public async Task <IActionResult> Backdoor() { if (ManagerConfiguration.IsBackdoorEnabled) { await Connection.User.AuthenticateAsync(new TokenRequestModel { Identifier = new UserIdentifier { OrganizationKey = ManagerConfiguration.BackdoorOrganizationKey, UserKey = ManagerConfiguration.BackdoorUserKey }, Password = ManagerConfiguration.BackdoorPassword, ClientClaims = "FullFrame" }); Connection.AddCookieTokenToResponse(); return(Redirect($"/case-list/{HttpUtility.UrlEncode(Connection.UserIdentifier.OrganizationKey)}")); } return(BadRequest()); }
public async Task <UserAuthenticatedResponse> AuthenticateUserAsync(AuthenticateUserRequest authenticateUserRequest, string linkEncryptionKey) { if (String.IsNullOrEmpty(authenticateUserRequest.Token)) { return(new UserAuthenticatedResponse() { IsAuthenticated = false }); } // Get the magic link object back out from the token. var magicLink = ModuleUtility.DecryptMagicLink(authenticateUserRequest.Token, linkEncryptionKey); // Now we have a magic link object, we need to compare the email on the token, with the one that was passed in. if (magicLink.RecipientEmail.ToLower() != authenticateUserRequest.Email.ToLower() || magicLink.ExipirationDate < DateTime.UtcNow // next let's check that this link hasn't expired. ) // Next we check to make sure the folder keys are the same. { return(new UserAuthenticatedResponse() { IsAuthenticated = false }); } // Before we can operate, and get any folder details, we're also going to need to authenticate the user in the backend. This will properly set things on the connection // such that it can make a backed call. try { await connection.User.AuthenticateAsync(new TokenRequestModel { Identifier = ModuleUtility.GetFolderScopedUserIdentifier(magicLink.FolderIdentifier, authenticateUserRequest.Email, "leo"), Password = authenticateUserRequest.Password }); connection.AddCookieTokenToResponse(); // Now we can do the password check. We're going to check that the password in our database matches on hash // the password that came in on the request. var folder = await connection.Folder.GetAsync(magicLink.FolderIdentifier); // get the recipients, so we can find this particular recipient. var officers = folder.MetaLEOUploadOfficerListRead(); var recipient = officers.Where(rec => rec.Email.ToLower() == magicLink.RecipientEmail.ToLower()).FirstOrDefault(); // We check to make sure that there's a recipient on this folder that matches by email, and that the plain text // password that was passed in matches the password in our database. if (recipient != null && BCrypt.Verify(authenticateUserRequest.Password, recipient.PasswordHash)) { await this.auditLogStore.AddEntry( new AuditLogEntry() { EntryType = AuditLogEntryType.LEOUploadUserLogin, Message = "An officer Has Logged in.", ModuleType = Modules.ModuleType.LEOUpload }, folder.Identifier, connection ); return(new UserAuthenticatedResponse() { IsAuthenticated = true, FolderIdentifier = folder.Identifier, PathIdentifier = GetOfficerPath(folder.Identifier, recipient.FirstName, recipient.LastName) }); } else { return(new UserAuthenticatedResponse() { IsAuthenticated = false }); } } catch (Exception) { return(new UserAuthenticatedResponse() { IsAuthenticated = false }); } }