private IActionResult ValidateOktaUserRole()
{
string UserName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("preferred_username").Value;
PayoutUser payoutUser = _userManager.FindByEmailAsync(UserName).Result;
if (payoutUser != null)
{
try
{
string OktaUserId = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault();
string UserRole = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId, _optionOktaKeys.APIKey).Keys.FirstOrDefault();
var IsInRoleResult = _userManager.IsInRoleAsync(payoutUser, UserRole).Result;
if (!IsInRoleResult)
{
SetUserRole(new UserRoleViewModel {
Username = payoutUser.Email, Role = UserRole
});
}
}
catch
{
return(Ok("NotInGroup"));
}
}
return(BadRequest());
}
public async Task <IActionResult> DeleteRole([FromBody] PayoutRole model)
{
try
{
PayoutRole payoutRole = await _roleManager.FindByNameAsync(model.Name);
var resultDel = await _roleManager.DeleteAsync(payoutRole);
if (resultDel.Succeeded)
{
if (OktaRequests.DeleteGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, model.Name))
{
return(Ok(resultDel));
}
}
foreach (var error in resultDel.Errors)
{
ModelState.AddModelError("error", error.Description);
}
}
catch (Exception ex)
{
_logger.LogError($"error while deleting Role: {ex}");
return(StatusCode((int)HttpStatusCode.InternalServerError, "error while deleting Role: " + ex.Message));
}
return(BadRequest());
}
public async Task <IActionResult> CreateUser([FromBody] PayoutUser model)
{
try
{
PayoutUser payoutUser = await _userManager.FindByEmailAsync(model.Email);
if (payoutUser == null)
{
model.UserName = model.Email;
model.IsDisabled = false;
IdentityResult chkUser = await _userManager.CreateAsync(model);
if (chkUser.Succeeded)
{
if (model.IsOkta == true)
{
payoutUser = _userManager.FindByEmailAsync(model.Email).Result;
OktaRequests.CreateUserInOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, payoutUser);
}
else
{
string code = _userManager.GenerateEmailConfirmationTokenAsync(model).Result;
//code = System.Web.HttpUtility.UrlEncode(code);
var callbackUrl = Url.Action(
"ConfirmEmail", "Account",
new { userId = model.Id, code = code },
protocol: Request.Scheme);
string Body = string.Format(@"Please confirm your account by clicking this
<a href=""{0}"">link</a>", callbackUrl);
Helpers.SendEmail(_optionMailCredentials, model.Email, "Payout RS - password confirmation message", Body);
}
return(Ok(chkUser));
}
foreach (var error in chkUser.Errors)
{
ModelState.AddModelError("error", error.Description);
}
}
else
{
ModelState.AddModelError("error", "Username already exist");
return(BadRequest(ModelState));
}
}
catch (Exception ex)
{
_logger.LogError($"error while creating User: {ex}");
return(StatusCode((int)HttpStatusCode.InternalServerError, "error while creating User: " + ex.Message));
}
return(BadRequest());
}
public IActionResult SetUserRole([FromBody] UserRoleViewModel objUserRoleViewModel)
{
try
{
PayoutUser payoutUser = _userManager.FindByEmailAsync(objUserRoleViewModel.Username).Result;
var roles = _userManager.GetRolesAsync(payoutUser).Result;
var result = _userManager.RemoveFromRolesAsync(payoutUser, roles.ToArray()).Result;
Dictionary <string, string> OktaUserId = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, objUserRoleViewModel.Username);
if (objUserRoleViewModel.IsOkta)
{
Dictionary <string, string> GroupsUser = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId.FirstOrDefault().Value, _optionOktaKeys.APIKey);
foreach (string GroupId in GroupsUser.Values)
{
if (!OktaRequests.RemoveUserFromGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, GroupId, OktaUserId.FirstOrDefault().Value))
{
return(StatusCode((int)HttpStatusCode.InternalServerError, "error unassigning role from user in Okta"));
}
}
}
result = _userManager.AddToRoleAsync(payoutUser, objUserRoleViewModel.Role).Result;
if (objUserRoleViewModel.IsOkta)
{
string OktaGroup = OktaRequests.GetGroupIdFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, objUserRoleViewModel.Role);
if (!OktaRequests.AddUserToGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, OktaGroup, OktaUserId.FirstOrDefault().Value))
{
return(StatusCode((int)HttpStatusCode.InternalServerError, "error while setting role to user in Okta"));
}
}
if (result.Succeeded)
{
return(Ok(result));
}
foreach (var error in result.Errors)
{
ModelState.AddModelError("error", error.Description);
}
}
catch (Exception ex)
{
_logger.LogError($"error while setting role to user: {ex}");
return(StatusCode((int)HttpStatusCode.InternalServerError, "error while setting role to user: " + ex.Message));
}
return(BadRequest());
}
public async Task <IActionResult> CreateRole([FromBody] PayoutRole model)
{
try
{
bool x = await _roleManager.RoleExistsAsync(model.Name);
if (!x)
{
var role = new PayoutRole();
model.IsDisabled = false;
IdentityResult chkRole = await _roleManager.CreateAsync(model);
if (chkRole.Succeeded)
{
if (model.Name.ToLower().Contains("payout"))
{
if (OktaRequests.AddGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, model.Name))
{
string GroupId = OktaRequests.GetGroupIdFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, model.Name);
if (GroupId != "")
{
if (OktaRequests.AssignGroupToApp(_optionOktaKeys.URL, _optionOktaKeys.APIKey, GroupId, _optionOktaKeys.ClientId))
{
return(Ok(chkRole));
}
}
}
}
}
foreach (var error in chkRole.Errors)
{
ModelState.AddModelError("error", error.Description);
}
}
else
{
ModelState.AddModelError("error", "Role already exist");
return(BadRequest(ModelState));
}
}
catch (Exception ex)
{
_logger.LogError($"error while creating Role: {ex}");
return(StatusCode((int)HttpStatusCode.InternalServerError, "error while creating Role: " + ex.Message));
}
return(BadRequest());
}
public async Task <IActionResult> CreateToken()
{
try
{
string UserName = "";
string OktaUserId = "";
string UserRole = "";
if (System.Threading.Thread.CurrentPrincipal != null && ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).Claims.Count() > 0)
{
UserName = ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).FindFirst("preferred_username").Value;
UserRole = ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).Claims.Where(x => x.Type.Contains("identity/claims/role")).Select(x => x.Value).FirstOrDefault();
}
else
{
UserName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("preferred_username").Value;
}
PayoutUser user = await _userManager.FindByNameAsync(UserName);
if (((ClaimsIdentity)HttpContext.User.Identity).Claims.Count() > 0)
{
OktaUserId = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault();
UserRole = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId, _optionOktaKeys.APIKey).Keys.FirstOrDefault();
if (user == null)
{
user = new PayoutUser();
user.Email = UserName;
user.UserName = UserName;
user.FirstName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("given_name").Value;
user.LastName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("family_name").Value;
var result = CreateUserFromOkta(user, UserRole).Result;
}
}
var userClaims = await _userManager.GetClaimsAsync(user);
return(Redirect(CreateToken(user, UserRole).Result));
}
catch (Exception ex)
{
_logger.LogError($"error while creating token: {ex}");
return(StatusCode((int)HttpStatusCode.InternalServerError, "error while creating token"));
}
}
public IActionResult ChangeOktaUserGroups(string UserName, bool IsChecked = false)
{
//string IdProvider = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault();
Dictionary <string, string> OktaGroupsFromUser = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, UserName, _optionOktaKeys.APIKey);
Dictionary <string, string> OktaUser = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserName);
if (OktaUser.Count == 0)
{
PayoutUser User = _userManager.FindByEmailAsync(UserName).Result;
OktaRequests.CreateUserInOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, User);
OktaUser = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserName);
}
foreach (KeyValuePair <string, string> UserRole in OktaGroupsFromUser)
{
if (!OktaRequests.RemoveUserFromGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserRole.Value, OktaUser.First().Value))
{
return(BadRequest());
}
}
if (IsChecked)
{
string RS_Role = _userManager.GetRolesAsync(_userManager.FindByEmailAsync(UserName).Result).Result.FirstOrDefault();
string OktaGroup = OktaRequests.GetGroupIdFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, RS_Role);
if (!OktaRequests.AddUserToGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, OktaGroup, OktaUser.First().Value))
{
return(BadRequest());
}
}
return(Ok());
}
