public IUser CreateUser(OpenAuthCreateUserParams createUserParams)
{
string emailAddress = string.Empty;
if (createUserParams.UserName.IsEmailAddress())
{
emailAddress = createUserParams.UserName;
}
else
{
foreach (var key in createUserParams.ExtraData.Keys)
{
switch (key.ToLower())
{
case "mail":
case "email":
case "e-mail":
case "email-address":
emailAddress = createUserParams.ExtraData[key];
break;
}
}
}
createUserParams.UserName = _usernameService.Normalize(createUserParams.UserName);
var creatingContext = new CreatingOpenAuthUserContext(
createUserParams.UserName, emailAddress,
createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData);
_openAuthUserEventHandlers.Invoke(o => o.Creating(creatingContext), Logger);
// check UserName
if (String.IsNullOrEmpty(createUserParams.UserName))
{
return(null);
}
else
{
// The default IMemebershipService from Orchard.Users fires the following user events:
// Creating, Created, and Approved (see the last parameter of the CreateUserParams)
var createdUser = _membershipService.CreateUser(new CreateUserParams(
_usernameService.Calculate(createUserParams.UserName), // this tries to make a unique username by adding a number to its end
_passwordGeneratorService.Generate(),
creatingContext.EmailAddress,
@T("Auto Registered User").Text,
_passwordGeneratorService.Generate() /* Noone can guess this */,
true,
false
));
// _membershipService.CreateUser may fail and return null
if (createdUser != null)
{
var createdContext = new CreatedOpenAuthUserContext(createdUser,
createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData);
_openAuthUserEventHandlers.Invoke(o => o.Created(createdContext), Logger);
}
return(createdUser);
}
}
public IUser CreateUser(OpenAuthCreateUserParams createUserParams)
{
string emailAddress = string.Empty;
if (createUserParams.UserName.IsEmailAddress())
{
emailAddress = createUserParams.UserName;
}
var creatingContext = new CreatingOpenAuthUserContext(createUserParams.UserName, emailAddress, createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData);
_openAuthUserEventHandlers.Invoke(o => o.Creating(creatingContext), Logger);
var createdUser = _membershipService.CreateUser(new CreateUserParams(
_usernameService.Calculate(createUserParams.UserName),
_passwordGeneratorService.Generate(),
creatingContext.EmailAddress,
@T("Auto Registered User").Text,
_passwordGeneratorService.Generate() /* Noone can guess this */,
true
));
var createdContext = new CreatedOpenAuthUserContext(createdUser, createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData);
_openAuthUserEventHandlers.Invoke(o => o.Created(createdContext), Logger);
return(createdUser);
}
public OpenAuthCreateUserParams NormalizeData(OpenAuthCreateUserParams createUserParams)
{
OpenAuthCreateUserParams retVal = createUserParams;
string emailAddress = string.Empty;
foreach (KeyValuePair <string, string> values in createUserParams.ExtraData)
{
if (values.Key == "mail")
{
retVal.UserName = values.Value.IsEmailAddress() ? values.Value.Substring(0, values.Value.IndexOf('@')) : values.Value;
}
}
return(retVal);
}
public OpenAuthCreateUserParams NormalizeData(string providerName, OpenAuthCreateUserParams userData)
{
Argument.ThrowIfNullOrEmpty(providerName, "providerName");
// Do we have a configuration?
var clientConfiguration = _providerConfigurationService.Get(providerName);
if (clientConfiguration == null)
{
return(null);
}
// Is this a known internal client
var client = _openAuthAuthenticationClients
.SingleOrDefault(o => o.ProviderName.Equals(providerName, StringComparison.OrdinalIgnoreCase));
return(client.NormalizeData(userData));
}
public OpenAuthTemporaryUser CreateTemporaryUser(OpenAuthCreateUserParams createUserParams)
{
string emailAddress = string.Empty;
string userName = _usernameService.Normalize(createUserParams.UserName);
if (createUserParams.UserName.IsEmailAddress())
{
emailAddress = createUserParams.UserName;
}
else
{
foreach (var key in createUserParams.ExtraData.Keys)
{
switch (key.ToLower())
{
case "mail":
case "email":
case "e-mail":
case "email-address":
emailAddress = createUserParams.ExtraData[key];
break;
}
}
}
if (string.IsNullOrWhiteSpace(emailAddress) || string.IsNullOrWhiteSpace(userName))
{
return(null);
}
return(new OpenAuthTemporaryUser {
Email = emailAddress,
UserName = _usernameService.Calculate(_usernameService.Normalize(createUserParams.UserName)),
Provider = createUserParams.ProviderName,
ProviderUserId = createUserParams.ProviderUserId
});
}
private ActionResult OAuthRegister(
AuthenticationResult result, string returnUrl,
Func <AuthenticationResult, IUser, ActionResult> successDelegate,
Func <AuthenticationResult, IUser, ActionResult> failDelegate,
bool createPersistentCookie = false)
{
var createUserParams = new OpenAuthCreateUserParams(result.UserName,
result.Provider,
result.ProviderUserId,
result.ExtraData);
createUserParams = _openAuthClientProvider.NormalizeData(result.Provider, createUserParams);
// Creating the user here calls the IMembershipService, that will take care of invoking the user events
var newUser = _openAuthMembershipServices.CreateUser(createUserParams);
// newUser may be null here, if creation of a new user fails.
// TODO: we should elsewhere add an UserEventHandler that in the Creating event handles the case where
// here we are trying to create a user with the same Username or Email as an existing one. That would simply
// use IUserService.VerifyUnicity(username, email)
if (newUser != null)
{
// CreateOrUpdateAccount causes specific OpenAuth events to fire
_orchardOpenAuthWebSecurity.CreateOrUpdateAccount(result.Provider,
result.ProviderUserId,
newUser,
result.ExtraData);
// The default implementation of IOpendAuthMembershipService creates an approved user.
// The events specific to open auth give points to attach handlers where the UserProviderRecord
// is populated correctly.
_authenticationService.SignIn(newUser, createPersistentCookie);
return(successDelegate(result, newUser));
}
// if newUser == null, just go ahead and return the "Login Failed" Response
return(failDelegate(result, newUser));
}
public IUser CreateUser(OpenAuthCreateUserParams createUserParams) {
string emailAddress = string.Empty;
if (createUserParams.UserName.IsEmailAddress()) {
emailAddress = createUserParams.UserName;
}
var creatingContext = new CreatingOpenAuthUserContext(createUserParams.UserName, emailAddress, createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData);
_openAuthUserEventHandlers.Invoke(o => o.Creating(creatingContext), Logger);
var createdUser = _membershipService.CreateUser(new CreateUserParams(
_usernameService.Calculate(createUserParams.UserName),
_passwordGeneratorService.Generate(),
creatingContext.EmailAddress,
@T("Auto Registered User").Text,
_passwordGeneratorService.Generate() /* Noone can guess this */,
true
));
var createdContext = new CreatedOpenAuthUserContext(createdUser, createUserParams.ProviderName, createUserParams.ProviderUserId, createUserParams.ExtraData);
_openAuthUserEventHandlers.Invoke(o => o.Created(createdContext), Logger);
return createdUser;
}
public ActionResult ExternalLogOn(string returnUrl, bool createPersistentCookie = false)
{
AuthenticationResult result = _orchardOpenAuthWebSecurity.VerifyAuthentication(Url.OpenAuthLogOn(returnUrl));
if (!result.IsSuccessful)
{
_notifier.Error(T("Your authentication request failed."));
return(new RedirectResult(Url.LogOn(returnUrl)));
}
if (_orchardOpenAuthWebSecurity.Login(result.Provider, result.ProviderUserId))
{
_notifier.Information(T("You have been logged using your {0} account.", result.Provider));
return(this.RedirectLocal(returnUrl));
}
// At this point, login using the OpenAuth provider failed, meaning that we could not find a match
// between the information from the provider and Orchard's users.
// Get additional UserData
if (result.ExtraData.ContainsKey("accesstoken"))
{
result = _openAuthClientProvider.GetUserData(result.Provider, result, result.ExtraData["accesstoken"]);
}
else
{
result = _openAuthClientProvider.GetUserData(result.Provider, result, "");
}
// _openAuthClientProvider.GetUserData(params) may return null if there is no configuration for a provider
// with the given name.
if (result == null)
{
// handle this condition and exit the method
_notifier.Error(T("Your authentication request failed."));
return(new RedirectResult(Url.LogOn(returnUrl)));
}
// _openAuthClientProvider.NormalizeData(params) may return null if there is no configuration for a provider
// with the given name. If result != null, that is not the case, because in that condition GetUserData(params)
// would return null, and we would have already exited the method.
var userParams = _openAuthClientProvider.NormalizeData(result.Provider, new OpenAuthCreateUserParams(result.UserName,
result.Provider,
result.ProviderUserId,
result.ExtraData));
var temporaryUser = _openAuthMembershipServices.CreateTemporaryUser(userParams);
// In what condition can GetAuthenticatedUser() not be null? To reach this code, _orchardOpenAuthWebSecurity.Login(params)
// must have returned false. That happens if there was no record for the combination Provider/ProviderUserId, or if
// GetAuthenticatedUser() returned null in it. In the latter case, it should still return null. The former case means
// we are trying to login with an OAuth provider and it's the first time we are calling it for this user, but we are
// also already authenticated in some other way. This only makes sense in a situation where, as authenticated users,
// we are allowed to add information from OAuth providers to our account: Users/Account/LogOn, if the user is authenticated,
// redirects to the homepage, and does not give an option to go and login again using OAuth.
var masterUser = _authenticationService.GetAuthenticatedUser()
?? _orchardOpenAuthWebSecurity.GetClosestMergeableKnownUser(temporaryUser);
// The authenticated User or depending from settings the first created user with the same e-mail
if (masterUser != null)
{
// If the current user is logged in or settings ask for a user merge and we found a User with the same email
// create or merge accounts
_orchardOpenAuthWebSecurity.CreateOrUpdateAccount(result.Provider, result.ProviderUserId,
masterUser, result.ExtraData);
_notifier.Information(T("Your {0} account has been attached to your local account.", result.Provider));
if (_authenticationService.GetAuthenticatedUser() != null) // if the user was already logged in
// here masterUser == _authenticationService.GetAuthenticatedUser()
{
return(this.RedirectLocal(returnUrl));
}
}
if (_openAuthMembershipServices.CanRegister() && masterUser == null)
{
// User can register and there is not a user with the same email
var createUserParams = new OpenAuthCreateUserParams(result.UserName,
result.Provider,
result.ProviderUserId,
result.ExtraData);
createUserParams = _openAuthClientProvider.NormalizeData(result.Provider, createUserParams);
// Creating the user here calls the IMembershipService, that will take care of invoking the user events
var newUser = _openAuthMembershipServices.CreateUser(createUserParams);
// newUser may be null here, if creation of a new user fails.
// TODO: we should elsewhere add an UserEventHandler that in the Creating event handles the case where
// here we are trying to create a user with the same Username or Email as an existing one. That would simply
// use IUserService.VerifyUnicity(username, email). However this may break things for our older tenants.
if (newUser != null)
{
// CreateOrUpdateAccount causes specific OpenAuth events to fire
_orchardOpenAuthWebSecurity.CreateOrUpdateAccount(result.Provider,
result.ProviderUserId,
newUser,
result.ExtraData);
// The default implementation of IOpendAuthMembershipService creates an approved user.
// The events specific to open auth give points to attach handlers where the UserProviderRecord
// is populated correctly.
// We created the user and are going to sign them in, so we should fire off the related events.
// We cannot really invoke the LoggingIn event, because we do not have the password, but we can invoke
// the LoggedIn event later.
_authenticationService.SignIn(newUser, createPersistentCookie);
_notifier.Information(
T("You have been logged in using your {0} account. We have created a local account for you with the name '{1}'", result.Provider, newUser.UserName));
_userEventHandler.LoggedIn(newUser);
}
else
{
_notifier.Error(T("Your authentication request failed."));
}
return(this.RedirectLocal(returnUrl));
}
else if (masterUser != null)
{
_authenticationService.SignIn(masterUser, createPersistentCookie);
_userEventHandler.LoggedIn(masterUser);
_notifier.Information(T("You have been logged in using your {0} account.", result.Provider));
return(this.RedirectLocal(returnUrl));
}
// We are in the case which we cannot creates new accounts, we have no user to merge, the user is not logged in
// so we ask to user to login to merge accounts
string loginData = _orchardOpenAuthWebSecurity.SerializeProviderUserId(result.Provider,
result.ProviderUserId);
ViewBag.ProviderDisplayName = _orchardOpenAuthWebSecurity.GetOAuthClientData(result.Provider).DisplayName;
ViewBag.ReturnUrl = returnUrl;
// the LogOn Helper here is not doing any validaiton on the stuff it's putting in query string, so it
// may end up having forbidden character sequences.
return(new RedirectResult(Url.LogOn(returnUrl, result.UserName, loginData)));
}
protected ContentResult ExternalTokenLogOnLogic(string __provider__, string token, string secret = "", bool createPersistentCookie = false)
{
// TempDataDictionary registeredServicesData = new TempDataDictionary();
var result = new Response();
try {
if (String.IsNullOrWhiteSpace(__provider__) || String.IsNullOrWhiteSpace(token))
{
result = _utilsServices.GetResponse(ResponseType.None, "One or more of the required parameters was not provided or was an empty string.");
return(_utilsServices.ConvertToJsonResult(result));
}
// ricava il return URL così come registrato nella configurazione del provider di OAuth (es. Google)
var returnUrl = Url.MakeAbsolute(Url.Action("ExternalLogOn", "Account"));
AuthenticationResult dummy = new AuthenticationResult(true);
AuthenticationResult authResult = _openAuthClientProvider.GetUserData(__provider__, dummy, token, secret, returnUrl);
// authResult may be null if the provider name matches no configured provider
if (authResult == null || !authResult.IsSuccessful)
{
result = _utilsServices.GetResponse(ResponseType.InvalidUser, "Token authentication failed.");
return(_utilsServices.ConvertToJsonResult(result));
}
else
{
if (_orchardOpenAuthWebSecurity.Login(authResult.Provider, authResult.ProviderUserId, createPersistentCookie))
{
// Login also returns false for disabled users (this used to not be the case)
if (HttpContext.Response.Cookies.Count == 0)
{
// For some reason, SignIn failed to add the authentication cookie to the response
result = _utilsServices.GetResponse(ResponseType.None, "Unable to send back a cookie.");
return(_utilsServices.ConvertToJsonResult(result));
}
else
{
// The LoggedIn event is already raised in the Login method just before returning true,
// so we should not be raising it here as well.
return(_utilsServices.ConvertToJsonResult(_utilsServices.GetUserResponse("", _identityProviders)));
}
}
// Login returned false: either the user given by Provider+UserId has never been registered (so we have no
// matching username to use), or no user exists in Orchard with that username, or SignIn failed somehow, or
// the user is disabled.
// _openAuthClientProvider.NormalizeData(params) may return null if there is no configuration for a provider
// with the given name. If authResult != null, that is not the case, because in that condition GetUserData(params)
// would return null, and we would have already exited the method.
var userParams = _openAuthClientProvider.NormalizeData(authResult.Provider,
new OpenAuthCreateUserParams(authResult.UserName,
authResult.Provider,
authResult.ProviderUserId,
authResult.ExtraData));
var temporaryUser = _openAuthMembershipServices.CreateTemporaryUser(userParams);
// This is an attempt to login using an OAuth provider. The call to .Login(params) returned false. In an actual
// login there is no reason why GetAuthenticatedUser() should return a user, unless we are in a situation where,
// as authenticated users, we are allowed to add information from OAuth providers to our account
// The authenticated User or depending from settings the first created user with the same e-mail
var masterUser = _authenticationService.GetAuthenticatedUser()
?? _orchardOpenAuthWebSecurity.GetClosestMergeableKnownUser(temporaryUser);
var authenticatedUser = _authenticationService.GetAuthenticatedUser();
if (masterUser != null)
{
// If the current user is logged in or settings ask for a user merge and we found a User with the same email
// create or merge accounts
_orchardOpenAuthWebSecurity.CreateOrUpdateAccount(authResult.Provider, authResult.ProviderUserId,
masterUser, authResult.ExtraData);
// Handle LoggedIn Event
if (authenticatedUser == null)
{
_authenticationService.SignIn(masterUser, createPersistentCookie);
_userEventHandler.LoggedIn(masterUser);
// The LoggedIn event is invoked here, because if authenticateUser != null, then it means the user
// had already logged in some other time
}
return(_utilsServices
.ConvertToJsonResult(_utilsServices
.GetUserResponse(T("Your {0} account has been attached to your local account.", authResult.Provider).Text,
_identityProviders)));
}
if (_openAuthMembershipServices.CanRegister() && masterUser == null)
{
// User can register and there is not a user with the same email
var createUserParams = new OpenAuthCreateUserParams(authResult.UserName,
authResult.Provider,
authResult.ProviderUserId,
authResult.ExtraData);
createUserParams = _openAuthClientProvider.NormalizeData(authResult.Provider, createUserParams);
// Creating the user here calls the IMembershipService, that will take care of invoking the user events
var newUser = _openAuthMembershipServices.CreateUser(createUserParams);
// newUser may be null here, if creation of a new user fails.
// TODO: we should elsewhere add an UserEventHandler that in the Creating event handles the case where
// here we are trying to create a user with the same Username or Email as an existing one. That would simply
// use IUserService.VerifyUnicity(username, email)
if (newUser != null)
{
// CreateOrUpdateAccount causes specific OpenAuth events to fire
_orchardOpenAuthWebSecurity.CreateOrUpdateAccount(authResult.Provider,
authResult.ProviderUserId,
newUser,
authResult.ExtraData);
// The default implementation of IOpendAuthMembershipService creates an approved user.
// The events specific to open auth give points to attach handlers where the UserProviderRecord
// is populated correctly.
_authenticationService.SignIn(newUser, createPersistentCookie);
if (HttpContext.Response.Cookies.Count == 0)
{
// SignIn adds the authentication cookie to the response, so that is what we are checking here
// We should never be here executing this code.
result = _utilsServices.GetResponse(ResponseType.None, "Unable to send back a cookie.");
return(_utilsServices.ConvertToJsonResult(result));
}
else
{
// Handle LoggedIn Event
_userEventHandler.LoggedIn(newUser);
return(_utilsServices.ConvertToJsonResult(_utilsServices.GetUserResponse(T("You have been logged in using your {0} account. We have created a local account for you with the name '{1}'", authResult.Provider, newUser.UserName).Text, _identityProviders)));
}
}
// if newUser == null, just go ahead and return the "Login Failed" Response
}
result = _utilsServices.GetResponse(ResponseType.None, "Login failed.");
return(_utilsServices.ConvertToJsonResult(result));
}
} catch (Exception e) {
result = _utilsServices.GetResponse(ResponseType.None, e.Message);
return(_utilsServices.ConvertToJsonResult(result));
}
}
public OpenAuthCreateUserParams NormalizeData(OpenAuthCreateUserParams clientData)
{
return(clientData);
}
public OpenAuthCreateUserParams NormalizeData(OpenAuthCreateUserParams createUserParams)
{
return(createUserParams);
}
