private ApplicationUser CreateUser(string username, string password, NovellUser novellUser, ApplicationUserManager userManager)
{
//замена внешних ключей из одной таблицы в другую ... :)
bool dbResult = false;
using (ApplicationDbContext db = new ApplicationDbContext())
{
dbResult = db.CreateHoldingUser(username, password);
if (!dbResult)
{
throw new FailedDatabaseConnectionException("Cannot create database login");
}
}
ApplicationUser user = CreateEmployeeApplicationUser(userManager, username, password, novellUser.Attributes["mail"][0]);
userManager.AddToRole(user.Id, "Personnel");
bool rightsResult = false;
using (ApplicationDbContext db = new ApplicationDbContext())
{
rightsResult = db.GrantStandardRightsToPersonnel(user.Id);
}
if (!rightsResult)
{
throw new FailedDatabaseConnectionException("Cannot create user rights");
}
return(user);
}
/// <summary>
/// First - NovellProvider, then OAuth Provider
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
try
{
NovellUser novelleDirectoryUser = novell.Connect(context.UserName.Trim(), context.Password.Trim());
ApplicationUser applicationUser = userManager.Find(context.UserName.Trim(), context.Password.Trim());
//Особенности нашего обращения с Novell, ничего не попишешь
if (applicationUser == null)
{
//на случай, если пароль поменяли
applicationUser = await ChangePassword(context.UserName.Trim(), context.Password.Trim(), userManager);
}
if (applicationUser == null)
{
//если человек есть в Novell eDirectory, но нет в AspNetUSers
applicationUser = CreateUser(context.UserName.Trim(), context.Password.Trim(), novelleDirectoryUser, userManager);
}
if (!novelleDirectoryUser.IsAlien)
{
NovellGroupWisePostOfficeConnection postOfficeConnection = novellGroupWise.Connect(context.UserName.Trim(), context.Password.Trim());
applicationUser.PostOfficeAddress = postOfficeConnection.PostOffice;
applicationUser.GroupWiseSessionId = postOfficeConnection.SessionId;
}
ClaimsIdentity oAuthIdentity = await applicationUser.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await applicationUser.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(applicationUser.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
catch (NovellGroupWiseException ngwe)
{
context.SetError("invalid_grant", "Username or password is incorrect");
context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() });
}
catch (NovelleDirectoryException nede)
{
//если человека нет в Novell - это и только это показатель того, что его никуда не надо пускать
context.SetError("invalid_grant", "Username or password is incorrect");
context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() });
return;
}
catch (FailedDatabaseConnectionException fdce)
{
context.SetError("invalid_grant", fdce.Message);
context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() });
}
catch (Exception e)
{
context.SetError("invalid_grant", e.Message);
context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() });
}
}
