private async Task MessageReceivedAsync(IDialogContext context, IAwaitable <IMessageActivity> argument)
{
var msg = await argument;
if (context.UserData.TryGetValue($"{_authProvider.Name}{AuthResultKey}", out AuthResult authResult))
{
try
{
//IMPORTANT: DO NOT REMOVE THE MAGIC NUMBER CHECK THAT WE DO HERE. THIS IS AN ABSOLUTE SECURITY REQUIREMENT
//REMOVING THIS WILL REMOVE YOUR BOT AND YOUR USERS TO SECURITY VULNERABILITIES.
//MAKE SURE YOU UNDERSTAND THE ATTACK VECTORS AND WHY THIS IS IN PLACE.
context.UserData.TryGetValue($"{_authProvider.Name}{MagicNumberValidated}", out string validated);
if (validated == "true" || !_authOptions.UseMagicNumber)
{
// Try to get token to ensure it is still good
var token = await _authProvider.GetAccessToken(_authOptions, context);
if (token != null)
{
context.Done(token);
}
else
{
// Save authenticationOptions in UserData
context.UserData.SetValue($"{_authProvider.Name}{AuthOptions}", _authOptions);
// Get ConversationReference and combine with AuthProvider type for the callback
var conversationRef = context.Activity.ToConversationReference();
var state = GetStateParam(conversationRef);
var authenticationUrl = await _authProvider.GetAuthUrlAsync(_authOptions, state);
await PromptToLogin(context, msg, authenticationUrl);
context.Wait(MessageReceivedAsync);
}
}
else if (context.UserData.TryGetValue($"{_authProvider.Name}{MagicNumberKey}", out int magicNumber))
{
if (msg.Text == null)
{
await context.PostAsync($"Please paste back the number you received in your authentication screen.");
context.Wait(MessageReceivedAsync);
}
else
{
// handle at mentions in Teams
var text = msg.Text;
if (text.Contains("</at>"))
{
text = text.Substring(text.IndexOf("</at>", StringComparison.Ordinal) + 5).Trim();
}
if (text.Length >= 6 && magicNumber.ToString() == text.Substring(0, 6))
{
context.UserData.SetValue($"{_authProvider.Name}{MagicNumberValidated}", "true");
await context.PostAsync($"Thanks {authResult.UserName}. You are now logged in. ");
context.Done(authResult);
}
else
{
context.UserData.RemoveValue($"{_authProvider.Name}{AuthResultKey}");
context.UserData.SetValue($"{_authProvider.Name}{MagicNumberValidated}", "false");
context.UserData.RemoveValue($"{_authProvider.Name}{MagicNumberKey}");
await context.PostAsync($"I'm sorry but I couldn't validate your number. Please try authenticating once again. ");
context.Wait(MessageReceivedAsync);
}
}
}
}
catch
{
context.UserData.RemoveValue($"{_authProvider.Name}{AuthResultKey}");
context.UserData.SetValue($"{_authProvider.Name}{MagicNumberValidated}", "false");
context.UserData.RemoveValue($"{_authProvider.Name}{MagicNumberKey}");
await context.PostAsync($"I'm sorry but something went wrong while authenticating.");
context.Done <AuthResult>(null);
}
}
else
{
// Try to get token
var token = await _authProvider.GetAccessToken(_authOptions, context);
if (token != null)
{
context.Done(token);
}
else
{
// Save authenticationOptions in UserData
context.UserData.SetValue($"{_authProvider.Name}{AuthOptions}", _authOptions);
// Get ConversationReference and combine with AuthProvider type for the callback
var conversationRef = context.Activity.ToConversationReference();
var state = GetStateParam(conversationRef);
var authenticationUrl = await _authProvider.GetAuthUrlAsync(_authOptions, state);
await PromptToLogin(context, msg, authenticationUrl);
context.Wait(MessageReceivedAsync);
}
}
}
