public Fido2LinkFlow(IServiceProvider serviceProvider) : base(serviceProvider, FlowType.Fido2Link)
{
// 1.Starting 2.AcceptStart
AddStartingTransitions(StepType.Fido2Authorize);
// 3. Fido2Authorize (link)
AddHandler <Fido2LinkTransitionHandler, TransitionInput <string> >((_, item) =>
FrontendBehavior.CreateSuccessFinish(item.ChallengeType));
}
public RecoveryWithPinFlow(IServiceProvider serviceProvider, IOwnIdCoreConfiguration coreConfiguration) : base(
serviceProvider, FlowType.RecoverWithPin, coreConfiguration)
{
// 1.Starting 2.PinApprovalStatus 3.AcceptStart
AddStartingTransitionsWithPin <RecoverAcceptStartTransitionHandler>(StepType.Recover);
// 4. Recover
AddHandler <RecoveryTransitionHandler, TransitionInput <JwtContainer> >((_, item) =>
FrontendBehavior.CreateSuccessFinish(item.ChallengeType));
}
public LinkWithPinFlow(IServiceProvider serviceProvider, IOwnIdCoreConfiguration ownIdCoreConfiguration) : base(
serviceProvider, FlowType.LinkWithPin, ownIdCoreConfiguration)
{
// 1.Starting 2.PinApprovalStatus 3.AcceptStart
AddStartingTransitionsWithPin(StepType.Link);
// 4. Link
AddHandler <LinkBaseTransitionHandler, TransitionInput <JwtContainer> >((_, item) =>
FrontendBehavior.CreateSuccessFinish(item.ChallengeType));
}
private FrontendBehavior NavigateToEnterPasscode(TransitionInput <AcceptStartRequest> input,
CacheItem relatedItem)
{
return(new(StepType.EnterPasscode, relatedItem.ChallengeType,
GetNextBehaviorFunc(input, relatedItem))
{
AlternativeBehavior = new FrontendBehavior(StepType.ResetPasscode, relatedItem.ChallengeType,
new CallAction(UrlProvider.GetResetPasscodeUrl(relatedItem.Context),
HttpMethod.Delete.ToString()))
});
private async Task <FrontendBehavior> NavigateToPasswordlessPageAsync(TransitionInput <AcceptStartRequest> input,
CacheItem relatedItem)
{
await _verifyFido2CredentialIdCommand.ExecuteAsync(relatedItem);
var fido2Url = UrlProvider.GetFido2Url(relatedItem.Context, relatedItem.RequestToken,
input.CultureInfo?.Name);
return(FrontendBehavior.CreateRedirect(fido2Url));
}
private FrontendBehavior OnSuccess(TransitionInput <string> _, CacheItem item)
{
var challengeType = item.ChallengeType;
if (item.ChallengeType == ChallengeType.Register && item.InitialChallengeType == ChallengeType.Login)
{
challengeType = ChallengeType.LinkOnLogin;
}
return(FrontendBehavior.CreateSuccessFinish(challengeType));
}
protected ITransitionResult CreateErrorResponse(ITransitionInput input, ErrorType errorType)
{
var composeInfo = new BaseJwtComposeInfo(input)
{
Behavior = FrontendBehavior.CreateError(errorType)
};
var jwt = JwtComposer.GenerateFinalStepJwt(composeInfo);
return(new JwtContainer(jwt));
}
private FrontendBehavior OnSuccess <T>(TransitionInput <T> _, CacheItem item)
{
var challengeType = item.ChallengeType;
if (item.ChallengeType == ChallengeType.Register && item.InitialChallengeType == ChallengeType.Login &&
!CoreConfiguration.LoginOnlyEnabled)
{
challengeType = ChallengeType.LinkOnLogin;
}
return(FrontendBehavior.CreateSuccessFinish(challengeType));
}
private async Task <ITransitionResult> FinishAuthProcessAsync(UserIdentitiesData userData, CacheItem relatedItem,
TransitionInput <JwtContainer> input)
{
await _savePartialConnectionCommand.ExecuteAsync(userData, relatedItem);
var composeInfo = new BaseJwtComposeInfo(input)
{
Behavior = FrontendBehavior.CreateSuccessFinish(relatedItem.ChallengeType)
};
var jwt = JwtComposer.GenerateFinalStepJwt(composeInfo);
return(new StateResult(jwt, _cookieService.CreateAuthCookies(relatedItem)));
}
public RecoveryFlow(IServiceProvider serviceProvider, IOwnIdCoreConfiguration coreConfiguration) : base(
serviceProvider, FlowType.Recover, coreConfiguration)
{
// 1. Starting
AddHandler <StartFlowTransitionHandler, TransitionInput <StartRequest> >((input, item) =>
GetReferenceToExistingStep(StepType.AcceptStart, input.Context, item.ChallengeType));
// 2. AcceptStart
AddHandler <RecoverAcceptStartTransitionHandler, TransitionInput <AcceptStartRequest> >((input, item) =>
{
var next = GetReferenceToExistingStep(StepType.Recover, input.Context, item.ChallengeType);
return(TryAddFido2DisclaimerToBehavior(input, item, next));
});
// 3. Recover
AddHandler <RecoveryTransitionHandler, TransitionInput <JwtContainer> >((_, item) =>
FrontendBehavior.CreateSuccessFinish(item.ChallengeType));
}
private async Task <ITransitionResult> SwitchConnectionAuthTypeAsync(CacheItem relatedItem,
TransitionInput <JwtContainer> input, bool supportsFido2, string publicKey)
{
relatedItem.NewAuthType
= supportsFido2 && _configuration.Fido2.IsEnabled
? ConnectionAuthType.Fido2
: ConnectionAuthType.Passcode;
var composeInfo = new BaseJwtComposeInfo(input)
{
EncKey = relatedItem.EncKey,
EncVector = relatedItem.EncVector
};
switch (relatedItem.NewAuthType)
{
case ConnectionAuthType.Passcode:
composeInfo.Behavior = new FrontendBehavior(StepType.EnterPasscode, relatedItem.ChallengeType,
GetNextBehaviorFunc(input, relatedItem))
{
AlternativeBehavior = new FrontendBehavior(StepType.ResetPasscode, relatedItem.ChallengeType,
new CallAction(UrlProvider.GetResetPasscodeUrl(relatedItem.Context),
HttpMethod.Delete.ToString()))
};
break;
case ConnectionAuthType.Fido2:
{
await _cacheItemRepository.UpdateAsync(relatedItem.Context, item => item.OldPublicKey = publicKey);
var fido2Url = UrlProvider.GetFido2Url(relatedItem.Context, relatedItem.RequestToken,
input.CultureInfo?.Name);
composeInfo.Behavior = FrontendBehavior.CreateRedirect(fido2Url);
break;
}
default:
throw new ArgumentOutOfRangeException();
}
var jwt = JwtComposer.GenerateBaseStepJwt(composeInfo);
return(new StateResult(jwt, _cookieService.CreateAuthCookies(relatedItem)));
}
protected FrontendBehavior TryAddFido2DisclaimerToBehavior(TransitionInput <AcceptStartRequest> input,
CacheItem relatedItem, FrontendBehavior expectedBehavior)
{
if (CoreConfiguration.TFAEnabled && CoreConfiguration.Fido2FallbackBehavior == Fido2FallbackBehavior.Basic &&
!input.Data.SupportsFido2 &&
relatedItem.ChallengeType != ChallengeType.Login)
{
return new FrontendBehavior(StepType.Fido2Disclaimer, relatedItem.ChallengeType, expectedBehavior)
{
AlternativeBehavior = GetReferenceToExistingStep(StepType.Stopped, relatedItem.Context,
relatedItem.ChallengeType)
}
}
;
return(expectedBehavior);
}
}
private Dictionary <string, object> GetStepBehavior(FrontendBehavior nextFrontendBehavior)
{
if (nextFrontendBehavior.Error != null && nextFrontendBehavior.Type != StepType.Error)
{
throw new ArgumentException(
$"{nameof(nextFrontendBehavior.Error)} can be supplied only if {nameof(nextFrontendBehavior.Type)} is '{nameof(StepType.Error)}'",
nameof(nextFrontendBehavior));
}
if (nextFrontendBehavior.Error == null && nextFrontendBehavior.Type == StepType.Error)
{
throw new ArgumentException(
$"{nameof(nextFrontendBehavior.Error)} must be provided if {nameof(nextFrontendBehavior.Type)} is '{nameof(StepType.Error)}'",
nameof(nextFrontendBehavior));
}
var stepType = nextFrontendBehavior.Type.ToString();
var actionType = nextFrontendBehavior.ActionType.ToString();
var stepDict = new Dictionary <string, object>
{
{ "type", stepType.First().ToString().ToLowerInvariant() + stepType.Substring(1) },
{ "actionType", actionType.First().ToString().ToLowerInvariant() + actionType.Substring(1) }
};
if (nextFrontendBehavior.Error != null)
{
stepDict.Add("error", nextFrontendBehavior.Error.ToString().ToCamelCase());
}
else
{
stepDict.Add("challengeType", nextFrontendBehavior.ChallengeType.ToString().ToLowerInvariant());
}
if (nextFrontendBehavior.Polling != null)
{
stepDict.Add("polling", new
{
url = nextFrontendBehavior.Polling.Url.ToString(),
method = nextFrontendBehavior.Polling.Method,
interval = nextFrontendBehavior.Polling.Interval
});
}
if (nextFrontendBehavior.Callback != null)
{
stepDict.Add("callback", new
{
url = nextFrontendBehavior.Callback.Url,
method = nextFrontendBehavior.Callback.Method
});
}
if (nextFrontendBehavior.NextBehavior != null)
{
stepDict.Add("nextBehavior", GetStepBehavior(nextFrontendBehavior.NextBehavior));
}
if (nextFrontendBehavior.AlternativeBehavior != null)
{
stepDict.Add("alternativeBehavior", GetStepBehavior(nextFrontendBehavior.AlternativeBehavior));
}
return(stepDict);
}
