public ActionResult ValidateUser() { PswMigrationResponse pswMigrationRsp = new PswMigrationResponse(); LdapServiceModel ldapServiceModel = null; CustomUser oktaUser = null; string username = null; string password = null; username = Request["username"]; password = Request["password"]; ldapServiceModel = new LdapServiceModel(); ldapServiceModel.ldapServer = appSettings["ldap.server"]; ldapServiceModel.ldapPort = appSettings["ldap.port"]; ldapServiceModel.baseDn = appSettings["ldap.baseDn"]; //use received username and password to bind with LDAP //if password is valid, set password in Okta try { //check username in Okta and password status oktaUser = _oktaUserMgmt.GetCustomUser(username); } catch (OktaException) { //trap error, handle User is null } if (oktaUser != null) { if (string.IsNullOrEmpty(oktaUser.Profile.IsPasswordInOkta) || oktaUser.Profile.IsPasswordInOkta == "false") { //check user credentials in LDAP bool rspIsAuthenticated = _credAuthentication.IsAuthenticated(username, password, ldapServiceModel); if (rspIsAuthenticated) { //set password in Okta bool rspSetPsw = _oktaUserMgmt.SetUserPassword(oktaUser.Id, password); if (rspSetPsw) { //update attribute in user profile when set password successful oktaUser.Profile.IsPasswordInOkta = "true"; bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser); if (rspPartialUpdate) { pswMigrationRsp.status = "set password in Okta successful"; pswMigrationRsp.isPasswordInOkta = "true"; } else { pswMigrationRsp.status = "set password in Okta successful"; pswMigrationRsp.isPasswordInOkta = "unknown"; } } else { //update attribute in user profile when set password fails oktaUser.Profile.IsPasswordInOkta = "true"; bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser); if (rspPartialUpdate) { pswMigrationRsp.status = "set password in Okta failed"; pswMigrationRsp.isPasswordInOkta = "false"; } else { pswMigrationRsp.status = "set password in Okta failed"; pswMigrationRsp.isPasswordInOkta = "unknown"; } } } else { //arrive here is user creds not validated in Ldap pswMigrationRsp.status = "LDAP validation failed"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { //no work required pswMigrationRsp.status = oktaUser.Status; pswMigrationRsp.isPasswordInOkta = "true"; } //build response pswMigrationRsp.oktaId = oktaUser.Id; pswMigrationRsp.login = oktaUser.Profile.Login; } else { //arrive here if user not found in Okta //check user credentials and get profile from LDAP CustomUser rspCustomUser = _credAuthentication.IsCreated(username, password, ldapServiceModel); if (rspCustomUser != null) { rspCustomUser.Profile.Login = username + _userdomain; Okta.Core.Models.Password pswd = new Okta.Core.Models.Password(); pswd.Value = password; rspCustomUser.Credentials.Password = pswd; //create Okta user with password rspAddCustomUser = _oktaUserMgmt.AddCustomUser(rspCustomUser); if (rspAddCustomUser != null) { Uri rspUri = new Uri("https://tbd.com"); bool rspActivate = _oktaUserMgmt.ActivateUser(rspAddCustomUser, out rspUri); if (rspActivate) { rspCustomUser.Profile.IsPasswordInOkta = "true"; bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(rspAddCustomUser); if (rspPartialUpdate) { pswMigrationRsp.oktaId = rspAddCustomUser.Id; pswMigrationRsp.login = rspAddCustomUser.Profile.Login; pswMigrationRsp.status = "Created in Okta"; pswMigrationRsp.isPasswordInOkta = "true"; } else { pswMigrationRsp.oktaId = rspAddCustomUser.Id; pswMigrationRsp.login = rspAddCustomUser.Profile.Login; pswMigrationRsp.status = "Created in Okta"; pswMigrationRsp.isPasswordInOkta = "unknown"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT Created in Okta"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT Created in Okta"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT Created in Okta"; pswMigrationRsp.isPasswordInOkta = "false"; } } return(Content(content: JsonConvert.SerializeObject(pswMigrationRsp), contentType: "application/json")); }
// POST: Registration/Register public ActionResult Register(RegistrationViewModel registration) { logger.Debug("Register user " + registration.Email); //set parameters string relayState = Request["relayState"]; if (string.IsNullOrEmpty(relayState) && Request.QueryString["RelayState"] != null) { relayState = Request.QueryString["RelayState"]; } else if (string.IsNullOrEmpty(relayState) && TempData["relayState"] != null) { relayState = (string)TempData["relayState"]; } TempData["relayState"] = relayState; //string stateToken = Request["stateToken"]; //if (string.IsNullOrEmpty(stateToken) && TempData["stateToken"] != null) //{ // stateToken = TempData["stateToken"].ToString(); //} //TempData["stateToken"] = stateToken; //string oktaId = Request["oktaId"]; //if (string.IsNullOrEmpty(oktaId) && TempData["oktaId"] != null) //{ // oktaId = TempData["oktaId"].ToString(); //} //TempData["oktaId"] = oktaId; //string userName = Request["userName"]; //if (string.IsNullOrEmpty(userName) && TempData["userName"] != null) //{ // userName = TempData["userName"].ToString(); //} //TempData["userName"] = userName; CustomUser newCustomUser = null; CustomUser addedCustomUser = null; //User addedOktaUser = new Okta.Core.Models.User(); //CustomUser addedCustomUser = new CustomUser(addedOktaUser); if (!ModelState.IsValid) { logger.Debug("registration data was not received correctly"); TempData["errMessage"] = "We found a few errors with your registration data. Please check the fields below for specific messages."; return(View("Index", registration)); } //check for existing account newCustomUser = VerifyIdentity(registration); if (newCustomUser != null && newCustomUser.Id != null) { // If the user exists, redirect back to registration where they can choose to reset password return(RedirectToAction("Index", "Home", new { email = registration.Email })); } else { //new user not found User newOktaUser = new Okta.Core.Models.User(); newCustomUser = new CustomUser(newOktaUser); //tranform user profile from registration to customuser newCustomUser.Profile.Login = registration.Email; newCustomUser.Profile.Email = registration.Email; newCustomUser.Profile.FirstName = registration.FirstName; newCustomUser.Profile.LastName = registration.LastName; newCustomUser.Profile.customId = registration.customId; } ////CustomUser customUserProfileExt = new CustomUser(); //CustomUser customUserProfileExt = null; //customUserProfileExt = oktaUserMgmt.GetCustomUser(registration.Email); //if (customUserProfileExt != null && customUserProfileExt.Id != null) //{ // // If the user exists, redirect to ForgotUsername/UserFound // // TODO: Update to VerifyIdentity when available (not the same flow as ForgotUsername // //return RedirectToAction("UserFound", "ForgotUsername", new { email = registration.Email }); // return RedirectToAction("UserFound", new { email = registration.Email }); //} //new user creation //create user with profile //will create user with multiple api calls //first user is created with status=STAGED with no password //branded email sent to user with custom activation link //hitting custom activation link will activate account and prompt user for password //lastly set password Random random = new Random(); string firstName = null; //generate passCode as one time activation token string activation_passCode = random.Next(99999, 1000000).ToString(); string activation_setDate = DateTime.Now.ToString(); string createFailedErrorMessage = "We could not register your account at this time. Please try again or contact the service center via the information" + " at the bottom of the page if this has happened multiple times."; newCustomUser.Profile.activation_passCode = activation_passCode; newCustomUser.Profile.activation_setDate = activation_setDate; //addedCustomUser = oktaUserMgmt.AddCustomUser(newCustomUser, activation_passCode, activation_setDate); addedCustomUser = oktaUserMgmt.AddCustomUser(newCustomUser); if (addedCustomUser != null) { //if (addedCustomUser.Status == "ACTIVE") //{ // //error, newly created user should be STAGED and must have okta Id // logger.Error("user creation success for email " + registration.Email + " status " + addedCustomUser.Status); // TempData["errMessage"] = "Created User success for " + registration.Email; // TempData["txtUserName"] = addedCustomUser.Profile.Login; // TempData["txtPassword"] = newCustomUser.Credentials.Password.Value; // return RedirectToAction("SilentLogin", "Home"); //} if (addedCustomUser.Status != "STAGED" || string.IsNullOrEmpty(addedCustomUser.Id)) { //error, newly created user should be STAGED and must have okta Id logger.Error("user creation failed for email " + registration.Email + " status " + addedCustomUser.Status); TempData["errMessage"] = createFailedErrorMessage; return(View("Index", registration)); } } else { logger.Error("user creation failed for email " + registration.Email); TempData["errMessage"] = createFailedErrorMessage; return(View("Index", registration)); } //send branded email with activation link TempData["recoveryToken"] = addedCustomUser.Profile.activation_passCode; TempData["oktaId"] = addedCustomUser.Id; if (string.IsNullOrEmpty(addedCustomUser.Profile.FirstName)) { var index = registration.Email.IndexOf("."); if (index > 0) { firstName = registration.Email.Substring(0, index); } else { var index2 = registration.Email.IndexOf("@"); if (index2 > 0) { firstName = registration.Email.Substring(0, index2); } else { firstName = registration.Email; } } } else { firstName = addedCustomUser.Profile.FirstName; } firstName = CultureInfo.CurrentCulture.TextInfo.ToTitleCase(firstName); TempData["firstName"] = firstName; TempData["linkExpiry"] = appSettings["custom.ActivationExpire_hours"]; SendEmail(addedCustomUser, TempData["relayState"] == null ? null : TempData["relayState"].ToString()); logger.Debug("Branded Email Sent " + addedCustomUser.Profile.Email + " with passCode " + activation_passCode); //with branded, display sent message return(RedirectToAction("Success")); }