public async Task <AuthenticationResponse> PostRegSysAuthenticationRequest( [FromBody] RegSysAuthenticationRequest request) { return((await _authenticationHandler.AuthorizeViaRegSys(request)) .Transient403(HttpContext)); }
public async Task <AuthenticationResponse> AuthorizeViaRegSys(RegSysAuthenticationRequest request) { AuthenticationResult authenticationResult = null; foreach (var provider in _authenticationProviders) { var providerResult = await provider.ValidateRegSysAuthenticationRequestAsync(request); if (providerResult.IsAuthenticated) { authenticationResult = providerResult; break; } } if (authenticationResult == null) { _logger.LogWarning(LogEvents.Audit, "Authentication failed for {Username} {RegNo}", request.Username, request.RegNo); return(null); } var uid = $"RegSys:{_conventionSettings.ConventionNumber}:{authenticationResult.RegNo}"; var identityRecord = await _regSysIdentityRepository.FindOneAsync(a => a.Uid == uid); if (identityRecord == null) { identityRecord = new RegSysIdentityRecord { Id = Guid.NewGuid(), Uid = uid, Roles = new List <string>() { "Attendee" } }; await _regSysIdentityRepository.InsertOneAsync(identityRecord); } if (!String.IsNullOrWhiteSpace(request.AccessToken)) { var accessToken = await _regSysAccessTokenRepository.FindOneAsync(a => a.Token == request.AccessToken); if (accessToken != null && !accessToken.ClaimedAtDateTimeUtc.HasValue) { identityRecord.Roles = identityRecord.Roles .Concat(accessToken.GrantRoles) .Distinct() .ToArray(); accessToken.ClaimedByUid = identityRecord.Uid; accessToken.ClaimedAtDateTimeUtc = DateTime.UtcNow; await _regSysAccessTokenRepository.ReplaceOneAsync(accessToken); } } identityRecord.Username = authenticationResult.Username; await _regSysIdentityRepository.ReplaceOneAsync(identityRecord); var claims = new List <Claim> { new Claim(ClaimTypes.Name, uid), new Claim(ClaimTypes.GivenName, authenticationResult.Username), new Claim(ClaimTypes.PrimarySid, authenticationResult.RegNo.ToString()), new Claim(ClaimTypes.GroupSid, _conventionSettings.ConventionNumber.ToString()), new Claim(ClaimTypes.System, "RegSys") }; claims.AddRange(identityRecord.Roles.Select(role => new Claim(ClaimTypes.Role, role))); var expiration = DateTime.UtcNow.Add(_authenticationSettings.DefaultTokenLifeTime); var token = _tokenFactory.CreateTokenFromClaims(claims, expiration); var response = new AuthenticationResponse { Uid = uid, Token = token, TokenValidUntil = expiration, Username = $"{authenticationResult.Username} ({authenticationResult.RegNo})" }; _logger.LogInformation(LogEvents.Audit, "Authentication successful for {Username} {RegNo} ({Uid}) via {Source}", authenticationResult.Username, authenticationResult.RegNo, response.Uid, authenticationResult.Source); return(response); }
public async Task <AuthenticationResponse> AuthorizeViaRegSys(RegSysAuthenticationRequest request) { AuthenticationResult authenticationResult = null; foreach (var provider in _authenticationProviders) { var providerResult = await provider.ValidateRegSysAuthenticationRequestAsync(request); if (providerResult.IsAuthenticated) { authenticationResult = providerResult; break; } } if (authenticationResult == null) { _logger.LogWarning("Authentication failed for {Username} {RegNo}", request.Username, request.RegNo); return(null); } var uid = $"RegSys:{_conventionSettings.ConventionNumber}:{authenticationResult.RegNo}"; var claims = new List <Claim> { new Claim(ClaimTypes.Name, uid), new Claim(ClaimTypes.GivenName, authenticationResult.Username), new Claim(ClaimTypes.PrimarySid, authenticationResult.RegNo.ToString()), new Claim(ClaimTypes.GroupSid, _conventionSettings.ConventionNumber.ToString()), new Claim(ClaimTypes.Role, "Attendee"), new Claim(ClaimTypes.System, "RegSys") }; var expiration = DateTime.UtcNow.Add(_authenticationSettings.DefaultTokenLifeTime); var token = _tokenFactory.CreateTokenFromClaims(claims, expiration); var response = new AuthenticationResponse { Uid = uid, Token = token, TokenValidUntil = expiration, Username = $"{authenticationResult.Username} ({authenticationResult.RegNo})" }; var identityRecord = await _regSysIdentityRepository.FindOneAsync(a => a.Uid == uid); if (identityRecord == null) { identityRecord = new RegSysIdentityRecord { Id = Guid.NewGuid(), Uid = uid }; await _regSysIdentityRepository.InsertOneAsync(identityRecord); } identityRecord.Username = authenticationResult.Username; await _regSysIdentityRepository.ReplaceOneAsync(identityRecord); _logger.LogInformation("Authentication successful for {Username} {RegNo} via {Source}", authenticationResult.Username, authenticationResult.RegNo, authenticationResult.Source); return(response); }
public async Task <AuthenticationResult> ValidateRegSysAuthenticationRequestAsync(RegSysAuthenticationRequest request) { bool isValid = await VerifyCredentialSetAsync(request.RegNo, request.Username, request.Password); return(isValid ? new AuthenticationResult { IsAuthenticated = true, RegNo = request.RegNo, Username = request.Username, Source = GetType().Name } : new AuthenticationResult { IsAuthenticated = false, Source = GetType().Name }); }
public async Task <AuthenticationResult> ValidateRegSysAuthenticationRequestAsync(RegSysAuthenticationRequest request) { var result = new AuthenticationResult { Source = GetType().Name, IsAuthenticated = false }; var alternativePin = (await _regSysAlternativePinRepository.FindAllAsync(a => a.RegNo == request.RegNo)) .SingleOrDefault(); if (alternativePin != null && request.Password == alternativePin.Pin) { result.IsAuthenticated = true; result.RegNo = alternativePin.RegNo; result.Username = alternativePin.NameOnBadge; alternativePin.PinConsumptionDatesUtc.Add(DateTime.UtcNow); await _regSysAlternativePinRepository.ReplaceOneAsync(alternativePin); } return(result); }