public async Task <Domain.Identity> CreateIdentity(IdentityForCreation identity)
{
using (MySqlConnection connection = new MySqlConnection(await _connectionInfo.GetConnectionStringAsync()))
{
await connection.OpenAsync().ConfigureAwait(false);
MySqlCommand command = new MySqlCommand(IdentityDaoResources.InsertUser, connection);
command.Parameters.AddWithValue("firstname", identity.FirstName);
command.Parameters.AddWithValue("lastname", identity.LastName);
command.Parameters.AddWithValue("email", identity.Email);
command.Parameters.AddWithValue("global_admin", identity.RoleType == RoleType.Admin);
command.Prepare();
await command.ExecuteNonQueryAsync();
Domain.Identity newIdentity = new Domain.Identity(
(int)command.LastInsertedId,
identity.FirstName,
identity.LastName,
identity.Email,
identity.RoleType);
connection.Close();
return(newIdentity);
}
}
public async Task <Domain.Identity> GetIdentityByEmail(string email)
{
using (MySqlConnection connection = new MySqlConnection(await _connectionInfo.GetConnectionStringAsync()))
{
await connection.OpenAsync().ConfigureAwait(false);
MySqlCommand command = new MySqlCommand(IdentityDaoResources.SelectUserByEmail, connection);
command.Parameters.AddWithValue("email", email);
command.Prepare();
Domain.Identity identity = null;
using (DbDataReader reader = await command.ExecuteReaderAsync())
{
while (await reader.ReadAsync())
{
identity = new Domain.Identity(
reader.GetInt32("id"),
reader.GetString("firstname"),
reader.GetString("lastname"),
reader.GetString("email"),
reader.IsDbNull("global_admin") ? RoleType.Standard : reader.GetBoolean("global_admin") ? RoleType.Admin : RoleType.Standard);
}
}
connection.Close();
return(identity);
}
}
public async Task CompleteAdmin(Guid code, string password, string passwordMatch, string email)
{
var pendingIdentity = await _pendingIdentityRepository.GetAsync(code, email);
if (pendingIdentity is null)
{
throw new VmsException(Codes.InvalidCredentials, "The credentials are invalid.");
}
var existing = await _identityRepository.GetByEmailAndRole(email, Roles.SystemAdmin);
if (existing != null)
{
throw new VmsException(Codes.EmailInUse, "Their has already been an account created with this email.");
}
if (password != passwordMatch)
{
throw new VmsException(Codes.InvalidCredentials, "The credentials are invalid.");
}
var pword = _passwordManager.EncryptPassword(password);
var identity = new Domain.Identity(email, pword.Hash, pword.Salt, Roles.SystemAdmin);
await _identityRepository.AddAsync(identity);
}
public async Task CompleteUser(Guid code, string email, string password, string passwordConfirm)
{
var pending = await _pendingIdentityRepository.GetAsync(code, email);
if (pending is null)
{
_logger.LogWarning($"Pending user not found with code: {code} and email: {email}");
throw new VmsException(Codes.InvalidCredentials, "The account registration has not been made.");
}
//TODO: make sure this check is done on creation of account pending.
//var existing = await _identityRepository.GetByEmailAndRole(email, Roles.);
//if (existing != null)
// throw new VmsException(Codes.EmailInUse, "Their has already been an account created with this email.");
if (password != passwordConfirm)
{
throw new VmsException(Codes.InvalidCredentials, "The credentials are invalid.");
}
var pword = _passwordManager.EncryptPassword(password);
var numberCode = await GetCode(pending.BusinessId);
var identity = new Domain.Identity(email, pword.Hash, pword.Salt, pending.Role, pending.BusinessId, numberCode);
await _identityRepository.AddAsync(identity);
await _pendingIdentityRepository.RemoveAsync(pending);
_publisher.PublishEvent(new UserAccountCreated(identity.Id, identity.Email, identity.Code), RequestInfo.Empty);
}
public Identity(Domain.Identity obj)
{
Title = obj.Title?.EncryptedString;
FirstName = obj.FirstName?.EncryptedString;
MiddleName = obj.FirstName?.EncryptedString;
LastName = obj.LastName?.EncryptedString;
Address1 = obj.Address1?.EncryptedString;
Address2 = obj.Address2?.EncryptedString;
Address3 = obj.Address3?.EncryptedString;
City = obj.City?.EncryptedString;
State = obj.State?.EncryptedString;
PostalCode = obj.PostalCode?.EncryptedString;
Country = obj.Country?.EncryptedString;
Company = obj.Company?.EncryptedString;
Email = obj.Email?.EncryptedString;
Phone = obj.Phone?.EncryptedString;
SSN = obj.SSN?.EncryptedString;
Username = obj.Username?.EncryptedString;
PassportNumber = obj.PassportNumber?.EncryptedString;
LicenseNumber = obj.LicenseNumber?.EncryptedString;
}
public Task UpdateAsync(Domain.Identity identity) => _repository.UpdateAsync(identity, identity.Id);
public Task RemoveAsync(Domain.Identity identity) => _repository.RemoveAsync(identity.Id);
public Task AddAsync(Domain.Identity identity) => _repository.AddAsync(identity);
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
_log.LogDebug($"Identity middleware handling request: {Context.Request.Path} ({Context.Request.Method})");
IHeaderDictionary headerDictionary = Context.Request.Headers;
StringValues email;
if (!headerDictionary.TryGetValue(OidcClaims.Email, out email))
{
_log.LogError($"Request headers didnt contain header { OidcClaims.Email}");
return(AuthenticateResult.Fail(new InvalidOperationException($"Request headers doesnt contain header {OidcClaims.Email}")));
}
Domain.Identity identity = await _identityDao.GetIdentityByEmail(email);
if (identity == null)
{
_log.LogDebug($"Creating user with email: {email}");
StringValues name;
if (!headerDictionary.TryGetValue(OidcClaims.GivenName, out name))
{
_log.LogError($"Request headers didnt contain header {OidcClaims.GivenName}");
return
(AuthenticateResult.Fail(
new InvalidOperationException($"Request headers doesnt contain header {OidcClaims.GivenName}")));
}
StringValues familyName;
if (!headerDictionary.TryGetValue(OidcClaims.FamilyName, out familyName))
{
_log.LogError($"Request headers didnt contain header {OidcClaims.FamilyName}");
return
(AuthenticateResult.Fail(
new InvalidOperationException(
$"Request headers doesnt contain header {OidcClaims.FamilyName}")));
}
identity = await _identityDao.CreateIdentity(new IdentityForCreation(
name,
familyName,
email,
RoleType.Standard));
_log.LogDebug($"Successfully created user {name} {familyName} ({email}).");
}
else
{
_log.LogDebug($"Found user {identity.FirstName} {identity.LastName} ({email}).");
}
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.Email, email),
new Claim(ClaimTypes.Role, identity.RoleType),
new Claim(ClaimTypes.Surname, identity.LastName),
new Claim(ClaimTypes.Name, identity.FirstName),
new Claim(ClaimTypes.Sid, identity.Id.ToString())
};
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims));
return(AuthenticateResult.Success(new AuthenticationTicket(principal,
new AuthenticationProperties(), Options.AuthenticationScheme)));
}
