticate(string googleSignInIdToken, string returnUrl)
{
try
{
var webSignature = await GoogleJsonWebSignatureEx.ValidateAsync(googleSignInIdToken);
if (!webSignature.Audience.Equals(ApiClientId) ||
string.IsNullOrWhiteSpace(webSignature.Email) ||
!Regex.IsMatch(webSignature.Email, AvailableEmailsRegex) || !webSignature.IsEmailValidated)
{
return(Content(string.Empty));
}
var user = await _userRepository.GetUserByUserEmail(webSignature.Email);
if (user == null)
{
user = new UserEntity()
{
Email = webSignature.Email, Admin = false, Visible = true
};
await _userRepository.SaveUser(user);
}
if (!user.HasCert.HasValue || !(bool)user.HasCert)
{
await _filesHelper.GenerateCertAsync(user, UserInfo.UserName, UserInfo.Ip);
}
var claims = new List <Claim>
{
new Claim(ClaimTypes.Sid, webSignature.Email),
new Claim("Admin", user.Admin.ToString()),
new Claim(ClaimTypes.Name, webSignature.Email.Trim())
};
var claimsIdentity = new ClaimsIdentity(claims, "password");
var claimsPrinciple = new ClaimsPrincipal(claimsIdentity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrinciple);
//await _userHistoryRepository.SaveUserLoginHistoryAsync(user, UserInfo.Ip);
return(Content(Url.IsLocalUrl(returnUrl) ? returnUrl : HomeUrl));
}
catch (Exception ex)
{
return(Content(ex.ToString()));
}
}
public async Task <ActionResult> CheckTwoFactor(AuthenticateModel data)
{
if (!_twoFactorVerificationSettings.UseVerification)
{
return(Json(new TwoFactorInfo
{
UseVerification = false
}));
}
try
{
var webSignature = await GoogleJsonWebSignatureEx.ValidateAsync(data.GoogleSignInIdToken);
var checkError = CheckWebSignature(webSignature);
if (checkError != null)
{
return(checkError);
}
string email = webSignature.Email;
TwoFactorInfoModel twoFactorInfo = await _backofficeMembershipClient.CheckTwoFactorAsync(
new CheckTwoFactorModel()
{
UserId = email,
Ip = this.GetIp()
});
if (twoFactorInfo.Result == CheckTwoFactorResult.UserNotRegistered)
{
_log.Info($"User {email} is not registered.");
return(this.JsonFailResult(Phrases.UserNotRegistered, "#googleSignIn"));
}
if (twoFactorInfo.Result == CheckTwoFactorResult.UserIsDisabled)
{
_log.Info($"User {email} is disabled");
return(this.JsonFailResult(Phrases.UserIsDisabled, "#googleSignIn"));
}
if (twoFactorInfo.Result == CheckTwoFactorResult.SkipVerification)
{
return(Json(new TwoFactorInfo
{
UseVerification = false
}));
}
return(Json(new TwoFactorInfo
{
UseVerification = true,
ExistCode = twoFactorInfo.ExistCode,
ImageUrl = twoFactorInfo.ImageUrl,
TextKey = twoFactorInfo.TextKey
}));
}
catch (InvalidJwtException ex)
{
_log.Info($"Invalid Jwt: {ex}");
return(this.JsonFailResult(Phrases.InvalidJwt, "#googleSignIn"));
}
}
