public ActionResult Go() { _GiceConfig.CallbackUrl = Url.Action("callback", "gice", null, protocol: "https").ToLower(); //Create a state and save to session string newState = Util.RandomString(6); HttpContext.Session.SetString("state", newState); GiceClientv2 gice = new GiceClientv2(_GiceConfig); // Request Authentication from GICE. return(Redirect(gice.GenerateRequestUrl(newState))); }
public async Task <IActionResult> Callback(string code, string state) { // Verify a code and state query parameter was returned. if (code == null || state == null) { _Logger.LogWarning("GICE Callback Error: One or more of the query parameters are missing. State: {0}. Code: {1}", state, code); return(StatusCode(452)); } // Verify the state to protect against CSRF attacks. if (HttpContext.Session.GetString("state") != state) { _Logger.LogWarning("GICE Callback Error: Invalid state returned."); HttpContext.Session.Remove("state"); return(StatusCode(452)); } // Clear the state session HttpContext.Session.Remove("state"); // Set the callback URL _GiceConfig.CallbackUrl = Url.Action("Callback", "Gice", null, "https").ToLower(); GiceClientv2 gice = new GiceClientv2(_GiceConfig); Dictionary <string, string> ClaimsDict = gice.VerifyCode(code); if (ClaimsDict.Count == 0) { _Logger.LogWarning("GICE Callback Error: The JwtVerify method failed."); return(StatusCode(452)); } // Do we have an account for this GSF User? int gice_id = int.Parse(ClaimsDict["sub"]); var waitlist_account = await _Db.Accounts.FindAsync(gice_id); if (waitlist_account != null) { // Update and save user account waitlist_account.Name = ClaimsDict["name"]; waitlist_account.LastLogin = DateTime.UtcNow; waitlist_account.LastLoginIP = _RequestorIP.MapToIPv4().ToString(); await _Db.SaveChangesAsync(); } else { // User doesn't exist, create a new account waitlist_account = new Account() { Id = gice_id, Name = ClaimsDict["name"], RegisteredAt = DateTime.UtcNow, JabberNotifications = true, LastLogin = DateTime.UtcNow, LastLoginIP = _RequestorIP.MapToIPv4().ToString() }; await _Db.AddAsync(waitlist_account); await _Db.SaveChangesAsync(); } // Attempt to log the user in await LoginUserUsingId(waitlist_account.Id); _Logger.LogDebug("{0} has logged in.", ClaimsDict["name"]); return(Redirect("~/pilot-select")); }