Esempio n. 1
0
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SuperAdminRequirement requirement)
        {
            IConfiguration configuration = _serviceProvider.GetService <IConfiguration>();

            if (context.User != null)
            {
                if (context.User.Identity != null)
                {
                    bool isSuperAdmin = _claimsService.IsSuperAdmin(context);
                    if (isSuperAdmin)
                    {
                        context.Succeed(requirement);
                    }
                }
                else
                {
                    Console.WriteLine("CONTEXT.USER.IDENTITY IS NULL!");
                }
            }
            else
            {
                Console.WriteLine("CONTEXT.USER IS NULL!");
            }

            return(Task.CompletedTask);
        }
Esempio n. 2
0
        public bool IsAuthorized(Item item, AppUser user)
        {
            if (item.CreatedBy == user.Id)
            {
                return(true);
            }

            if (_claimsService.IsSuperAdmin(user.UserName))
            {
                return(true);
            }

            return(false);
        }
Esempio n. 3
0
        //[ValidateAntiForgeryToken]
        public async Task <IActionResult> Login([FromBody] LoginViewModel model)
        {
            if (!this.ValidateRecaptcha(model.Recaptcha))
            {
                return(BadRequest(Errors.AddErrorToModelState("Recaptcha", "Please verify that you are not a robot.", ModelState)));
            }

            if (ModelState.IsValid)
            {
                model.Username = model.Username.ToLowerInvariant();

                // Require the user to have a confirmed email before they can log on.
                var user = await _userManager.FindByNameAsync(model.Username);

                if (user != null)
                {
                    if (!await _userManager.IsEmailConfirmedAsync(user))
                    {
                        ModelState.AddModelError(string.Empty,
                                                 "You must have a confirmed email to sign in.");
                        return(BadRequest(Errors.AddErrorToModelState("Email", "You must have a confirmed email to sign in.", ModelState)));
                    }
                }

                // This doesn't count login failures towards account lockout
                // To enable password failures to trigger account lockout, set lockoutOnFailure: true
                var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberMe, lockoutOnFailure : false);

                if (result.Succeeded)
                {
                    HttpContext.User = await _userClaimsPrincipalFactory.CreateAsync(user);

                    var tokens = _antiforgery.GetAndStoreTokens(HttpContext);

                    var identity = _jwtFactory.GenerateClaimsIdentity(model.Username, user.Id);
                    var tenant   = string.Empty;
                    if (_configuration["DomainAsTenant"] == "y")
                    {
                        tenant = user.Tenant;
                        if (string.IsNullOrEmpty(tenant))
                        {
                            tenant = this.GetUserDomain(user.Email);
                        }
                    }

                    var profile = await _contentItemRepository.CreateProfileIfNotExists(
                        tenant,
                        user.Id,
                        user.UserName,
                        user.Email);

                    bool isSuperAdmin = _claimsService.IsSuperAdmin(user.UserName);
                    bool isAdmin      = (_claimsService.IsAdmin(HttpContext.User) || isSuperAdmin);
                    _logger.LogInformation(1, "User logged in.");
                    var jwt = await Tokens.GenerateJwt(
                        identity,
                        _jwtFactory,
                        user.UserName,
                        tenant,
                        user.Email,
                        isAdmin,
                        isSuperAdmin,
                        _jwtOptions,
                        new JsonSerializerSettings { Formatting = Formatting.Indented }
                        );

                    return(new OkObjectResult(jwt));
                }

                if (result.RequiresTwoFactor)
                {
                    //return RedirectToAction(nameof(SendCode), new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
                }

                if (result.IsLockedOut)
                {
                    string message = "User account locked out.";
                    _logger.LogWarning(2, message);
                    return(BadRequest(Errors.AddErrorToModelState("Email", message, ModelState)));
                }

                if (result.IsNotAllowed)
                {
                    string message = "User account is not allowed to sign in.";
                    _logger.LogWarning(2, message);
                    return(BadRequest(Errors.AddErrorToModelState("Email", message, ModelState)));
                }

                return(BadRequest(Errors.AddErrorToModelState("", "Sign in failed.", ModelState)));
            }

            // If we got this far, something failed, redisplay form
            return(BadRequest(Errors.AddErrorToModelState("", "", ModelState)));
        }
Esempio n. 4
0
 public bool IsSuperAdmin()
 {
     return(_claimsService.IsSuperAdmin(_httpContextAccessor.HttpContext.User));
 }