protected override async Task <bool> PostJsonAsync(IOwinEnvironment context, IClient client, ContentType bodyContentType, CancellationToken cancellationToken) { var model = await PostBodyParser.ToModel <LoginPostModel>(context, bodyContentType, _logger, cancellationToken); if (model.ProviderData != null) { return(await HandleSocialLogin(context, client, model, cancellationToken)); } var jsonErrorHandler = new Func <string, CancellationToken, Task>((message, ct) => Error.Create(context, new BadRequest(message), ct)); bool missingLoginOrPassword = string.IsNullOrEmpty(model.Login) || string.IsNullOrEmpty(model.Password); if (missingLoginOrPassword) { await jsonErrorHandler("Missing login or password.", cancellationToken); return(true); } var application = await client.GetApplicationAsync(_configuration.Application.Href, cancellationToken); var executor = new LoginExecutor(client, _configuration, _handlers, _logger); var grantResult = await executor.PasswordGrantAsync( context, application, jsonErrorHandler, model.Login, model.Password, cancellationToken); if (grantResult == null) { return(true); // The error handler was invoked } await executor.HandlePostLoginAsync(context, grantResult, cancellationToken); var token = await grantResult.GetAccessTokenAsync(cancellationToken); var account = await token.GetAccountAsync(cancellationToken); var sanitizer = new AccountResponseSanitizer(); var responseModel = new { account = sanitizer.Sanitize(account) }; return(await JsonResponse.Ok(context, responseModel)); }
private async Task <bool> LoginAndRedirectAsync( IOwinEnvironment context, IClient client, IOauthGrantAuthenticationResult grantResult, string nextPath, CancellationToken cancellationToken) { var executor = new LoginExecutor(client, _configuration, _handlers, _logger); await executor.HandlePostLoginAsync(context, grantResult, cancellationToken); await executor.HandleRedirectAsync(context, nextPath); return(true); }
private async Task <bool> LoginAndRedirectAsync( IOwinEnvironment context, IClient client, IOauthGrantAuthenticationResult grantResult, bool isNewAccount, string nextPath, CancellationToken cancellationToken) { var executor = new LoginExecutor(client, _configuration, _handlers, _logger); await executor.HandlePostLoginAsync(context, grantResult, cancellationToken); var defaultNextPath = isNewAccount ? _configuration.Web.Register.NextUri : _configuration.Web.Login.NextUri; return(await executor.HandleRedirectAsync(context, nextPath, defaultNextPath)); }
private async Task <bool> ExecutePasswordFlow(IOwinEnvironment context, IClient client, string username, string password, CancellationToken cancellationToken) { var executor = new LoginExecutor(client, _configuration, _handlers, _logger); var application = await client.GetApplicationAsync(_configuration.Application.Href, cancellationToken); var jsonErrorHandler = new Func <string, CancellationToken, Task>((message, ct) => Error.Create(context, new BadRequest(message), ct)); var grantResult = await executor.PasswordGrantAsync( context, application, jsonErrorHandler, username, password, cancellationToken); await executor.HandlePostLoginAsync(context, grantResult, cancellationToken); var sanitizer = new GrantResultResponseSanitizer(); return(await JsonResponse.Ok(context, sanitizer.SanitizeResponseWithRefreshToken(grantResult)).ConfigureAwait(false)); }
private async Task <bool> ExecuteClientCredentialsFlow(IOwinEnvironment context, IClient client, CancellationToken cancellationToken) { var jsonErrorHandler = new Func <AbstractError, CancellationToken, Task>((err, ct) => Error.Create(context, err, ct)); var basicHeaderParser = new BasicAuthenticationParser(context.Request.Headers.GetString("Authorization"), _logger); if (!basicHeaderParser.IsValid) { await jsonErrorHandler(new OauthInvalidRequest(), cancellationToken); return(true); } var executor = new LoginExecutor(client, _configuration, _handlers, _logger); var application = await client .GetApplicationAsync(_configuration.Application.Href, cancellationToken) .ConfigureAwait(false); var tokenResult = await executor.ClientCredentialsGrantAsync( context, application, jsonErrorHandler, basicHeaderParser.Username, basicHeaderParser.Password, cancellationToken); if (tokenResult == null) { return(true); // Some error occurred and the handler was invoked } await executor.HandlePostLoginAsync(context, tokenResult, cancellationToken); var sanitizer = new GrantResultResponseSanitizer(); return(await JsonResponse.Ok(context, sanitizer.SanitizeResponseWithoutRefreshToken(tokenResult)).ConfigureAwait(false)); }
protected override async Task <bool> PostHtmlAsync(IOwinEnvironment context, IClient client, ContentType bodyContentType, CancellationToken cancellationToken) { var body = await context.Request.GetBodyAsStringAsync(cancellationToken); var model = PostBodyParser.ToModel <LoginPostModel>(body, bodyContentType, _logger); var formData = FormContentParser.Parse(body, _logger); var htmlErrorHandler = new Func <string, CancellationToken, Task>((message, ct) => { var queryString = QueryStringParser.Parse(context.Request.QueryString, _logger); return(RenderLoginViewAsync( client, context, cancellationToken, queryString, formData, errors: new[] { message })); }); var stateToken = formData.GetString(StringConstants.StateTokenName); var parsedStateToken = new StateTokenParser(client, _configuration.Client.ApiKey, stateToken, _logger); if (!parsedStateToken.Valid) { await htmlErrorHandler("An error occurred. Please try again.", cancellationToken); return(true); } bool missingLoginOrPassword = string.IsNullOrEmpty(model.Login) || string.IsNullOrEmpty(model.Password); if (missingLoginOrPassword) { await htmlErrorHandler("The login and password fields are required.", cancellationToken); return(true); } var application = await client.GetApplicationAsync(_configuration.Application.Href, cancellationToken); var executor = new LoginExecutor(client, _configuration, _handlers, _logger); try { var grantResult = await executor.PasswordGrantAsync( context, application, htmlErrorHandler, model.Login, model.Password, cancellationToken); if (grantResult == null) { return(true); // The error handler was invoked } await executor.HandlePostLoginAsync(context, grantResult, cancellationToken); } catch (ResourceException rex) { await htmlErrorHandler(rex.Message, cancellationToken); return(true); } var nextUri = parsedStateToken.Path; // Might be null return(await executor.HandleRedirectAsync(context, nextUri)); }