public async Task <IAuthenticatorResult> AuthenticateAsync(Guid userId, string providedApiKey)
        {
            if (providedApiKey == null)
            {
                throw new ArgumentNullException(nameof(providedApiKey));
            }

            var user = await _usersService.GetUser(userId);

            if (user is null)
            {
                return(null);
            }

            if (!user.IsActive)
            {
                return(null);
            }

            var query = new BrowseAssignedMeans()
            {
                ResultsPerPage = 100, IsValid = true, Method = MeansMethod.ApiKey
            };
            ResultPage <AuthenticationMeansWithValue> resultPage;

            do
            {
                resultPage = await _identityService.BrowseMeansAssignedToUser(userId, query);

                query.CurrentPage++;

                foreach (var password in resultPage.Items)
                {
                    if (await Verify(password, password.Value, providedApiKey))
                    {
                        return(new AuthenticatorResult(userId, password.Id));
                    }
                }
            } while (resultPage.Items.Any() && resultPage.CurrentPage < resultPage.TotalPages);

            return(null);
        }
 public async Task <IPagedResult <AuthenticationMeansWithValueDto> > BrowseMeansAssignedToPointOfSale(Guid posId, [FromQuery] BrowseAssignedMeans query)
 => await QueryAsync(new BrowseAssignedMeansToPointOfSale(query, posId));
 public async Task <IPagedResult <AuthenticationMeansWithValueDto> > BrowseMeansAssignedToUser(Guid userId, [FromQuery] BrowseAssignedMeans query)
 => await QueryAsync(new BrowseAssignedMeansToUser(query, userId));
Exemple #4
0
 public async Task <ActionResult <IPagedResult <AuthenticationMeans> > > BrowseAssignedMeans(Guid id, [FromQuery] BrowseAssignedMeans query)
 => Collection(await _identityService.BrowseMeansAssignedToUserNoValue(id, query));
Exemple #5
0
 public async Task <ActionResult <IPagedResult <AuthenticationMeans> > > BrowseApiKeys(Guid id, [FromQuery] BrowseAssignedMeans query)
 {
     query.Method = MeansMethod.ApiKey;
     return(Collection(await _identityService.BrowseMeansAssignedToUserNoValue(id, query)));
 }
Exemple #6
0
        public async Task <ActionResult> SetPassword(Guid id, SetPasswordDto pwDto, [FromServices] IMeansValueHasher pwHasher)
        {
            var userId = id;

            if ((await _usersService.GetUser(userId)) is null)
            {
                throw new BaristaException("user_not_found", $"Could not find user with ID '{userId}'");
            }

            var passwordPage = await _identityService.BrowseMeansAssignedToUser(userId, new BrowseAssignedMeans { IsValid = true, Method = MeansMethod.Password, ResultsPerPage = 1 });

            if (passwordPage.TotalResults == 1)
            {
                var means = passwordPage.Items.Single();
                return(await SendAndHandleOperationCommand(new UpdateAuthenticationMeansValue(means.Id, pwHasher.Hash(pwDto.NewPassword))));
            }
            else if (passwordPage.TotalResults > 1)
            {
                _logger.LogWarning("The user {userId} has more than one password authentication means assigned. They will be purged before the new password is set.", userId);

                int deletedPasswordMeans;
                var query = new BrowseAssignedMeans {
                    IsValid = true, Method = MeansMethod.Password
                };

                do
                {
                    deletedPasswordMeans = 0;

                    var passwordMeansPage = await _identityService.BrowseMeansAssignedToUser(userId, query);

                    foreach (var passwordMeans in passwordMeansPage.Items)
                    {
                        await Publisher.SendRequest(new DeleteAuthenticationMeans(passwordMeans.Id));

                        _logger.LogInformation("Purged one of multiple passwords assigned to user {userId} with means ID {meansId}", userId, passwordMeans.Id);
                        deletedPasswordMeans++;
                    }
                } while (deletedPasswordMeans > 0);
            }

            var meansCreation = await Publisher.SendRequest <ICreateAuthenticationMeans, IIdentifierResult>(
                new CreateAuthenticationMeans(Guid.NewGuid(), null, MeansMethod.Password, pwHasher.Hash(pwDto.NewPassword), DateTimeOffset.UtcNow, null)
                );

            if (!meansCreation.Successful)
            {
                throw meansCreation.ToException();
            }

            var meansAssignment = await Publisher.SendRequest <ICreateAssignmentToUser, IIdentifierResult>(
                new CreateAssignmentToUser(Guid.NewGuid(), meansCreation.Id.Value, DateTimeOffset.UtcNow, null, userId, false)
                );

            if (!meansAssignment.Successful)
            {
                throw meansAssignment.ToException();
            }

            return(Ok());
        }
        public async Task <ActionResult <IPagedResult <AuthenticationMeans> > > BrowseApiKeys(Guid id, [FromQuery] BrowseAssignedMeans query)
        {
            await _authLoader.AssertResourceAccessAsync(User, id, IsOwnerPolicy.Instance);

            query.Method = MeansMethod.ApiKey;
            return(Collection(await _idService.BrowseMeansAssignedToPointOfSaleNoValue(id, query)));
        }