public void GetLogin_WithSignInMessage_ReturnsLoginPage() { var msg = new SignInMessage(); var val = msg.Protect(60000, protector); var resp = Get(Constants.RoutePaths.Login + "?message=" + val); AssertPage(resp, "login"); }
public AuthorizeInteractionResponseGenerator(CoreSettings core, IConsentService consent) { _signIn = new SignInMessage(); _core = core; _consent = consent; }
public LoginResult(SignInMessage message, HttpRequestMessage request, CoreSettings settings, InternalConfiguration internalConfig) { _message = message; _settings = settings; _request = request; _internalConfig = internalConfig; }
private HttpResponseMessage GetLoginPage(SignInMessage msg = null) { msg = msg ?? new SignInMessage() { ReturnUrl = Url("authorize") }; var val = msg.Protect(60000, protector); var resp = Get(Constants.RoutePaths.Login + "?message=" + val); resp.AssertCookie(AuthenticationController.SignInMessageCookieName); client.SetCookies(resp.GetCookies()); return resp; }
public void GetLogin_SignInMessageHasIdentityProvider_RedirectsToExternalProviderLogin() { var msg = new SignInMessage(); msg.IdP = "Google"; var resp = GetLoginPage(msg); Assert.AreEqual(HttpStatusCode.Found, resp.StatusCode); var expected = new Uri(Url(Constants.RoutePaths.LoginExternal)); Assert.AreEqual(expected.AbsolutePath, resp.Headers.Location.AbsolutePath); StringAssert.Contains(resp.Headers.Location.Query, "provider=Google"); }
protected virtual bool ValidateLocalCredentials(string username, string password, SignInMessage message, out TAccount account) { var tenant = string.IsNullOrWhiteSpace(message.Tenant) ? userAccountService.Configuration.DefaultTenant : message.Tenant; return(userAccountService.Authenticate(tenant, username, password, out account)); }
private async Task <IHttpActionResult> RenderLoginPage(SignInMessage message, string signInMessageId, string errorMessage = null, string username = null, bool rememberMe = false) { if (message == null) { throw new ArgumentNullException("message"); } username = GetUserNameForLoginPage(message, username); var isLocalLoginAllowedForClient = await IsLocalLoginAllowedForClient(message); var isLocalLoginAllowed = isLocalLoginAllowedForClient && options.AuthenticationOptions.EnableLocalLogin; var idpRestrictions = await clientStore.GetIdentityProviderRestrictionsAsync(message.ClientId); var providers = context.GetExternalAuthenticationProviders(idpRestrictions); var providerLinks = context.GetLinksFromProviders(providers, signInMessageId); var visibleLinks = providerLinks.FilterHiddenLinks(); if (errorMessage != null) { Logger.InfoFormat("rendering login page with error message: {0}", errorMessage); } else { if (isLocalLoginAllowed == false) { if (options.AuthenticationOptions.EnableLocalLogin) { Logger.Info("local login disabled"); } if (isLocalLoginAllowedForClient) { Logger.Info("local login disabled for the client"); } string url = null; if (!providerLinks.Any()) { Logger.Info("no providers registered for client"); return(RenderErrorPage()); } else if (providerLinks.Count() == 1) { Logger.Info("only one provider for client"); url = providerLinks.First().Href; } else if (visibleLinks.Count() == 1) { Logger.Info("only one visible provider"); url = visibleLinks.First().Href; } if (url.IsPresent()) { Logger.InfoFormat("redirecting to provider URL: {0}", url); return(Redirect(url)); } } Logger.Info("rendering login page"); } var loginPageLinks = options.AuthenticationOptions.LoginPageLinks.Render(Request.GetIdentityServerBaseUrl(), signInMessageId); var loginModel = new LoginViewModel { RequestId = context.GetRequestId(), SiteName = options.SiteName, SiteUrl = Request.GetIdentityServerBaseUrl(), ExternalProviders = visibleLinks, AdditionalLinks = loginPageLinks, ErrorMessage = errorMessage, LoginUrl = isLocalLoginAllowed ? Url.Route(Constants.RouteNames.Login, new { signin = signInMessageId }) : null, AllowRememberMe = options.AuthenticationOptions.CookieOptions.AllowRememberMe, RememberMe = options.AuthenticationOptions.CookieOptions.AllowRememberMe && rememberMe, CurrentUser = context.GetCurrentUserDisplayName(), LogoutUrl = context.GetIdentityServerLogoutUrl(), AntiForgery = antiForgeryToken.GetAntiForgeryToken(), Username = username }; return(new LoginActionResult(viewService, loginModel, message)); }
public async Task<IActionResult> SignIn([FromForm]OAuthSignInModel model) { Guid sagaId; var context = _dataProtector.Unprotect(model.ProtectedOAuthContext); if (!Guid.TryParse(context, out sagaId)) { return BadRequest(); } var message = new SignInMessage(sagaId) { UserName = model.UserName, Password = model.Password, RememberMe = model.RememberMe }; var result = await _sagaBus.SendAsync<SignInMessage, OAuth20Result>(message); switch (result.State) { case OAuth20State.RequireSignIn: ModelState.AddModelError(string.Empty, "Singin failed"); return View("SignIn"); case OAuth20State.RequirePermissionGrant: return PermissionGrantView(result); case OAuth20State.AuthorizationCodeGenerated: return AuthorizationCodeRedirect(result); case OAuth20State.Finished: return ImplictRedirect(result); default: return BadRequest(); } }
public Task <AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message) { var user = Users.SingleOrDefault(x => x.Username == username && x.Password == password); if (user == null) { return(Task.FromResult <AuthenticateResult>(null)); } return(Task.FromResult <AuthenticateResult>(new AuthenticateResult(user.Subject, user.Username))); }
protected async Task <AuthenticateResult> PostAuthenticateLocalAsync(User user, SignInMessage message) { ClientScopeService clientScopeService = new ClientScopeService(); bool isTwoFactorAuthentication = clientScopeService.IsTwoFactorAuthentication(message.ClientId); if (isTwoFactorAuthentication && (user.TwoFactorEmailAuthEnabled || user.TwoFactorSMSAuthEnabled)) { IUserStoreService service = GetUserStoreService(message.ClientId); var result = service.GenerateAndSendOTP(user.Id); if (!result) { return(new AuthenticateResult("Due to an error, OTP code could not be sent. Please try again. If this problem persists, please contact seystem administrator.")); } var claims = GetUserClaims(user); return(new AuthenticateResult("~/custom/2fa?id=" + ctx.Request.Query.Get("id"), user.Subject, user.DisplayName, claims)); } else { return(null); } }
/// <summary> /// Loads the HTML for the login page. /// </summary> /// <param name="model">The model.</param> /// <param name="message">The message.</param> /// <returns> /// Stream for the HTML /// </returns> public virtual Task <Stream> Login(LoginViewModel model, SignInMessage message) { return(Render(model, LoginView)); }
protected override async Task <AuthenticateResult> PostAuthenticateLocalAsync(User user, SignInMessage message) { if (base.userManager.SupportsUserTwoFactor) { var id = user.Id; if (await userManager.GetTwoFactorEnabledAsync(id)) { var code = await this.userManager.GenerateTwoFactorTokenAsync(id, "sms"); var result = await userManager.NotifyTwoFactorTokenAsync(id, "sms", code); if (!result.Succeeded) { return(new IdentityServer3.Core.Models.AuthenticateResult(result.Errors.First())); } var name = await GetDisplayNameForAccountAsync(id); return(new IdentityServer3.Core.Models.AuthenticateResult("~/2fa", id, name)); } } return(null); }
public void GetExternalLogin_ValidProvider_RedirectsToProvider() { var msg = new SignInMessage(); msg.IdP = "Google"; var resp1 = GetLoginPage(msg); var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result; Assert.AreEqual(HttpStatusCode.Found, resp2.StatusCode); Assert.IsTrue(resp2.Headers.Location.AbsoluteUri.StartsWith("https://www.google.com")); }
public void LoginExternalCallback_WithValidNameIDClaim_IssuesAuthenticationCookie() { var msg = new SignInMessage(); msg.IdP = "Google"; msg.ReturnUrl = Url("authorize"); var resp1 = GetLoginPage(msg); var sub = new Claim(ClaimTypes.NameIdentifier, "123", ClaimValueTypes.String, "Google"); SignInIdentity = new ClaimsIdentity(new Claim[] { sub }, Constants.ExternalAuthenticationType); var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result; client.SetCookies(resp2.GetCookies()); var resp3 = Get(Constants.RoutePaths.LoginExternalCallback); resp3.AssertCookie(Constants.PrimaryAuthenticationType); }
public static void RaiseLocalLoginSuccessEvent(this IEventService events, IDictionary <string, object> env, string username, SignInMessage signInMessage, AuthenticateResult authResult) { if (events == null) { throw new ArgumentNullException("events"); } var evt = new LocalAuthenticationEvent() { Id = EventConstants.Ids.SuccessfulLocalLogin, EventType = Events.EventType.Success, Message = Resources.Events.LocalLoginSuccess, SubjectId = authResult.User.GetSubjectId(), SignInMessage = signInMessage, LoginUserName = username }; evt.ApplyEnvironment(env); events.Raise(evt); }
public virtual async Task <Stream> Login(LoginViewModel model, SignInMessage message) { JsonSerializerSettings jsonSerSettings = DefaultJsonContentFormatter.SerializeSettings(); jsonSerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); if (model.Custom == null && message.ReturnUrl != null) { string state = new Uri(message.ReturnUrl).ParseQueryString()["state"] ?? "{}"; try { dynamic custom = model.Custom = CustomLoginDataProvider.GetCustomData(message); string signInType = null; try { signInType = custom.SignInType; } catch { } if (signInType != null && model.ExternalProviders.Any(extProvider => extProvider.Type == signInType)) { string redirectUri = model.ExternalProviders.Single(extProvider => extProvider.Type == signInType).Href; return(await ReturnHtmlAsync(model, $@"<!DOCTYPE html> <html> <head> <meta http-equiv='refresh' content='0;{redirectUri}'> </head> <body></body> </html>", CancellationToken.None).ConfigureAwait(false)); } } catch { model.Custom = new { }; } } string json = JsonConvert.SerializeObject(new { model.AdditionalLinks, model.AllowRememberMe, model.AntiForgery, model.ClientLogoUrl, model.ClientName, model.ClientUrl, model.CurrentUser, model.Custom, model.ErrorMessage, model.ExternalProviders, model.LoginUrl, model.LogoutUrl, model.RememberMe, model.RequestId, model.SiteName, model.SiteUrl, model.Username, ReturnUrl = message.ReturnUrl == null ? "" : new Uri(message.ReturnUrl).ParseQueryString()["redirect_uri"] }, Formatting.None, jsonSerSettings); string loginPageHtml = (await SsoHtmlPageProvider.GetSsoPageAsync(CancellationToken.None).ConfigureAwait(false)) .Replace("{model}", Microsoft.Security.Application.Encoder.HtmlEncode(json)); return(await ReturnHtmlAsync(model, loginPageHtml, CancellationToken.None).ConfigureAwait(false)); }
public System.Threading.Tasks.Task <AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message = null) { return(inner.AuthenticateLocalAsync(username, password, message)); }
public System.Threading.Tasks.Task <AuthenticateResult> PreAuthenticateAsync(IDictionary <string, object> env, SignInMessage message) { return(inner.PreAuthenticateAsync(env, message)); }
/// <summary> /// Creates and writes the signin cookie to the response and returns the associated URL to the login page. /// </summary> /// <param name="env">The OWIN environment.</param> /// <param name="message">The signin message.</param> /// <returns></returns> /// <exception cref="ArgumentNullException"> /// env /// or /// message /// </exception> public static string CreateSignInRequest(this IDictionary <string, object> env, SignInMessage message) { if (env == null) { throw new ArgumentNullException("env"); } if (message == null) { throw new ArgumentNullException("message"); } // if there's no return url, then use current request's URL if (message.ReturnUrl.IsMissing()) { var ctx = new OwinContext(env); message.ReturnUrl = ctx.Request.Uri.AbsoluteUri; } if (message.ReturnUrl.StartsWith("~/")) { message.ReturnUrl = message.ReturnUrl.Substring(1); } if (message.ReturnUrl.StartsWith("/")) { message.ReturnUrl = env.GetIdentityServerBaseUrl().RemoveTrailingSlash() + message.ReturnUrl; } var options = env.ResolveDependency <IdentityServerOptions>(); var cookie = new MessageCookie <SignInMessage>(env, options); var id = cookie.Write(message); var url = env.GetIdentityServerBaseUrl() + Constants.RoutePaths.Login; var uri = new Uri(url.AddQueryString("signin=" + id)); return(uri.AbsoluteUri); }
public void LoginExternalCallback_WithoutExternalCookie_RendersLoginPageWithError() { var msg = new SignInMessage(); msg.IdP = "Google"; var resp1 = GetLoginPage(msg); var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result; var resp3 = Get(Constants.RoutePaths.LoginExternalCallback); AssertPage(resp3, "login"); var model = GetLayoutModel(resp3); Assert.AreEqual(Messages.NoMatchingExternalAccount, model.ErrorMessage); }
public LoginActionResult(IViewService viewSvc, IDictionary <string, object> env, LoginViewModel model, SignInMessage message) : base(async() => await viewSvc.Login(env, model, message)) { if (viewSvc == null) { throw new ArgumentNullException("viewSvc"); } if (env == null) { throw new ArgumentNullException("env"); } if (model == null) { throw new ArgumentNullException("model"); } if (message == null) { throw new ArgumentNullException("message"); } }
public void LoginExternalCallback_UserServiceReturnsNull_ShowError() { mockUserService.Setup(x => x.AuthenticateExternalAsync(It.IsAny<string>(), It.IsAny<ExternalIdentity>())) .Returns(Task.FromResult((ExternalAuthenticateResult)null)); var msg = new SignInMessage(); msg.IdP = "Google"; msg.ReturnUrl = Url("authorize"); var resp1 = GetLoginPage(msg); var sub = new Claim(Constants.ClaimTypes.Subject, "123", ClaimValueTypes.String, "Google"); SignInIdentity = new ClaimsIdentity(new Claim[] { sub }, Constants.ExternalAuthenticationType); var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result; client.SetCookies(resp2.GetCookies()); var resp3 = Get(Constants.RoutePaths.LoginExternalCallback); AssertPage(resp3, "login"); var model = GetLayoutModel(resp3); Assert.AreEqual(Messages.NoMatchingExternalAccount, model.ErrorMessage); }
public virtual async Task <Stream> Login(LoginViewModel model, SignInMessage message) { JsonSerializerSettings jsonSerSettings = DefaultJsonContentFormatter.SerializeSettings(); jsonSerSettings.ContractResolver = new BitCamelCasePropertyNamesContractResolver(); if (model.Custom == null && message.ReturnUrl != null) { try { dynamic custom = model.Custom = UrlStateProvider.GetState(new Uri(message.ReturnUrl)); string?signInType = null; try { signInType = custom.SignInType ?? message.IdP; } catch { } if (signInType != null && model.ExternalProviders.Any(extProvider => extProvider.Type == signInType)) { string redirectUri = model.ExternalProviders.Single(extProvider => extProvider.Type == signInType).Href; return(await ReturnHtmlAsync($@"<!DOCTYPE html> <html> <head> <meta http-equiv='refresh' content='0;{redirectUri}'> </head> <body></body> </html>", OwinContext.Request.CallCancelled).ConfigureAwait(false)); } } catch { model.Custom = new { }; } } string json = JsonConvert.SerializeObject(new { model.AdditionalLinks, model.AllowRememberMe, model.AntiForgery, model.ClientLogoUrl, model.ClientName, model.ClientUrl, model.CurrentUser, model.Custom, model.ErrorMessage, model.ExternalProviders, model.LoginUrl, model.LogoutUrl, model.RememberMe, model.RequestId, model.SiteName, model.SiteUrl, UserName = model.Username, // https://docs.microsoft.com/en-us/dotnet/standard/design-guidelines/capitalization-conventions#capitalizing-compound-words-and-common-terms ReturnUrl = message.ReturnUrl == null ? "" : new Uri(message.ReturnUrl).ParseQueryString()["redirect_uri"] }, Formatting.None, jsonSerSettings); string loginPageHtmlInitialHtml = await File.ReadAllTextAsync(PathProvider.MapStaticFilePath(AppEnvironment.GetConfig(AppEnvironment.KeyValues.IdentityServer.LoginPagePath, AppEnvironment.KeyValues.IdentityServer.LoginPagePathDefaultValue) !)); string loginPageHtmlFinalHtml = (await HtmlPageProvider.GetHtmlPageAsync(loginPageHtmlInitialHtml, OwinContext.Request.CallCancelled).ConfigureAwait(false)) .Replace("{{model.LoginModel.toJson()}}", Microsoft.Security.Application.Encoder.HtmlEncode(json), StringComparison.InvariantCultureIgnoreCase); return(await ReturnHtmlAsync(loginPageHtmlFinalHtml, OwinContext.Request.CallCancelled).ConfigureAwait(false)); }
private async Task <Tuple <IHttpActionResult, AuthenticateResult> > PostAuthenticateAsync(SignInMessage signInMessage, string signInMessageId, AuthenticateResult result) { if (result.IsPartialSignIn == false) { Logger.Info("Calling PostAuthenticateAsync on the user service"); var ctx = new PostAuthenticationContext { SignInMessage = signInMessage, AuthenticateResult = result }; await _userService.PostAuthenticateAsync(ctx); var authResult = ctx.AuthenticateResult; if (authResult == null) { Logger.Error("user service PostAuthenticateAsync returned a null AuthenticateResult"); return(new Tuple <IHttpActionResult, AuthenticateResult>(RenderErrorPage(), null)); } if (authResult.IsError) { Logger.WarnFormat("user service PostAuthenticateAsync returned an error message: {0}", authResult.ErrorMessage); if (ctx.ShowLoginPageOnErrorResult) { Logger.Debug("ShowLoginPageOnErrorResult set to true, showing login page with error"); return(new Tuple <IHttpActionResult, AuthenticateResult>(await RenderLoginPage(signInMessage, signInMessageId, authResult.ErrorMessage), null)); } else { Logger.Debug("ShowLoginPageOnErrorResult set to false, showing error page with error"); return(new Tuple <IHttpActionResult, AuthenticateResult>(RenderErrorPage(authResult.ErrorMessage), null)); } } if (result != authResult) { result = authResult; Logger.Info("user service PostAuthenticateAsync returned a different AuthenticateResult"); } } return(new Tuple <IHttpActionResult, AuthenticateResult>(null, result)); }
/// <summary> /// Creates and writes the signin cookie to the response and returns the associated URL to the login page. /// </summary> /// <param name="env">The OWIN environment.</param> /// <param name="message">The signin message.</param> /// <returns></returns> /// <exception cref="System.ArgumentNullException"> /// env /// or /// message /// </exception> public static string CreateSignInRequest(this IDictionary <string, object> env, SignInMessage message) { if (env == null) { throw new ArgumentNullException("env"); } if (message == null) { throw new ArgumentNullException("message"); } var options = env.ResolveDependency <IdentityServerOptions>(); var cookie = new MessageCookie <SignInMessage>(env, options); var id = cookie.Write(message); var url = env.GetIdentityServerBaseUrl() + Constants.RoutePaths.Login; var uri = new Uri(url.AddQueryString("signin=" + id)); return(uri.AbsoluteUri); }
public Task <Thinktecture.IdentityServer.Core.Authentication.AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message) { return(Task.FromResult <AuthenticateResult>(null)); }
public Task <AuthenticateResult> PreAuthenticateAsync(IDictionary <string, object> env, SignInMessage message) { return(Task.FromResult <AuthenticateResult>(null)); }
public Task <AuthenticateResult> PreAuthenticateAsync(SignInMessage message) { return(Task.FromResult <AuthenticateResult>(null)); }
public Task <AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message) { if (username == password) { var p = IdentityServerPrincipal.Create(username, username, "password", "idsvr"); return(Task.FromResult(new AuthenticateResult(p))); } return(Task.FromResult <AuthenticateResult>(null)); }
public async Task <bool> VerifyTwoFactorTokenAsync(string userId, string code, SignInMessage message) { IUserStoreService service = GetUserStoreService(message.ClientId); var result = service.VerifyOTP(Convert.ToInt32(userId), Convert.ToInt32(code)); return(result); }
public Task <AuthenticateResult> PreAuthenticateAsync(IDictionary <string, object> env, SignInMessage message) { throw new NotImplementedException(); }
protected virtual Task <AuthenticateResult> PostAuthenticateLocalAsync(TAccount account, SignInMessage message) { return(Task.FromResult <AuthenticateResult>(null)); }
public async Task <Stream> Login(LoginViewModel model, SignInMessage message) { return(await Render(model, "Login")); }
IHttpActionResult RedirectToLogin(CoreSettings settings, SignInValidationResult result) { var message = new SignInMessage(); message.ReturnUrl = Request.RequestUri.AbsoluteUri; if (result.HomeRealm.IsPresent()) { message.IdP = result.HomeRealm; } return new LoginResult(message, this.Request, settings, _internalConfig); }
public AuthorizeInteractionResponseGenerator(IConsentService consent) { _signIn = new SignInMessage(); _consent = consent; }
IHttpActionResult RedirectToLogin(SignInMessage message, NameValueCollection parameters, IdentityServerOptions options) { message = message ?? new SignInMessage(); var path = Url.Route(Constants.RouteNames.Oidc.Authorize, null) + "?" + parameters.ToQueryString(); var url = new Uri(Request.RequestUri, path); message.ReturnUrl = url.AbsoluteUri; return new LoginResult(message, Request.GetOwinContext().Environment, _options.DataProtector); }
public static async Task RaiseExternalLoginFailureEventAsync(this IEventService events, ExternalIdentity externalIdentity, string signInMessageId, SignInMessage signInMessage, string error) { var evt = new Event <ExternalLoginDetails>( EventConstants.Categories.Authentication, Resources.Events.ExternalLoginFailure, EventTypes.Failure, EventConstants.Ids.ExternalLoginFailure, new ExternalLoginDetails { SignInId = signInMessageId, SignInMessage = signInMessage, Provider = externalIdentity.Provider, ProviderId = externalIdentity.ProviderId, }, error); await events.RaiseEventAsync(evt); }
public void GetExternalLogin_InalidProvider_ReturnsUnauthorized() { var msg = new SignInMessage(); msg.IdP = "Foo"; var resp1 = GetLoginPage(msg); var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result; Assert.AreEqual(HttpStatusCode.Unauthorized, resp2.StatusCode); }
public static async Task RaiseSuccessfulResourceOwnerFlowAuthenticationEventAsync(this IEventService events, string userName, string subjectId, SignInMessage message) { var evt = new Event <LocalLoginDetails>( EventConstants.Categories.Authentication, Resources.Events.ResourceOwnerFlowLoginSuccess, EventTypes.Success, EventConstants.Ids.ResourceOwnerFlowLoginSuccess, new LocalLoginDetails { SubjectId = subjectId, SignInMessage = message, LoginUserName = userName }); await events.RaiseEventAsync(evt); }
public void LoginExternalCallback_WithoutSubjectOrNameIdClaims_RendersLoginPageWithError() { var msg = new SignInMessage(); msg.IdP = "Google"; var resp1 = GetLoginPage(msg); SignInIdentity = new ClaimsIdentity(new Claim[]{new Claim("foo", "bar")}, Constants.ExternalAuthenticationType); var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result; client.SetCookies(resp2.GetCookies()); var resp3 = Get(Constants.RoutePaths.LoginExternalCallback); AssertPage(resp3, "login"); var model = GetLayoutModel(resp3); Assert.AreEqual(Messages.NoMatchingExternalAccount, model.ErrorMessage); }
public static async Task RaisePartialLoginCompleteEventAsync(this IEventService events, ClaimsIdentity subject, string signInMessageId, SignInMessage signInMessage) { var evt = new Event <LoginDetails>( EventConstants.Categories.Authentication, Resources.Events.PartialLoginComplete, EventTypes.Information, EventConstants.Ids.PartialLoginComplete, new LoginDetails { SubjectId = subject.GetSubjectId(), Name = subject.Name, SignInId = signInMessageId, SignInMessage = signInMessage }); await events.RaiseEventAsync(evt); }
public void LoginExternalCallback_WithValidSubjectClaim_RedirectsToAuthorizeEndpoint() { var msg = new SignInMessage(); msg.IdP = "Google"; msg.ReturnUrl = Url("authorize"); var resp1 = GetLoginPage(msg); var sub = new Claim(Constants.ClaimTypes.Subject, "123", ClaimValueTypes.String, "Google"); SignInIdentity = new ClaimsIdentity(new Claim[] { sub }, Constants.ExternalAuthenticationType); var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result; client.SetCookies(resp2.GetCookies()); var resp3 = Get(Constants.RoutePaths.LoginExternalCallback); Assert.AreEqual(HttpStatusCode.Found, resp3.StatusCode); Assert.AreEqual(Url("authorize"), resp3.Headers.Location.AbsoluteUri); }
public static async Task RaiseLocalLoginSuccessEventAsync(this IEventService events, string username, string signInMessageId, SignInMessage signInMessage, AuthenticateResult authResult) { var evt = new Event <LocalLoginDetails>( EventConstants.Categories.Authentication, Resources.Events.LocalLoginSuccess, EventTypes.Success, EventConstants.Ids.LocalLoginSuccess, new LocalLoginDetails { SubjectId = authResult.HasSubject ? authResult.User.GetSubjectId() : null, Name = authResult.User.Identity.Name, SignInId = signInMessageId, SignInMessage = signInMessage, PartialLogin = authResult.IsPartialSignIn, LoginUserName = username }); await events.RaiseEventAsync(evt); }
public void LoginExternalCallback_UserIsAlreadyLoggedIn_SubjectIsPassedToUserService() { var msg = new SignInMessage(); msg.IdP = "Google"; msg.ReturnUrl = Url("authorize"); var userSub = new Claim(Constants.ClaimTypes.Subject, "818727", ClaimValueTypes.String, Constants.BuiltInIdentityProvider); SignInIdentity = new ClaimsIdentity(new Claim[] { userSub }, Constants.PrimaryAuthenticationType); var resp1 = GetLoginPage(msg); var sub = new Claim(Constants.ClaimTypes.Subject, "123", ClaimValueTypes.String, "Google"); SignInIdentity = new ClaimsIdentity(new Claim[] { sub }, Constants.ExternalAuthenticationType); var resp2 = client.GetAsync(resp1.Headers.Location.AbsoluteUri).Result; client.SetCookies(resp2.GetCookies()); Get(Constants.RoutePaths.LoginExternalCallback); mockUserService.Verify(x => x.AuthenticateExternalAsync("818727", It.IsAny<ExternalIdentity>())); }
/// <summary> /// Construct an RmUnifyUser from a SignInMessage /// </summary> /// <param name="m">SignInMessage</param> internal SsoUser(SignInMessage m) { RawSsoAttributes = m.Attributes; Organization = new SsoOrganization(this); }
public static async Task RaiseLocalLoginFailureEventAsync(this IEventService events, string username, string signInMessageId, SignInMessage signInMessage, string error) { var evt = new Event <LocalLoginDetails>( EventConstants.Categories.Authentication, Resources.Events.LocalLoginFailure, EventTypes.Failure, EventConstants.Ids.LocalLoginFailure, new LocalLoginDetails { SignInId = signInMessageId, SignInMessage = signInMessage, LoginUserName = username }, error); await events.RaiseEventAsync(evt); }
public Task <Stream> Login(LoginViewModel model, SignInMessage message) { return(Task.FromResult(RunTemplate("login", model, message.ClientId, message.Tenant))); }
IHttpActionResult RedirectToLogin(SignInMessage message, NameValueCollection parameters, CoreSettings settings) { message = message ?? new SignInMessage(); var path = Url.Route("authorize", null) + "?" + parameters.ToQueryString(); var url = new Uri(Request.RequestUri, path); message.ReturnUrl = url.AbsoluteUri; return new LoginResult(message, this.Request, settings, _internalConfiguration); }
internal bool ProcessSignIn() { if (PlatformHelper.GetParam("wa") == "wsignin1.0") { string messageStr = PlatformHelper.GetParam("wresult"); SignInMessage message = new SignInMessage(messageStr); DateTime notOnOrAfter = message.Verify(_callbackApi.Realm, _callbackApi.MaxClockSkewSeconds, _callbackApi.Cache); SsoUser user = new SsoUser(message); PlatformHelper.AddSessionCookie("_rmunify_user", "true"); if (!string.IsNullOrEmpty(user.Organization.Id)) { if (!string.IsNullOrEmpty(user.Organization.AppEstablishmentKey)) { if (user.Organization.IsSsoConnector) { if (!_callbackApi.IsOrganizationLicensed(user.Organization.AppEstablishmentKey, user.Organization, RmUnifyCallbackApi.Source.SingleSignOn)) { throw new RmUnifySsoException(RmUnifySsoException.ERRORCODES_NOLICENCE, "No licence found for school with establishment key: " + user.Organization.AppEstablishmentKey); } } _callbackApi.UpdateLinkedOrganization(user.Organization.AppEstablishmentKey, user.Organization, RmUnifyCallbackApi.Source.SingleSignOn); } else { if (user.Organization.IsSsoConnector) { throw new RmUnifySsoException(RmUnifySsoException.ERRORCODES_INVALIDAPPESTABLISHMENTKEY, "Invalid AppEstablishmentKey in SSO Connector"); } _callbackApi.CreateOrUpdateOrganization(user.Organization, RmUnifyCallbackApi.Source.SingleSignOn); } } if (!string.IsNullOrEmpty(user.AppUserId)) { if (string.IsNullOrEmpty(user.Organization.AppEstablishmentKey)) { throw new RmUnifySsoException(RmUnifySsoException.ERRORCODES_INVALIDAPPESTABLISHMENTKEY, "Invalid AppEstablishmentKey for linked user"); } _callbackApi.UpdateLinkedUser(user.AppUserId, user.Organization.AppEstablishmentKey, user, RmUnifyCallbackApi.Source.SingleSignOn); } else { if (string.IsNullOrEmpty(user.Id)) { throw new RmUnifySsoException(RmUnifySsoException.ERRORCODES_MISSINGATTRIBUTES, "No user ID (IdentityGuid or PersistentId) provided by RM Unify"); } _callbackApi.CreateOrUpdateUser(user, RmUnifyCallbackApi.Source.SingleSignOn); } PlatformHelper.AddSessionCookie("_rmunify_user", "true"); string returnUrl = PlatformHelper.GetParam("wctx"); try { if (!string.IsNullOrEmpty(user.AppUserId)) { _callbackApi.DoLoginForLinkedUser(user.AppUserId, user.Organization.AppEstablishmentKey, user, notOnOrAfter, returnUrl); } else { _callbackApi.DoLogin(user, notOnOrAfter, returnUrl); } } catch { try { PlatformHelper.DeleteCookie("_rmunify_user"); } catch { } throw; } return true; } return false; }