public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { //context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); using (AuthRepository _repo = new AuthRepository()) { IdentityUser user = await _repo.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim("sub", context.UserName)); identity.AddClaim(new Claim("role", "user")); context.Validated(identity); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; using (var repository = new AuthRepository(Logger)) { AppUser user; var grantType = context.Parameters.Get("grant_type"); switch (grantType) { case "password": user = await repository.FindUser(context.Parameters.Get("UserName"), context.Parameters.Get("Password")); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } clientId = user.Id; if (user.IsGoogleAuthenticatorEnabled) { var totp = context.Parameters.Get("totp"); if (totp == null) { context.SetError("invalid_grant", "Set TOTP code"); return; } var validated = await repository.ValidateGoogleAuth(totp, user.Id); if (!validated) { context.SetError("invalid_grant", "TOTP code is incorrect"); return; } } if (Settings.Default.RequiredEmailConfirmation || !user.EmailConfirmed) { context.SetError("invalid_grant", "Email confirmation is required"); return; } break; case "esp": var espIdentifier = context.Parameters.Get("espid"); if (espIdentifier != null) { user = await repository.FindEsp(espIdentifier); if (user == null) { context.SetError("invalid_grant", "The esp identifier is incorrect."); return; } clientId = user.Id; } else { context.SetError("invalid_grant"); return; } break; default: context.SetError("Bad grant_type"); return; } } context.Validated(clientId); }