public async Task <(string returnUrl, string requestId)> LoginAsync(EAuthCallbackModel model)
{
EAuthService service = new EAuthService();
EAuthResponseModel eAuthResponseModel = service.Parse(model);
string requestId = eAuthResponseModel?.RequestId;
string returnUrl = _applicationStoreService.GetApplicationBaseUrl(requestId) + _loginReturnPath;
(string personIdentifier, string holderName, string email) = ExtractPersonData(eAuthResponseModel);
ApplicationUser user = _userManager.Users.SingleOrDefault(u => u.Certificate_UniqueIdentifier.Trim() == personIdentifier && !u.Deleted);
if (user == null)
{
returnUrl += $"?error=true&message=userNotFound";
return(returnUrl, requestId);
}
else
{
/*
* Ако потребителя е сменил своето име в подписа, го променяме и в базата
* т.е. ако жена се омъжи и смени фамилията си и т.н.
* Ако подписа е променен също запазваме данните
*/
if (user.Certificate_Name == null ||
user.Certificate_Name.ToLower().Trim() != (holderName ?? "").ToLower().Trim())
{
//Check if certificate is the same and update user info if needed
user.Certificate_Name = holderName;
await _userManager.UpdateAsync(user);
}
}
if (!user.EmailConfirmed)
{
await SendConfirmEmailAsync(user, _applicationStoreService.GetApplicationBaseUrl(requestId));
returnUrl += $"?error=true&message=EmailNotConfirmed,ConfirmationEmailResend";
return(returnUrl, requestId);
}
if (!user.ConfirmedByAdmin)
{
returnUrl += $"?error=true&message=NotConfirmedByAdmin";
return(returnUrl, requestId);
}
//sign in existing user
returnUrl = await SignInExistingUser(user, returnUrl);
return(returnUrl, requestId);
}
public ActionResult PersonRequest()
{
EAuthRequestViewModel model = null;
// Създава се SAML заявка и се записва в журнал.
string requestUrl = Url.Action(nameof(PersonRequest), null, null, Request.Scheme);
string callbackUrl = Url.Action(nameof(LoginCallback), null, null, Request.Scheme);
EAuthService service = new EAuthService();
model = service.CreateRequestAsync(requestUrl, callbackUrl,
RequestedServiceOid, RequestedProviderOid, null, false, _settings?.CertificateThumbprint);
return(Ok(model));
}
public ActionResult LoginCallback(EAuthCallbackModel model)
{
// Записване на отговора в журнал.
EAuthService service = new EAuthService();
EAuthResponseModel eAuthResponseModel = service.Parse(model);
// Изходът от този action не се използва. Целта е само да се зареди локален адрес в callback iframe-а.
// Това се интерпретира от Java Script-а като успешен край на автентикацията и следва пренасочване към друг адрес.
//
// До февруари 2019 г. този метод връщаше празен резултат и това вършеше работа.
//return new EmptyResult();
// Chrome версия 72+ обаче започна да интерпретира security header-а X-Content-Type-Options=nosniff по друг начин.
// Когато резултатът е празен, вече не зарежда резултата на екрана(или в iframe-а), а изтегля празен файл.
// Така не се задейства никакъв Java Script, iframe-ът не разбира, че е зареден локален адрес, и автентикацията
// не завършва в Chrome 72+. Tрябва се върне някакъв HTML, колкото да се задейства onload handler-ът на iframe-а.
//return PartialView();
return(View(eAuthResponseModel));
}
public ActionResult PersonRequest([FromQuery] string type, [FromQuery] string userType, [FromQuery] string chsiNumber, [FromQuery] string email, [FromQuery] string lang)
{
EAuthRequestViewModel model = null;
// Създава се SAML заявка и се записва в журнал.
string requestUrl = Url.Action(nameof(PersonRequest), null, null, Request.Scheme);
string callbackUrl = (type ?? "").Equals("login", System.StringComparison.OrdinalIgnoreCase)
? Url.Action(nameof(LoginCallback), null, null, Request.Scheme)
: Url.Action(nameof(RegisterCallback), null, null, Request.Scheme);
EAuthService service = new EAuthService();
model = service.CreateRequestAsync(requestUrl, callbackUrl,
RequestedServiceOid, RequestedProviderOid, null, false, _settings?.CertificateThumbprint);
_applicationStoreService.SetUserType(model.RequestId, userType);
_applicationStoreService.SetChsiNumber(model.RequestId, chsiNumber);
_applicationStoreService.SetApplicationBaseUrl(model.RequestId, Request.Headers["Referer"].ToString().TrimEnd('/'));
_applicationStoreService.SetLang(model.RequestId, lang);
_applicationStoreService.SetEmail(model.RequestId, email);
return(Ok(model));
}
public async Task <(string returnUrl, string requestId)> RegisterAsync(EAuthCallbackModel model)
{
string returnUrl = "";
string requestId = "";
try
{
if (model == null)
{
throw new ArgumentNullException(nameof(EAuthCallbackModel));
}
EAuthService service = new EAuthService();
EAuthResponseModel eAuthResponseModel = service.Parse(model);
requestId = eAuthResponseModel?.RequestId;
returnUrl = _applicationStoreService.GetApplicationBaseUrl(requestId) + _registerReturnPath;
string userType = _applicationStoreService.GetUserType(requestId);
string chsiNumber = _applicationStoreService.GetChsiNumber(requestId);
string lang = _applicationStoreService.GetLang(requestId);
string email = _applicationStoreService.GetEmail(requestId);
(string personIdentifier, string holderName, string certEmail) = ExtractPersonData(eAuthResponseModel);
Thread.CurrentThread.CurrentCulture = new CultureInfo(lang);
Thread.CurrentThread.CurrentUICulture = new CultureInfo(lang);
if ((userType == UserType.CHSI.ToString() || userType == UserType.CHSIHelper.ToString()) && chsiNumber == default)
{
returnUrl += $"?error=true";
return(returnUrl, requestId);
}
//check egn
bool isDuplicateEgn = _userManager.Users.Any(u => u.Certificate_UniqueIdentifier == (personIdentifier ?? "").ToUpper().Trim() && !u.Deleted);
if (isDuplicateEgn)
{
returnUrl += $"?error=true&message=duplicateEgn";
return(returnUrl, requestId);
}
if (string.IsNullOrWhiteSpace(email))
{
email = certEmail;
}
//check email
if (string.IsNullOrWhiteSpace(email))
{
//Redirect to register page with parameter to gather additional info
returnUrl += "?requireEmail=true";
return(returnUrl, requestId);
}
//Create new user
ApplicationUser user = new ApplicationUser()
{
Certificate = string.IsNullOrWhiteSpace(eAuthResponseModel.SamlResponse) ? null : Encoding.ASCII.GetBytes(eAuthResponseModel.SamlResponse),
Certificate_Thumbprint = eAuthResponseModel.RequestId,
Email = email,
EmailConfirmed = false,
UserName = GenerateUserName(holderName),
Certificate_Name = holderName.Trim(),
Certificate_UniqueIdentifier = personIdentifier?.Trim(),
AuthType = AuthType.EAUTH.ToString(),
UserType = userType,
ConfirmedByAdmin = false,
CreatedOn = DateTime.UtcNow
};
string userRole = Constants.Role_AuctionOrgaziner;
if (userType == UserType.AUCPAR.ToString())
{
user.ConfirmedByAdmin = true;
userRole = Constants.Role_AuctionParticipant;
}
else if (userType == UserType.CHSI.ToString())
{
user.CHSINumber = chsiNumber;
//TODO Check CHSI in CHSI register by number
//Return error if chsi is not found
bool ChsiRegisterCheck = true;
user.CheckedInCHSIRegister = ChsiRegisterCheck;
user.ConfirmedByAdmin = ChsiRegisterCheck;
}
else if (userType == UserType.CHSIHelper.ToString())
{
user.CHSINumber = chsiNumber;
//TODO Check CHSI helpers in CHSI register by number
//Return error if chsi is not found
bool ChsiRegisterCheck = true;
user.CheckedInCHSIRegister = ChsiRegisterCheck;
user.ConfirmedByAdmin = ChsiRegisterCheck;
}
IdentityResult ir = await _userManager.CreateAsync(user);
if (!ir.Succeeded)
{
//create new user fail
Log.Error("Error creating user with ESign", string.Join(',', ir.Errors.Select(x => x.Description)));
returnUrl += $"?error=true";
return(returnUrl, requestId);
}
//Assign to role
var roleAddResult = await _userManager.AddToRoleAsync(user, userRole);
if (!roleAddResult.Succeeded)
{
Log.Error($"Error adding user ID= {user.Id} to role {userRole}", string.Join(',', roleAddResult.Errors.Select(x => x.Description)));
}
try
{
//create person
await CreatePerson(user.Id, holderName, email);
//send confirmation email
await SendConfirmEmailAsync(user, _applicationStoreService.GetApplicationBaseUrl(requestId));
return(returnUrl, requestId);
}
catch (Exception x)
{
//await AuditService.EditContentAndUserAsync(AuditId, AuditContentType.Activity,
// AuditMessages.Failure.ToString(), user.Id, user.UserName);
Log.Error("Error creating person with EAuth", x);
IdentityResult deleteResult = await _userManager.DeleteAsync(user);
returnUrl += $"?error=true";
return(returnUrl, requestId);
}
}
catch (Exception x)
{
if (x is ArgumentNullException)
{
Log.Error("Empty EAuth response " + x.Message);
returnUrl += $"?error=true";
return(returnUrl, requestId);
}
Log.Error(x, "Error parsing EAuth response on register");
//cannot parse EAuth response
returnUrl += $"?error=true";
return(returnUrl, requestId);
}
}
