private async Task <LoginUserDetails> AssociateCredential(AuthenticatedUser user)
{
var result = await _authService.ReadExternalLoginCredential(OwinContext);
if (result.ExternalIdentity == null)
{
// User got here without an external login cookie (or an expired one)
// Send them to the logon action
return(null);
}
await _authService.AddCredential(user.User, result.Credential);
await RemovePasswordCredential(user.User);
// Notify the user of the change
var emailMessage = new CredentialAddedMessage(
_messageServiceConfiguration,
user.User,
_authService.DescribeCredential(result.Credential).GetCredentialTypeInfo());
await _messageService.SendMessageAsync(emailMessage);
return(new LoginUserDetails
{
AuthenticatedUser = new AuthenticatedUser(user.User, result.Credential),
UsedMultiFactorAuthentication = result.LoginDetails?.WasMultiFactorAuthenticated ?? false
});
}
public virtual async Task <JsonResult> GenerateApiKey(string description, string owner, string[] scopes = null, string[] subjects = null, int?expirationInDays = null)
{
if (string.IsNullOrWhiteSpace(description))
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(Strings.ApiKeyDescriptionRequired));
}
if (string.IsNullOrWhiteSpace(owner))
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(Strings.ApiKeyOwnerRequired));
}
// Get the owner scope
User scopeOwner = UserService.FindByUsername(owner);
if (scopeOwner == null)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(Strings.UserNotFound));
}
var resolvedScopes = BuildScopes(scopeOwner, scopes, subjects);
if (!VerifyScopes(resolvedScopes))
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(Strings.ApiKeyScopesNotAllowed));
}
// Set expiration
var expiration = TimeSpan.Zero;
if (_config.ExpirationInDaysForApiKeyV1 > 0)
{
expiration = TimeSpan.FromDays(_config.ExpirationInDaysForApiKeyV1);
if (expirationInDays.HasValue && expirationInDays.Value > 0)
{
expiration = TimeSpan.FromDays(Math.Min(expirationInDays.Value, _config.ExpirationInDaysForApiKeyV1));
}
}
var newCredentialViewModel = await GenerateApiKeyInternal(description, resolvedScopes, expiration);
var emailMessage = new CredentialAddedMessage(
_config,
GetCurrentUser(),
newCredentialViewModel.GetCredentialTypeInfo());
await MessageService.SendMessageAsync(emailMessage);
return(Json(new ApiKeyViewModel(newCredentialViewModel)));
}
public virtual async Task <ActionResult> ResetPassword(string username, string token, PasswordResetViewModel model, bool forgot)
{
// We don't want Login to have us as a return URL
// By having this value present in the dictionary BUT null, we don't put "returnUrl" on the Login link at all
ViewData[GalleryConstants.ReturnUrlViewDataKey] = null;
if (!ModelState.IsValid)
{
return(ResetPassword(forgot));
}
ViewBag.ForgotPassword = forgot;
Credential credential = null;
try
{
credential = await AuthenticationService.ResetPasswordWithToken(username, token, model.NewPassword);
}
catch (InvalidOperationException ex)
{
ModelState.AddModelError(string.Empty, ex.Message);
return(View(model));
}
ViewBag.ResetTokenValid = credential != null;
if (!ViewBag.ResetTokenValid)
{
ModelState.AddModelError(string.Empty, Strings.InvalidOrExpiredPasswordResetToken);
return(View(model));
}
if (credential != null && !forgot)
{
// Setting a password, so notify the user
var emailMessage = new CredentialAddedMessage(
_config,
credential.User,
AuthenticationService.DescribeCredential(credential).GetCredentialTypeInfo());
await MessageService.SendMessageAsync(emailMessage);
}
return(RedirectToAction("PasswordChanged"));
}
