public void GetLogin_WithSignInMessage_ReturnsLoginPage()
{
var msg = new SignInMessage();
var val = msg.Protect(60000, protector);
var resp = Get(Constants.RoutePaths.Login + "?message=" + val);
AssertPage(resp, "login");
}
public AuthorizeInteractionResponseGenerator(CoreSettings core, IConsentService consent)
{
_signIn = new SignInMessage();
_core = core;
_consent = consent;
}
public LoginResult(SignInMessage message, HttpRequestMessage request, CoreSettings settings, InternalConfiguration internalConfig)
{
_message = message;
_settings = settings;
_request = request;
_internalConfig = internalConfig;
}
private HttpResponseMessage GetLoginPage(SignInMessage msg = null)
{
msg = msg ?? new SignInMessage() { ReturnUrl = Url("authorize") };
var val = msg.Protect(60000, protector);
var resp = Get(Constants.RoutePaths.Login + "?message=" + val);
resp.AssertCookie(AuthenticationController.SignInMessageCookieName);
client.SetCookies(resp.GetCookies());
return resp;
}
public void GetLogin_SignInMessageHasIdentityProvider_RedirectsToExternalProviderLogin()
{
var msg = new SignInMessage();
msg.IdP = "Google";
var resp = GetLoginPage(msg);
Assert.AreEqual(HttpStatusCode.Found, resp.StatusCode);
var expected = new Uri(Url(Constants.RoutePaths.LoginExternal));
Assert.AreEqual(expected.AbsolutePath, resp.Headers.Location.AbsolutePath);
StringAssert.Contains(resp.Headers.Location.Query, "provider=Google");
}
protected virtual bool ValidateLocalCredentials(string username, string password, SignInMessage message,
out TAccount account)
{
var tenant = string.IsNullOrWhiteSpace(message.Tenant)
? userAccountService.Configuration.DefaultTenant
: message.Tenant;
return(userAccountService.Authenticate(tenant, username, password, out account));
}
private async Task <IHttpActionResult> RenderLoginPage(SignInMessage message, string signInMessageId, string errorMessage = null, string username = null, bool rememberMe = false)
{
if (message == null)
{
throw new ArgumentNullException("message");
}
username = GetUserNameForLoginPage(message, username);
var isLocalLoginAllowedForClient = await IsLocalLoginAllowedForClient(message);
var isLocalLoginAllowed = isLocalLoginAllowedForClient && options.AuthenticationOptions.EnableLocalLogin;
var idpRestrictions = await clientStore.GetIdentityProviderRestrictionsAsync(message.ClientId);
var providers = context.GetExternalAuthenticationProviders(idpRestrictions);
var providerLinks = context.GetLinksFromProviders(providers, signInMessageId);
var visibleLinks = providerLinks.FilterHiddenLinks();
if (errorMessage != null)
{
Logger.InfoFormat("rendering login page with error message: {0}", errorMessage);
}
else
{
if (isLocalLoginAllowed == false)
{
if (options.AuthenticationOptions.EnableLocalLogin)
{
Logger.Info("local login disabled");
}
if (isLocalLoginAllowedForClient)
{
Logger.Info("local login disabled for the client");
}
string url = null;
if (!providerLinks.Any())
{
Logger.Info("no providers registered for client");
return(RenderErrorPage());
}
else if (providerLinks.Count() == 1)
{
Logger.Info("only one provider for client");
url = providerLinks.First().Href;
}
else if (visibleLinks.Count() == 1)
{
Logger.Info("only one visible provider");
url = visibleLinks.First().Href;
}
if (url.IsPresent())
{
Logger.InfoFormat("redirecting to provider URL: {0}", url);
return(Redirect(url));
}
}
Logger.Info("rendering login page");
}
var loginPageLinks = options.AuthenticationOptions.LoginPageLinks.Render(Request.GetIdentityServerBaseUrl(), signInMessageId);
var loginModel = new LoginViewModel
{
RequestId = context.GetRequestId(),
SiteName = options.SiteName,
SiteUrl = Request.GetIdentityServerBaseUrl(),
ExternalProviders = visibleLinks,
AdditionalLinks = loginPageLinks,
ErrorMessage = errorMessage,
LoginUrl = isLocalLoginAllowed ? Url.Route(Constants.RouteNames.Login, new { signin = signInMessageId }) : null,
AllowRememberMe = options.AuthenticationOptions.CookieOptions.AllowRememberMe,
RememberMe = options.AuthenticationOptions.CookieOptions.AllowRememberMe && rememberMe,
CurrentUser = context.GetCurrentUserDisplayName(),
LogoutUrl = context.GetIdentityServerLogoutUrl(),
AntiForgery = antiForgeryToken.GetAntiForgeryToken(),
Username = username
};
return(new LoginActionResult(viewService, loginModel, message));
}
public async Task<IActionResult> SignIn([FromForm]OAuthSignInModel model)
{
Guid sagaId;
var context = _dataProtector.Unprotect(model.ProtectedOAuthContext);
if (!Guid.TryParse(context, out sagaId))
{
return BadRequest();
}
var message = new SignInMessage(sagaId)
{
UserName = model.UserName,
Password = model.Password,
RememberMe = model.RememberMe
};
var result = await _sagaBus.SendAsync<SignInMessage, OAuth20Result>(message);
switch (result.State)
{
case OAuth20State.RequireSignIn:
ModelState.AddModelError(string.Empty, "Singin failed");
return View("SignIn");
case OAuth20State.RequirePermissionGrant:
return PermissionGrantView(result);
case OAuth20State.AuthorizationCodeGenerated:
return AuthorizationCodeRedirect(result);
case OAuth20State.Finished:
return ImplictRedirect(result);
default:
return BadRequest();
}
}
public Task <AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message)
{
var user = Users.SingleOrDefault(x => x.Username == username && x.Password == password);
if (user == null)
{
return(Task.FromResult <AuthenticateResult>(null));
}
return(Task.FromResult <AuthenticateResult>(new AuthenticateResult(user.Subject, user.Username)));
}
protected async Task <AuthenticateResult> PostAuthenticateLocalAsync(User user, SignInMessage message)
{
ClientScopeService clientScopeService = new ClientScopeService();
bool isTwoFactorAuthentication = clientScopeService.IsTwoFactorAuthentication(message.ClientId);
if (isTwoFactorAuthentication && (user.TwoFactorEmailAuthEnabled || user.TwoFactorSMSAuthEnabled))
{
IUserStoreService service = GetUserStoreService(message.ClientId);
var result = service.GenerateAndSendOTP(user.Id);
if (!result)
{
return(new AuthenticateResult("Due to an error, OTP code could not be sent. Please try again. If this problem persists, please contact seystem administrator."));
}
var claims = GetUserClaims(user);
return(new AuthenticateResult("~/custom/2fa?id=" + ctx.Request.Query.Get("id"), user.Subject, user.DisplayName, claims));
}
else
{
return(null);
}
}
/// <summary>
/// Loads the HTML for the login page.
/// </summary>
/// <param name="model">The model.</param>
/// <param name="message">The message.</param>
/// <returns>
/// Stream for the HTML
/// </returns>
public virtual Task <Stream> Login(LoginViewModel model, SignInMessage message)
{
return(Render(model, LoginView));
}
protected override async Task <AuthenticateResult> PostAuthenticateLocalAsync(User user, SignInMessage message)
{
if (base.userManager.SupportsUserTwoFactor)
{
var id = user.Id;
if (await userManager.GetTwoFactorEnabledAsync(id))
{
var code = await this.userManager.GenerateTwoFactorTokenAsync(id, "sms");
var result = await userManager.NotifyTwoFactorTokenAsync(id, "sms", code);
if (!result.Succeeded)
{
return(new IdentityServer3.Core.Models.AuthenticateResult(result.Errors.First()));
}
var name = await GetDisplayNameForAccountAsync(id);
return(new IdentityServer3.Core.Models.AuthenticateResult("~/2fa", id, name));
}
}
return(null);
}
public void GetExternalLogin_ValidProvider_RedirectsToProvider()
{
var msg = new SignInMessage();
msg.IdP = "Google";
var resp1 = GetLoginPage(msg);
var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result;
Assert.AreEqual(HttpStatusCode.Found, resp2.StatusCode);
Assert.IsTrue(resp2.Headers.Location.AbsoluteUri.StartsWith("https://www.google.com"));
}
public void LoginExternalCallback_WithValidNameIDClaim_IssuesAuthenticationCookie()
{
var msg = new SignInMessage();
msg.IdP = "Google";
msg.ReturnUrl = Url("authorize");
var resp1 = GetLoginPage(msg);
var sub = new Claim(ClaimTypes.NameIdentifier, "123", ClaimValueTypes.String, "Google");
SignInIdentity = new ClaimsIdentity(new Claim[] { sub }, Constants.ExternalAuthenticationType);
var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result;
client.SetCookies(resp2.GetCookies());
var resp3 = Get(Constants.RoutePaths.LoginExternalCallback);
resp3.AssertCookie(Constants.PrimaryAuthenticationType);
}
public static void RaiseLocalLoginSuccessEvent(this IEventService events, IDictionary <string, object> env, string username, SignInMessage signInMessage, AuthenticateResult authResult)
{
if (events == null)
{
throw new ArgumentNullException("events");
}
var evt = new LocalAuthenticationEvent()
{
Id = EventConstants.Ids.SuccessfulLocalLogin,
EventType = Events.EventType.Success,
Message = Resources.Events.LocalLoginSuccess,
SubjectId = authResult.User.GetSubjectId(),
SignInMessage = signInMessage,
LoginUserName = username
};
evt.ApplyEnvironment(env);
events.Raise(evt);
}
public virtual async Task <Stream> Login(LoginViewModel model, SignInMessage message)
{
JsonSerializerSettings jsonSerSettings = DefaultJsonContentFormatter.SerializeSettings();
jsonSerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
if (model.Custom == null && message.ReturnUrl != null)
{
string state = new Uri(message.ReturnUrl).ParseQueryString()["state"] ?? "{}";
try
{
dynamic custom = model.Custom = CustomLoginDataProvider.GetCustomData(message);
string signInType = null;
try
{
signInType = custom.SignInType;
}
catch { }
if (signInType != null && model.ExternalProviders.Any(extProvider => extProvider.Type == signInType))
{
string redirectUri = model.ExternalProviders.Single(extProvider => extProvider.Type == signInType).Href;
return(await ReturnHtmlAsync(model, $@"<!DOCTYPE html>
<html>
<head>
<meta http-equiv='refresh' content='0;{redirectUri}'>
</head>
<body></body>
</html>", CancellationToken.None).ConfigureAwait(false));
}
}
catch
{
model.Custom = new { };
}
}
string json = JsonConvert.SerializeObject(new
{
model.AdditionalLinks,
model.AllowRememberMe,
model.AntiForgery,
model.ClientLogoUrl,
model.ClientName,
model.ClientUrl,
model.CurrentUser,
model.Custom,
model.ErrorMessage,
model.ExternalProviders,
model.LoginUrl,
model.LogoutUrl,
model.RememberMe,
model.RequestId,
model.SiteName,
model.SiteUrl,
model.Username,
ReturnUrl = message.ReturnUrl == null ? "" : new Uri(message.ReturnUrl).ParseQueryString()["redirect_uri"]
}, Formatting.None, jsonSerSettings);
string loginPageHtml = (await SsoHtmlPageProvider.GetSsoPageAsync(CancellationToken.None).ConfigureAwait(false))
.Replace("{model}", Microsoft.Security.Application.Encoder.HtmlEncode(json));
return(await ReturnHtmlAsync(model, loginPageHtml, CancellationToken.None).ConfigureAwait(false));
}
public System.Threading.Tasks.Task <AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message = null)
{
return(inner.AuthenticateLocalAsync(username, password, message));
}
public System.Threading.Tasks.Task <AuthenticateResult> PreAuthenticateAsync(IDictionary <string, object> env, SignInMessage message)
{
return(inner.PreAuthenticateAsync(env, message));
}
/// <summary>
/// Creates and writes the signin cookie to the response and returns the associated URL to the login page.
/// </summary>
/// <param name="env">The OWIN environment.</param>
/// <param name="message">The signin message.</param>
/// <returns></returns>
/// <exception cref="ArgumentNullException">
/// env
/// or
/// message
/// </exception>
public static string CreateSignInRequest(this IDictionary <string, object> env, SignInMessage message)
{
if (env == null)
{
throw new ArgumentNullException("env");
}
if (message == null)
{
throw new ArgumentNullException("message");
}
// if there's no return url, then use current request's URL
if (message.ReturnUrl.IsMissing())
{
var ctx = new OwinContext(env);
message.ReturnUrl = ctx.Request.Uri.AbsoluteUri;
}
if (message.ReturnUrl.StartsWith("~/"))
{
message.ReturnUrl = message.ReturnUrl.Substring(1);
}
if (message.ReturnUrl.StartsWith("/"))
{
message.ReturnUrl = env.GetIdentityServerBaseUrl().RemoveTrailingSlash() + message.ReturnUrl;
}
var options = env.ResolveDependency <IdentityServerOptions>();
var cookie = new MessageCookie <SignInMessage>(env, options);
var id = cookie.Write(message);
var url = env.GetIdentityServerBaseUrl() + Constants.RoutePaths.Login;
var uri = new Uri(url.AddQueryString("signin=" + id));
return(uri.AbsoluteUri);
}
public void LoginExternalCallback_WithoutExternalCookie_RendersLoginPageWithError()
{
var msg = new SignInMessage();
msg.IdP = "Google";
var resp1 = GetLoginPage(msg);
var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result;
var resp3 = Get(Constants.RoutePaths.LoginExternalCallback);
AssertPage(resp3, "login");
var model = GetLayoutModel(resp3);
Assert.AreEqual(Messages.NoMatchingExternalAccount, model.ErrorMessage);
}
public LoginActionResult(IViewService viewSvc, IDictionary <string, object> env, LoginViewModel model, SignInMessage message)
: base(async() => await viewSvc.Login(env, model, message))
{
if (viewSvc == null)
{
throw new ArgumentNullException("viewSvc");
}
if (env == null)
{
throw new ArgumentNullException("env");
}
if (model == null)
{
throw new ArgumentNullException("model");
}
if (message == null)
{
throw new ArgumentNullException("message");
}
}
public void LoginExternalCallback_UserServiceReturnsNull_ShowError()
{
mockUserService.Setup(x => x.AuthenticateExternalAsync(It.IsAny<string>(), It.IsAny<ExternalIdentity>()))
.Returns(Task.FromResult((ExternalAuthenticateResult)null));
var msg = new SignInMessage();
msg.IdP = "Google";
msg.ReturnUrl = Url("authorize");
var resp1 = GetLoginPage(msg);
var sub = new Claim(Constants.ClaimTypes.Subject, "123", ClaimValueTypes.String, "Google");
SignInIdentity = new ClaimsIdentity(new Claim[] { sub }, Constants.ExternalAuthenticationType);
var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result;
client.SetCookies(resp2.GetCookies());
var resp3 = Get(Constants.RoutePaths.LoginExternalCallback);
AssertPage(resp3, "login");
var model = GetLayoutModel(resp3);
Assert.AreEqual(Messages.NoMatchingExternalAccount, model.ErrorMessage);
}
public virtual async Task <Stream> Login(LoginViewModel model, SignInMessage message)
{
JsonSerializerSettings jsonSerSettings = DefaultJsonContentFormatter.SerializeSettings();
jsonSerSettings.ContractResolver = new BitCamelCasePropertyNamesContractResolver();
if (model.Custom == null && message.ReturnUrl != null)
{
try
{
dynamic custom = model.Custom = UrlStateProvider.GetState(new Uri(message.ReturnUrl));
string?signInType = null;
try
{
signInType = custom.SignInType ?? message.IdP;
}
catch { }
if (signInType != null && model.ExternalProviders.Any(extProvider => extProvider.Type == signInType))
{
string redirectUri = model.ExternalProviders.Single(extProvider => extProvider.Type == signInType).Href;
return(await ReturnHtmlAsync($@"<!DOCTYPE html>
<html>
<head>
<meta http-equiv='refresh' content='0;{redirectUri}'>
</head>
<body></body>
</html>", OwinContext.Request.CallCancelled).ConfigureAwait(false));
}
}
catch
{
model.Custom = new { };
}
}
string json = JsonConvert.SerializeObject(new
{
model.AdditionalLinks,
model.AllowRememberMe,
model.AntiForgery,
model.ClientLogoUrl,
model.ClientName,
model.ClientUrl,
model.CurrentUser,
model.Custom,
model.ErrorMessage,
model.ExternalProviders,
model.LoginUrl,
model.LogoutUrl,
model.RememberMe,
model.RequestId,
model.SiteName,
model.SiteUrl,
UserName = model.Username, // https://docs.microsoft.com/en-us/dotnet/standard/design-guidelines/capitalization-conventions#capitalizing-compound-words-and-common-terms
ReturnUrl = message.ReturnUrl == null ? "" : new Uri(message.ReturnUrl).ParseQueryString()["redirect_uri"]
}, Formatting.None, jsonSerSettings);
string loginPageHtmlInitialHtml = await File.ReadAllTextAsync(PathProvider.MapStaticFilePath(AppEnvironment.GetConfig(AppEnvironment.KeyValues.IdentityServer.LoginPagePath, AppEnvironment.KeyValues.IdentityServer.LoginPagePathDefaultValue) !));
string loginPageHtmlFinalHtml = (await HtmlPageProvider.GetHtmlPageAsync(loginPageHtmlInitialHtml, OwinContext.Request.CallCancelled).ConfigureAwait(false))
.Replace("{{model.LoginModel.toJson()}}", Microsoft.Security.Application.Encoder.HtmlEncode(json), StringComparison.InvariantCultureIgnoreCase);
return(await ReturnHtmlAsync(loginPageHtmlFinalHtml, OwinContext.Request.CallCancelled).ConfigureAwait(false));
}
private async Task <Tuple <IHttpActionResult, AuthenticateResult> > PostAuthenticateAsync(SignInMessage signInMessage, string signInMessageId, AuthenticateResult result)
{
if (result.IsPartialSignIn == false)
{
Logger.Info("Calling PostAuthenticateAsync on the user service");
var ctx = new PostAuthenticationContext
{
SignInMessage = signInMessage,
AuthenticateResult = result
};
await _userService.PostAuthenticateAsync(ctx);
var authResult = ctx.AuthenticateResult;
if (authResult == null)
{
Logger.Error("user service PostAuthenticateAsync returned a null AuthenticateResult");
return(new Tuple <IHttpActionResult, AuthenticateResult>(RenderErrorPage(), null));
}
if (authResult.IsError)
{
Logger.WarnFormat("user service PostAuthenticateAsync returned an error message: {0}", authResult.ErrorMessage);
if (ctx.ShowLoginPageOnErrorResult)
{
Logger.Debug("ShowLoginPageOnErrorResult set to true, showing login page with error");
return(new Tuple <IHttpActionResult, AuthenticateResult>(await RenderLoginPage(signInMessage, signInMessageId, authResult.ErrorMessage), null));
}
else
{
Logger.Debug("ShowLoginPageOnErrorResult set to false, showing error page with error");
return(new Tuple <IHttpActionResult, AuthenticateResult>(RenderErrorPage(authResult.ErrorMessage), null));
}
}
if (result != authResult)
{
result = authResult;
Logger.Info("user service PostAuthenticateAsync returned a different AuthenticateResult");
}
}
return(new Tuple <IHttpActionResult, AuthenticateResult>(null, result));
}
/// <summary>
/// Creates and writes the signin cookie to the response and returns the associated URL to the login page.
/// </summary>
/// <param name="env">The OWIN environment.</param>
/// <param name="message">The signin message.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">
/// env
/// or
/// message
/// </exception>
public static string CreateSignInRequest(this IDictionary <string, object> env, SignInMessage message)
{
if (env == null)
{
throw new ArgumentNullException("env");
}
if (message == null)
{
throw new ArgumentNullException("message");
}
var options = env.ResolveDependency <IdentityServerOptions>();
var cookie = new MessageCookie <SignInMessage>(env, options);
var id = cookie.Write(message);
var url = env.GetIdentityServerBaseUrl() + Constants.RoutePaths.Login;
var uri = new Uri(url.AddQueryString("signin=" + id));
return(uri.AbsoluteUri);
}
public Task <Thinktecture.IdentityServer.Core.Authentication.AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message)
{
return(Task.FromResult <AuthenticateResult>(null));
}
public Task <AuthenticateResult> PreAuthenticateAsync(IDictionary <string, object> env, SignInMessage message)
{
return(Task.FromResult <AuthenticateResult>(null));
}
public Task <AuthenticateResult> PreAuthenticateAsync(SignInMessage message)
{
return(Task.FromResult <AuthenticateResult>(null));
}
public Task <AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message)
{
if (username == password)
{
var p = IdentityServerPrincipal.Create(username, username, "password", "idsvr");
return(Task.FromResult(new AuthenticateResult(p)));
}
return(Task.FromResult <AuthenticateResult>(null));
}
public async Task <bool> VerifyTwoFactorTokenAsync(string userId, string code, SignInMessage message)
{
IUserStoreService service = GetUserStoreService(message.ClientId);
var result = service.VerifyOTP(Convert.ToInt32(userId), Convert.ToInt32(code));
return(result);
}
public Task <AuthenticateResult> PreAuthenticateAsync(IDictionary <string, object> env, SignInMessage message)
{
throw new NotImplementedException();
}
protected virtual Task <AuthenticateResult> PostAuthenticateLocalAsync(TAccount account, SignInMessage message)
{
return(Task.FromResult <AuthenticateResult>(null));
}
public async Task <Stream> Login(LoginViewModel model, SignInMessage message)
{
return(await Render(model, "Login"));
}
IHttpActionResult RedirectToLogin(CoreSettings settings, SignInValidationResult result)
{
var message = new SignInMessage();
message.ReturnUrl = Request.RequestUri.AbsoluteUri;
if (result.HomeRealm.IsPresent())
{
message.IdP = result.HomeRealm;
}
return new LoginResult(message, this.Request, settings, _internalConfig);
}
public AuthorizeInteractionResponseGenerator(IConsentService consent)
{
_signIn = new SignInMessage();
_consent = consent;
}
IHttpActionResult RedirectToLogin(SignInMessage message, NameValueCollection parameters, IdentityServerOptions options)
{
message = message ?? new SignInMessage();
var path = Url.Route(Constants.RouteNames.Oidc.Authorize, null) + "?" + parameters.ToQueryString();
var url = new Uri(Request.RequestUri, path);
message.ReturnUrl = url.AbsoluteUri;
return new LoginResult(message, Request.GetOwinContext().Environment, _options.DataProtector);
}
public static async Task RaiseExternalLoginFailureEventAsync(this IEventService events,
ExternalIdentity externalIdentity, string signInMessageId, SignInMessage signInMessage, string error)
{
var evt = new Event <ExternalLoginDetails>(
EventConstants.Categories.Authentication,
Resources.Events.ExternalLoginFailure,
EventTypes.Failure,
EventConstants.Ids.ExternalLoginFailure,
new ExternalLoginDetails
{
SignInId = signInMessageId,
SignInMessage = signInMessage,
Provider = externalIdentity.Provider,
ProviderId = externalIdentity.ProviderId,
},
error);
await events.RaiseEventAsync(evt);
}
public void GetExternalLogin_InalidProvider_ReturnsUnauthorized()
{
var msg = new SignInMessage();
msg.IdP = "Foo";
var resp1 = GetLoginPage(msg);
var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result;
Assert.AreEqual(HttpStatusCode.Unauthorized, resp2.StatusCode);
}
public static async Task RaiseSuccessfulResourceOwnerFlowAuthenticationEventAsync(this IEventService events,
string userName, string subjectId, SignInMessage message)
{
var evt = new Event <LocalLoginDetails>(
EventConstants.Categories.Authentication,
Resources.Events.ResourceOwnerFlowLoginSuccess,
EventTypes.Success,
EventConstants.Ids.ResourceOwnerFlowLoginSuccess,
new LocalLoginDetails
{
SubjectId = subjectId,
SignInMessage = message,
LoginUserName = userName
});
await events.RaiseEventAsync(evt);
}
public void LoginExternalCallback_WithoutSubjectOrNameIdClaims_RendersLoginPageWithError()
{
var msg = new SignInMessage();
msg.IdP = "Google";
var resp1 = GetLoginPage(msg);
SignInIdentity = new ClaimsIdentity(new Claim[]{new Claim("foo", "bar")}, Constants.ExternalAuthenticationType);
var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result;
client.SetCookies(resp2.GetCookies());
var resp3 = Get(Constants.RoutePaths.LoginExternalCallback);
AssertPage(resp3, "login");
var model = GetLayoutModel(resp3);
Assert.AreEqual(Messages.NoMatchingExternalAccount, model.ErrorMessage);
}
public static async Task RaisePartialLoginCompleteEventAsync(this IEventService events,
ClaimsIdentity subject, string signInMessageId, SignInMessage signInMessage)
{
var evt = new Event <LoginDetails>(
EventConstants.Categories.Authentication,
Resources.Events.PartialLoginComplete,
EventTypes.Information,
EventConstants.Ids.PartialLoginComplete,
new LoginDetails
{
SubjectId = subject.GetSubjectId(),
Name = subject.Name,
SignInId = signInMessageId,
SignInMessage = signInMessage
});
await events.RaiseEventAsync(evt);
}
public void LoginExternalCallback_WithValidSubjectClaim_RedirectsToAuthorizeEndpoint()
{
var msg = new SignInMessage();
msg.IdP = "Google";
msg.ReturnUrl = Url("authorize");
var resp1 = GetLoginPage(msg);
var sub = new Claim(Constants.ClaimTypes.Subject, "123", ClaimValueTypes.String, "Google");
SignInIdentity = new ClaimsIdentity(new Claim[] { sub }, Constants.ExternalAuthenticationType);
var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result;
client.SetCookies(resp2.GetCookies());
var resp3 = Get(Constants.RoutePaths.LoginExternalCallback);
Assert.AreEqual(HttpStatusCode.Found, resp3.StatusCode);
Assert.AreEqual(Url("authorize"), resp3.Headers.Location.AbsoluteUri);
}
public static async Task RaiseLocalLoginSuccessEventAsync(this IEventService events,
string username, string signInMessageId, SignInMessage signInMessage, AuthenticateResult authResult)
{
var evt = new Event <LocalLoginDetails>(
EventConstants.Categories.Authentication,
Resources.Events.LocalLoginSuccess,
EventTypes.Success,
EventConstants.Ids.LocalLoginSuccess,
new LocalLoginDetails
{
SubjectId = authResult.HasSubject ? authResult.User.GetSubjectId() : null,
Name = authResult.User.Identity.Name,
SignInId = signInMessageId,
SignInMessage = signInMessage,
PartialLogin = authResult.IsPartialSignIn,
LoginUserName = username
});
await events.RaiseEventAsync(evt);
}
public void LoginExternalCallback_UserIsAlreadyLoggedIn_SubjectIsPassedToUserService()
{
var msg = new SignInMessage();
msg.IdP = "Google";
msg.ReturnUrl = Url("authorize");
var userSub = new Claim(Constants.ClaimTypes.Subject, "818727", ClaimValueTypes.String, Constants.BuiltInIdentityProvider);
SignInIdentity = new ClaimsIdentity(new Claim[] { userSub }, Constants.PrimaryAuthenticationType);
var resp1 = GetLoginPage(msg);
var sub = new Claim(Constants.ClaimTypes.Subject, "123", ClaimValueTypes.String, "Google");
SignInIdentity = new ClaimsIdentity(new Claim[] { sub }, Constants.ExternalAuthenticationType);
var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result;
client.SetCookies(resp2.GetCookies());
Get(Constants.RoutePaths.LoginExternalCallback);
mockUserService.Verify(x => x.AuthenticateExternalAsync("818727", It.IsAny<ExternalIdentity>()));
}
/// <summary>
/// Construct an RmUnifyUser from a SignInMessage
/// </summary>
/// <param name="m">SignInMessage</param>
internal SsoUser(SignInMessage m)
{
RawSsoAttributes = m.Attributes;
Organization = new SsoOrganization(this);
}
public static async Task RaiseLocalLoginFailureEventAsync(this IEventService events,
string username, string signInMessageId, SignInMessage signInMessage, string error)
{
var evt = new Event <LocalLoginDetails>(
EventConstants.Categories.Authentication,
Resources.Events.LocalLoginFailure,
EventTypes.Failure,
EventConstants.Ids.LocalLoginFailure,
new LocalLoginDetails
{
SignInId = signInMessageId,
SignInMessage = signInMessage,
LoginUserName = username
},
error);
await events.RaiseEventAsync(evt);
}
public Task <Stream> Login(LoginViewModel model, SignInMessage message)
{
return(Task.FromResult(RunTemplate("login", model, message.ClientId, message.Tenant)));
}
IHttpActionResult RedirectToLogin(SignInMessage message, NameValueCollection parameters, CoreSettings settings)
{
message = message ?? new SignInMessage();
var path = Url.Route("authorize", null) + "?" + parameters.ToQueryString();
var url = new Uri(Request.RequestUri, path);
message.ReturnUrl = url.AbsoluteUri;
return new LoginResult(message, this.Request, settings, _internalConfiguration);
}
internal bool ProcessSignIn()
{
if (PlatformHelper.GetParam("wa") == "wsignin1.0")
{
string messageStr = PlatformHelper.GetParam("wresult");
SignInMessage message = new SignInMessage(messageStr);
DateTime notOnOrAfter = message.Verify(_callbackApi.Realm, _callbackApi.MaxClockSkewSeconds, _callbackApi.Cache);
SsoUser user = new SsoUser(message);
PlatformHelper.AddSessionCookie("_rmunify_user", "true");
if (!string.IsNullOrEmpty(user.Organization.Id))
{
if (!string.IsNullOrEmpty(user.Organization.AppEstablishmentKey))
{
if (user.Organization.IsSsoConnector)
{
if (!_callbackApi.IsOrganizationLicensed(user.Organization.AppEstablishmentKey, user.Organization, RmUnifyCallbackApi.Source.SingleSignOn))
{
throw new RmUnifySsoException(RmUnifySsoException.ERRORCODES_NOLICENCE, "No licence found for school with establishment key: " + user.Organization.AppEstablishmentKey);
}
}
_callbackApi.UpdateLinkedOrganization(user.Organization.AppEstablishmentKey, user.Organization, RmUnifyCallbackApi.Source.SingleSignOn);
}
else
{
if (user.Organization.IsSsoConnector)
{
throw new RmUnifySsoException(RmUnifySsoException.ERRORCODES_INVALIDAPPESTABLISHMENTKEY, "Invalid AppEstablishmentKey in SSO Connector");
}
_callbackApi.CreateOrUpdateOrganization(user.Organization, RmUnifyCallbackApi.Source.SingleSignOn);
}
}
if (!string.IsNullOrEmpty(user.AppUserId))
{
if (string.IsNullOrEmpty(user.Organization.AppEstablishmentKey))
{
throw new RmUnifySsoException(RmUnifySsoException.ERRORCODES_INVALIDAPPESTABLISHMENTKEY, "Invalid AppEstablishmentKey for linked user");
}
_callbackApi.UpdateLinkedUser(user.AppUserId, user.Organization.AppEstablishmentKey, user, RmUnifyCallbackApi.Source.SingleSignOn);
}
else
{
if (string.IsNullOrEmpty(user.Id))
{
throw new RmUnifySsoException(RmUnifySsoException.ERRORCODES_MISSINGATTRIBUTES, "No user ID (IdentityGuid or PersistentId) provided by RM Unify");
}
_callbackApi.CreateOrUpdateUser(user, RmUnifyCallbackApi.Source.SingleSignOn);
}
PlatformHelper.AddSessionCookie("_rmunify_user", "true");
string returnUrl = PlatformHelper.GetParam("wctx");
try
{
if (!string.IsNullOrEmpty(user.AppUserId))
{
_callbackApi.DoLoginForLinkedUser(user.AppUserId, user.Organization.AppEstablishmentKey, user, notOnOrAfter, returnUrl);
}
else
{
_callbackApi.DoLogin(user, notOnOrAfter, returnUrl);
}
}
catch
{
try
{
PlatformHelper.DeleteCookie("_rmunify_user");
}
catch { }
throw;
}
return true;
}
return false;
}
