private static ClaimsIdentity CreateIdentity(int accountId, string userName, ApplicationListItem[] apps)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, accountId.ToString(), ClaimValueTypes.Integer32),
new Claim(ClaimTypes.Name, userName, ClaimValueTypes.String)
};
foreach (var app in apps)
{
claims.Add(new Claim(OneTrueClaims.Application, app.Id.ToString(), ClaimValueTypes.Integer32));
claims.Add(new Claim(OneTrueClaims.ApplicationName, app.Name, ClaimValueTypes.String));
if (app.IsAdmin)
{
claims.Add(new Claim(OneTrueClaims.ApplicationAdmin, app.Id.ToString(), ClaimValueTypes.Integer32));
}
}
var roles = accountId == 1 ? new[] { OneTrueClaims.RoleSysAdmin } : new string[0];
var context = new PrincipalFactoryContext(accountId, userName, roles)
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
Claims = claims.ToArray()
};
return((ClaimsIdentity)PrincipalFactory.CreateAsync(context).Result.Identity);
}
#pragma warning disable 1998
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
#pragma warning restore 1998
{
var p = context.Principal as ClaimsPrincipal;
if (p != null && p.Identity.IsAuthenticated)
{
return;
}
IEnumerable <string> apiKeys;
IEnumerable <string> tokens;
if (!context.Request.Headers.TryGetValues("X-Api-Key", out apiKeys) ||
!context.Request.Headers.TryGetValues("X-Api-Signature", out tokens))
{
return;
}
using (var scope = GlobalConfiguration.Configuration.DependencyResolver.BeginScope())
{
var repos = (IApiKeyRepository)scope.GetService(typeof(IApiKeyRepository));
ApiKey key;
try
{
key = await repos.GetByKeyAsync(apiKeys.First());
}
catch (EntityNotFoundException)
{
context.ErrorResult = new AuthenticationFailureResult("Invalid/unknown API key", context.Request);
return;
}
var content = await context.Request.Content.ReadAsByteArrayAsync();
if (!key.ValidateSignature(tokens.First(), content))
{
context.ErrorResult =
new AuthenticationFailureResult(
"Body could not be signed by the shared secret. Verify your client configuration.",
context.Request);
return;
}
var claims = key.Claims;
var factoryContext = new PrincipalFactoryContext(0, key.GeneratedKey, new[] { CoderrClaims.RoleSystem })
{
AuthenticationType = "ApiKey",
Claims = claims
};
var principal = await PrincipalFactory.CreateAsync(factoryContext);
context.Principal = principal;
Thread.CurrentPrincipal = principal;
}
}
private bool AuthenticateUser(ITcpChannel channel, HttpRequest request)
{
if (channel.Data["Principal"] != null)
{
Thread.CurrentPrincipal = (IPrincipal)channel.Data["Principal"];
return(true);
}
try
{
var user = Authenticator.Authenticate(request);
if (user == null)
{
return(true);
}
if (PrincipalFactory != null)
{
var ctx = new PrincipalFactoryContext(request, user);
Thread.CurrentPrincipal = PrincipalFactory.Create(ctx);
channel.Data["Principal"] = Thread.CurrentPrincipal;
return(true);
}
var roles = user as IUserWithRoles;
if (roles == null)
{
throw new InvalidOperationException(
"You must specify a PrincipalFactory if you do not return a IUserWithRoles from your IAccountService.");
}
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(user.Username), roles.RoleNames);
channel.Data["Principal"] = Thread.CurrentPrincipal;
}
catch (HttpException ex)
{
if (Logger != null)
{
Logger("Authentication failed.\r\nException:\r\n" + ex.ToString());
}
var response = request.CreateResponse();
response.StatusCode = ex.HttpCode;
response.ReasonPhrase = FirstLine(ex.Message);
channel.Send(response);
return(false);
}
return(true);
}
/// <summary>
/// Execute the request and generate a reply.
/// </summary>
/// <param name="request">Request to execute</param>
/// <returns>
/// Task which will contain the reply once completed.
/// </returns>
public async Task <ActivateAccountReply> ExecuteAsync(ActivateAccount request)
{
var account = await _repository.FindByActivationKeyAsync(request.ActivationKey);
if (account == null)
{
throw new ArgumentOutOfRangeException("ActivationKey", request.ActivationKey,
"Key was not found.");
}
account.Activate();
await _repository.UpdateAsync(account);
var query = new GetApplicationList {
AccountId = account.Id
};
var apps = await _queryBus.QueryAsync(query);
var claims =
apps.Select(x => new Claim(OneTrueClaims.Application, x.Id.ToString(), ClaimValueTypes.Integer32))
.ToArray();
if (ClaimsPrincipal.Current.IsAccount(account.Id))
{
var context = new PrincipalFactoryContext(account.Id, account.UserName, new string[0])
{
Claims = claims
};
var identity = await PrincipalFactory.CreateAsync(context);
identity.AddUpdateCredentialClaim();
Thread.CurrentPrincipal = identity;
}
var evt = new AccountActivated(account.Id, account.UserName)
{
EmailAddress = account.Email
};
await _eventBus.PublishAsync(evt);
return(new ActivateAccountReply(account.Id, account.UserName));
}
/// <summary>
/// Create a new prinicpal
/// </summary>
/// <param name="context">Context used to identify the user.</param>
/// <returns>
/// Principal to use
/// </returns>
public IPrincipal Create(PrincipalFactoryContext context)
{
return new GenericPrincipal(new GenericIdentity(context.User.Username), new string[0]);
}
public async Task <AcceptInvitationReply> ExecuteAsync(AcceptInvitation request)
{
var invitation = await _repository.GetByInvitationKeyAsync(request.InvitationKey);
if (invitation == null)
{
_logger.Error("Failed to find invitation key" + request.InvitationKey);
return(null);
}
await _repository.DeleteAsync(request.InvitationKey);
Account account;
if (request.AccountId == 0)
{
account = new Account(request.UserName, request.Password);
account.SetVerifiedEmail(request.AcceptedEmail);
account.Activate();
account.Login(request.Password);
await _accountRepository.CreateAsync(account);
}
else
{
account = await _accountRepository.GetByIdAsync(request.AccountId);
account.SetVerifiedEmail(request.AcceptedEmail);
}
var inviter = await _accountRepository.FindByUserNameAsync(invitation.InvitedBy);
if (ClaimsPrincipal.Current.IsAccount(account.Id))
{
var claims = invitation.Invitations
.Select(
x => new Claim(OneTrueClaims.Application, x.ApplicationId.ToString(), ClaimValueTypes.Integer32))
.ToList();
var context = new PrincipalFactoryContext(account.Id, account.UserName, new string[0])
{
Claims = claims.ToArray(),
AuthenticationType = "Invite"
};
var principal = await PrincipalFactory.CreateAsync(context);
principal.AddUpdateCredentialClaim();
Thread.CurrentPrincipal = principal;
}
// Account have not been created before the invitation was accepted.
if (request.AccountId == 0)
{
await _eventBus.PublishAsync(new AccountRegistered(account.Id, account.UserName));
await _eventBus.PublishAsync(new AccountActivated(account.Id, account.UserName)
{
EmailAddress = account.Email
});
}
var e = new InvitationAccepted(account.Id, invitation.InvitedBy, account.UserName)
{
InvitedEmailAddress = invitation.EmailToInvitedUser,
AcceptedEmailAddress = request.AcceptedEmail,
ApplicationIds = invitation.Invitations.Select(x => x.ApplicationId).ToArray()
};
await _eventBus.PublishAsync(e);
return(new AcceptInvitationReply(account.Id, account.UserName));
}
/// <summary>
/// Create a new prinicpal
/// </summary>
/// <param name="context">Context used to identify the user.</param>
/// <returns>
/// Principal to use
/// </returns>
public IPrincipal Create(PrincipalFactoryContext context)
{
return(new GenericPrincipal(new GenericIdentity(context.User.Username), new string[0]));
}
