public async Task <APIResponse> Confirm([FromBody] ConfirmModel model) { // validate if (BaseValidableModel.IsInvalid(model, out var errFields)) { return(APIResponse.BadRequest(errFields)); } var user = (DAL.Models.Identity.User)null; var agent = GetUserAgentInfo(); var userLocale = GetUserLocale(); // check token if (!await JWT.IsValid( appConfig: AppConfig, jwtToken: model.Token, expectedAudience: JwtAudience.Cabinet, expectedArea: Common.JwtArea.Registration, validStamp: async(jwt, id) => { user = await UserManager.FindByNameAsync(id); return(""); } ) || user == null) { return(APIResponse.BadRequest(nameof(model.Token), "Invalid token")); } if (!user.EmailConfirmed) { user.EmailConfirmed = true; await DbContext.SaveChangesAsync(); } return(APIResponse.Success()); }
public async Task <UserInfo> GetUserInfo(string callbackUrl, string oauthState, string oauthCode) { if (string.IsNullOrWhiteSpace(oauthCode)) { throw new ArgumentException("Empty oauth code"); } if (!await JWT.IsValid( appConfig: _appConfig, jwtToken: oauthState, expectedAudience: JwtAudience.Cabinet, expectedArea: JwtArea.OAuth, validStamp: (jwt, id) => Task.FromResult("")) ) { throw new ArgumentException("Invalid oauth state"); } var raw = ""; var tokenUrl = "https://accounts.google.com/o/oauth2/token"; var infoUrl = "https://www.googleapis.com/oauth2/v1/userinfo"; // get access token var atParams = new Parameters() .Set("code", oauthCode) .Set("client_secret", _clientSecret) .Set("client_id", _clientId) .Set("redirect_uri", callbackUrl) .Set("grant_type", "authorization_code") ; var atResult = new Dictionary <string, string>(); using (var atRequest = new Request(null)) { await atRequest .AcceptJson() .BodyForm(atParams) .OnResult(async(res) => { raw = await res.ToRawString(); if (res.GetHttpStatus() == System.Net.HttpStatusCode.OK) { Json.ParseInto(raw, atResult); } else { throw new Exception("Status not 200 #1"); } }) .SendPost(tokenUrl) ; } if (!atResult.ContainsKey("access_token")) { throw new Exception("Access token is empty"); } // query info var infoParams = new Parameters() .Set("access_token", atResult["access_token"]) .Set("token_type", atResult["token_type"]) ; var infoResult = new Dictionary <string, string>(); using (var req = new Request(null)) { await req .AcceptJson() .Query(infoParams) .OnResult(async(res) => { raw = await res.ToRawString(); if (res.GetHttpStatus() == System.Net.HttpStatusCode.OK) { Json.ParseInto(raw, infoResult); } else { throw new Exception("Status not 200 #2"); } }) .SendGet(infoUrl) ; } // extract if (!infoResult.ContainsKey("id") || !infoResult.ContainsKey("email")) { throw new Exception("User info is empty"); } return(new UserInfo() { Id = infoResult["id"], Email = infoResult["email"], }); }