public override void Open()
{
base.Open();
if (UserLevel == Terradue.Portal.UserLevel.Administrator)
{
AccessLevel = EntityAccessLevel.Administrator;
}
if (UserLevel > Terradue.Portal.UserLevel.Everybody)
{
if (this.UserInformation != null && this.UserInformation.AuthenticationType is TepLdapAuthenticationType)
{
//check the validity of access token
try {
var auth = new TepLdapAuthenticationType(this);
auth.CheckRefresh();
} catch (Exception e) {
if (this.GetConfigBooleanValue("sso-notoken-endsession-enabled"))
{
LogError(this, e.Message);
EndSession();//user token is not valid, we logout
}
}
}
}
}
public object Get(CallBackRequest request)
{
var redirect = "";
TepWebContext context = new TepWebContext(PagePrivileges.EverybodyView);
UserTep user = null;
try {
context.Open();
context.LogInfo(this, string.Format("/cb GET"));
if (!string.IsNullOrEmpty(request.error))
{
context.LogError(this, request.error);
context.EndSession();
return(OAuthUtils.DoRedirect(context.BaseUrl, false));
}
Connect2IdClient client = new Connect2IdClient(context.GetConfigValue("sso-configUrl"));
client.SSOAuthEndpoint = context.GetConfigValue("sso-authEndpoint");
client.SSOApiClient = context.GetConfigValue("sso-clientId");
client.SSOApiSecret = context.GetConfigValue("sso-clientSecret");
client.SSOApiToken = context.GetConfigValue("sso-apiAccessToken");
client.RedirectUri = context.GetConfigValue("sso-callback");
OauthTokenResponse tokenresponse;
try {
tokenresponse = client.AccessToken(request.Code);
DBCookie.StoreDBCookie(context, context.GetConfigValue("cookieID-token-access"), tokenresponse.access_token, null, tokenresponse.expires_in);
DBCookie.StoreDBCookie(context, context.GetConfigValue("cookieID-token-refresh"), tokenresponse.refresh_token, null);
DBCookie.StoreDBCookie(context, context.GetConfigValue("cookieID-token-id"), tokenresponse.id_token, null, tokenresponse.expires_in);
} catch (Exception e) {
DBCookie.DeleteDBCookie(context, context.GetConfigValue("cookieID-token-access"));
DBCookie.DeleteDBCookie(context, context.GetConfigValue("cookieID-token-refresh"));
DBCookie.DeleteDBCookie(context, context.GetConfigValue("cookieID-token-id"));
throw e;
}
TepLdapAuthenticationType auth = (TepLdapAuthenticationType)IfyWebContext.GetAuthenticationType(typeof(TepLdapAuthenticationType));
auth.SetConnect2IdCLient(client);
auth.TrustEmail = true;
user = (UserTep)auth.GetUserProfile(context);
if (user == null)
{
throw new Exception("Unable to load user");
}
context.LogDebug(this, string.Format("Loaded user '{0}'", user.Username));
if (string.IsNullOrEmpty(user.Email))
{
throw new Exception("Invalid email");
}
context.StartSession(auth, user);
context.SetUserInformation(auth, user);
DBCookie.StoreDBCookie(context, context.GetConfigValue("cookieID-token-access"), tokenresponse.access_token, user.Username, tokenresponse.expires_in);
DBCookie.StoreDBCookie(context, context.GetConfigValue("cookieID-token-refresh"), tokenresponse.refresh_token, user.Username);
DBCookie.StoreDBCookie(context, context.GetConfigValue("cookieID-token-id"), tokenresponse.id_token, user.Username, tokenresponse.expires_in);
redirect = context.GetConfigValue("dashboard_page");
if (string.IsNullOrEmpty(redirect))
{
redirect = context.GetConfigValue("BaseUrl");
}
if (!string.IsNullOrEmpty(HttpContext.Current.Session["return_to"] as string))
{
redirect = HttpContext.Current.Session["return_to"] as string;
HttpContext.Current.Session["return_to"] = null;
}
context.Close();
} catch (Exception e) {
context.LogError(this, e.Message, e);
context.Close();
throw e;
}
return(OAuthUtils.DoRedirect(redirect, false));
}
