public virtual async Task <TResult> OnUnmappedUserAsync <TResult>(
string subject, IDictionary <string, string> extraParameters,
EastFive.Azure.Auth.Method authentication, EastFive.Azure.Auth.Authorization authorization,
IProvideAuthorization authorizationProvider, Uri baseUri,
Func <Guid, TResult> onCreatedMapping,
Func <TResult> onAllowSelfServeAccounts,
Func <Uri, TResult> onInterceptProcess,
Func <TResult> onNoChange)
{
if (authorizationProvider is Credentials.IProvideAccountInformation)
{
var accountInfoProvider = authorizationProvider as Credentials.IProvideAccountInformation;
return(await accountInfoProvider
.CreateAccount(subject, extraParameters,
authentication, authorization, baseUri,
this,
onCreatedMapping,
onAllowSelfServeAccounts,
onInterceptProcess,
onNoChange));
}
return(onNoChange());
}
public virtual Task <bool> ShouldAuthorizeIntegrationAsync(XIntegration integration, EastFive.Azure.Auth.Authorization authorization)
{
if (authorization.accountIdMaybe.HasValue)
{
if (integration.accountId != authorization.accountIdMaybe.Value)
{
return(false.AsTask());
}
}
return(true.AsTask());
}
internal static async Task <TResult> CreateByMethodAndKeyAsync <TResult>(Authorization authorization,
string externalAccountKey, Guid internalAccountId,
Func <TResult> onCreated,
Func <TResult> onAlreadyMapped,
bool shouldRemap = false)
{
var accountMapping = new AccountMapping()
{
accountId = internalAccountId,
};
accountMapping.Method = authorization.Method; // method is used in the .mappingId
accountMapping.authorization = authorization.authorizationRef;
var authorizationLookup = new AuthorizationLookup
{
accountMappingRef = accountMapping.mappingId,
authorizationLookupRef = authorization.authorizationRef,
};
bool created = await authorizationLookup.StorageCreateAsync(
(idDiscard) =>
{
return(true);
},
() =>
{
// I guess this is cool...
return(false);
});
var lookup = new AccountMappingLookup()
{
accountkey = externalAccountKey,
accountMappingId = accountMapping.mappingId,
Method = authorization.Method,
};
accountMapping.accountMappingLookup = await await lookup.StorageCreateAsync(
(discard) => lookup.accountMappingLookupId.Optional().AsTask(),
async() =>
{
if (!shouldRemap)
{
return(RefOptional <AccountMappingLookup> .Empty());
}
return(await lookup.accountMappingLookupId.StorageCreateOrUpdateAsync(
async(created, lookupToUpdate, saveAsync) =>
{
lookupToUpdate.accountMappingId = accountMapping.mappingId;
await saveAsync(lookupToUpdate);
return lookupToUpdate.accountMappingLookupId.Optional();
}));
});
return(await await accountMapping.StorageCreateAsync(
createdId =>
{
return onCreated().AsTask();
},
async() =>
{
if (!shouldRemap)
{
return onAlreadyMapped();
}
return await accountMapping.mappingId.StorageCreateOrUpdateAsync(
async(created, mapping, saveAsync) =>
{
mapping.accountMappingLookup = accountMapping.accountMappingLookup;
mapping.authorization = accountMapping.authorization;
await saveAsync(mapping);
return onCreated();
});
}));
}
public async static Task <TResult> AuthenticationAsync <TResult>(
EastFive.Azure.Auth.Method authentication, IDictionary <string, string> values,
IAzureApplication application, IHttpRequest request,
IInvokeApplication endpoints, Uri baseUri,
IRefOptional <Authorization> authorizationRefToCreate,
Func <Uri, Guid?, Func <IHttpResponse, IHttpResponse>, TResult> onRedirect,
Func <TResult> onAuthorizationNotFound,
Func <string, TResult> onCouldNotConnect,
Func <string, TResult> onGeneralFailure)
{
var telemetry = application.Telemetry;
return(await await authentication.RedeemTokenAsync(values, application,
async (externalAccountKey, authorizationRefMaybe, loginProvider, extraParams) =>
{
#region Handle case where there was a direct link or a POST
if (!authorizationRefMaybe.HasValue)
{
var authorization = new Authorization
{
authorizationRef = authorizationRefToCreate.HasValue?
authorizationRefToCreate.Ref
:
new Ref <Authorization>(Security.SecureGuid.Generate()),
Method = authentication.authenticationId,
parameters = extraParams,
authorized = true,
};
return await ProcessAsync(authorization,
async(authorizationUpdated) =>
{
bool created = await authorizationUpdated.StorageCreateAsync(
authIdDiscard =>
{
return true;
},
() =>
{
//if(authorizationRefToCreate.HasValueNotNull())
// throw new Exception("Authorization to create already exists.");
//throw new Exception("Duplicated update from ProcessAsync.");
return false;
});
},
authentication, externalAccountKey, extraParams,
application, request, endpoints, loginProvider, baseUri,
onRedirect,
onGeneralFailure,
telemetry);
}
#endregion
var authorizationRef = authorizationRefMaybe.Ref;
return await authorizationRef.StorageUpdateAsync(
async(authorization, saveAsync) =>
{
return await ProcessAsync(authorization,
saveAsync,
authentication, externalAccountKey, extraParams,
application, request, endpoints, loginProvider, baseUri,
onRedirect,
onGeneralFailure,
telemetry);
},
() =>
{
return onAuthorizationNotFound();
});
},
(authorizationRef, extraparams) => onGeneralFailure("Cannot use logout to authenticate").AsTask(),
(why) => onCouldNotConnect(why).AsTask(),
(why) => onGeneralFailure(why).AsTask()));
}
private async static Task <TResult> AuthenticationAsync <TResult>(Guid requestId,
EastFive.Azure.Auth.Method authentication, IDictionary <string, string> values, Uri baseUri,
AzureApplication application,
Func <Uri, TResult> onRedirect,
Func <TResult> onAuthorizationNotFound,
Func <string, TResult> onCouldNotConnect,
Func <string, TResult> onGeneralFailure)
{
var authorizationRequestManager = application.AuthorizationRequestManager;
var telemetry = application.Telemetry;
return(await await authentication.RedeemTokenAsync(values, application,
async (externalAccountKey, authorizationRefMaybe, loginProvider, extraParams) =>
{
#region Handle case where there was a direct link
if (!authorizationRefMaybe.HasValue)
{
var authorization = new Authorization
{
authorizationRef = new Ref <Authorization>(Security.SecureGuid.Generate()),
Method = authentication.authenticationId,
parameters = extraParams,
authorized = true,
};
return await ProcessAsync(authorization,
async(authorizationUpdated) =>
{
bool created = await authorizationUpdated.StorageCreateAsync(
authIdDiscard =>
{
return true;
},
() => throw new Exception("Secure guid not unique"));
},
authentication, externalAccountKey, extraParams,
requestId, baseUri, application, loginProvider,
onRedirect,
onGeneralFailure,
telemetry);
}
#endregion
var authorizationRef = authorizationRefMaybe.Ref;
return await authorizationRef.StorageUpdateAsync(
async(authorization, saveAsync) =>
{
return await ProcessAsync(authorization,
saveAsync,
authentication, externalAccountKey, extraParams,
requestId, baseUri, application, loginProvider,
onRedirect,
onGeneralFailure,
telemetry);
},
() =>
{
return onAuthorizationNotFound();
});
},
(authorizationRef, extraparams) => onGeneralFailure("Cannot use logout to authenticate").AsTask(),
(why) => onCouldNotConnect(why).AsTask(),
(why) => onGeneralFailure(why).AsTask()));
}
private static Task <TResult> CreateLoginResponseAsync <TResult>(Guid requestId,
Guid?accountId, IDictionary <string, string> extraParams,
Method method, Authorization authorization,
Uri baseUri,
AzureApplication application, IProvideAuthorization authorizationProvider,
Func <Uri, TResult> onRedirect,
Func <string, TResult> onBadResponse,
TelemetryClient telemetry)
{
return(application.GetRedirectUriAsync(requestId,
accountId, extraParams,
method, authorization,
baseUri,
authorizationProvider,
(redirectUrlSelected) =>
{
telemetry.TrackEvent($"CreateResponse - redirectUrlSelected1: {redirectUrlSelected.AbsolutePath}");
telemetry.TrackEvent($"CreateResponse - redirectUrlSelected2: {redirectUrlSelected.AbsoluteUri}");
return onRedirect(redirectUrlSelected);
},
(paramName, why) =>
{
var message = $"Invalid parameter while completing login: {paramName} - {why}";
telemetry.TrackException(new ResponseException(message));
return onBadResponse(message);
},
(why) =>
{
var message = $"General failure while completing login: {why}";
telemetry.TrackException(new ResponseException(message));
return onBadResponse(message);
}));
}
public static async Task <TResult> ProcessAsync <TResult>(Authorization authorization,
Func <Authorization, Task> saveAsync,
Method authentication, string externalAccountKey,
IDictionary <string, string> extraParams,
Guid requestId, Uri baseUri, AzureApplication application, IProvideLogin loginProvider,
Func <Uri, TResult> onRedirect,
Func <string, TResult> onGeneralFailure,
TelemetryClient telemetry)
{
authorization.authorized = true;
authorization.LocationAuthentication = null;
var result = await await AccountMapping.FindByMethodAndKeyAsync(authentication.authenticationId, externalAccountKey,
authorization,
// Found
async internalAccountId =>
{
authorization.parameters = extraParams;
authorization.accountIdMaybe = internalAccountId;
await saveAsync(authorization);
return(await CreateLoginResponseAsync(requestId,
internalAccountId, extraParams,
authentication, authorization,
baseUri,
application, loginProvider,
onRedirect,
onGeneralFailure,
telemetry));
},
// Not found
async() =>
{
return(await await UnmappedCredentialAsync(externalAccountKey, extraParams,
authentication, authorization,
loginProvider, application, baseUri,
// Create mapping
async(internalAccountId) =>
{
authorization.parameters = extraParams;
authorization.accountIdMaybe = internalAccountId;
await saveAsync(authorization);
return await await AccountMapping.CreateByMethodAndKeyAsync(authorization, externalAccountKey,
internalAccountId,
() =>
{
return CreateLoginResponseAsync(requestId,
internalAccountId, extraParams,
authentication, authorization,
baseUri,
application, loginProvider,
onRedirect,
onGeneralFailure,
telemetry);
},
(why) => onGeneralFailure(why).AsTask());
},
// Allow self serve
async() =>
{
authorization.parameters = extraParams;
await saveAsync(authorization);
return await CreateLoginResponseAsync(requestId,
default(Guid?), extraParams,
authentication, authorization,
baseUri,
application, loginProvider,
onRedirect,
onGeneralFailure,
telemetry);
},
// Intercept process
async(interceptionUrl) =>
{
authorization.parameters = extraParams;
await saveAsync(authorization);
return onRedirect(interceptionUrl);
},
// Failure
async(why) =>
{
// Save params so they can be used later
authorization.parameters = extraParams;
await saveAsync(authorization);
return onGeneralFailure(why);
},
telemetry));
});
return(result);
}
