public async Task <Response> PostSignup(AccountProtection.SignUp signup, string correlationId, string envId)
{
string endpoint = string.Format(_settings.Endpoints.SignupAP, signup.Metadata.SignUpId);
var response = await PostAsync(endpoint, signup, correlationId, envId);
return(await Read <ResponseSuccess>(response));
}
private AccountProtection.SignUp CreateSignupAPEvent(RegisterViewModel model)
{
var signupUser = new AccountProtection.User()
{
Username = model.User.Email,
FirstName = model.User.FirstName,
LastName = model.User.LastName,
CountryRegion = model.Address.CountryRegion,
ZipCode = model.Address.ZipCode,
TimeZone = new TimeSpan(0, 0, -model.DeviceFingerPrinting.ClientTimeZone, 0).ToString(),
Language = "EN-US",
UserType = AccountProtection.UserType.Consumer,
};
var customerEmail = new AccountProtection.CustomerEmail()
{
EmailType = AccountProtection.EmailType.Primary,
EmailValue = model.User.Email,
IsEmailValidated = false,
IsEmailUsername = true
};
var customerPhone = new AccountProtection.CustomerPhone()
{
PhoneType = AccountProtection.PhoneType.Primary,
PhoneNumber = model.User.Phone,
IsPhoneNumberValidated = false,
IsPhoneUsername = false
};
var address = new AccountProtection.Address()
{
AddressType = AccountProtection.AddressType.Primary,
FirstName = model.User.FirstName,
LastName = model.User.LastName,
PhoneNumber = model.User.Phone,
Street1 = model.Address.Address1,
Street2 = model.Address.Address2,
City = model.Address.City,
State = model.Address.State,
ZipCode = model.Address.ZipCode,
CountryRegion = model.Address.CountryRegion
};
var device = new AccountProtection.DeviceContext()
{
DeviceContextId = model.DeviceFingerPrinting.SessionId,
IpAddress = _contextAccessor.HttpContext.Connection.RemoteIpAddress.MapToIPv4().ToString(),
Provider = DeviceContextProvider.DFPFingerPrinting.ToString()
};
var metadata = new AccountProtection.EventMetadataAccountCreate()
{
TrackingId = Guid.NewGuid().ToString(),
SignUpId = Guid.NewGuid().ToString(),
CustomerLocalDate = DateTime.Now,
MerchantTimeStamp = DateTime.Now,
AssessmentType = AssessmentType.Evaluate
};
AccountProtection.SignUp signupEvent = new AccountProtection.SignUp()
{
Name = "AP.AccountCreation",
Version = "0.5",
User = signupUser,
Email = new List <AccountProtection.CustomerEmail>()
{
customerEmail
},
Phone = new List <AccountProtection.CustomerPhone>()
{
customerPhone
},
Address = new List <AccountProtection.Address>()
{
address
},
Device = device,
Metadata = metadata
};
return(signupEvent);
}
private async Task <IActionResult> RegisterUser(RegisterViewModel model, string returnUrl, bool useAP)
{
//Create the user object and validate it before calling Fraud Protection
var user = new ApplicationUser
{
UserName = model.User.Email,
Email = model.User.Email,
FirstName = model.User.FirstName,
LastName = model.User.LastName,
PhoneNumber = model.User.Phone,
Address1 = model.Address.Address1,
Address2 = model.Address.Address2,
City = model.Address.City,
State = model.Address.State,
ZipCode = model.Address.ZipCode,
CountryRegion = model.Address.CountryRegion
};
foreach (var v in _userManager.UserValidators)
{
var validationResult = await v.ValidateAsync(_userManager, user);
if (!validationResult.Succeeded)
{
AddErrors(validationResult);
}
}
;
foreach (var v in _userManager.PasswordValidators)
{
var validationResult = await v.ValidateAsync(_userManager, user, model.Password);
if (!validationResult.Succeeded)
{
AddErrors(validationResult);
}
}
;
if (ModelState.ErrorCount > 0)
{
return(View("Register", model));
}
#region Fraud Protection Service
var correlationId = _fraudProtectionService.NewCorrelationId;
// Ask Fraud Protection to assess this signup/registration before registering the user in our database, etc.
if (useAP)
{
AccountProtection.SignUp signupEvent = CreateSignupAPEvent(model);
var signupAssessment = await _fraudProtectionService.PostSignupAP(signupEvent, correlationId);
//Track Fraud Protection request/response for display only
var fraudProtectionIO = new FraudProtectionIOModel(correlationId, signupEvent, signupAssessment, "Signup");
TempData.Put(FraudProtectionIOModel.TempDataKey, fraudProtectionIO);
bool rejectSignup = false;
if (signupAssessment is AccountProtection.ResponseSuccess signupResponse)
{
rejectSignup = signupResponse.ResultDetails.FirstOrDefault()?.Decision != AccountProtection.DecisionName.Approve;
}
if (rejectSignup)
{
ModelState.AddModelError("", "Signup rejected by Fraud Protection. You can try again as it has a random likelihood of happening in this sample site.");
return(View("Register", model));
}
}
else
{
SignUp signupEvent = CreateSignupEvent(model);
var signupAssessment = await _fraudProtectionService.PostSignup(signupEvent, correlationId);
//Track Fraud Protection request/response for display only
var fraudProtectionIO = new FraudProtectionIOModel(correlationId, signupEvent, signupAssessment, "Signup");
//2 out of 3 signups will succeed on average. Adjust if you want more or less signups blocked for tesing purposes.
var rejectSignup = new Random().Next(0, 3) != 0;
var signupStatusType = rejectSignup ? SignupStatusType.Rejected.ToString() : SignupStatusType.Approved.ToString();
var signupStatus = new SignupStatusEvent
{
SignUpId = signupEvent.SignUpId,
StatusType = signupStatusType,
StatusDate = DateTimeOffset.Now,
Reason = "User is " + signupStatusType
};
if (!rejectSignup)
{
signupStatus.User = new SignupStatusUser {
UserId = model.User.Email
};
}
var signupStatusResponse = await _fraudProtectionService.PostSignupStatus(signupStatus, correlationId);
fraudProtectionIO.Add(signupStatus, signupStatusResponse, "Signup Status");
TempData.Put(FraudProtectionIOModel.TempDataKey, fraudProtectionIO);
if (rejectSignup)
{
ModelState.AddModelError("", "Signup rejected by Fraud Protection. You can try again as it has a random likelihood of happening in this sample site.");
return(View("Register", model));
}
}
#endregion
var result = await _userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
{
AddErrors(result);
return(View("Register", model));
}
await _signInManager.SignInAsync(user, isPersistent : false);
await TransferBasketToEmailAsync(user.Email);
return(RedirectToLocal(returnUrl));
}
private async Task <IActionResult> RegisterUser(RegisterViewModel model, string returnUrl)
{
//Create the user object and validate it before calling Fraud Protection
var user = new ApplicationUser
{
UserName = model.User.Email,
Email = model.User.Email,
FirstName = model.User.FirstName,
LastName = model.User.LastName,
PhoneNumber = model.User.Phone,
Address1 = model.Address.Address1,
Address2 = model.Address.Address2,
City = model.Address.City,
State = model.Address.State,
ZipCode = model.Address.ZipCode,
CountryRegion = model.Address.CountryRegion
};
foreach (var v in _userManager.UserValidators)
{
var validationResult = await v.ValidateAsync(_userManager, user);
if (!validationResult.Succeeded)
{
AddErrors(validationResult);
}
}
;
foreach (var v in _userManager.PasswordValidators)
{
var validationResult = await v.ValidateAsync(_userManager, user, model.Password);
if (!validationResult.Succeeded)
{
AddErrors(validationResult);
}
}
;
if (ModelState.ErrorCount > 0)
{
return(View("Register", model));
}
#region Fraud Protection Service
var correlationId = _fraudProtectionService.NewCorrelationId;
// Ask Fraud Protection to assess this signup/registration before registering the user in our database, etc.
AccountProtection.SignUp signupEvent = CreateSignupAPEvent(model);
var signupAssessment = await _fraudProtectionService.PostSignup(signupEvent, correlationId, HttpContext.Session.GetString("envId"));
//Track Fraud Protection request/response for display only
var fraudProtectionIO = new FraudProtectionIOModel(correlationId, signupEvent, signupAssessment, "Signup");
TempData.Put(FraudProtectionIOModel.TempDataKey, fraudProtectionIO);
bool rejectSignup = false;
if (signupAssessment is ResponseSuccess signupResponse)
{
rejectSignup = signupResponse.ResultDetails.FirstOrDefault()?.Decision != DecisionName.Approve;
}
if (rejectSignup)
{
ModelState.AddModelError("", "Signup rejected by Fraud Protection. You can try again as it has a random likelihood of happening in this sample site.");
return(View("Register", model));
}
#endregion
var result = await _userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
{
AddErrors(result);
return(View("Register", model));
}
await _signInManager.SignInAsync(user, isPersistent : false);
await TransferBasketToEmailAsync(user.Email);
return(RedirectToLocal(returnUrl));
}