public override void Handle(FlowEvent @event, FlowContext context) { if (@event.Equals(FlowEvent.LoginCompleted)) { var externalUserUuid = GetUserExternalUuid(); var cvrNumber = _parser.MatchCvrNumber(); if (externalUserUuid.IsNone) { _logger.Warning("No external UUID passed from STS Adgangsstyring"); context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleUnknownError()); } else if (cvrNumber.IsNone) { _logger.Warning("CVR number not provided from STS Adgangsstyring"); context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleUnknownError()); } else if (CurrentUserHasKitosPrivilege()) { _logger.Debug("User with UUID {uuid} and CVR {cvr} did have privilege", externalUserUuid.Value, cvrNumber.Value); context.TransitionTo(_stateFactory.CreatePrivilegeVerifiedState(externalUserUuid.Value, cvrNumber.Value), _ => _.HandleUserPrivilegeVerified()); } else { var privileges = GetPrivilegesString(); _logger.Information("Missing privilege for user with UUID {uuid} and CVR {cvr}. Failed with XML privileges {xmlPrivilegesBase64}", externalUserUuid.Value, cvrNumber.Value, privileges); context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleUserPrivilegeInvalid()); } } }
public override void Handle(FlowEvent @event, FlowContext context) { _logger.Information("SSO entered {errorStateName} with error: {errorEvent}", nameof(ErrorState), @event); switch (@event) { case FlowEvent.UserPrivilegeInvalid: ErrorCode = SsoErrorCode.MissingPrivilege; break; case FlowEvent.NoOrganizationAndRole: ErrorCode = SsoErrorCode.NoOrganizationAndRole; break; case FlowEvent.UnableToResolveUserInStsOrganization: ErrorCode = SsoErrorCode.UserNotFoundInSTS; break; case FlowEvent.UnableToLocateUser: ErrorCode = SsoErrorCode.UnableToCreateUserWithUnknownOrganization; break; default: ErrorCode = SsoErrorCode.Unknown; break; } }
public override void Handle(FlowEvent @event, FlowContext context) { switch (@event) { case FlowEvent.UnableToLocateUser: var organizationByCvrResult = _organizationRepository.GetByCvr(_stsBrugerInfo.MunicipalityCvr); if (organizationByCvrResult.HasValue) { var organization = organizationByCvrResult.Value; var user = CreateAutoProvisonedUser(); _organizationRoleService.MakeUser(user, organization); context.TransitionTo(_ssoStateFactory.CreateUserLoggedIn(user), _ => _.HandleUserAutoProvisioned()); } else { context.TransitionTo(_ssoStateFactory.CreateErrorState(), _ => _.HandleUnableToLocateUser()); } break; default: throw new ArgumentOutOfRangeException(nameof(@event), @event, null); } }
public override void Handle(FlowEvent @event, FlowContext context) { if (@event.Equals(FlowEvent.UserHasNoRoleInOrganization)) { _organizationRoleService.MakeUser(_user, _ssoOrganization); context.TransitionTo(_ssoStateFactory.CreateUserLoggedIn(_user), _ => _.HandleRoleAssigned()); } }
public override void Handle(FlowEvent @event, FlowContext context) { if (@event.Equals(FlowEvent.UserFirstTimeSsoVisit)) { AssociateUserWithExternalIdentity(); HandleUserWithSsoIdentity(context); } else if (@event.Equals(FlowEvent.ExistingSsoUserWithoutRoles)) { HandleUserWithSsoIdentity(context); } }
public override void Handle(FlowEvent @event, FlowContext context) { if (@event.Equals(FlowEvent.UserPrivilegeVerified)) { var userResult = _ssoUserIdentityRepository.GetByExternalUuid(_userUuid); if (userResult.HasValue) // User has used the same SSO identity before and exists { var user = userResult.Value.User; if (user.CanAuthenticate()) { context.TransitionTo(_ssoStateFactory.CreateUserLoggedIn(user), _ => _.HandleUserSeenBefore()); } else { var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid, _cvrNumber); if (!stsBrugerInfo.HasValue) { context.TransitionTo(_ssoStateFactory.CreateErrorState(), _ => _.HandleUnableToResolveUserInStsOrganisation()); } else { context.TransitionTo(_ssoStateFactory.CreateUserIdentifiedState(user, stsBrugerInfo.Value), _ => _.HandleExistingSsoUserWithoutRoles()); } } } else // Try to find the user by email { var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid, _cvrNumber); if (!stsBrugerInfo.HasValue) { context.TransitionTo(_ssoStateFactory.CreateErrorState(), _ => _.HandleUnableToResolveUserInStsOrganisation()); } else { var userByKitosEmail = FindUserByEmail(stsBrugerInfo); if (userByKitosEmail.HasValue) { context.TransitionTo(_ssoStateFactory.CreateUserIdentifiedState(userByKitosEmail.Value, stsBrugerInfo.Value), _ => _.HandleUserFirstTimeSsoVisit()); } else { context.TransitionTo(_ssoStateFactory.CreateFirstTimeUserNotFoundState(stsBrugerInfo.Value), _ => _.HandleUnableToLocateUser()); } } } } }
public override void Handle(FlowEvent @event, FlowContext context) { if (@event.Equals(FlowEvent.OrganizationNotFound)) { if (_user.CanAuthenticate()) { context.TransitionTo(_stateFactory.CreateUserLoggedIn(_user), _ => _.HandleUserHasRoleInOrganization()); } else { context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleNoRoleAndOrganization()); } } }
public override void Handle(FlowEvent @event, FlowContext context) { if (@event.Equals(FlowEvent.OrganizationFound)) { var rolesInOrganization = _organizationRoleService.GetRolesInOrganization(_user, _ssoOrganization.Id); if (rolesInOrganization.Any()) { context.TransitionTo(_ssoStateFactory.CreateUserLoggedIn(_user), _ => _.HandleUserHasRoleInOrganization()); } else { context.TransitionTo(_ssoStateFactory.CreateAssigningRoleState(_user, _ssoOrganization), _ => _.HandleUserHasNoRoleInOrganization()); } } }
public override void Handle(FlowEvent @event, FlowContext context) { switch (@event) { case FlowEvent.UserSeenBefore: case FlowEvent.UserHasRoleInOrganization: case FlowEvent.RoleAssigned: case FlowEvent.UserAutoProvisioned: _authenticationState.SetAuthenticatedUser(User, AuthenticationScope.Session); break; default: throw new ArgumentOutOfRangeException(nameof(@event), @event, null); } }
private void HandleUserWithSsoIdentity(FlowContext context) { //Transition to authorizing state if organization sso binding already exists var organizationByExternalIdResult = _ssoOrganizationIdentityRepository.GetByExternalUuid(_externalUser.BelongsToOrganizationUuid); if (organizationByExternalIdResult.HasValue) { context.TransitionTo(_ssoStateFactory.CreateAuthorizingUserState(_user, organizationByExternalIdResult.Value.Organization), _ => _.HandleOrganizationFound()); } else { //If no sso binding exists for the organization, try to create one by finding the org by cvr and adding the sso relation var organizationByCvrResult = _organizationRepository.GetByCvr(_externalUser.MunicipalityCvr); if (organizationByCvrResult.HasValue) { var organization = organizationByCvrResult.Value; var addOrganizationIdentityResult = _ssoOrganizationIdentityRepository.AddNew(organization, _externalUser.BelongsToOrganizationUuid); if (addOrganizationIdentityResult.Failed) { //NOTE: This is not a blocker! - concurrency might be to blame but we log the error.. authentication is still allowed to proceed - it just failed to save the relation between org id and external uuid. _logger.Error( "Failed to save SSO relation between org uuid {orgUuid} and organization {orgId} for while authenticating user with id {userId}", _externalUser.BelongsToOrganizationUuid, organization.Id, _user.Id); } context.TransitionTo(_ssoStateFactory.CreateAuthorizingUserState(_user, organization), _ => _.HandleOrganizationFound()); } else { context.TransitionTo(_ssoStateFactory.CreateAuthorizingUserFromUnknownOrgState(_user), _ => _.HandleOrganizationNotFound()); } } }