public async Task UpdateAsync_UserDoesNotExist_OkAsync()
{
using (var context = new IdentitySqliteContext())
{
var addedUser = await new UserFactory(Role.Employee, email: "*****@*****.**")
.PleaseAsync(context);
var target = new UserServiceForIdentityServer(context, new Mock <ILogger <UserServiceForIdentityServer> >().Object);
var user = await target.UserByUserNameOrNullAsync(addedUser.UserName);
Assert.NotNull(user);
Assert.Equal(addedUser.Id, user.Id);
Assert.Equal(Role.Employee, user.Role);
var newUser = new IdentityServer.Database.Models.User
{
FirstName = Faker.Name.First(),
LastName = Faker.Name.Last(),
UserName = "******"
};
await target.UpdateAsync(newUser);
user = await target.UserByUserNameOrNullAsync(addedUser.UserName);
Assert.NotNull(user);
Assert.Equal(addedUser.Id, user.Id);
Assert.Equal(Role.Employee, user.Role);
}
}
public async Task <IActionResult> LoginViaGoogleCallbackAsync()
{
var result = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
if (result?.Succeeded != true || result.Principal == null)
{
throw new InvalidOperationException("External authentication error");
}
var externalUser = new GoogleClaims(result.Principal);
externalUser.HasEmailOrFail();
// use externalProvider and externalUserId to find your user, or provision a new user
User user = await _userIdentityService.UserByEmailOrCreateAsync(externalUser);
await _signInManager.SignInAsync(user, true);
await _events.RaiseAsync(new UserLoginSuccessEvent(
username : user.UserName,
subjectId : user.Id.ToString(),
name : user.UserName));
// delete temporary cookie used during external authentication
await HttpContext.SignOutAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
var returnUrl = result.Properties.Items["returnUrl"];
if (string.IsNullOrEmpty(returnUrl))
{
returnUrl = Url.Action("Index", "Home");
}
return(Redirect(returnUrl));
}
private async Task ValidateUserAsync(User user)
{
Role role = await _userService.RoleOfUserAsync(user.Id);
if (role == Role.SystemAdministrator)
{
throw new NoPermissionsException($"Nobody is able to log in as {Role.SystemAdministrator}");
}
}
public async Task <IActionResult> LoginAsAnotherUserAsync(LoginAsAnotherPersonViewModel model, string button)
{
if (!LoginAsAnotherUserOpportunityAvailable())
{
return(NotFound());
}
// check if we are in the context of an authorization request
AuthorizationRequest context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
// the user clicked the "cancel" button
if (button != "login")
{
return(await RedirectToLoginPageAsync(context, model.ReturnUrl));
}
if (ModelState.IsValid)
{
User user = await _userManager.FindByIdAsync(model.SelectedUserId.ToString());
if (user != null)
{
await ValidateUserAsync(user);
HttpContext.Session.SetInt32(CustomClaimTypes.LoggedInAsAnotherPerson, 1);
// It 's necessary to update security stamp, otherwise we get an exception
await _userManager.UpdateSecurityStampAsync(user);
await _signInManager.SignInAsync(user, isPersistent : true);
await _events.RaiseAsync(new UserLoginSuccessEvent(
username : user.UserName,
subjectId : user.Id.ToString(),
name : user.UserName));
return(await RedirectToReturnUrlAsync(context, model.ReturnUrl));
}
await _events.RaiseAsync(new UserLoginFailureEvent(
username : model.SelectedUserId.ToString(),
error : "invalid UserId",
clientId : context?.ClientId));
ModelState.AddModelError(
nameof(LoginAsAnotherPersonViewModel.SelectedUserId),
"Invalid username or password");
}
IReadOnlyCollection <User> users = await _userService.UsersWithRoleAsync();
var vm = new LoginAsAnotherPersonViewModel(users, model.ReturnUrl, model.SelectedUserId);
return(PartialView("LoginAsAnotherPerson", vm));
}
public async Task CreateUserAsync_NoOtherUsers_RoleDependsOnOtherUsers_OkAsync(
bool hasAnyOtherUser, Role roleOfCreatedUser)
{
var stub = new UserManagerStub(
IdentityResult.Success,
IdentityResult.Success,
(user, role) => { Assert.Equal(roleOfCreatedUser.ToString(), role); },
IdentityResult.Success);
var emailDomainValidatorService = new EmailDomainValidatorService("example.com");
var target = new UserIdentityServiceStub(stub, emailDomainValidatorService, hasAnyOtherUser);
IdentityServer.Database.Models.User createdUser = await target.CreateUserAsync(ClaimsUser());
Assert.Equal(UserExampleEmail, createdUser.Email);
Assert.Equal(UserExampleEmail, createdUser.UserName);
Assert.Equal(ExampleFirstName, createdUser.FirstName);
Assert.Equal(ExampleLastName, createdUser.LastName);
Assert.True(createdUser.EmailConfirmed);
}
