public async Task <IActionResult> GetProfile()
{
var identity = User.Identity;
if (identity == null)
{
return(Forbid());
}
var userId = identity.Name;
var user = await RavenDatabaseProvider.GetEntity <User>(userId);
if (user == null)
{
return(Forbid());
}
var userDto = new OutputUserProfileDto
{
Id = user.Id,
FirstName = user.FirstName,
LastName = user.LastName,
Type = user.Type,
Email = user.Email,
DateCreated = user.DateCreated,
DateModified = user.DateModified
};
return(Ok(userDto));
}
// Save refresh-token
public override async Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
if (context.Response.Error == null && context.Response.RefreshToken != null)
{
if (context.Request.IsRefreshTokenGrantType())
{
var refreshTokenId = RefreshTokenProvider.GenerateId(context.Request.RefreshToken);
await RavenDatabaseProvider.DeleteEntity(refreshTokenId);
}
string remoteIpAddress = context.HttpContext.Connection.RemoteIpAddress?.ToString();
string userAgent = null;
if (context.HttpContext.Request.Headers.ContainsKey("User-Agent"))
{
userAgent = context.HttpContext.Request.Headers["User-Agent"].ToString();
}
await RefreshTokenProvider.CreateAsync(
context.Ticket.Principal.Identity.Name,
context.Response.RefreshToken,
remoteIpAddress,
userAgent,
context.Options.RefreshTokenLifetime);
}
return;
}
public async Task <IActionResult> GetInfo([FromBody] InputUsersDto dto)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var users = new List <User>();
foreach (var id in dto.Ids)
{
var user = await RavenDatabaseProvider.GetEntity <User>(id);
if (user != null)
{
users.Add(user);
}
}
var result = new OutputUsersDto
{
Users = users
};
return(Ok(result));
}
// Validate the grant_type and the client application credentials
public override async Task ValidateTokenRequest(ValidateTokenRequestContext context)
{
// Reject the token requests that don't use grant_type=password or grant_type=refresh_token.
if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only grant_type=password or grant_type=refresh_token are accepted by this server.");
return;
}
// Check if refresh-token exists in DB
if (context.Request.IsRefreshTokenGrantType())
{
var id = RefreshTokenProvider.GenerateId(context.Request.RefreshToken);
if (!await RavenDatabaseProvider.IsEntityExists(id))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Invalid client.");
return;
}
}
// Since there's only one application and since it's a public client
// (i.e a client that cannot keep its credentials private), call Skip()
// to inform the server the request should be accepted without
// enforcing client authentication.
context.Skip();
return;
}
public async Task ResetAccessFailedCountAsync(LoginDetails entity)
{
entity.DateLockoutEndsUtc = null;
entity.AccessFailedCount = 0;
await RavenDatabaseProvider.UpdateEntity(entity.Id, entity);
}
public async Task <LoginDetails> GetEntity(string uniqueId)
{
var loginProviderId = GenerateId(uniqueId);
var entity = await RavenDatabaseProvider.GetEntity <LoginDetails>(loginProviderId);
return(entity);
}
public async Task AccessFailedAsync(LoginDetails entity)
{
entity.AccessFailedCount++;
if (entity.AccessFailedCount >= AccessFailedMaxCount)
{
entity.DateLockoutEndsUtc = DateTime.UtcNow.Add(LockoutTime);
}
await RavenDatabaseProvider.UpdateEntity(entity.Id, entity);
}
public async Task CreateAsync(string userId, string refreshToken, string remoteIpAddress, string userAgent, TimeSpan refreshTokenLifetime)
{
var id = GenerateId(refreshToken);
var entity = new RefreshTokenDetails
{
Id = id,
UserId = userId,
RefreshToken = refreshToken,
DateCreated = DateTime.UtcNow,
IpAddress = remoteIpAddress,
UserAgent = userAgent,
DateExpires = DateTime.UtcNow + refreshTokenLifetime
};
await RavenDatabaseProvider.CreateEntity(entity);
}
public async Task <IActionResult> Bootstrap()
{
try
{
RavenDatabaseProvider.EnsureDatabaseExists("smartbudget", true);
InputUserRegistrationDto dto = new InputUserRegistrationDto
{
FirstName = "Admin",
LastName = "Developer",
Email = "*****@*****.**",
Password = "******",
ConfirmPassword = "******"
};
var userLoginId = LoginProvider.GenerateId(dto.Email);
var user = new User
{
FirstName = dto.FirstName,
LastName = dto.LastName,
Email = dto.Email,
CreatedBy = "System",
DateCreated = DateTime.UtcNow,
Type = UserType.Admin
};
await RavenDatabaseProvider.CreateEntity(user);
var loginDetails = new LoginDetails
{
Id = userLoginId,
UniqueId = dto.Email,
UserId = user.Id,
CreatedBy = "System",
DateCreated = DateTime.UtcNow
};
LoginProvider.SetPassword(loginDetails, dto.Password);
await RavenDatabaseProvider.CreateEntity(loginDetails);
return(Ok("Setup configurado com sucesso!"));
}
catch (Exception ex)
{
return(BadRequest(ex.Message));
}
}
public async Task <IActionResult> Register([FromBody] InputUserRegistrationDto dto)
{
try
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var userLoginId = LoginProvider.GenerateId(dto.Email);
if (await RavenDatabaseProvider.IsEntityExists(userLoginId))
{
return(BadRequest($"{nameof(dto.Email)} already exists."));
}
var user = new User
{
FirstName = dto.FirstName,
LastName = dto.LastName,
Email = dto.Email,
CreatedBy = "System",
DateCreated = DateTime.UtcNow
};
await RavenDatabaseProvider.CreateEntity(user);
var loginDetails = new LoginDetails
{
Id = userLoginId,
UniqueId = dto.Email,
UserId = user.Id,
CreatedBy = "System",
DateCreated = DateTime.UtcNow
};
LoginProvider.SetPassword(loginDetails, dto.Password);
await RavenDatabaseProvider.CreateEntity(loginDetails);
return(Ok());
}
catch (Exception ex)
{
return(BadRequest(ex.Message));
}
}
public async Task <IActionResult> GetList()
{
var users = await RavenDatabaseProvider.GetEntities <User>();
return(Ok(users.Select(x => x.Id)));
}
// Implementing HandleTokenRequest to issue an authentication ticket containing the user claims
public override async Task HandleTokenRequest(HandleTokenRequestContext context)
{
// Only handle grant_type=password requests and let ASOS
// process grant_type=refresh_token requests automatically.
if (context.Request.IsPasswordGrantType())
{
// Get user login data.
var loginDetails = await LoginProvider.GetEntity(context.Request.Username);
if (loginDetails == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "Invalid credentials.");
return;
}
if (loginDetails.UniqueId != context.Request.Username)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "Invalid credentials.");
return;
}
// Get user data
var user = await RavenDatabaseProvider.GetEntity <User>(loginDetails.UserId);
if (user == null)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "Invalid username or password.");
return;
}
// Ensure the user is allowed to sign in.
if (await UserProvider.IsBannedAsync(user))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "The specified user is not allowed to sign in.");
return;
}
// Ensure the user is not already locked out.
if (LoginProvider.SupportsUserLockout && await LoginProvider.IsLockedOutAsync(loginDetails))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "Invalid credentials.");
return;
}
// Ensure the password is valid.
if (!LoginProvider.IsPasswordCorrect(loginDetails, context.Request.Password))
{
if (LoginProvider.SupportsUserLockout)
{
// Increment lock out count
await LoginProvider.AccessFailedAsync(loginDetails);
}
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: "Invalid credentials.");
return;
}
if (LoginProvider.SupportsUserLockout)
{
// Reset lock out data
await LoginProvider.ResetAccessFailedCountAsync(loginDetails);
}
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
// Note: the subject claim is always included in both identity and
// access tokens, even if an explicit destination is not specified.
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, loginDetails.UserId);
// Add user-id
identity.AddClaim(ClaimTypes.Name, user.Id,
OpenIdConnectConstants.Destinations.AccessToken);
// Add user-role
identity.AddClaim(ClaimTypes.Role, user.Type.ToString(),
OpenIdConnectConstants.Destinations.AccessToken);
// Create a new authentication ticket holding the user identity.
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
// Set the list of scopes granted to the client application.
// (specify offline_access to issue a refresh token).
ticket.SetScopes(OpenIdConnectConstants.Scopes.OfflineAccess);
context.Validate(ticket);
}
return;
}
