public override async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
var user = await _userManager.FindByNameAsync(context.UserName);
if (user == default(TUser) &&
_ldapService.Authenticate(context.UserName, context.Password))
{
var ldapUser = _ldapService.GetUserByUserName(context.UserName);
if (ldapUser != null)
{
var newUser = new TUser()
{
UserName = ldapUser.UserName,
Email = ldapUser.Email,
EmailConfirmed = true,
PhoneNumber = ldapUser.Phone,
PhoneNumberConfirmed = true
};
var createResult = await _userManager.CreateAsync(newUser, context.Password);
if (!createResult.Succeeded)
{
await _events.RaiseAsync(new UserLoginFailureEvent(context.UserName,
string.Join(';', createResult.Errors.SelectMany(r => r.Description))));
}
}
}
await base.ValidateAsync(context);
}
public async Task <IActionResult> Login(LoginInputModel model, string button)
{
// check if we are in the context of an authorization request
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
// the user clicked the "cancel" button
if (button != "login")
{
if (context != null)
{
// if the user cancels, send a result back into IdentityServer as if they
// denied the consent (even if this client does not require consent).
// this will send back an access denied OIDC error response to the client.
await _interaction.GrantConsentAsync(context, ConsentResponse.Denied);
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return(View("Redirect", new RedirectViewModel {
RedirectUrl = model.ReturnUrl
}));
}
return(Redirect(model.ReturnUrl));
}
// since we don't have a valid context, then we just go back to the home page
return(Redirect("~/"));
}
if (ModelState.IsValid)
{
var user = await _userResolver.GetUserAsync(model.Username);
if (user == default(TUser))
{
if (_ldapService.Authenticate(model.Username, model.Password))
{
var ldapUser = _ldapService.GetUserByUserName(model.Username);
if (ldapUser != null)
{
var newUser = new TUser()
{
UserName = ldapUser.UserName,
Email = ldapUser.Email,
EmailConfirmed = true,
PhoneNumber = ldapUser.Phone,
PhoneNumberConfirmed = true
};
var createResult = await _userManager.CreateAsync(newUser, model.Password);
if (createResult.Succeeded)
{
user = newUser;
}
else
{
await _events.RaiseAsync(new UserLoginFailureEvent(model.Username,
string.Join(';', createResult.Errors.SelectMany(r => r.Description))));
}
}
}
}
if (user != default(TUser))
{
var result = await _signInManager.PasswordSignInAsync(user.UserName, model.Password, model.RememberLogin, lockoutOnFailure : true);
if (result.Succeeded)
{
await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id.ToString(), user.UserName));
if (context != null)
{
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return(View("Redirect", new RedirectViewModel {
RedirectUrl = model.ReturnUrl
}));
}
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
return(Redirect(model.ReturnUrl));
}
// request for a local page
if (Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
if (string.IsNullOrEmpty(model.ReturnUrl))
{
return(Redirect("~/"));
}
// user might have clicked on a malicious link - should be logged
throw new Exception("invalid return URL");
}
if (result.RequiresTwoFactor)
{
return(RedirectToAction(nameof(LoginWith2fa), new { model.ReturnUrl, RememberMe = model.RememberLogin }));
}
if (result.IsLockedOut)
{
return(View("Lockout"));
}
}
await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials"));
ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage);
}
// something went wrong, show form with error
var vm = await BuildLoginViewModelAsync(model);
return(View(vm));
}
public IActionResult SignIn(SignInViewModel model, string returnUrl)
{
if (!_authenticationPluginManager
.IsPluginActive("ExternalAuth.NovellActiveDirectory", _workContext.CurrentCustomer, _storeContext.CurrentStore.Id))
{
throw new NopException("Novell Active Directory authentication module cannot be loaded");
}
if (string.IsNullOrEmpty(_novellActiveDirectoryExternalAuthSettings.LdapPath))
{
throw new NopException("Novell Active Directory authentication module not configured");
}
IActionResult result;
if (string.IsNullOrEmpty(model.AdUserName))
{
ExternalAuthorizerHelper.AddErrorsToDisplay(_localizationService.GetResource("Plugins.ExternalAuth.NovellActiveDirectory.WindowsUserNotAvailable"));
result = new RedirectToActionResult("Login", "Customer", (!string.IsNullOrEmpty(returnUrl)) ? new
{
ReturnUrl = returnUrl
} : null);
}
else
{
LdapUser ldapUser;
try
{
ldapUser = _ldapService.GetUserByUserName(model.AdUserName);
if (null == ldapUser)
{
ExternalAuthorizerHelper.AddErrorsToDisplay(_localizationService.GetResource("Plugins.ExternalAuth.NovellActiveDirectory.UserNotFound"));
return(new RedirectToActionResult("Login", "Customer", (!string.IsNullOrEmpty(returnUrl)) ? new
{
ReturnUrl = returnUrl
} : null));
}
}
catch (Exception e)
{
ExternalAuthorizerHelper.AddErrorsToDisplay(_localizationService.GetResource("Plugins.ExternalAuth.NovellActiveDirectory.LdapError : " + e));
return(new RedirectToActionResult("Login", "Customer", (!string.IsNullOrEmpty(returnUrl)) ? new
{
ReturnUrl = returnUrl
} : null));
}
try
{
bool flag6 = _ldapService.Authenticate(ldapUser.DistinguishedName, model.AdPassword);
if (flag6)
{
ExternalAuthenticationParameters authenticationParameters = new ExternalAuthenticationParameters
{
ProviderSystemName = "ExternalAuth.NovellActiveDirectory",
AccessToken = Guid.NewGuid().ToString(),
Email = ldapUser.Email,
ExternalIdentifier = ldapUser.Email,
ExternalDisplayIdentifier = ldapUser.Email
};
return(_externalAuthenticationService.Authenticate(authenticationParameters, returnUrl));
}
}
catch (Exception e)
{
ExternalAuthorizerHelper.AddErrorsToDisplay(_localizationService.GetResource("Plugins.ExternalAuth.NovellActiveDirectory.LdapError : " + "auth " + e));
return(new RedirectToActionResult("Login", "Customer", (!string.IsNullOrEmpty(returnUrl)) ? new
{
ReturnUrl = returnUrl
} : null));
}
}
ExternalAuthorizerHelper.AddErrorsToDisplay(
_localizationService.GetResource("Plugins.ExternalAuth.NovellActiveDirectory.LdapError"));
result = new RedirectToActionResult("Login", "Customer",
(!string.IsNullOrEmpty(returnUrl)) ? new { ReturnUrl = returnUrl } : null);
return(result);
}
