public async Task <ActionResult> LocalLoginOpenId(OpenidLocalAuthenticationViewModel viewModel) { if (viewModel == null) { throw new ArgumentNullException(nameof(viewModel)); } if (string.IsNullOrWhiteSpace(viewModel.Code)) { throw new ArgumentNullException(nameof(viewModel.Code)); } await SetUser().ConfigureAwait(false); var acrUser = await _authenticationService.GetAuthenticatedUser(this, Host.Constants.CookieNames.AcrCookieName).ConfigureAwait(false); var acrUserSubject = (acrUser == null || acrUser.IsAuthenticated() == false) ? null : acrUser.Claims.First(c => c.Type == Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject).Value; var uiLocales = DefaultLanguage; // 1. Decrypt the request var request = _dataProtector.Unprotect <AuthorizationRequest>(viewModel.Code); // 2. Retrieve the default language uiLocales = string.IsNullOrWhiteSpace(request.UiLocales) ? DefaultLanguage : request.UiLocales; if (ModelState.IsValid) { ResourceOwner resourceOwner = null; try { resourceOwner = await _smsAuthenticationOperation.Execute(viewModel.PhoneNumber, acrUserSubject).ConfigureAwait(false); } catch (Exception ex) { _simpleIdentityServerEventSource.Failure(ex.Message); ModelState.AddModelError("message_error", ex.Message); } if (resourceOwner != null) { var claims = resourceOwner.Claims; claims.Add(new Claim(ClaimTypes.AuthenticationInstant, DateTimeOffset.UtcNow.ConvertToUnixTimestamp().ToString(CultureInfo.InvariantCulture), ClaimValueTypes.Integer)); await SetPasswordLessCookie(claims).ConfigureAwait(false); try { return(RedirectToAction("ConfirmCode", new { code = viewModel.Code })); } catch (Exception ex) { _simpleIdentityServerEventSource.Failure(ex.Message); ModelState.AddModelError("message_error", "TWILIO account is not valid"); } } } await TranslateView(uiLocales).ConfigureAwait(false); await SetIdProviders(viewModel).ConfigureAwait(false); return(View("OpenId", viewModel)); }
public async Task <ActionResult> LocalLoginOpenId(OpenidLocalAuthenticationViewModel viewModel) { if (viewModel == null) { throw new ArgumentNullException(nameof(viewModel)); } if (string.IsNullOrWhiteSpace(viewModel.Code)) { throw new ArgumentNullException(nameof(viewModel.Code)); } await SetUser(); var uiLocales = DefaultLanguage; try { // 1. Decrypt the request var request = _dataProtector.Unprotect <AuthorizationRequest>(viewModel.Code); // 2. Retrieve the default language uiLocales = string.IsNullOrWhiteSpace(request.UiLocales) ? DefaultLanguage : request.UiLocales; // 3. Check the state of the view model if (!ModelState.IsValid) { await TranslateView(uiLocales); await SetIdProviders(viewModel); return(View("OpenId", viewModel)); } // 4. Local authentication var issuerName = Request.GetAbsoluteUriWithVirtualPath(); var actionResult = await _authenticateActions.LocalOpenIdUserAuthentication(new LocalAuthenticationParameter { UserName = viewModel.Login, Password = viewModel.Password }, request.ToParameter(), viewModel.Code, issuerName); var subject = actionResult.Claims.First(c => c.Type == Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject).Value; // 5. Two factor authentication. if (!string.IsNullOrWhiteSpace(actionResult.TwoFactor)) { try { await SetTwoFactorCookie(actionResult.Claims); var code = await _authenticateActions.GenerateAndSendCode(subject); _simpleIdentityServerEventSource.GetConfirmationCode(code); return(RedirectToAction("SendCode", new { code = viewModel.Code })); } catch (ClaimRequiredException) { return(RedirectToAction("SendCode", new { code = viewModel.Code })); } catch (Exception) { ModelState.AddModelError("invalid_credentials", "Two factor authenticator is not properly configured"); } } else { // 6. Authenticate the user by adding a cookie await SetLocalCookie(actionResult.Claims, request.SessionId); _simpleIdentityServerEventSource.AuthenticateResourceOwner(subject); // 7. Redirect the user agent var result = this.CreateRedirectionFromActionResult(actionResult.ActionResult, request); if (result != null) { LogAuthenticateUser(actionResult.ActionResult, request.ProcessId); return(result); } } } catch (Exception ex) { _simpleIdentityServerEventSource.Failure(ex.Message); ModelState.AddModelError("invalid_credentials", ex.Message); } await TranslateView(uiLocales); await SetIdProviders(viewModel); return(View("OpenId", viewModel)); }
public async Task <IActionResult> LocalLoginOpenId( OpenidLocalAuthenticationViewModel viewModel, CancellationToken cancellationToken) { if (viewModel == null) { throw new ArgumentNullException(nameof(viewModel)); } if (string.IsNullOrWhiteSpace(viewModel.Code)) { throw new ArgumentException(Strings.MissingValues, nameof(viewModel)); } await SetUser().ConfigureAwait(false); // 1. Decrypt the request var request = DataProtector.Unprotect <AuthorizationRequest>(viewModel.Code); // 3. Check the state of the view model if (!ModelState.IsValid) { await SetIdProviders(viewModel).ConfigureAwait(false); RouteData.Values["view"] = "OpenId"; return(Ok(viewModel)); } // 4. Local authentication var issuerName = Request.GetAbsoluteUriWithVirtualPath(); var actionResult = await _localOpenIdAuthentication.Execute( new LocalAuthenticationParameter { UserName = viewModel.Login, Password = viewModel.Password }, request.ToParameter(), viewModel.Code, issuerName, cancellationToken) .ConfigureAwait(false); if (actionResult.ErrorMessage == null) { var subject = actionResult.Claims.First(c => c.Type == OpenIdClaimTypes.Subject).Value; // 5. Two factor authentication. if (!string.IsNullOrWhiteSpace(actionResult.TwoFactor)) { try { await SetTwoFactorCookie(actionResult.Claims).ConfigureAwait(false); await SendCode(subject, cancellationToken).ConfigureAwait(false); return(RedirectToAction("SendCode", new { code = viewModel.Code })); } catch (ClaimRequiredException cre) { await _eventPublisher.Publish( new SimpleAuthError( Id.Create(), cre.Code, cre.Message, string.Empty, DateTimeOffset.UtcNow)) .ConfigureAwait(false); return(RedirectToAction("SendCode", new { code = viewModel.Code })); } catch (Exception ex) { await _eventPublisher.Publish( new SimpleAuthError( Id.Create(), ex.Message, ex.Message, string.Empty, DateTimeOffset.UtcNow)) .ConfigureAwait(false); ModelState.AddModelError( InvalidCredentials, "Two factor authenticator is not properly configured"); } } else { // 6. Authenticate the user by adding a cookie await SetLocalCookie(actionResult.Claims, request.session_id !).ConfigureAwait(false); // 7. Redirect the user agent var endpointResult = actionResult.EndpointResult !; var result = endpointResult.CreateRedirectionFromActionResult(request, _logger); if (result != null) { await LogAuthenticateUser(subject, endpointResult.Amr !).ConfigureAwait(false); return(result); } } } else { await _eventPublisher.Publish( new SimpleAuthError( Id.Create(), ErrorCodes.InvalidRequest, actionResult.ErrorMessage, string.Empty, DateTimeOffset.UtcNow)) .ConfigureAwait(false); ModelState.AddModelError(InvalidCredentials, actionResult.ErrorMessage); } await SetIdProviders(viewModel).ConfigureAwait(false); RouteData.Values["view"] = "OpenId"; return(Ok(viewModel)); }
public async Task <ActionResult> LocalLoginOpenId(OpenidLocalAuthenticationViewModel viewModel) { if (viewModel == null) { throw new ArgumentNullException(nameof(viewModel)); } if (string.IsNullOrWhiteSpace(viewModel.Code)) { throw new ArgumentNullException(nameof(viewModel.Code)); } await SetUser().ConfigureAwait(false); var acrUser = await _authenticationService.GetAuthenticatedUser(this, Host.Constants.CookieNames.AcrCookieName).ConfigureAwait(false); var acrUserSubject = (acrUser == null || acrUser.IsAuthenticated() == false) ? null : acrUser.Claims.First(c => c.Type == Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject).Value; var uiLocales = DefaultLanguage; try { // 1. Decrypt the request var request = _dataProtector.Unprotect <AuthorizationRequest>(viewModel.Code); // 2. Retrieve the default language uiLocales = string.IsNullOrWhiteSpace(request.UiLocales) ? DefaultLanguage : request.UiLocales; // 3. Check the state of the view model if (!ModelState.IsValid) { await TranslateView(uiLocales).ConfigureAwait(false); await SetIdProviders(viewModel).ConfigureAwait(false); return(View("OpenId", viewModel)); } // 4. Local authentication var issuerName = Request.GetAbsoluteUriWithVirtualPath(); var parameter = request.ToParameter(); var actionResult = await _loginPwdAuthenticateAction.Execute(new LoginPasswordAuthParameter { Password = viewModel.Password, Login = viewModel.Login }, parameter, viewModel.Code, issuerName).ConfigureAwait(false); if (actionResult.ActionResult.AmrLst != null) { request.AmrValues = string.Join(" ", actionResult.ActionResult.AmrLst); } if (actionResult.ActionResult.Type == Core.Results.TypeActionResult.RedirectToAction && actionResult.ActionResult.RedirectInstruction.Action == Core.Results.IdentityServerEndPoints.AuthenticateIndex) { var encryptedRequest = _dataProtector.Protect(request); actionResult.ActionResult.RedirectInstruction.AddParameter(Core.Constants.StandardAuthorizationResponseNames.AuthorizationCodeName, encryptedRequest); await SetAcrCookie(actionResult.Claims).ConfigureAwait(false); return(this.CreateRedirectionFromActionResult(actionResult.ActionResult, request)); } var subject = actionResult.Claims.First(c => c.Type == Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject).Value; // 5. Authenticate the user by adding a cookie await _authenticationService.SignOutAsync(HttpContext, Host.Constants.CookieNames.AcrCookieName, new AuthenticationProperties()).ConfigureAwait(false); await SetLocalCookie(actionResult.Claims, request.SessionId).ConfigureAwait(false); _simpleIdentityServerEventSource.AuthenticateResourceOwner(subject); // 6. Redirect the user agent var result = this.CreateRedirectionFromActionResult(actionResult.ActionResult, request); LogAuthenticateUser(actionResult.ActionResult, request.ProcessId); return(result); } catch (IdentityServerUserAccountDoesntExistException) { _simpleIdentityServerEventSource.Failure("the account doesn't exist"); ModelState.AddModelError("invalid_credentials", "the account doesn't exist"); } catch (IdentityServerUserAccountBlockedException) { _simpleIdentityServerEventSource.Failure("the account is blocked"); ModelState.AddModelError("invalid_credentials", "the account is blocked"); } catch (IdentityServerCredentialBlockedException) { _simpleIdentityServerEventSource.Failure("the credential is blocked"); ModelState.AddModelError("invalid_credentials", "the credential is blocked"); } catch (IdentityServerUserPasswordInvalidException) { _simpleIdentityServerEventSource.Failure("the login / password is invalid"); ModelState.AddModelError("invalid_credentials", "the login / password is invalid"); } catch (IdentityServerUserTooManyRetryException ex) { _simpleIdentityServerEventSource.Failure($"please try to connect in {ex.RetryInSeconds} seconds"); ModelState.AddModelError("invalid_credentials", $"please try to connect in {ex.RetryInSeconds} seconds"); } catch (IdentityServerPasswordExpiredException ex) { await SetChangePasswordCookie(ex.ResourceOwner.Claims).ConfigureAwait(false); return(RedirectToAction("ChangePassword", "Authenticate", new { area = Constants.AMR, code = viewModel.Code })); } catch (Exception ex) { _simpleIdentityServerEventSource.Failure(ex.Message); ModelState.AddModelError("invalid_credentials", ex.Message); } await TranslateView(uiLocales).ConfigureAwait(false); await SetIdProviders(viewModel).ConfigureAwait(false); return(View("OpenId", viewModel)); }