public AuthenticationResult ChallengePassword(ResetPasswordQueryParams resetPasswordQueryParams)
{
RespondToAuthChallengeRequest authChallengeRequest = new RespondToAuthChallengeRequest
{
ChallengeName = ChallengeNameType.NEW_PASSWORD_REQUIRED,
ChallengeResponses = new Dictionary <string, string>
{
{ "NEW_PASSWORD", resetPasswordQueryParams.Password },
{ "USERNAME", resetPasswordQueryParams.Email }
},
ClientId = _connectionInfo.ClientId,
Session = resetPasswordQueryParams.Session
};
var authResult = new AuthenticationResult();
try
{
var authResp = _provider.RespondToAuthChallengeAsync(authChallengeRequest).Result;
authResult.AccessToken = authResp.AuthenticationResult.AccessToken;
authResult.IdToken = authResp.AuthenticationResult.IdToken;
authResult.RefreshToken = authResp.AuthenticationResult.RefreshToken;
authResult.TokenType = authResp.AuthenticationResult.TokenType;
authResult.ExpiresIn = authResp.AuthenticationResult.ExpiresIn;
authResult.Success = true;
}
catch (Exception e)
{
LoggingHandler.LogError(e.Message);
LoggingHandler.LogError(e.StackTrace);
throw;
}
return(authResult);
}
public LoginUserQueryParam ChangePassword(ResetPasswordQueryParams changePasswordParams)
{
var userPool = new CognitoUserPool(_connectionInfo.UserPoolId, _connectionInfo.ClientId, _provider);
var cognitoUser = new CognitoUser(changePasswordParams.Email, _connectionInfo.ClientId, userPool, _provider);
try
{
AuthFlowResponse authResponse = null;
authResponse = cognitoUser.StartWithSrpAuthAsync(new InitiateSrpAuthRequest()
{
Password = changePasswordParams.Password
}).Result;
while (authResponse.AuthenticationResult == null)
{
if (authResponse.ChallengeName == ChallengeNameType.NEW_PASSWORD_REQUIRED)
{
authResponse =
cognitoUser.RespondToNewPasswordRequiredAsync(new RespondToNewPasswordRequiredRequest()
{
SessionID = authResponse.SessionID,
NewPassword = changePasswordParams.NewPassword,
}).Result;
}
}
if (authResponse.AuthenticationResult != null)
{
LoggingHandler.LogInfo("User successfully authenticated.");
var loginParams = new LoginUserQueryParam();
loginParams.Email = changePasswordParams.Email;
loginParams.Password = changePasswordParams.NewPassword;
return(loginParams);
}
else
{
LoggingHandler.LogError("Error in authentication process.");
}
}
catch (AggregateException e)
{
e.Handle((x) =>
{
if (x is NotAuthorizedException) // This we know how to handle.
{
LoggingHandler.LogInfo("Authentication Gateway: Invalid credentials provided.");
return(true);
}
if (x is UserNotFoundException) // This we know how to handle.
{
LoggingHandler.LogInfo("Authentication Gateway: User not found.");
return(true);
}
return(false); // Let anything else stop the application.
});
}
return(null);
}
public void ResetPassword(ResetPasswordQueryParams resetPasswordQueryParams)
{
ForgotPasswordRequest fpRequest = new ForgotPasswordRequest
{
ClientId = _connectionInfo.ClientId,
Username = resetPasswordQueryParams.Email
};
_provider.ForgotPasswordAsync(fpRequest).Wait();
}
public void AdminChangePassword(ResetPasswordQueryParams resetPasswordQueryParams)
{
AdminSetUserPasswordRequest adminSetUserPasswordRequest = new AdminSetUserPasswordRequest
{
Password = resetPasswordQueryParams.Password,
Username = resetPasswordQueryParams.Email,
UserPoolId = _connectionInfo.UserPoolId,
Permanent = true
};
var response = _provider.AdminSetUserPasswordAsync(adminSetUserPasswordRequest).Result;
}
public void ConfirmResetPassword(ResetPasswordQueryParams resetPasswordQueryParams)
{
ConfirmForgotPasswordRequest cfpRequest = new ConfirmForgotPasswordRequest
{
ClientId = _connectionInfo.ClientId,
Username = resetPasswordQueryParams.Email,
Password = resetPasswordQueryParams.Password,
ConfirmationCode = resetPasswordQueryParams.Code
};
_provider.ConfirmForgotPasswordAsync(cfpRequest).Wait();
}
public IActionResult ConfirmResetPassword([FromBody] ResetPasswordQueryParams queryParam)
{
try
{
_authenticateUseCase.ExecutePasswordRecoveryConfirmation(queryParam);
return(Ok());
}
catch (UseCaseException e)
{
return(BadRequest(e));
}
}
public IActionResult ConfirmInvitation([FromBody] ResetPasswordQueryParams userConfirmRequest)
{
LoginUserResponse response;
try
{
response = _authenticateUseCase.ExecuteFirstLogin(userConfirmRequest, HttpContext.Connection.RemoteIpAddress.ToString());
}
catch (UseCaseException e)
{
return(BadRequest(e));
}
return(Accepted(response));
}
public void ExecutePasswordRecoveryConfirmation(ResetPasswordQueryParams queryParams)
{
try
{
_authenticateGateway.ConfirmResetPassword(queryParams);
}
catch (Exception e)
{
LoggingHandler.LogError(e.Message);
LoggingHandler.LogError(e.StackTrace);
throw new UseCaseException()
{
UserErrorMessage = "Unable to execute password recovery confirmation"
};
}
}
public LoginUserResponse ExecuteFirstLogin(ResetPasswordQueryParams loginParams, string ipAddress)
{
if (string.IsNullOrWhiteSpace(loginParams.Email))
{
throw new UseCaseException()
{
UserErrorMessage = "Could not login as the email address was invalid"
}
}
;
if (string.IsNullOrWhiteSpace(loginParams.Password))
{
throw new UseCaseException()
{
UserErrorMessage = "Could not login as the password was invalid"
}
}
;
var loginResult = _authenticateGateway.ChangePassword(loginParams);
if (loginResult == null)
{
throw new UseCaseException()
{
UserErrorMessage = "Could not login as the email and/or password was invalid"
}
}
;
loginResult.IpAddress = ipAddress;
var user = _usersGateway.GetUserByEmail(loginParams.Email, UserStatus.Invited);
_usersGateway.SetUserStatus(user, UserStatus.Active);
var loginResponse = CreateLoginSession(loginResult, user);
return(loginResponse);
}
LoginUserResponse CreateLoginSession(LoginUserQueryParam loginParams, UserDomain user)
{
var timestamp = DateTime.UtcNow;
var sessionId = Guid.NewGuid().ToString();
LoggingHandler.LogInfo(loginParams.IpAddress);
LoggingHandler.LogInfo(user.Id.ToString());
Session session = new Session()
{
IpAddress = loginParams.IpAddress,
CreatedAt = timestamp,
LastAccessAt = timestamp,
UserId = user.Id,
Payload = sessionId,
};
_sessionsGateway.AddSession(session);
return(new LoginUserResponse()
{
AccessToken = sessionId
});
}
