public IActionResult ChangeName([Bind(Prefix = "Name")] UserNameModel model) { if (!ModelState.IsValid) { return(CorrectErrors(BuildUserProfileModel(model), "name")); } var user = _userAccountService.GetByID(User.GetId()); _userAccountService.RemoveClaims(user.ID, new UserClaimCollection(user.Claims.Where(claim => claim.Type == "given_name" || claim.Type == "family_name" || claim.Type == "name"))); var claims = new UserClaimCollection(); claims.Add("given_name", model.GivenName); claims.Add("family_name", model.FamilyName); claims.Add("name", string.Join(" ", new string[] { model.GivenName, model.FamilyName } .Where(name => !string.IsNullOrWhiteSpace(name)))); _userAccountService.AddClaims(user.ID, claims); return(RedirectToAction("Edit", new { changed = true })); }
public void UpdateClaims(int accountId, UserClaimCollection additions = null, UserClaimCollection deletions = null) { _logger.LogInformation(GetLogMessage($"called for accountId: {accountId}")); if ((additions == null || !additions.Any()) && (deletions == null || !deletions.Any())) { _logger.LogInformation(GetLogMessage("no additions or deletions -- exiting")); return; } var account = GetById(accountId); if (account == null) { throw new ArgumentException("Invalid AccountID"); } foreach (var addition in additions ?? UserClaimCollection.Empty) { AddClaim(account, addition); } foreach (var deletion in deletions ?? UserClaimCollection.Empty) { RemoveClaim(account, deletion.Type, deletion.Value); } Update(account); }
/// <summary> /// Valida definitivamente l'accesso da parte di un dato utente. Se ritorna vero, l'utente /// può accedere al servizio; se ritorna falso, l'utente non può accedere ed eventuali /// indicazioni del motivo devono essere riportate nel risultato di questa chiamata. /// </summary> /// <param name="actionContext">Il contesto HTTP da validare.</param> /// <param name="userClaims">I claim restituiti dal servizio che gestisce l'identità.</param> /// <returns> /// Autorizzazione positiva se l'utente è stato autorizzato, negativa altrimenti. Il campo /// <see cref="AuthorizationResult{TPayload}.Payload"/> deve essere valorizzato con il /// principal legato all'utente, se l'autorizzazione ha avuto successo. /// </returns> public async Task<AuthorizationResult<IPrincipal>> ValidateRequestAsync(HttpActionContext actionContext, UserClaimCollection userClaims) { try { var idnUserKey = SecUserKey.FromString(userClaims["sub"].Single()); if (!AllowedApps.Contains(idnUserKey.AppName)) { return new AuthorizationResult<IPrincipal> { Authorized = false, AuthorizationDeniedReason = $"Application '{idnUserKey.AppName}' has not been allowed" }; } var user = await SecurityRepository.GetUserByLoginAsync(idnUserKey.AppName, idnUserKey.UserLogin); var authorizationResult = await ValidateRequestAsync(actionContext, userClaims, user); if (authorizationResult.Authorized) { authorizationResult.Payload = new IdnPrincipal(user); } return authorizationResult; } catch (SecAppNotFoundException aex) { Log.Warn(aex.Message); return new AuthorizationResult<IPrincipal> { Authorized = false, AuthorizationDeniedReason = aex.Message }; } catch (SecUserNotFoundException uex) { Log.Warn(uex.Message); return new AuthorizationResult<IPrincipal> { Authorized = false, AuthorizationDeniedReason = uex.Message }; } catch (Exception ex) { Log.Error(ex.Message); return new AuthorizationResult<IPrincipal> { Authorized = false, AuthorizationDeniedReason = ex.Message, AuthorizationDeniedException = ex }; } }
/// <summary> /// Imposta le mappature necessarie alla libreria Caravan.WebApi. /// </summary> public CaravanWebApiMapperConfig() { CreateMap<LogEntryBulkDTO, LogEntry>(); CreateMap<SecApp, LinkedSecApp>(); CreateMap<IEnumerable<Tuple<string, string>>, UserClaimCollection>() .ConvertUsing(tuples => { var uc = new UserClaimCollection(); foreach (var t in tuples) { uc.Add(t.Item1, t.Item2); } return uc; }); }
public ClaimsIdentity FindByUserId(string userId) { var claims = new ClaimsIdentity(); var list = UserClaimCollection.GetUserClaimERList(userId); foreach (var item in list) { claims.AddClaim(new IdentityClaim { Id = item.Id, UserId = item.UserId, ClaimType = item.ClaimType, ClaimValue = item.ClaimValue }); } return(claims); }
public IActionResult Save(UserProfileModel profile) { Guid userGuid; if (!Guid.TryParse(profile.UserId, out userGuid)) { return(HttpBadRequest("Failed to parse userId.")); } if (ModelState.IsValid) { var user = _userAccountService.GetByID(userGuid); _userAccountService.RemoveClaims(userGuid, new UserClaimCollection(user.Claims.Where(claim => claim.Type == "given_name" || claim.Type == "family_name" || claim.Type == "name" || claim.Type == "fsw:organization" || claim.Type == "fsw:department"))); var claims = new UserClaimCollection(); claims.Add("given_name", profile.GivenName); claims.Add("family_name", profile.FamilyName); claims.Add("name", string.Join(" ", new string[] { profile.GivenName, profile.FamilyName } .Where(name => !string.IsNullOrWhiteSpace(name)))); if (!string.IsNullOrWhiteSpace(profile.Organization)) { claims.Add("fsw:organization", profile.Organization); } if (!string.IsNullOrWhiteSpace(profile.Department)) { claims.Add("fsw:department", profile.Department); } _userAccountService.AddClaims(userGuid, claims); return(RedirectToAction("Edit", new { userId = profile.UserId, changed = true })); } return(View("Edit", profile)); }
public ActionResult Index(RegisterInputModel model) { if (ModelState.IsValid) { try { model.Email = model.Email.ToLowerInvariant().Trim(); var account = this._userAccountService.CreateAccount(model.Username, model.Password, model.Email); ViewData["RequireAccountVerification"] = this._userAccountService.Configuration.RequireAccountVerification; UserClaimCollection claims = new UserClaimCollection { new UserClaim("given_name", model.GivenName), new UserClaim("family_name", model.FamilyName), new UserClaim("name", string.Join(" ", new string[] { model.GivenName, model.FamilyName } .Where(name => !string.IsNullOrWhiteSpace(name)) )) }; if (model.Email.EndsWith("@foodservicewarehouse.com") || model.Email.EndsWith("@fsw.com")) { claims.Add(new UserClaim("fsw:organization", "FSW")); } else { string emailDomain = model.Email.Split('@')[1]; claims.Add(new UserClaim("fsw:organization", emailDomain)); } _userAccountService.AddClaims(account.ID, claims); return(View("Success", model)); } catch (ValidationException ex) { ModelState.AddModelError("", ex.Message); } } return(View(model)); }
private void AddClaims(Guid accountId, CreateAccountInputModel model) { model.Email = model.Email.ToLowerInvariant().Trim(); UserClaimCollection claims = new UserClaimCollection { new UserClaim("given_name", model.GivenName), new UserClaim("family_name", model.FamilyName), new UserClaim("name", string.Join(" ", new string[] { model.GivenName, model.FamilyName } .Where(name => !string.IsNullOrWhiteSpace(name)) )) }; if (model.IsAuthCentralAdmin) { claims.Add(new UserClaim("fsw:authcentral:admin", "true")); } if (!string.IsNullOrWhiteSpace(model.Organization)) { claims.Add(new UserClaim("fsw:organization", model.Organization)); } else if (model.Email.EndsWith("@foodservicewarehouse.com") || model.Email.EndsWith("@fsw.com")) { claims.Add(new UserClaim("fsw:organization", "FSW")); } else { string emailDomain = model.Email.Split('@')[1]; claims.Add(new UserClaim("fsw:organization", emailDomain)); } if (!string.IsNullOrWhiteSpace(model.Department)) { claims.Add(new UserClaim("fsw:department", model.Department)); } _userAccountService.AddClaims(accountId, claims); }
public Task RemoveClaimAsync(User user, Claim claim) { return(Task.Run(() => { UserClaimCollection.DeleteByTypeAndValue(user, claim.Type, claim.Value); })); }
/// <summary> /// Valida definitivamente l'accesso da parte di un dato utente. Se ritorna vero, l'utente /// può accedere al servizio; se ritorna falso, l'utente non può accedere ed eventuali indicazioni /// </summary> /// <param name="actionContext">La richiesta HTTP da validare.</param> /// <param name="userClaims">I claim restituiti dal servizio che gestisce l'identità.</param> /// <param name="user">L'utente caricato da Caravan.</param> /// <returns>Vero se l'utente è stato autorizzato, falso altrimenti.</returns> protected virtual Task<AuthorizationResult<IPrincipal>> ValidateRequestAsync(HttpActionContext actionContext, UserClaimCollection userClaims, SecUser user) => Task.FromResult(AuthorizationResult<IPrincipal>.Success);
public void RemoveClaims(int accountId, UserClaimCollection claims) { _logger.LogInformation(GetLogMessage($"called for accountId: {accountId}")); UpdateClaims(accountId, null, claims); }