private async Task <IActionResult> StartChangePassword(string email, LoginUpSequenceData sequenceData) { sequenceData.Email = email; await sequenceLogic.SaveSequenceDataAsync(sequenceData); return(new RedirectResult($"{Constants.Endpoints.ChangePassword}/_{SequenceString}")); }
private bool ValidSessionUpAgainstSequence(LoginUpSequenceData sequenceData, SessionLoginUpPartyCookie session, bool requereMfa = false) { if (session == null) { return(false); } if (sequenceData.MaxAge.HasValue && DateTimeOffset.UtcNow.ToUnixTimeSeconds() - session.CreateTime > sequenceData.MaxAge.Value) { logger.ScopeTrace(() => $"Session max age not accepted, Max age '{sequenceData.MaxAge}', Session created '{session.CreateTime}'."); return(false); } if (!sequenceData.UserId.IsNullOrWhiteSpace() && !session.UserId.Equals(sequenceData.UserId, StringComparison.OrdinalIgnoreCase)) { logger.ScopeTrace(() => "Session user and requested user do not match."); return(false); } if (requereMfa && !(session.Claims?.Where(c => c.Claim == JwtClaimTypes.Amr && c.Values.Where(v => v == IdentityConstants.AuthenticationMethodReferenceValues.Mfa).Any())?.Count() > 0)) { logger.ScopeTrace(() => "Session does not meet the MFA requirement."); return(false); } return(true); }
private async Task <IActionResult> LogoutResponse(LoginUpParty loginUpParty, LoginUpSequenceData sequenceData, LogoutChoice logoutChoice, SessionLoginUpPartyCookie session = null) { if (logoutChoice == LogoutChoice.Logout) { await oauthRefreshTokenGrantLogic.DeleteRefreshTokenGrantsAsync(sequenceData.SessionId); if (loginUpParty.DisableSingleLogout) { await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>(); return(await LogoutDoneAsync(loginUpParty, sequenceData)); } else { (var doSingleLogout, var singleLogoutSequenceData) = await singleLogoutDownLogic.InitializeSingleLogoutAsync(new UpPartyLink { Name = loginUpParty.Name, Type = loginUpParty.Type }, sequenceData.DownPartyLink, session?.DownPartyLinks, session?.Claims); if (doSingleLogout) { return(await singleLogoutDownLogic.StartSingleLogoutAsync(singleLogoutSequenceData)); } else { await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>(); return(await LogoutDoneAsync(loginUpParty, sequenceData)); } } } else if (logoutChoice == LogoutChoice.KeepMeLoggedIn) { await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>(); if (sequenceData.PostLogoutRedirect) { return(await logoutUpLogic.LogoutResponseAsync(sequenceData)); } else { logger.ScopeTrace("Show logged in dialog."); return(View("LoggedIn", new LoggedInViewModel { CssStyle = loginUpParty.CssStyle })); } } else { throw new NotImplementedException(); } }
public bool GetRequereMfa(User user, LoginUpParty loginUpParty, LoginUpSequenceData sequenceData) { if (user.RequireMultiFactor) { return(true); } else if (loginUpParty.RequireTwoFactor) { return(true); } else if (sequenceData.Acr?.Where(v => v.Equals(Constants.Oidc.Acr.Mfa, StringComparison.Ordinal))?.Count() > 0) { return(true); } return(false); }
public async Task <IActionResult> LogoutResponseAsync(LoginUpSequenceData sequenceData) { logger.ScopeTrace(() => "Down, Logout response."); logger.SetScopeProperty(Constants.Logs.UpPartyId, sequenceData.UpPartyId); logger.ScopeTrace(() => $"Response, Down type {sequenceData.DownPartyLink.Type}."); switch (sequenceData.DownPartyLink.Type) { case PartyTypes.OAuth2: throw new NotImplementedException(); case PartyTypes.Oidc: return(await serviceProvider.GetService <OidcRpInitiatedLogoutDownLogic <OidcDownParty, OidcDownClient, OidcDownScope, OidcDownClaim> >().EndSessionResponseAsync(sequenceData.DownPartyLink.Id)); case PartyTypes.Saml2: return(await serviceProvider.GetService <SamlLogoutDownLogic>().LogoutResponseAsync(sequenceData.DownPartyLink.Id, sessionIndex: sequenceData.SessionId)); default: throw new NotSupportedException(); } }
private bool ValidSession(LoginUpSequenceData sequenceData, SessionLoginUpPartyCookie session) { if (session == null) { return(false); } if (sequenceData.MaxAge.HasValue && DateTimeOffset.UtcNow.ToUnixTimeSeconds() - session.CreateTime > sequenceData.MaxAge.Value) { logger.ScopeTrace($"Session max age not accepted, Max age '{sequenceData.MaxAge}', Session created '{session.CreateTime}'."); return(false); } if (!sequenceData.UserId.IsNullOrWhiteSpace() && !session.UserId.Equals(sequenceData.UserId, StringComparison.OrdinalIgnoreCase)) { logger.ScopeTrace("Session user and requested user do not match."); return(false); } return(true); }
public async Task <IActionResult> LoginResponseErrorAsync(LoginUpSequenceData sequenceData, LoginSequenceError error, string errorDescription = null) { logger.ScopeTrace(() => "Login error response."); await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>(); logger.SetScopeProperty(Constants.Logs.UpPartyId, sequenceData.UpPartyId); logger.ScopeTrace(() => $"Response, Down type '{sequenceData.DownPartyLink.Type}'."); switch (sequenceData.DownPartyLink.Type) { case PartyTypes.OAuth2: throw new NotImplementedException(); case PartyTypes.Oidc: return(await serviceProvider.GetService <OidcAuthDownLogic <OidcDownParty, OidcDownClient, OidcDownScope, OidcDownClaim> >().AuthenticationResponseErrorAsync(sequenceData.DownPartyLink.Id, ErrorToOAuth2OidcString(error), errorDescription)); case PartyTypes.Saml2: return(await serviceProvider.GetService <SamlAuthnDownLogic>().AuthnResponseAsync(sequenceData.DownPartyLink.Id, status: ErrorToSamlStatus(error))); default: throw new NotSupportedException($"Party type '{sequenceData.DownPartyLink.Type}' not supported."); } }
private async Task <IActionResult> LogoutDoneAsync(LoginUpParty loginUpParty, LoginUpSequenceData sequenceData) { if (sequenceData.PostLogoutRedirect) { return(await logoutUpLogic.LogoutResponseAsync(sequenceData)); } else { loginUpParty = loginUpParty ?? await tenantRepository.GetAsync <LoginUpParty>(sequenceData.UpPartyId); logger.ScopeTrace("Show logged out dialog."); return(View("loggedOut", new LoggedOutViewModel { CssStyle = loginUpParty.CssStyle })); } }
private DownPartySessionLink GetDownPartyLink(UpParty upParty, LoginUpSequenceData sequenceData) => upParty.DisableSingleLogout ? null : sequenceData.DownPartyLink;
private async Task <IActionResult> LogoutDoneAsync(LoginUpParty loginUpParty, LoginUpSequenceData sequenceData) { if (sequenceData.PostLogoutRedirect) { return(await logoutUpLogic.LogoutResponseAsync(sequenceData)); } else { loginUpParty = loginUpParty ?? await tenantRepository.GetAsync <LoginUpParty>(sequenceData.UpPartyId); securityHeaderLogic.AddImgSrc(loginUpParty.IconUrl); securityHeaderLogic.AddImgSrcFromCss(loginUpParty.Css); logger.ScopeTrace(() => "Show logged out dialog."); return(View("loggedOut", new LoggedOutViewModel { Title = loginUpParty.Title, IconUrl = loginUpParty.IconUrl, Css = loginUpParty.Css })); } }