public IUser CreateUser(OpenAuthCreateUserParams createUserParams) { string emailAddress = string.Empty; if (createUserParams.UserName.IsEmailAddress()) { emailAddress = createUserParams.UserName; } else { foreach (var key in createUserParams.ExtraData.Keys) { switch (key.ToLower()) { case "mail": case "email": case "e-mail": case "email-address": emailAddress = createUserParams.ExtraData[key]; break; } } } createUserParams.UserName = _usernameService.Normalize(createUserParams.UserName); var creatingContext = new CreatingOpenAuthUserContext( createUserParams.UserName, emailAddress, createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData); _openAuthUserEventHandlers.Invoke(o => o.Creating(creatingContext), Logger); // check UserName if (String.IsNullOrEmpty(createUserParams.UserName)) { return(null); } else { // The default IMemebershipService from Orchard.Users fires the following user events: // Creating, Created, and Approved (see the last parameter of the CreateUserParams) var createdUser = _membershipService.CreateUser(new CreateUserParams( _usernameService.Calculate(createUserParams.UserName), // this tries to make a unique username by adding a number to its end _passwordGeneratorService.Generate(), creatingContext.EmailAddress, @T("Auto Registered User").Text, _passwordGeneratorService.Generate() /* Noone can guess this */, true, false )); // _membershipService.CreateUser may fail and return null if (createdUser != null) { var createdContext = new CreatedOpenAuthUserContext(createdUser, createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData); _openAuthUserEventHandlers.Invoke(o => o.Created(createdContext), Logger); } return(createdUser); } }
public IUser CreateUser(OpenAuthCreateUserParams createUserParams) { string emailAddress = string.Empty; if (createUserParams.UserName.IsEmailAddress()) { emailAddress = createUserParams.UserName; } var creatingContext = new CreatingOpenAuthUserContext(createUserParams.UserName, emailAddress, createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData); _openAuthUserEventHandlers.Invoke(o => o.Creating(creatingContext), Logger); var createdUser = _membershipService.CreateUser(new CreateUserParams( _usernameService.Calculate(createUserParams.UserName), _passwordGeneratorService.Generate(), creatingContext.EmailAddress, @T("Auto Registered User").Text, _passwordGeneratorService.Generate() /* Noone can guess this */, true )); var createdContext = new CreatedOpenAuthUserContext(createdUser, createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData); _openAuthUserEventHandlers.Invoke(o => o.Created(createdContext), Logger); return(createdUser); }
public OpenAuthCreateUserParams NormalizeData(OpenAuthCreateUserParams createUserParams) { OpenAuthCreateUserParams retVal = createUserParams; string emailAddress = string.Empty; foreach (KeyValuePair <string, string> values in createUserParams.ExtraData) { if (values.Key == "mail") { retVal.UserName = values.Value.IsEmailAddress() ? values.Value.Substring(0, values.Value.IndexOf('@')) : values.Value; } } return(retVal); }
public OpenAuthCreateUserParams NormalizeData(string providerName, OpenAuthCreateUserParams userData) { Argument.ThrowIfNullOrEmpty(providerName, "providerName"); // Do we have a configuration? var clientConfiguration = _providerConfigurationService.Get(providerName); if (clientConfiguration == null) { return(null); } // Is this a known internal client var client = _openAuthAuthenticationClients .SingleOrDefault(o => o.ProviderName.Equals(providerName, StringComparison.OrdinalIgnoreCase)); return(client.NormalizeData(userData)); }
public OpenAuthTemporaryUser CreateTemporaryUser(OpenAuthCreateUserParams createUserParams) { string emailAddress = string.Empty; string userName = _usernameService.Normalize(createUserParams.UserName); if (createUserParams.UserName.IsEmailAddress()) { emailAddress = createUserParams.UserName; } else { foreach (var key in createUserParams.ExtraData.Keys) { switch (key.ToLower()) { case "mail": case "email": case "e-mail": case "email-address": emailAddress = createUserParams.ExtraData[key]; break; } } } if (string.IsNullOrWhiteSpace(emailAddress) || string.IsNullOrWhiteSpace(userName)) { return(null); } return(new OpenAuthTemporaryUser { Email = emailAddress, UserName = _usernameService.Calculate(_usernameService.Normalize(createUserParams.UserName)), Provider = createUserParams.ProviderName, ProviderUserId = createUserParams.ProviderUserId }); }
private ActionResult OAuthRegister( AuthenticationResult result, string returnUrl, Func <AuthenticationResult, IUser, ActionResult> successDelegate, Func <AuthenticationResult, IUser, ActionResult> failDelegate, bool createPersistentCookie = false) { var createUserParams = new OpenAuthCreateUserParams(result.UserName, result.Provider, result.ProviderUserId, result.ExtraData); createUserParams = _openAuthClientProvider.NormalizeData(result.Provider, createUserParams); // Creating the user here calls the IMembershipService, that will take care of invoking the user events var newUser = _openAuthMembershipServices.CreateUser(createUserParams); // newUser may be null here, if creation of a new user fails. // TODO: we should elsewhere add an UserEventHandler that in the Creating event handles the case where // here we are trying to create a user with the same Username or Email as an existing one. That would simply // use IUserService.VerifyUnicity(username, email) if (newUser != null) { // CreateOrUpdateAccount causes specific OpenAuth events to fire _orchardOpenAuthWebSecurity.CreateOrUpdateAccount(result.Provider, result.ProviderUserId, newUser, result.ExtraData); // The default implementation of IOpendAuthMembershipService creates an approved user. // The events specific to open auth give points to attach handlers where the UserProviderRecord // is populated correctly. _authenticationService.SignIn(newUser, createPersistentCookie); return(successDelegate(result, newUser)); } // if newUser == null, just go ahead and return the "Login Failed" Response return(failDelegate(result, newUser)); }
public IUser CreateUser(OpenAuthCreateUserParams createUserParams) { string emailAddress = string.Empty; if (createUserParams.UserName.IsEmailAddress()) { emailAddress = createUserParams.UserName; } var creatingContext = new CreatingOpenAuthUserContext(createUserParams.UserName, emailAddress, createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData); _openAuthUserEventHandlers.Invoke(o => o.Creating(creatingContext), Logger); var createdUser = _membershipService.CreateUser(new CreateUserParams( _usernameService.Calculate(createUserParams.UserName), _passwordGeneratorService.Generate(), creatingContext.EmailAddress, @T("Auto Registered User").Text, _passwordGeneratorService.Generate() /* Noone can guess this */, true )); var createdContext = new CreatedOpenAuthUserContext(createdUser, createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData); _openAuthUserEventHandlers.Invoke(o => o.Created(createdContext), Logger); return createdUser; }
public ActionResult ExternalLogOn(string returnUrl, bool createPersistentCookie = false) { AuthenticationResult result = _orchardOpenAuthWebSecurity.VerifyAuthentication(Url.OpenAuthLogOn(returnUrl)); if (!result.IsSuccessful) { _notifier.Error(T("Your authentication request failed.")); return(new RedirectResult(Url.LogOn(returnUrl))); } if (_orchardOpenAuthWebSecurity.Login(result.Provider, result.ProviderUserId)) { _notifier.Information(T("You have been logged using your {0} account.", result.Provider)); return(this.RedirectLocal(returnUrl)); } // At this point, login using the OpenAuth provider failed, meaning that we could not find a match // between the information from the provider and Orchard's users. // Get additional UserData if (result.ExtraData.ContainsKey("accesstoken")) { result = _openAuthClientProvider.GetUserData(result.Provider, result, result.ExtraData["accesstoken"]); } else { result = _openAuthClientProvider.GetUserData(result.Provider, result, ""); } // _openAuthClientProvider.GetUserData(params) may return null if there is no configuration for a provider // with the given name. if (result == null) { // handle this condition and exit the method _notifier.Error(T("Your authentication request failed.")); return(new RedirectResult(Url.LogOn(returnUrl))); } // _openAuthClientProvider.NormalizeData(params) may return null if there is no configuration for a provider // with the given name. If result != null, that is not the case, because in that condition GetUserData(params) // would return null, and we would have already exited the method. var userParams = _openAuthClientProvider.NormalizeData(result.Provider, new OpenAuthCreateUserParams(result.UserName, result.Provider, result.ProviderUserId, result.ExtraData)); var temporaryUser = _openAuthMembershipServices.CreateTemporaryUser(userParams); // In what condition can GetAuthenticatedUser() not be null? To reach this code, _orchardOpenAuthWebSecurity.Login(params) // must have returned false. That happens if there was no record for the combination Provider/ProviderUserId, or if // GetAuthenticatedUser() returned null in it. In the latter case, it should still return null. The former case means // we are trying to login with an OAuth provider and it's the first time we are calling it for this user, but we are // also already authenticated in some other way. This only makes sense in a situation where, as authenticated users, // we are allowed to add information from OAuth providers to our account: Users/Account/LogOn, if the user is authenticated, // redirects to the homepage, and does not give an option to go and login again using OAuth. var masterUser = _authenticationService.GetAuthenticatedUser() ?? _orchardOpenAuthWebSecurity.GetClosestMergeableKnownUser(temporaryUser); // The authenticated User or depending from settings the first created user with the same e-mail if (masterUser != null) { // If the current user is logged in or settings ask for a user merge and we found a User with the same email // create or merge accounts _orchardOpenAuthWebSecurity.CreateOrUpdateAccount(result.Provider, result.ProviderUserId, masterUser, result.ExtraData); _notifier.Information(T("Your {0} account has been attached to your local account.", result.Provider)); if (_authenticationService.GetAuthenticatedUser() != null) // if the user was already logged in // here masterUser == _authenticationService.GetAuthenticatedUser() { return(this.RedirectLocal(returnUrl)); } } if (_openAuthMembershipServices.CanRegister() && masterUser == null) { // User can register and there is not a user with the same email var createUserParams = new OpenAuthCreateUserParams(result.UserName, result.Provider, result.ProviderUserId, result.ExtraData); createUserParams = _openAuthClientProvider.NormalizeData(result.Provider, createUserParams); // Creating the user here calls the IMembershipService, that will take care of invoking the user events var newUser = _openAuthMembershipServices.CreateUser(createUserParams); // newUser may be null here, if creation of a new user fails. // TODO: we should elsewhere add an UserEventHandler that in the Creating event handles the case where // here we are trying to create a user with the same Username or Email as an existing one. That would simply // use IUserService.VerifyUnicity(username, email). However this may break things for our older tenants. if (newUser != null) { // CreateOrUpdateAccount causes specific OpenAuth events to fire _orchardOpenAuthWebSecurity.CreateOrUpdateAccount(result.Provider, result.ProviderUserId, newUser, result.ExtraData); // The default implementation of IOpendAuthMembershipService creates an approved user. // The events specific to open auth give points to attach handlers where the UserProviderRecord // is populated correctly. // We created the user and are going to sign them in, so we should fire off the related events. // We cannot really invoke the LoggingIn event, because we do not have the password, but we can invoke // the LoggedIn event later. _authenticationService.SignIn(newUser, createPersistentCookie); _notifier.Information( T("You have been logged in using your {0} account. We have created a local account for you with the name '{1}'", result.Provider, newUser.UserName)); _userEventHandler.LoggedIn(newUser); } else { _notifier.Error(T("Your authentication request failed.")); } return(this.RedirectLocal(returnUrl)); } else if (masterUser != null) { _authenticationService.SignIn(masterUser, createPersistentCookie); _userEventHandler.LoggedIn(masterUser); _notifier.Information(T("You have been logged in using your {0} account.", result.Provider)); return(this.RedirectLocal(returnUrl)); } // We are in the case which we cannot creates new accounts, we have no user to merge, the user is not logged in // so we ask to user to login to merge accounts string loginData = _orchardOpenAuthWebSecurity.SerializeProviderUserId(result.Provider, result.ProviderUserId); ViewBag.ProviderDisplayName = _orchardOpenAuthWebSecurity.GetOAuthClientData(result.Provider).DisplayName; ViewBag.ReturnUrl = returnUrl; // the LogOn Helper here is not doing any validaiton on the stuff it's putting in query string, so it // may end up having forbidden character sequences. return(new RedirectResult(Url.LogOn(returnUrl, result.UserName, loginData))); }
protected ContentResult ExternalTokenLogOnLogic(string __provider__, string token, string secret = "", bool createPersistentCookie = false) { // TempDataDictionary registeredServicesData = new TempDataDictionary(); var result = new Response(); try { if (String.IsNullOrWhiteSpace(__provider__) || String.IsNullOrWhiteSpace(token)) { result = _utilsServices.GetResponse(ResponseType.None, "One or more of the required parameters was not provided or was an empty string."); return(_utilsServices.ConvertToJsonResult(result)); } // ricava il return URL così come registrato nella configurazione del provider di OAuth (es. Google) var returnUrl = Url.MakeAbsolute(Url.Action("ExternalLogOn", "Account")); AuthenticationResult dummy = new AuthenticationResult(true); AuthenticationResult authResult = _openAuthClientProvider.GetUserData(__provider__, dummy, token, secret, returnUrl); // authResult may be null if the provider name matches no configured provider if (authResult == null || !authResult.IsSuccessful) { result = _utilsServices.GetResponse(ResponseType.InvalidUser, "Token authentication failed."); return(_utilsServices.ConvertToJsonResult(result)); } else { if (_orchardOpenAuthWebSecurity.Login(authResult.Provider, authResult.ProviderUserId, createPersistentCookie)) { // Login also returns false for disabled users (this used to not be the case) if (HttpContext.Response.Cookies.Count == 0) { // For some reason, SignIn failed to add the authentication cookie to the response result = _utilsServices.GetResponse(ResponseType.None, "Unable to send back a cookie."); return(_utilsServices.ConvertToJsonResult(result)); } else { // The LoggedIn event is already raised in the Login method just before returning true, // so we should not be raising it here as well. return(_utilsServices.ConvertToJsonResult(_utilsServices.GetUserResponse("", _identityProviders))); } } // Login returned false: either the user given by Provider+UserId has never been registered (so we have no // matching username to use), or no user exists in Orchard with that username, or SignIn failed somehow, or // the user is disabled. // _openAuthClientProvider.NormalizeData(params) may return null if there is no configuration for a provider // with the given name. If authResult != null, that is not the case, because in that condition GetUserData(params) // would return null, and we would have already exited the method. var userParams = _openAuthClientProvider.NormalizeData(authResult.Provider, new OpenAuthCreateUserParams(authResult.UserName, authResult.Provider, authResult.ProviderUserId, authResult.ExtraData)); var temporaryUser = _openAuthMembershipServices.CreateTemporaryUser(userParams); // This is an attempt to login using an OAuth provider. The call to .Login(params) returned false. In an actual // login there is no reason why GetAuthenticatedUser() should return a user, unless we are in a situation where, // as authenticated users, we are allowed to add information from OAuth providers to our account // The authenticated User or depending from settings the first created user with the same e-mail var masterUser = _authenticationService.GetAuthenticatedUser() ?? _orchardOpenAuthWebSecurity.GetClosestMergeableKnownUser(temporaryUser); var authenticatedUser = _authenticationService.GetAuthenticatedUser(); if (masterUser != null) { // If the current user is logged in or settings ask for a user merge and we found a User with the same email // create or merge accounts _orchardOpenAuthWebSecurity.CreateOrUpdateAccount(authResult.Provider, authResult.ProviderUserId, masterUser, authResult.ExtraData); // Handle LoggedIn Event if (authenticatedUser == null) { _authenticationService.SignIn(masterUser, createPersistentCookie); _userEventHandler.LoggedIn(masterUser); // The LoggedIn event is invoked here, because if authenticateUser != null, then it means the user // had already logged in some other time } return(_utilsServices .ConvertToJsonResult(_utilsServices .GetUserResponse(T("Your {0} account has been attached to your local account.", authResult.Provider).Text, _identityProviders))); } if (_openAuthMembershipServices.CanRegister() && masterUser == null) { // User can register and there is not a user with the same email var createUserParams = new OpenAuthCreateUserParams(authResult.UserName, authResult.Provider, authResult.ProviderUserId, authResult.ExtraData); createUserParams = _openAuthClientProvider.NormalizeData(authResult.Provider, createUserParams); // Creating the user here calls the IMembershipService, that will take care of invoking the user events var newUser = _openAuthMembershipServices.CreateUser(createUserParams); // newUser may be null here, if creation of a new user fails. // TODO: we should elsewhere add an UserEventHandler that in the Creating event handles the case where // here we are trying to create a user with the same Username or Email as an existing one. That would simply // use IUserService.VerifyUnicity(username, email) if (newUser != null) { // CreateOrUpdateAccount causes specific OpenAuth events to fire _orchardOpenAuthWebSecurity.CreateOrUpdateAccount(authResult.Provider, authResult.ProviderUserId, newUser, authResult.ExtraData); // The default implementation of IOpendAuthMembershipService creates an approved user. // The events specific to open auth give points to attach handlers where the UserProviderRecord // is populated correctly. _authenticationService.SignIn(newUser, createPersistentCookie); if (HttpContext.Response.Cookies.Count == 0) { // SignIn adds the authentication cookie to the response, so that is what we are checking here // We should never be here executing this code. result = _utilsServices.GetResponse(ResponseType.None, "Unable to send back a cookie."); return(_utilsServices.ConvertToJsonResult(result)); } else { // Handle LoggedIn Event _userEventHandler.LoggedIn(newUser); return(_utilsServices.ConvertToJsonResult(_utilsServices.GetUserResponse(T("You have been logged in using your {0} account. We have created a local account for you with the name '{1}'", authResult.Provider, newUser.UserName).Text, _identityProviders))); } } // if newUser == null, just go ahead and return the "Login Failed" Response } result = _utilsServices.GetResponse(ResponseType.None, "Login failed."); return(_utilsServices.ConvertToJsonResult(result)); } } catch (Exception e) { result = _utilsServices.GetResponse(ResponseType.None, e.Message); return(_utilsServices.ConvertToJsonResult(result)); } }
public OpenAuthCreateUserParams NormalizeData(OpenAuthCreateUserParams clientData) { return(clientData); }
public OpenAuthCreateUserParams NormalizeData(OpenAuthCreateUserParams createUserParams) { return(createUserParams); }