public async Task GetProfileDataAsync(ProfileDataRequestContext context) { var sub = context.Subject.GetSubjectId(); var user = await GetUserAsync(sub); using (_db.SetTenantFilterValue(user.TenantId)) { var principal = await _claimsFactory.CreateAsync(user); context.AddRequestedClaims(principal.Claims); } context.AddRequestedClaims(new[] { new Claim(ApplicationClaimTypes.TenantId, user.TenantId?.ToString() ?? "") }); }
public void NotSeedExistingTasks() { //Given using (_db.SetTenantFilterValue(1)) { var task = new Task { Name = "Test Task", TenantId = 1 }; _db.Tasks.Add(task); _db.SaveChanges(); //When _dbInitializer.Initialize(); //Then Assert.Collection(_db.Tasks, dbTask => Assert.Same(task, dbTask) ); } }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // the user clicked the "cancel" button if (button != "login") { if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null if (await _clientStore.IsPkceClientAsync(context.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); } return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } if (ModelState.IsValid) { int?tenantId = null; if (model.TenantName != null) { var tenant = _db.Tenants.FirstOrDefault(x => x.Name == model.TenantName); if (tenant == null) { ModelState.AddModelError("", "Invalid tenant name"); return(View(await BuildLoginViewModelAsync(model))); } tenantId = tenant.Id; } _db.SetTenantFilterValue(tenantId); var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberLogin, lockoutOnFailure : true); if (result.Succeeded) { var user = await _userManager.FindByNameAsync(model.Username); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName)); if (context != null) { if (await _clientStore.IsPkceClientAsync(context.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); } // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } else if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } else { // user might have clicked on a malicious link - should be logged throw new Exception("invalid return URL"); } } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials")); ModelState.AddModelError("", AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public ReactAdvantageMutation( ReactAdvantageContext db, UserManager <User> userManager, RoleManager <Role> roleManager, IDbInitializer dbInitializer ) { _db = db; _userManager = userManager; Field <TenantType>( "addTenant", arguments: new QueryArguments( new QueryArgument <NonNullGraphType <TenantInputType> > { Name = "tenant" }, new QueryArgument <NonNullGraphType <UserInputType> > { Name = "adminUser" } ), resolve: context => { context.GetUserContext().EnsureIsInRole(RoleNames.HostAdministrator); var tenantInput = context.GetArgument <Tenant>("tenant"); //tenantInput.Id = 0; var tenant = new Tenant(); tenant.UpdateValuesFrom(tenantInput); db.Add(tenant); db.SaveChanges(); dbInitializer.SeedTenantRoles(tenant.Id); using (_db.SetTenantFilterValue(tenant.Id)) { var adminUser = context.GetArgument <UserInput>("adminUser"); adminUser.UserName = "******"; adminUser.TenantId = tenant.Id; adminUser.IsActive = true; adminUser.Roles = adminUser.Roles ?? new List <string>(); adminUser.Roles.Add(RoleNames.Administrator); AddUser(adminUser); _userManager.AddToRoleAsync(adminUser, RoleNames.Administrator).GetAwaiter().GetResult(); } return(tenant); }); Field <TenantType>( "editTenant", arguments: new QueryArguments( new QueryArgument <NonNullGraphType <TenantInputType> > { Name = "tenant" } ), resolve: context => { context.GetUserContext().EnsureIsInRole(RoleNames.HostAdministrator); var tenantInput = context.GetArgument <Tenant>("tenant"); var entity = db.Tenants.Find(tenantInput.Id); entity.UpdateValuesFrom(tenantInput); db.SaveChanges(); return(tenantInput); }); Field <UserType>( "addUser", arguments: new QueryArguments( new QueryArgument <NonNullGraphType <UserInputType> > { Name = "user" } ), resolve: context => { context.GetUserContext().EnsureIsInEitherRole(RoleNames.HostAdministrator, RoleNames.Administrator); var userInput = context.GetArgument <UserInput>("user"); userInput.SetTenantIdOrThrow(context); var userDto = AddUser(userInput); return(userDto); }); Field <UserType>( "editUser", arguments: new QueryArguments( new QueryArgument <NonNullGraphType <UserInputType> > { Name = "user" } ), resolve: context => { var userInput = context.GetArgument <UserInput>("user"); var userContext = context.GetUserContext(); var isAdmin = userContext.IsInRole(RoleNames.HostAdministrator) || userContext.IsInRole(RoleNames.Administrator); var isEditingSelf = userContext.Id == userInput.Id; if (!isAdmin && !isEditingSelf) { throw new ExecutionError($"Unauthorized. You have to be a member of {RoleNames.HostAdministrator}" + $" or {RoleNames.Administrator} role to be able to edit any user," + $" otherwise you can only edit your own user (id: {userContext.Id})."); } if (!isAdmin && userInput.Roles != null) { throw new ExecutionError($"Unauthorized. You have to be a member of {RoleNames.HostAdministrator}" + $" or {RoleNames.Administrator} role to be able to change user roles."); } var userDto = EditUser(userInput); return(userDto); }); Field <RoleType>( "addRole", arguments: new QueryArguments( new QueryArgument <NonNullGraphType <RoleInputType> > { Name = "role" } ), resolve: context => { context.GetUserContext().EnsureIsInEitherRole(RoleNames.HostAdministrator, RoleNames.Administrator); var role = context.GetArgument <Role>("role"); role.Id = null; role.IsStatic = false; role.SetTenantIdOrThrow(context); roleManager.CreateAsync(role).GetAwaiter().GetResult(); return(role); }); Field <RoleType>( "editRole", arguments: new QueryArguments( new QueryArgument <NonNullGraphType <RoleInputType> > { Name = "role" } ), resolve: context => { var roleInput = context.GetArgument <Role>("role"); context.GetUserContext().EnsureIsInEitherRole(RoleNames.HostAdministrator, RoleNames.Administrator); var role = roleManager.FindByIdAsync(roleInput.Id).GetAwaiter().GetResult(); if (role.IsStatic) { throw new ExecutionError("You can't edit static roles"); } role.UpdateValuesFrom(roleInput); roleManager.UpdateAsync(role).GetAwaiter().GetResult().ThrowOnError(); return(role); }); Field <ProjectType>( "addProject", arguments: new QueryArguments( new QueryArgument <NonNullGraphType <ProjectInputType> > { Name = "project" } ), resolve: context => { var project = context.GetArgument <Project>("project"); project.Id = 0; project.SetTenantIdOrThrow(context); db.Add(project); db.SaveChanges(); return(project); }); Field <ProjectType>( "editProject", arguments: new QueryArguments( new QueryArgument <NonNullGraphType <ProjectInputType> > { Name = "project" } ), resolve: context => { var project = context.GetArgument <Project>("project"); var entity = db.Projects.Find(project.Id); entity.UpdateValuesFrom(project); db.SaveChanges(); return(project); }); Field <TaskType>( "addTask", arguments: new QueryArguments( new QueryArgument <NonNullGraphType <TaskInputType> > { Name = "task" } ), resolve: context => { var task = context.GetArgument <Task>("task"); task.Id = 0; task.SetTenantIdOrThrow(context); db.Add(task); db.SaveChanges(); return(task); }); Field <TaskType>( "editTask", arguments: new QueryArguments( new QueryArgument <NonNullGraphType <TaskInputType> > { Name = "task" } ), resolve: context => { var task = context.GetArgument <Task>("task"); var entity = db.Tasks.Find(task.Id); entity.UpdateValuesFrom(task); db.SaveChanges(); return(task); }); }