private async Task <IActionResult> StartChangePassword(string email, LoginUpSequenceData sequenceData)
{
sequenceData.Email = email;
await sequenceLogic.SaveSequenceDataAsync(sequenceData);
return(new RedirectResult($"{Constants.Endpoints.ChangePassword}/_{SequenceString}"));
}
private bool ValidSessionUpAgainstSequence(LoginUpSequenceData sequenceData, SessionLoginUpPartyCookie session, bool requereMfa = false)
{
if (session == null)
{
return(false);
}
if (sequenceData.MaxAge.HasValue && DateTimeOffset.UtcNow.ToUnixTimeSeconds() - session.CreateTime > sequenceData.MaxAge.Value)
{
logger.ScopeTrace(() => $"Session max age not accepted, Max age '{sequenceData.MaxAge}', Session created '{session.CreateTime}'.");
return(false);
}
if (!sequenceData.UserId.IsNullOrWhiteSpace() && !session.UserId.Equals(sequenceData.UserId, StringComparison.OrdinalIgnoreCase))
{
logger.ScopeTrace(() => "Session user and requested user do not match.");
return(false);
}
if (requereMfa && !(session.Claims?.Where(c => c.Claim == JwtClaimTypes.Amr && c.Values.Where(v => v == IdentityConstants.AuthenticationMethodReferenceValues.Mfa).Any())?.Count() > 0))
{
logger.ScopeTrace(() => "Session does not meet the MFA requirement.");
return(false);
}
return(true);
}
private async Task <IActionResult> LogoutResponse(LoginUpParty loginUpParty, LoginUpSequenceData sequenceData, LogoutChoice logoutChoice, SessionLoginUpPartyCookie session = null)
{
if (logoutChoice == LogoutChoice.Logout)
{
await oauthRefreshTokenGrantLogic.DeleteRefreshTokenGrantsAsync(sequenceData.SessionId);
if (loginUpParty.DisableSingleLogout)
{
await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>();
return(await LogoutDoneAsync(loginUpParty, sequenceData));
}
else
{
(var doSingleLogout, var singleLogoutSequenceData) = await singleLogoutDownLogic.InitializeSingleLogoutAsync(new UpPartyLink { Name = loginUpParty.Name, Type = loginUpParty.Type }, sequenceData.DownPartyLink, session?.DownPartyLinks, session?.Claims);
if (doSingleLogout)
{
return(await singleLogoutDownLogic.StartSingleLogoutAsync(singleLogoutSequenceData));
}
else
{
await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>();
return(await LogoutDoneAsync(loginUpParty, sequenceData));
}
}
}
else if (logoutChoice == LogoutChoice.KeepMeLoggedIn)
{
await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>();
if (sequenceData.PostLogoutRedirect)
{
return(await logoutUpLogic.LogoutResponseAsync(sequenceData));
}
else
{
logger.ScopeTrace("Show logged in dialog.");
return(View("LoggedIn", new LoggedInViewModel {
CssStyle = loginUpParty.CssStyle
}));
}
}
else
{
throw new NotImplementedException();
}
}
public bool GetRequereMfa(User user, LoginUpParty loginUpParty, LoginUpSequenceData sequenceData)
{
if (user.RequireMultiFactor)
{
return(true);
}
else if (loginUpParty.RequireTwoFactor)
{
return(true);
}
else if (sequenceData.Acr?.Where(v => v.Equals(Constants.Oidc.Acr.Mfa, StringComparison.Ordinal))?.Count() > 0)
{
return(true);
}
return(false);
}
public async Task <IActionResult> LogoutResponseAsync(LoginUpSequenceData sequenceData)
{
logger.ScopeTrace(() => "Down, Logout response.");
logger.SetScopeProperty(Constants.Logs.UpPartyId, sequenceData.UpPartyId);
logger.ScopeTrace(() => $"Response, Down type {sequenceData.DownPartyLink.Type}.");
switch (sequenceData.DownPartyLink.Type)
{
case PartyTypes.OAuth2:
throw new NotImplementedException();
case PartyTypes.Oidc:
return(await serviceProvider.GetService <OidcRpInitiatedLogoutDownLogic <OidcDownParty, OidcDownClient, OidcDownScope, OidcDownClaim> >().EndSessionResponseAsync(sequenceData.DownPartyLink.Id));
case PartyTypes.Saml2:
return(await serviceProvider.GetService <SamlLogoutDownLogic>().LogoutResponseAsync(sequenceData.DownPartyLink.Id, sessionIndex: sequenceData.SessionId));
default:
throw new NotSupportedException();
}
}
private bool ValidSession(LoginUpSequenceData sequenceData, SessionLoginUpPartyCookie session)
{
if (session == null)
{
return(false);
}
if (sequenceData.MaxAge.HasValue && DateTimeOffset.UtcNow.ToUnixTimeSeconds() - session.CreateTime > sequenceData.MaxAge.Value)
{
logger.ScopeTrace($"Session max age not accepted, Max age '{sequenceData.MaxAge}', Session created '{session.CreateTime}'.");
return(false);
}
if (!sequenceData.UserId.IsNullOrWhiteSpace() && !session.UserId.Equals(sequenceData.UserId, StringComparison.OrdinalIgnoreCase))
{
logger.ScopeTrace("Session user and requested user do not match.");
return(false);
}
return(true);
}
public async Task <IActionResult> LoginResponseErrorAsync(LoginUpSequenceData sequenceData, LoginSequenceError error, string errorDescription = null)
{
logger.ScopeTrace(() => "Login error response.");
await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>();
logger.SetScopeProperty(Constants.Logs.UpPartyId, sequenceData.UpPartyId);
logger.ScopeTrace(() => $"Response, Down type '{sequenceData.DownPartyLink.Type}'.");
switch (sequenceData.DownPartyLink.Type)
{
case PartyTypes.OAuth2:
throw new NotImplementedException();
case PartyTypes.Oidc:
return(await serviceProvider.GetService <OidcAuthDownLogic <OidcDownParty, OidcDownClient, OidcDownScope, OidcDownClaim> >().AuthenticationResponseErrorAsync(sequenceData.DownPartyLink.Id, ErrorToOAuth2OidcString(error), errorDescription));
case PartyTypes.Saml2:
return(await serviceProvider.GetService <SamlAuthnDownLogic>().AuthnResponseAsync(sequenceData.DownPartyLink.Id, status: ErrorToSamlStatus(error)));
default:
throw new NotSupportedException($"Party type '{sequenceData.DownPartyLink.Type}' not supported.");
}
}
private async Task <IActionResult> LogoutDoneAsync(LoginUpParty loginUpParty, LoginUpSequenceData sequenceData)
{
if (sequenceData.PostLogoutRedirect)
{
return(await logoutUpLogic.LogoutResponseAsync(sequenceData));
}
else
{
loginUpParty = loginUpParty ?? await tenantRepository.GetAsync <LoginUpParty>(sequenceData.UpPartyId);
logger.ScopeTrace("Show logged out dialog.");
return(View("loggedOut", new LoggedOutViewModel {
CssStyle = loginUpParty.CssStyle
}));
}
}
private DownPartySessionLink GetDownPartyLink(UpParty upParty, LoginUpSequenceData sequenceData) => upParty.DisableSingleLogout ? null : sequenceData.DownPartyLink;
private async Task <IActionResult> LogoutDoneAsync(LoginUpParty loginUpParty, LoginUpSequenceData sequenceData)
{
if (sequenceData.PostLogoutRedirect)
{
return(await logoutUpLogic.LogoutResponseAsync(sequenceData));
}
else
{
loginUpParty = loginUpParty ?? await tenantRepository.GetAsync <LoginUpParty>(sequenceData.UpPartyId);
securityHeaderLogic.AddImgSrc(loginUpParty.IconUrl);
securityHeaderLogic.AddImgSrcFromCss(loginUpParty.Css);
logger.ScopeTrace(() => "Show logged out dialog.");
return(View("loggedOut", new LoggedOutViewModel {
Title = loginUpParty.Title, IconUrl = loginUpParty.IconUrl, Css = loginUpParty.Css
}));
}
}
