Esempio n. 1
0
        private async Task LogIn(IDialogContext context, IMessageActivity msg, string resourceId)
        {
            try
            {
                string token = await context.GetAccessToken(resourceId);

                if (string.IsNullOrEmpty(token))
                {
                    if (msg.Text != null &&
                        CancellationWords.GetCancellationWords().Contains(msg.Text.ToUpper()))
                    {
                        context.Done(string.Empty);
                    }
                    else
                    {
                        var resumptionCookie = new ResumptionCookie(msg);

                        var authenticationUrl = await AzureActiveDirectoryHelper.GetAuthUrlAsync(resumptionCookie, resourceId);

                        await context.PostAsync($"You must be authenticated before you can proceed. Please, click [here]({authenticationUrl}) to log into your account.");

                        context.Wait(this.MessageReceivedAsync);
                    }
                }
                else
                {
                    context.Done(string.Empty);
                }
            }
            catch (Exception ex)
            {
                throw ex;
            }
        }
Esempio n. 2
0
        private async Task LogIn(IDialogContext context, IMessageActivity msg, string[] scopes)
        {
            try
            {
                string token = await context.GetAccessToken(scopes);

                if (string.IsNullOrEmpty(token))
                {
                    if (msg.Text != null &&
                        CancellationWords.GetCancellationWords().Contains(msg.Text.ToUpper()))
                    {
                        context.Done(string.Empty);
                    }
                    else
                    {
                        var resumptionCookie = new ResumptionCookie(msg);

                        var authenticationUrl = await AzureActiveDirectoryHelper.GetAuthUrlAsync(resumptionCookie, scopes);

                        if (msg.ChannelId == "skype")
                        {
                            IMessageActivity response = context.MakeMessage();
                            response.Recipient = msg.From;
                            response.Type      = "message";

                            response.Attachments = new List <Attachment>();
                            List <CardAction> cardButtons = new List <CardAction>();
                            CardAction        plButton    = new CardAction()
                            {
                                Value = authenticationUrl,
                                Type  = "signin",
                                Title = "Authentication Required"
                            };

                            cardButtons.Add(plButton);
                            SigninCard plCard = new SigninCard(this.prompt, new List <CardAction>()
                            {
                                plButton
                            });
                            Attachment plAttachment = plCard.ToAttachment();
                            response.Attachments.Add(plAttachment);
                            await context.PostAsync(response);
                        }
                        else
                        {
                            await context.PostAsync(this.prompt + "[Click here](" + authenticationUrl + ")");
                        }
                        context.Wait(this.MessageReceivedAsync);
                    }
                }
                else
                {
                    context.Done(string.Empty);
                }
            }catch (Exception ex)
            {
                throw ex;
            }
        }
        /// <summary>
        /// Checks if we are able to get an access token. If not, we prompt for a login
        /// </summary>
        /// <param name="context"></param>
        /// <param name="msg"></param>
        /// <returns></returns>
        protected virtual async Task CheckForLogin(IDialogContext context, IMessageActivity msg)
        {
            try
            {
                string token;
                if (resourceId != null)
                {
                    token = await context.GetAccessToken(resourceId);
                }
                else
                {
                    token = await context.GetAccessToken(scopes);
                }

                if (string.IsNullOrEmpty(token))
                {
                    if (msg.Text != null &&
                        CancellationWords.GetCancellationWords().Contains(msg.Text.ToUpper()))
                    {
                        context.Done(string.Empty);
                    }
                    else
                    {
                        var resumptionCookie = new ResumptionCookie(msg);

                        string authenticationUrl;
                        if (resourceId != null)
                        {
                            authenticationUrl = await AzureActiveDirectoryHelper.GetAuthUrlAsync(resumptionCookie, resourceId);
                        }
                        else
                        {
                            authenticationUrl = await AzureActiveDirectoryHelper.GetAuthUrlAsync(resumptionCookie, scopes);
                        }

                        await PromptToLogin(context, msg, authenticationUrl);

                        context.Wait(this.MessageReceivedAsync);
                    }
                }
                else
                {
                    context.Done(string.Empty);
                }
            }
            catch (Exception ex)
            {
                throw ex;
            }
        }
Esempio n. 4
0
        public async Task MessageReceivedAsync(IDialogContext context, IAwaitable <IMessageActivity> argument)
        {
            var msg = await argument;

            AuthResult authResult;
            string     validated   = "";
            int        magicNumber = 0;

            if (context.UserData.TryGetValue($"{this.authProvider.Name}{ContextConstants.AuthResultKey}", out authResult))
            {
                try
                {
                    //IMPORTANT: DO NOT REMOVE THE MAGIC NUMBER CHECK THAT WE DO HERE. THIS IS AN ABSOLUTE SECURITY REQUIREMENT
                    //REMOVING THIS WILL REMOVE YOUR BOT AND YOUR USERS TO SECURITY VULNERABILITIES.
                    //MAKE SURE YOU UNDERSTAND THE ATTACK VECTORS AND WHY THIS IS IN PLACE.
                    context.UserData.TryGetValue <string>($"{this.authProvider.Name}{ContextConstants.MagicNumberValidated}", out validated);
                    if (validated == "true")
                    {
                        context.Done(authResult);
                    }
                    else if (context.UserData.TryGetValue <int>($"{this.authProvider.Name}{ContextConstants.MagicNumberKey}", out magicNumber))
                    {
                        if (msg.Text == null)
                        {
                            await context.PostAsync($"Please paste back the number you received in your authentication screen.");

                            context.Wait(this.MessageReceivedAsync);
                        }
                        else
                        {
                            // handle at mentions in Teams
                            var text = msg.Text;
                            if (text.Contains("</at>"))
                            {
                                text = text.Substring(text.IndexOf("</at>") + 5).Trim();
                            }

                            if (text.Length >= 6 && magicNumber.ToString() == text.Substring(0, 6))
                            {
                                context.UserData.SetValue <string>($"{this.authProvider.Name}{ContextConstants.MagicNumberValidated}", "true");
                                await context.PostAsync($"Thanks {authResult.UserName}. You are now logged in. ");

                                context.Done(authResult);
                            }
                            else
                            {
                                context.UserData.RemoveValue($"{this.authProvider.Name}{ContextConstants.AuthResultKey}");
                                context.UserData.SetValue <string>($"{this.authProvider.Name}{ContextConstants.MagicNumberValidated}", "false");
                                context.UserData.RemoveValue($"{this.authProvider.Name}{ContextConstants.MagicNumberKey}");
                                await context.PostAsync($"I'm sorry but I couldn't validate your number. Please try authenticating once again. ");

                                context.Wait(this.MessageReceivedAsync);
                            }
                        }
                    }
                }
                catch
                {
                    context.UserData.RemoveValue($"{this.authProvider.Name}{ContextConstants.AuthResultKey}");
                    context.UserData.SetValue($"{this.authProvider.Name}{ContextConstants.MagicNumberValidated}", "false");
                    context.UserData.RemoveValue($"{this.authProvider.Name}{ContextConstants.MagicNumberKey}");
                    await context.PostAsync($"I'm sorry but something went wrong while authenticating.");

                    context.Done <AuthResult>(null);
                }
            }
            else
            {
                // Try to get token
                var token = await this.authProvider.GetAccessToken(this.authOptions, context);

                if (token != null)
                {
                    context.Done(token);
                }
                else
                {
                    if (msg.Text != null &&
                        CancellationWords.GetCancellationWords().Contains(msg.Text.ToUpper()))
                    {
                        context.Done <AuthResult>(null);
                    }
                    else
                    {
                        // Save authenticationOptions in UserData
                        context.UserData.SetValue <AuthenticationOptions>($"{this.authProvider.Name}{ContextConstants.AuthOptions}", this.authOptions);

                        // Get ConversationReference and combine with AuthProvider type for the callback
                        var    conversationRef   = context.Activity.ToConversationReference();
                        var    state             = getStateParam(conversationRef);
                        string authenticationUrl = await this.authProvider.GetAuthUrlAsync(this.authOptions, state);
                        await PromptToLogin(context, msg, authenticationUrl);

                        context.Wait(this.MessageReceivedAsync);
                    }
                }
            }
        }