public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
var sub = context.Subject.GetSubjectId();
var user = await GetUserAsync(sub);
using (_db.SetTenantFilterValue(user.TenantId))
{
var principal = await _claimsFactory.CreateAsync(user);
context.AddRequestedClaims(principal.Claims);
}
context.AddRequestedClaims(new[]
{
new Claim(ApplicationClaimTypes.TenantId, user.TenantId?.ToString() ?? "")
});
}
public void NotSeedExistingTasks()
{
//Given
using (_db.SetTenantFilterValue(1))
{
var task = new Task {
Name = "Test Task", TenantId = 1
};
_db.Tasks.Add(task);
_db.SaveChanges();
//When
_dbInitializer.Initialize();
//Then
Assert.Collection(_db.Tasks,
dbTask => Assert.Same(task, dbTask)
);
}
}
public async Task <IActionResult> Login(LoginInputModel model, string button)
{
// check if we are in the context of an authorization request
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
// the user clicked the "cancel" button
if (button != "login")
{
if (context != null)
{
// if the user cancels, send a result back into IdentityServer as if they
// denied the consent (even if this client does not require consent).
// this will send back an access denied OIDC error response to the client.
await _interaction.GrantConsentAsync(context, ConsentResponse.Denied);
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return(View("Redirect", new RedirectViewModel {
RedirectUrl = model.ReturnUrl
}));
}
return(Redirect(model.ReturnUrl));
}
else
{
// since we don't have a valid context, then we just go back to the home page
return(Redirect("~/"));
}
}
if (ModelState.IsValid)
{
int?tenantId = null;
if (model.TenantName != null)
{
var tenant = _db.Tenants.FirstOrDefault(x => x.Name == model.TenantName);
if (tenant == null)
{
ModelState.AddModelError("", "Invalid tenant name");
return(View(await BuildLoginViewModelAsync(model)));
}
tenantId = tenant.Id;
}
_db.SetTenantFilterValue(tenantId);
var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password,
model.RememberLogin, lockoutOnFailure : true);
if (result.Succeeded)
{
var user = await _userManager.FindByNameAsync(model.Username);
await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName));
if (context != null)
{
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return(View("Redirect", new RedirectViewModel {
RedirectUrl = model.ReturnUrl
}));
}
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
return(Redirect(model.ReturnUrl));
}
// request for a local page
if (Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
else if (string.IsNullOrEmpty(model.ReturnUrl))
{
return(Redirect("~/"));
}
else
{
// user might have clicked on a malicious link - should be logged
throw new Exception("invalid return URL");
}
}
await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials"));
ModelState.AddModelError("", AccountOptions.InvalidCredentialsErrorMessage);
}
// something went wrong, show form with error
var vm = await BuildLoginViewModelAsync(model);
return(View(vm));
}
public ReactAdvantageMutation(
ReactAdvantageContext db,
UserManager <User> userManager,
RoleManager <Role> roleManager,
IDbInitializer dbInitializer
)
{
_db = db;
_userManager = userManager;
Field <TenantType>(
"addTenant",
arguments: new QueryArguments(
new QueryArgument <NonNullGraphType <TenantInputType> > {
Name = "tenant"
},
new QueryArgument <NonNullGraphType <UserInputType> > {
Name = "adminUser"
}
),
resolve: context =>
{
context.GetUserContext().EnsureIsInRole(RoleNames.HostAdministrator);
var tenantInput = context.GetArgument <Tenant>("tenant");
//tenantInput.Id = 0;
var tenant = new Tenant();
tenant.UpdateValuesFrom(tenantInput);
db.Add(tenant);
db.SaveChanges();
dbInitializer.SeedTenantRoles(tenant.Id);
using (_db.SetTenantFilterValue(tenant.Id))
{
var adminUser = context.GetArgument <UserInput>("adminUser");
adminUser.UserName = "******";
adminUser.TenantId = tenant.Id;
adminUser.IsActive = true;
adminUser.Roles = adminUser.Roles ?? new List <string>();
adminUser.Roles.Add(RoleNames.Administrator);
AddUser(adminUser);
_userManager.AddToRoleAsync(adminUser, RoleNames.Administrator).GetAwaiter().GetResult();
}
return(tenant);
});
Field <TenantType>(
"editTenant",
arguments: new QueryArguments(
new QueryArgument <NonNullGraphType <TenantInputType> > {
Name = "tenant"
}
),
resolve: context =>
{
context.GetUserContext().EnsureIsInRole(RoleNames.HostAdministrator);
var tenantInput = context.GetArgument <Tenant>("tenant");
var entity = db.Tenants.Find(tenantInput.Id);
entity.UpdateValuesFrom(tenantInput);
db.SaveChanges();
return(tenantInput);
});
Field <UserType>(
"addUser",
arguments: new QueryArguments(
new QueryArgument <NonNullGraphType <UserInputType> > {
Name = "user"
}
),
resolve: context =>
{
context.GetUserContext().EnsureIsInEitherRole(RoleNames.HostAdministrator, RoleNames.Administrator);
var userInput = context.GetArgument <UserInput>("user");
userInput.SetTenantIdOrThrow(context);
var userDto = AddUser(userInput);
return(userDto);
});
Field <UserType>(
"editUser",
arguments: new QueryArguments(
new QueryArgument <NonNullGraphType <UserInputType> > {
Name = "user"
}
),
resolve: context =>
{
var userInput = context.GetArgument <UserInput>("user");
var userContext = context.GetUserContext();
var isAdmin = userContext.IsInRole(RoleNames.HostAdministrator) ||
userContext.IsInRole(RoleNames.Administrator);
var isEditingSelf = userContext.Id == userInput.Id;
if (!isAdmin && !isEditingSelf)
{
throw new ExecutionError($"Unauthorized. You have to be a member of {RoleNames.HostAdministrator}"
+ $" or {RoleNames.Administrator} role to be able to edit any user,"
+ $" otherwise you can only edit your own user (id: {userContext.Id}).");
}
if (!isAdmin && userInput.Roles != null)
{
throw new ExecutionError($"Unauthorized. You have to be a member of {RoleNames.HostAdministrator}"
+ $" or {RoleNames.Administrator} role to be able to change user roles.");
}
var userDto = EditUser(userInput);
return(userDto);
});
Field <RoleType>(
"addRole",
arguments: new QueryArguments(
new QueryArgument <NonNullGraphType <RoleInputType> > {
Name = "role"
}
),
resolve: context =>
{
context.GetUserContext().EnsureIsInEitherRole(RoleNames.HostAdministrator, RoleNames.Administrator);
var role = context.GetArgument <Role>("role");
role.Id = null;
role.IsStatic = false;
role.SetTenantIdOrThrow(context);
roleManager.CreateAsync(role).GetAwaiter().GetResult();
return(role);
});
Field <RoleType>(
"editRole",
arguments: new QueryArguments(
new QueryArgument <NonNullGraphType <RoleInputType> > {
Name = "role"
}
),
resolve: context =>
{
var roleInput = context.GetArgument <Role>("role");
context.GetUserContext().EnsureIsInEitherRole(RoleNames.HostAdministrator, RoleNames.Administrator);
var role = roleManager.FindByIdAsync(roleInput.Id).GetAwaiter().GetResult();
if (role.IsStatic)
{
throw new ExecutionError("You can't edit static roles");
}
role.UpdateValuesFrom(roleInput);
roleManager.UpdateAsync(role).GetAwaiter().GetResult().ThrowOnError();
return(role);
});
Field <ProjectType>(
"addProject",
arguments: new QueryArguments(
new QueryArgument <NonNullGraphType <ProjectInputType> > {
Name = "project"
}
),
resolve: context =>
{
var project = context.GetArgument <Project>("project");
project.Id = 0;
project.SetTenantIdOrThrow(context);
db.Add(project);
db.SaveChanges();
return(project);
});
Field <ProjectType>(
"editProject",
arguments: new QueryArguments(
new QueryArgument <NonNullGraphType <ProjectInputType> > {
Name = "project"
}
),
resolve: context =>
{
var project = context.GetArgument <Project>("project");
var entity = db.Projects.Find(project.Id);
entity.UpdateValuesFrom(project);
db.SaveChanges();
return(project);
});
Field <TaskType>(
"addTask",
arguments: new QueryArguments(
new QueryArgument <NonNullGraphType <TaskInputType> > {
Name = "task"
}
),
resolve: context =>
{
var task = context.GetArgument <Task>("task");
task.Id = 0;
task.SetTenantIdOrThrow(context);
db.Add(task);
db.SaveChanges();
return(task);
});
Field <TaskType>(
"editTask",
arguments: new QueryArguments(
new QueryArgument <NonNullGraphType <TaskInputType> > {
Name = "task"
}
),
resolve: context =>
{
var task = context.GetArgument <Task>("task");
var entity = db.Tasks.Find(task.Id);
entity.UpdateValuesFrom(task);
db.SaveChanges();
return(task);
});
}