public async Task <APIResponse> Confirm([FromBody] ConfirmModel model)
{
// validate
if (BaseValidableModel.IsInvalid(model, out var errFields))
{
return(APIResponse.BadRequest(errFields));
}
var user = (DAL.Models.Identity.User)null;
var agent = GetUserAgentInfo();
var userLocale = GetUserLocale();
// check token
if (!await JWT.IsValid(
appConfig: AppConfig,
jwtToken: model.Token,
expectedAudience: JwtAudience.Cabinet,
expectedArea: Common.JwtArea.Registration,
validStamp: async(jwt, id) => {
user = await UserManager.FindByNameAsync(id);
return("");
}
) || user == null)
{
return(APIResponse.BadRequest(nameof(model.Token), "Invalid token"));
}
if (!user.EmailConfirmed)
{
user.EmailConfirmed = true;
await DbContext.SaveChangesAsync();
}
return(APIResponse.Success());
}
public async Task <UserInfo> GetUserInfo(string callbackUrl, string oauthState, string oauthCode)
{
if (string.IsNullOrWhiteSpace(oauthCode))
{
throw new ArgumentException("Empty oauth code");
}
if (!await JWT.IsValid(
appConfig: _appConfig,
jwtToken: oauthState,
expectedAudience: JwtAudience.Cabinet,
expectedArea: JwtArea.OAuth,
validStamp: (jwt, id) => Task.FromResult(""))
)
{
throw new ArgumentException("Invalid oauth state");
}
var raw = "";
var tokenUrl = "https://accounts.google.com/o/oauth2/token";
var infoUrl = "https://www.googleapis.com/oauth2/v1/userinfo";
// get access token
var atParams = new Parameters()
.Set("code", oauthCode)
.Set("client_secret", _clientSecret)
.Set("client_id", _clientId)
.Set("redirect_uri", callbackUrl)
.Set("grant_type", "authorization_code")
;
var atResult = new Dictionary <string, string>();
using (var atRequest = new Request(null)) {
await atRequest
.AcceptJson()
.BodyForm(atParams)
.OnResult(async(res) => {
raw = await res.ToRawString();
if (res.GetHttpStatus() == System.Net.HttpStatusCode.OK)
{
Json.ParseInto(raw, atResult);
}
else
{
throw new Exception("Status not 200 #1");
}
})
.SendPost(tokenUrl)
;
}
if (!atResult.ContainsKey("access_token"))
{
throw new Exception("Access token is empty");
}
// query info
var infoParams = new Parameters()
.Set("access_token", atResult["access_token"])
.Set("token_type", atResult["token_type"])
;
var infoResult = new Dictionary <string, string>();
using (var req = new Request(null)) {
await req
.AcceptJson()
.Query(infoParams)
.OnResult(async(res) => {
raw = await res.ToRawString();
if (res.GetHttpStatus() == System.Net.HttpStatusCode.OK)
{
Json.ParseInto(raw, infoResult);
}
else
{
throw new Exception("Status not 200 #2");
}
})
.SendGet(infoUrl)
;
}
// extract
if (!infoResult.ContainsKey("id") || !infoResult.ContainsKey("email"))
{
throw new Exception("User info is empty");
}
return(new UserInfo()
{
Id = infoResult["id"],
Email = infoResult["email"],
});
}
