protected override async Task <bool> PostJsonAsync(IOwinEnvironment context, IClient client, ContentType bodyContentType, CancellationToken cancellationToken)
{
var model = await PostBodyParser.ToModel <LoginPostModel>(context, bodyContentType, _logger, cancellationToken);
if (model.ProviderData != null)
{
return(await HandleSocialLogin(context, client, model, cancellationToken));
}
var jsonErrorHandler = new Func <string, CancellationToken, Task>((message, ct)
=> Error.Create(context, new BadRequest(message), ct));
bool missingLoginOrPassword = string.IsNullOrEmpty(model.Login) || string.IsNullOrEmpty(model.Password);
if (missingLoginOrPassword)
{
await jsonErrorHandler("Missing login or password.", cancellationToken);
return(true);
}
var application = await client.GetApplicationAsync(_configuration.Application.Href, cancellationToken);
var executor = new LoginExecutor(client, _configuration, _handlers, _logger);
var grantResult = await executor.PasswordGrantAsync(
context,
application,
jsonErrorHandler,
model.Login,
model.Password,
cancellationToken);
if (grantResult == null)
{
return(true); // The error handler was invoked
}
await executor.HandlePostLoginAsync(context, grantResult, cancellationToken);
var token = await grantResult.GetAccessTokenAsync(cancellationToken);
var account = await token.GetAccountAsync(cancellationToken);
var sanitizer = new AccountResponseSanitizer();
var responseModel = new
{
account = sanitizer.Sanitize(account)
};
return(await JsonResponse.Ok(context, responseModel));
}
private async Task <bool> ExecutePasswordFlow(IOwinEnvironment context, IClient client, string username, string password, CancellationToken cancellationToken)
{
var executor = new LoginExecutor(client, _configuration, _handlers, _logger);
var application = await client.GetApplicationAsync(_configuration.Application.Href, cancellationToken);
var jsonErrorHandler = new Func <string, CancellationToken, Task>((message, ct)
=> Error.Create(context, new BadRequest(message), ct));
var grantResult = await executor.PasswordGrantAsync(
context,
application,
jsonErrorHandler,
username,
password,
cancellationToken);
await executor.HandlePostLoginAsync(context, grantResult, cancellationToken);
var sanitizer = new GrantResultResponseSanitizer();
return(await JsonResponse.Ok(context, sanitizer.SanitizeResponseWithRefreshToken(grantResult)).ConfigureAwait(false));
}
protected override async Task <bool> PostHtmlAsync(IOwinEnvironment context, IClient client, ContentType bodyContentType, CancellationToken cancellationToken)
{
var body = await context.Request.GetBodyAsStringAsync(cancellationToken);
var model = PostBodyParser.ToModel <LoginPostModel>(body, bodyContentType, _logger);
var formData = FormContentParser.Parse(body, _logger);
var htmlErrorHandler = new Func <string, CancellationToken, Task>((message, ct) =>
{
var queryString = QueryStringParser.Parse(context.Request.QueryString, _logger);
return(RenderLoginViewAsync(
client,
context,
cancellationToken,
queryString,
formData,
errors: new[] { message }));
});
var stateToken = formData.GetString(StringConstants.StateTokenName);
var parsedStateToken = new StateTokenParser(client, _configuration.Client.ApiKey, stateToken, _logger);
if (!parsedStateToken.Valid)
{
await htmlErrorHandler("An error occurred. Please try again.", cancellationToken);
return(true);
}
bool missingLoginOrPassword = string.IsNullOrEmpty(model.Login) || string.IsNullOrEmpty(model.Password);
if (missingLoginOrPassword)
{
await htmlErrorHandler("The login and password fields are required.", cancellationToken);
return(true);
}
var application = await client.GetApplicationAsync(_configuration.Application.Href, cancellationToken);
var executor = new LoginExecutor(client, _configuration, _handlers, _logger);
try
{
var grantResult = await executor.PasswordGrantAsync(
context,
application,
htmlErrorHandler,
model.Login,
model.Password,
cancellationToken);
if (grantResult == null)
{
return(true); // The error handler was invoked
}
await executor.HandlePostLoginAsync(context, grantResult, cancellationToken);
}
catch (ResourceException rex)
{
await htmlErrorHandler(rex.Message, cancellationToken);
return(true);
}
var nextUri = parsedStateToken.Path; // Might be null
return(await executor.HandleRedirectAsync(context, nextUri));
}
