public virtual ActionResult Authenticate(string returnUrl)
{
IAuthenticationResponse response = Openid.GetResponse();
if (response == null)
{
// Stage 2: user submitting Identifier
Identifier id;
if (Identifier.TryParse(Request.Form["openid_identifier"], out id))
{
try
{
IAuthenticationRequest request = Openid.CreateRequest(Request.Form["openid_identifier"]);
request.AddExtension(new ClaimsRequest
{
Email = DemandLevel.Require,
Nickname = DemandLevel.Request,
FullName = DemandLevel.Request,
BirthDate = DemandLevel.Request
});
return request.RedirectingResponse.AsActionResult();
}
catch (ProtocolException ex)
{
ViewData["Message"] = ex.Message;
return View("Login");
}
}
else
{
ViewData["Message"] = "Invalid identifier";
return View("Login");
}
}
else
{
// Stage 3: OpenID Provider sending assertion response
switch (response.Status)
{
case AuthenticationStatus.Authenticated:
var claimedId = Data.Core.Entities.User.NormalizeOpenId(response.ClaimedIdentifier.ToString().ToLower());
var sreg = response.GetExtension<ClaimsResponse>();
if (sreg == null)
{
ViewData["Message"] = "OpenId did not provide user information";
return View("Login");
}
// check if openid exists, if so log the user in.
// if openid doesn't exist and user is not logged in already then create user
// if openid doesn't exist and user is logged in then merge
var openId = new OpenId() { OpenIdClaim = claimedId, OpenIdProvider = OpenIdProvider.Other };
var checkUser = this._userService.Validate(openId);
// if openid exists in db
if (checkUser == null)
{
// show registration page
var model = new RegisterModel()
{
Email = sreg.Email,
OpenID = claimedId,
UserName = sreg.Nickname,
FullName = sreg.FullName
};
ViewData["Message"] = "Please complete the registration form to complete the process";
TempData["RegisterModel"] = model;
return this.RedirectToAction("Register");
}
else
{
if (User.Identity.IsAuthenticated)
{
// merge this open id with the current user
// show merge view
var model = new MergeModel()
{
Email = sreg.Email,
OpenID = claimedId,
UserName = sreg.Nickname,
FullName = sreg.FullName
};
ViewData["Message"] = "Please complete the registration form to complete the process";
return View("Merge", model);
}
else
{
FormsAuthentication.SetAuthCookie(checkUser.Username, true);
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
return this.RedirectToAction("Index", "Home");
}
}
/*var user = this._userService.Store(openId, sreg.Nickname, sreg.FullName, sreg.Email);
var groups = user.IsAdmin ? "Admin" : string.Empty;
var ticket = new FormsAuthenticationTicket(
1,
user.Id,
DateTime.Now,
DateTime.Now.AddYears(2),
true,
groups);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { Expires = ticket.Expiration };
Response.Cookies.Add(authenticationCookie);
if (!string.IsNullOrEmpty(returnUrl))
{
return Redirect(returnUrl);
}*/
return this.RedirectToAction("Index", "Home");
case AuthenticationStatus.Canceled:
ViewData["Message"] = "Canceled at provider";
return View("Login");
case AuthenticationStatus.Failed:
ViewData["Message"] = response.Exception.Message;
return View("Login");
}
}
return new EmptyResult();
}
public virtual ActionResult Register(RegisterModel model)
{
if (ModelState.IsValid)
{
// Attempt to register the user
//MembershipCreateStatus createStatus;
//Membership.CreateUser(model.UserName, model.Password, model.Email, passwordQuestion: null, passwordAnswer: null, isApproved: true, providerUserKey: null, status: out createStatus);
// grab open id if it exists
var openId = new OpenId() { OpenIdClaim = model.OpenID };
// create the account
var user = this._userService.Store(openId, model.UserName, model.FullName, model.Email, model.Password);
if (user != null)
{
FormsAuthentication.SetAuthCookie(user.Id, createPersistentCookie: false);
return RedirectToAction("Index", "Home");
}
ModelState.AddModelError(string.Empty, "Error creating user.");
/*if (createStatus == MembershipCreateStatus.Success)
{
FormsAuthentication.SetAuthCookie(model.UserName, createPersistentCookie: false);
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError("", ErrorCodeToString(createStatus));
}*/
}
// If we got this far, something failed, redisplay form
return View(model);
}
/// <summary>
/// Validates the specified open id.
/// </summary>
/// <param name="openId">The open id.</param>
/// <returns>
/// A user.
/// </returns>
public User Validate(OpenId openId)
{
// fix the provider if we can
GetProvider(ref openId);
// Lets find an existing user for the provider OR the email address if the provider doesn't exist.
var user = DocumentSession.Query<User>()
.SingleOrDefault(x =>
x.OpenIds.Any(y => y.OpenIdClaim == openId.OpenIdClaim && y.OpenIdProvider == openId.OpenIdProvider));
return user;
}
/// <summary>
/// Gets the provider.
/// </summary>
/// <param name="openId">The open id.</param>
private static void GetProvider(ref OpenId openId)
{
// get identifier
var identifier = openId.OpenIdClaim.ToLowerInvariant();
// default
openId.OpenIdProvider = OpenIdProvider.Other;
// override
if (identifier.StartsWith(@"https://www.google.com/accounts/o8/id"))
{
openId.OpenIdProvider = OpenIdProvider.Google;
}
if (identifier.StartsWith(@"https://me.yahoo.com"))
{
openId.OpenIdProvider = OpenIdProvider.Yahoo;
}
if (identifier.Contains(@"//www.google.com/profiles/"))
{
openId.OpenIdProvider = OpenIdProvider.GoogleProfiles;
}
if (identifier.StartsWith(@"http://stackauth.com/"))
{
openId.OpenIdProvider = OpenIdProvider.StackAuth;
}
// http://username.myopenid.com
if (identifier.Contains(@".myopenid.com")) // ^https?:\/\/([-.\w]+)(\.myopenid\.com)+.*$
{
openId.OpenIdProvider = OpenIdProvider.MyOpenId;
}
// http://username.livejournal.com
if (identifier.Contains(@".livejournal.com"))
{
openId.OpenIdProvider = OpenIdProvider.LiveJournal;
}
// http://openid.aol.com/[Username]
if (identifier.Contains(@"http://openid.aol.com/"))
{
openId.OpenIdProvider = OpenIdProvider.Aol;
}
// http://openid.claimid.com/USERNAME
if (identifier.Contains(@"http://openid.claimid.com/"))
{
openId.OpenIdProvider = OpenIdProvider.ClaimID;
}
// http://clickpass.com/public/<username>
if (identifier.Contains(@"http://clickpass.com/public/"))
{
openId.OpenIdProvider = OpenIdProvider.ClickPass;
}
// blogname.blogspot.com
if (identifier.Contains(@".blogspot.com"))
{
openId.OpenIdProvider = OpenIdProvider.Blogger;
}
// username.wordpress.com
if (identifier.Contains(@".wordpress.com"))
{
openId.OpenIdProvider = OpenIdProvider.WordPress;
}
// www.myspace.com/username
if (identifier.Contains(@"www.myspace.com"))
{
openId.OpenIdProvider = OpenIdProvider.MySpace;
}
// example.pip.verisignalbs.com <- really? Verisign easy to type url... nice
if (identifier.Contains(@".pip.verisignalbs.com"))
{
openId.OpenIdProvider = OpenIdProvider.Versign;
}
}
/// <summary>
/// Stores the specified open id.
/// </summary>
/// <param name="openId">The open id.</param>
/// <param name="userName">Name of the user.</param>
/// <param name="fullName">The full name.</param>
/// <param name="email">The email.</param>
/// <param name="password">The password.</param>
/// <returns>
/// The validated user.
/// </returns>
public User Store(OpenId openId, string userName, string fullName, string email, string password)
{
// the user might not have provided an openid. This could be empty.
// conditions
Condition.Requires(userName).IsNotNullOrWhiteSpace();
Condition.Requires(fullName).IsNotNullOrWhiteSpace();
var hasOpenId = !string.IsNullOrWhiteSpace(openId.OpenIdClaim);
// triggered condition
if (hasOpenId)
{
// fix the provider if we can
GetProvider(ref openId);
// check has email! maybe this should be an absolute requirement anyway.
if (IsVerifiedEmailProvider(openId.OpenIdClaim))
{
Condition.Requires(email).IsNotNullOrWhiteSpace();
}
}
// Lets find an existing user for the provider OR the email address if the provider doesn't exist. If this was a signup without openid then just check the email.
var user = hasOpenId ?
DocumentSession.Query<User>().SingleOrDefault(
x =>
x.OpenIds.Any(
y => y.OpenIdClaim == openId.OpenIdClaim && y.OpenIdProvider == openId.OpenIdProvider))
?? DocumentSession.Query<User>().SingleOrDefault(x => x.Email == email) : DocumentSession.Query<User>().SingleOrDefault(x => x.Email == email);
// if user exists
if (user != null)
{
// User exists, so lets update the OpenId data, for this user.
if (user.OpenIds != null)
{
var existingProvider = user.OpenIds.SingleOrDefault(x => x.OpenIdProvider == openId.OpenIdProvider);
if (existingProvider != null)
{
user.OpenIds.Remove(existingProvider);
}
}
else
{
user.OpenIds = new List<OpenId>();
}
user.OpenIds.Add(openId);
}
else
{
// Ok. No user at all. We create one and store it.
user = new User
{
Username = userName,
Email = email,
Id = null,
FullName = fullName,
CreationDate = DateTimeOffset.Now,
IsActive = true,
OAuthData = new List<OAuthData>(),
OpenIds = new List<OpenId>(),
FavoriteTags = new List<string> { "ravendb", "c#", "asp.net-mvc3" } // obviously this needs to be changed....
};
if (hasOpenId)
{
// add the openid
user.OpenIds.Add(openId);
}
// set the user's password
HashPassword.SetPassword(ref user, password);
}
DocumentSession.Store(user);
DocumentSession.SaveChanges();
return user;
}
