public async Task <IAuthenticatorResult> AuthenticateAsync(Guid userId, string providedApiKey)
{
if (providedApiKey == null)
{
throw new ArgumentNullException(nameof(providedApiKey));
}
var user = await _usersService.GetUser(userId);
if (user is null)
{
return(null);
}
if (!user.IsActive)
{
return(null);
}
var query = new BrowseAssignedMeans()
{
ResultsPerPage = 100, IsValid = true, Method = MeansMethod.ApiKey
};
ResultPage <AuthenticationMeansWithValue> resultPage;
do
{
resultPage = await _identityService.BrowseMeansAssignedToUser(userId, query);
query.CurrentPage++;
foreach (var password in resultPage.Items)
{
if (await Verify(password, password.Value, providedApiKey))
{
return(new AuthenticatorResult(userId, password.Id));
}
}
} while (resultPage.Items.Any() && resultPage.CurrentPage < resultPage.TotalPages);
return(null);
}
public async Task <IPagedResult <AuthenticationMeansWithValueDto> > BrowseMeansAssignedToPointOfSale(Guid posId, [FromQuery] BrowseAssignedMeans query) => await QueryAsync(new BrowseAssignedMeansToPointOfSale(query, posId));
public async Task <IPagedResult <AuthenticationMeansWithValueDto> > BrowseMeansAssignedToUser(Guid userId, [FromQuery] BrowseAssignedMeans query) => await QueryAsync(new BrowseAssignedMeansToUser(query, userId));
public async Task <ActionResult <IPagedResult <AuthenticationMeans> > > BrowseAssignedMeans(Guid id, [FromQuery] BrowseAssignedMeans query) => Collection(await _identityService.BrowseMeansAssignedToUserNoValue(id, query));
public async Task <ActionResult <IPagedResult <AuthenticationMeans> > > BrowseApiKeys(Guid id, [FromQuery] BrowseAssignedMeans query)
{
query.Method = MeansMethod.ApiKey;
return(Collection(await _identityService.BrowseMeansAssignedToUserNoValue(id, query)));
}
public async Task <ActionResult> SetPassword(Guid id, SetPasswordDto pwDto, [FromServices] IMeansValueHasher pwHasher)
{
var userId = id;
if ((await _usersService.GetUser(userId)) is null)
{
throw new BaristaException("user_not_found", $"Could not find user with ID '{userId}'");
}
var passwordPage = await _identityService.BrowseMeansAssignedToUser(userId, new BrowseAssignedMeans { IsValid = true, Method = MeansMethod.Password, ResultsPerPage = 1 });
if (passwordPage.TotalResults == 1)
{
var means = passwordPage.Items.Single();
return(await SendAndHandleOperationCommand(new UpdateAuthenticationMeansValue(means.Id, pwHasher.Hash(pwDto.NewPassword))));
}
else if (passwordPage.TotalResults > 1)
{
_logger.LogWarning("The user {userId} has more than one password authentication means assigned. They will be purged before the new password is set.", userId);
int deletedPasswordMeans;
var query = new BrowseAssignedMeans {
IsValid = true, Method = MeansMethod.Password
};
do
{
deletedPasswordMeans = 0;
var passwordMeansPage = await _identityService.BrowseMeansAssignedToUser(userId, query);
foreach (var passwordMeans in passwordMeansPage.Items)
{
await Publisher.SendRequest(new DeleteAuthenticationMeans(passwordMeans.Id));
_logger.LogInformation("Purged one of multiple passwords assigned to user {userId} with means ID {meansId}", userId, passwordMeans.Id);
deletedPasswordMeans++;
}
} while (deletedPasswordMeans > 0);
}
var meansCreation = await Publisher.SendRequest <ICreateAuthenticationMeans, IIdentifierResult>(
new CreateAuthenticationMeans(Guid.NewGuid(), null, MeansMethod.Password, pwHasher.Hash(pwDto.NewPassword), DateTimeOffset.UtcNow, null)
);
if (!meansCreation.Successful)
{
throw meansCreation.ToException();
}
var meansAssignment = await Publisher.SendRequest <ICreateAssignmentToUser, IIdentifierResult>(
new CreateAssignmentToUser(Guid.NewGuid(), meansCreation.Id.Value, DateTimeOffset.UtcNow, null, userId, false)
);
if (!meansAssignment.Successful)
{
throw meansAssignment.ToException();
}
return(Ok());
}
public async Task <ActionResult <IPagedResult <AuthenticationMeans> > > BrowseApiKeys(Guid id, [FromQuery] BrowseAssignedMeans query)
{
await _authLoader.AssertResourceAccessAsync(User, id, IsOwnerPolicy.Instance);
query.Method = MeansMethod.ApiKey;
return(Collection(await _idService.BrowseMeansAssignedToPointOfSaleNoValue(id, query)));
}