public async Task <ProviderResponse> GetValidatedProviderAsync(SAAuthenticationResponse claims, string userId)
{
var response = await GetProviderAsync(claims, userId);
if (!String.IsNullOrEmpty(response.Message))
{
return(response);
}
if (claims.OrgStatusCode == 1 && response.Provider.RecordStatusId != (int)Constants.RecordStatus.Live)
{
response.Provider.RecordStatusId = (int)Constants.RecordStatus.Live;
await db.SaveChangesAsync();
}
if (claims.OrgStatusCode == 2 && response.Provider.RecordStatusId != (int)Constants.RecordStatus.Deleted)
{
response.Provider.RecordStatusId = (int)Constants.RecordStatus.Deleted;
await db.SaveChangesAsync();
}
if (response.Provider.RecordStatusId != (int)Constants.RecordStatus.Live)
{
AppGlobal.Log.WriteLog(String.Format(
"Secure Access - Failed login for '{0}' SAOrgId {1} as the Secure Access organisation is closed.",
claims.OrganisationName, claims.OrganisationId));
var errorMessage = AppGlobal.Language.GetText(this, "ProviderNotAvailable",
"Log in failed for DfE Secure Access. Your organisation is no longer available. If you believe you should have access to the Post 16 Provider Portal please contact the DfE Support Team on <a href='tel:08448115028'>0844 811 5028</a> or <a href='mailto:[email protected]'>[email protected]</a>.");
return(new ProviderResponse(null, errorMessage));
}
return(response);
}
private async Task <ProviderResponse> GetProviderAsync(SAAuthenticationResponse claims, string userId)
{
string errorMessage;
IQueryable <Provider> providers =
db.Providers.Where(x => x.SecureAccessId == claims.OrganisationId);
if (providers.Count() == 1)
{
return(new ProviderResponse(providers.First()));
}
if (providers.Count() > 1)
{
errorMessage = AppGlobal.Language.GetText(this, "SecureAccessIdNotUnique",
"Log in failed for DfE Secure Access. We are unable to uniquely identify your organisation and cannot log you in. If you believe you should have access to the Post 16 Provider Portal please contact the DfE Support Team on <a href='tel:08448115028'>0844 8115 028</a> or <a href='mailto:[email protected]'>[email protected]</a>.");
return(new ProviderResponse(null, errorMessage));
}
bool isNewProvider = false;
Provider provider = null;
ProviderType providerType = db.ProviderTypes
.FirstOrDefault(x => x.ProviderTypeName == "DfE 16-19");
DfEProviderType dfeProviderType = db.DfEProviderTypes
.FirstOrDefault(pt => pt.DfEProviderTypeCode == claims.TypeCode);
DfEProviderStatu dfeProviderStatus = db.DfEProviderStatus
.FirstOrDefault(ps => ps.DfEProviderStatusCode == claims.OrgStatusCode.ToString());
DfELocalAuthority dfeLocalAuthority = db.DfELocalAuthorities
.FirstOrDefault(la => la.DfELocalAuthorityCode == claims.LocalAuthority.ToString());
DfERegion dfeRegion = db.DfERegions
.FirstOrDefault(r => r.DfERegionCode == claims.RegionCode);
DfEEstablishmentType dfeEstablishmentType = db.DfEEstablishmentTypes
.FirstOrDefault(et => et.DfEEstablishmentTypeCode == claims.TypeCode);
Ukrlp ukrlp = db.Ukrlps.FirstOrDefault(x => x.Ukprn == claims.UKPRN);
if (claims.UKPRN == null)
{
errorMessage = AppGlobal.Language.GetText(this, "NoUkprn",
"Log in failed for DfE Secure Access. Your organisation does not have a UKPRN record which is required to access the Post 16 Provider Portal. If you believe you should have access to the Post 16 Provider Portal please contact the DfE Support Team on <a href='tel:08448115028'>0844 8115 028</a> or <a href='mailto:[email protected]'>[email protected]</a>.");
AppGlobal.Log.WriteLog(String.Format(
"Secure Access - Failed to create new provider for '{0}' SAOrgId {1} as the provider does not have a UKPRN.",
claims.OrganisationName, claims.OrganisationId));
return(new ProviderResponse(null, errorMessage));
}
// Is this an existing LIVE provider that needs to be upgraded?
IQueryable <Provider> candidates =
db.Providers.Where(
x => x.Ukprn == claims.UKPRN && x.RecordStatusId == (int)Constants.RecordStatus.Live);
// If there are more than one try and filter by name
if (candidates.Count() > 1)
{
candidates =
candidates.Where(
x =>
x.ProviderName.Equals(claims.OrganisationName, StringComparison.CurrentCultureIgnoreCase)
||
x.Ukrlp.LegalName.Equals(claims.OrganisationName, StringComparison.CurrentCultureIgnoreCase)
||
x.Ukrlp.TradingName.Equals(claims.OrganisationName,
StringComparison.CurrentCultureIgnoreCase));
if (candidates.Count() > 1)
{
errorMessage = AppGlobal.Language.GetText(this, "CannotDetermineProvider",
"Log in failed for DfE Secure Access. We are unable to uniquely identify your organisation and cannot log you in. If you believe you should have access to the Post 16 Provider Portal please contact the DfE Support Team on <a href='tel:08448115028'>0844 8115 028</a> or <a href='mailto:[email protected]'>[email protected]</a>.");
AppGlobal.Log.WriteLog(String.Format(
"Secure Access - Failed to create new provider for '{0}' SAOrgId {1} UKPRN {2} as there is more than one candidate provider in the system.",
claims.OrganisationName, claims.OrganisationId, claims.UKPRN));
return(new ProviderResponse(null, errorMessage));
}
}
// If we found one use it
if (candidates.Count() == 1)
{
provider = candidates.First();
}
// If not create one
if (provider == null)
{
isNewProvider = true;
provider = new Provider
{
Ukprn = claims.UKPRN.HasValue ? claims.UKPRN.Value : 0,
RecordStatusId =
(int)(claims.OrgStatusCode == 1 ? Constants.RecordStatus.Live : Constants.RecordStatus.Deleted),
IsContractingBody = false,
ProviderTypeId = providerType.ProviderTypeId,
ProviderName = claims.OrganisationName,
ProviderNameAlias = null,
Loans24Plus = false,
InformationOfficerUserId = null,
RelationshipManagerUserId = null,
Telephone = claims.TelephoneNumber,
ProviderTrackingUrl = null,
VenueTrackingUrl = null,
CourseTrackingUrl = null,
BookingTrackingUrl = null,
SFAFunded = false,
QualityEmailsPaused = false,
QualityEmailStatusId = null,
Address = ukrlp == null || ukrlp.LegalAddress == null
? null
: ukrlp.LegalAddress.Clone(),
CreatedDateTimeUtc = DateTime.UtcNow,
CreatedByUserId = userId,
ModifiedDateTimeUtc = DateTime.UtcNow,
ModifiedByUserId = userId,
// UPIN = ,
// ProviderRegionId = ,
// Email = ,
// Website = ,
// Fax = ,
};
db.Providers.Add(provider);
}
// Update it to be a DfE provider
provider.DfENumber = claims.DfENumber;
provider.DfEUrn = claims.URN;
provider.DfEProviderTypeId = dfeProviderType == null ? (int?)null : dfeProviderType.DfEProviderTypeId;
provider.DfEProviderStatusId =
dfeProviderStatus == null ? (int?)null : dfeProviderStatus.DfEProviderStatusId;
provider.DfELocalAuthorityId =
dfeLocalAuthority == null ? (int?)null : dfeLocalAuthority.DfELocalAuthorityId;
provider.DfERegionId = dfeRegion == null ? (int?)null : dfeRegion.DfERegionId;
provider.DfEEstablishmentTypeId =
dfeEstablishmentType == null ? (int?)null : dfeEstablishmentType.DfEEstablishmentTypeId;
provider.DfEEstablishmentNumber = claims.EstablishmentNumber;
provider.StatutoryLowestAge = claims.StatutoryLowestAge;
provider.StatutoryHighestAge = claims.StatutoryHighestAge;
provider.AgeRange = claims.AgeRange;
provider.AnnualSchoolCensusLowestAge = claims.AscLowestAge;
provider.AnnualSchoolCensusHighestAge = claims.AscHighestAge;
provider.CompanyRegistrationNumber = claims.CompanyRegistrationNumber;
provider.Uid = claims.UID;
provider.SecureAccessId = claims.OrganisationId;
provider.DFE1619Funded = true;
provider.RecordStatusId =
(int)(claims.OrgStatusCode == 1 ? Constants.RecordStatus.Live : Constants.RecordStatus.Deleted);
try
{
await db.SaveChangesAsync();
}
catch (DbEntityValidationException dbEx)
{
var sb = new StringBuilder();
foreach (DbEntityValidationResult validationErrors in dbEx.EntityValidationErrors)
{
foreach (DbValidationError validationError in validationErrors.ValidationErrors)
{
sb.AppendFormat("Property: {0} Error: {1}", validationError.PropertyName,
validationError.ErrorMessage);
sb.AppendLine();
}
}
AppGlobal.Log.WriteLog(String.Format(
"Secure Access - Failed to {0} provider for '{1}' SAOrgId {2} UKPRN {3} due to {4}",
isNewProvider ? "create a new" : "update an existing", claims.OrganisationName,
claims.OrganisationId, claims.UKPRN, sb));
errorMessage = AppGlobal.Language.GetText(this, "ErrorSavingProvider",
"Log in failed for DfE Secure Access. An error occurred setting up your organisation as a new DFE 16-19 provider. If you believe you should have access to the Post 16 Provider Portal please contact the DfE Support Team on <a href='tel:08448115028'>0844 8115 028</a> or <a href='mailto:[email protected]'>[email protected]</a>.");
return(new ProviderResponse(null, errorMessage));
}
return(new ProviderResponse(provider));
}
private async Task <UserResponse> GetUserAsync(SAAuthenticationResponse claims)
{
AspNetUser aspNetUser =
db.AspNetUsers.FirstOrDefault(x => x.SecureAccessUserId == claims.UserId && x.IsSecureAccessUser);
if (aspNetUser != null)
{
aspNetUser.Name = String.Format("{0} {1}", claims.FirstName, claims.LastName).Trim();
return(new UserResponse(aspNetUser));
}
List <AspNetUser> matches =
db.AspNetUsers.Where(x => x.UserName == claims.UserName || x.Email == claims.Email).ToList();
if (matches.Any(x => x.UserName == claims.UserName))
{
return(UserResponseError(Constants.ErrorCodes.SecureAccessUserNameInUse));
}
if (matches.Any(x => x.Email == claims.Email))
{
return(UserResponseError(Constants.ErrorCodes.SecureAccessEmailInUse));
}
using (DbContextTransaction trans = db.Database.BeginTransaction())
{
bool deleteUser = false;
try
{
var user = new ApplicationUser {
UserName = claims.UserName, Email = claims.Email
};
IdentityResult result = await UserManager.CreateAsync(user, "Aa1!" + Guid.NewGuid());
if (result.Succeeded)
{
// Convert to a AspNetUser and set the address
aspNetUser = db.AspNetUsers.First(x => x.Email == claims.Email && x.UserName == claims.UserName);
aspNetUser.Address = null;
aspNetUser.Name = String.Format("{0} {1}", claims.FirstName, claims.LastName).Trim();
aspNetUser.PhoneNumber = null;
aspNetUser.PasswordResetRequired = false;
aspNetUser.CreatedDateTimeUtc = DateTime.UtcNow;
aspNetUser.CreatedByUserId = Permission.GetCurrentUserId();
aspNetUser.IsSecureAccessUser = true;
aspNetUser.SecureAccessUserId = claims.UserId;
bool hasOtherUsers = await db.Providers.Where(x => x.SecureAccessId == claims.OrganisationId)
.SelectMany(x => x.AspNetUsers)
.AnyAsync();
UserManager.AddToRole(aspNetUser.Id,
hasOtherUsers
? Constants.ConfigSettings.SAUserRoleSecondary
: Constants.ConfigSettings.SAUserRolePrimary);
aspNetUser.ProviderUserTypeId = (int)Constants.ProviderUserTypes.NormalUser;
await db.SaveChangesAsync();
trans.Commit();
return(new UserResponse(aspNetUser));
}
// There were non-fatal errors
return(UserResponseError(Constants.ErrorCodes.SecureAccessCreateFailed));
}
catch (Exception e)
{
// User create failed transaction automatically gets rolled back
// but we still have to delete the user manually
if (aspNetUser != null)
{
deleteUser = true;
}
AppGlobal.Log.WriteLog(
String.Format("Secure Access - Failed to create user account for {0} due to {1}.",
claims.UserName, e.InnerException));
}
if (deleteUser)
{
ApplicationUser user = UserManager.Users.SingleOrDefault(u => u.Id == aspNetUser.Id);
// ReSharper disable once CSharpWarnings::CS4014
await UserManager.DeleteAsync(user);
}
}
return(UserResponseError(Constants.ErrorCodes.SecureAccessCreateError));
}
