public Task LogAuthRecord(string userId, HttpContext httpContext, bool success, string appId)
{
if (httpContext.AllowTrack() || success == false)
{
var log = new AuditLogLocal
{
UserId = userId,
IPAddress = httpContext.Connection.RemoteIpAddress.ToString(),
Success = success,
AppId = appId
};
_dbContext.AuditLogs.Add(log);
return(_dbContext.SaveChangesAsync());
}
else
{
var log = new AuditLogLocal
{
UserId = userId,
IPAddress = "Unknown(because of `dnt` policy)",
Success = success,
AppId = appId
};
_dbContext.AuditLogs.Add(log);
return(_dbContext.SaveChangesAsync());
}
}
public async Task <IActionResult> EmailConfirmed(EmailConfirmViewModel model)
{
var user = await _dbContext
.Users
.Include(t => t.Emails)
.SingleOrDefaultAsync(t => t.Id == model.UserId);
if (user == null)
{
return(NotFound());
}
var mailObject = await _dbContext
.UserEmails
.SingleOrDefaultAsync(t => t.ValidateToken == model.Code);
if (mailObject == null || mailObject.OwnerId != user.Id)
{
return(NotFound());
}
if (!mailObject.Validated)
{
_logger.LogWarning($"The email object with address: {mailObject.EmailAddress} was already validated but the user was still trying to validate it!");
}
mailObject.Validated = true;
mailObject.ValidateToken = string.Empty;
await _dbContext.SaveChangesAsync();
return(View());
}
public async Task <IActionResult> CreateAccountAndBind(SignInViewModel model)
{
var app = (await _apiService.AppInfoAsync(model.AppId)).App;
bool exists = _dbContext.UserEmails.Any(t => t.EmailAddress == model.UserDetail.Email.ToLower());
if (exists)
{
ModelState.AddModelError(string.Empty, $"An user with email '{model.UserDetail.Email}' already exists!");
model.AppImageUrl = app.IconPath;
model.CanFindAnAccountWithEmail = false;
model.Provider = _authProviders.SingleOrDefault(t => t.GetName().ToLower() == model.ProviderName.ToLower());
return(View(nameof(SignIn), model));
}
var user = new GatewayUser
{
UserName = model.UserDetail.Email + $".from.{model.ProviderName}.com",
Email = model.UserDetail.Email,
NickName = model.UserDetail.Name,
PreferedLanguage = model.PreferedLanguage,
IconFilePath = Values.DefaultImagePath,
RegisterIPAddress = HttpContext.Connection.RemoteIpAddress.ToString()
};
var result = await _userManager.CreateAsync(user);
if (result.Succeeded)
{
var primaryMail = new UserEmail
{
EmailAddress = model.UserDetail.Email.ToLower(),
OwnerId = user.Id,
ValidateToken = Guid.NewGuid().ToString("N")
};
_dbContext.UserEmails.Add(primaryMail);
await _dbContext.SaveChangesAsync();
var link = new ThirdPartyAccount
{
OwnerId = user.Id,
ProviderName = model.ProviderName,
OpenId = model.UserDetail.Id
};
_dbContext.ThirdPartyAccounts.Add(link);
await _dbContext.SaveChangesAsync();
await _signInManager.SignInAsync(user, isPersistent : true);
await _authLogger.LogAuthRecord(user.Id, HttpContext, true, model.AppId);
return(await _authManager.FinishAuth(user, model, app.ForceConfirmation));
}
else
{
model.AppImageUrl = app.IconPath;
model.CanFindAnAccountWithEmail = await _dbContext.UserEmails.AnyAsync(t => t.EmailAddress.ToLower() == model.UserDetail.Email.ToLower());
model.Provider = _authProviders.SingleOrDefault(t => t.GetName().ToLower() == model.ProviderName.ToLower());
ModelState.AddModelError(string.Empty, result.Errors.First().Description);
return(View(nameof(SignIn), model));
}
}
public async Task <IActionResult> CreateAccountAndBind(SignInViewModel model)
{
if (string.IsNullOrWhiteSpace(model.UserDetail.Email))
{
model.UserDetail.Email = model.UserDetail.Name + $"@from.{model.ProviderName}.com";
}
bool exists = _dbContext.UserEmails.Any(t => t.EmailAddress == model.UserDetail.Email.ToLower());
if (exists)
{
// TODO: Handle.
throw new AiurAPIModelException(ErrorType.HasDoneAlready, $"An user with email '{model.UserDetail.Email}' already exists!");
}
var app = (await _apiService.AppInfoAsync(model.AppId)).App;
var user = new GatewayUser
{
UserName = model.UserDetail.Email + $".from.{model.ProviderName}.com",
Email = model.UserDetail.Email,
NickName = model.UserDetail.Name,
PreferedLanguage = model.PreferedLanguage,
IconFilePath = Values.DefaultImagePath,
RegisterIPAddress = HttpContext.Connection.RemoteIpAddress.ToString()
};
var result = await _userManager.CreateAsync(user);
if (result.Succeeded)
{
var primaryMail = new UserEmail
{
EmailAddress = model.UserDetail.Email.ToLower(),
OwnerId = user.Id,
ValidateToken = Guid.NewGuid().ToString("N")
};
_dbContext.UserEmails.Add(primaryMail);
await _dbContext.SaveChangesAsync();
var link = new ThirdPartyAccount
{
OwnerId = user.Id,
ProviderName = model.ProviderName,
OpenId = model.UserDetail.Id
};
_dbContext.ThirdPartyAccounts.Add(link);
await _dbContext.SaveChangesAsync();
await _signInManager.SignInAsync(user, isPersistent : true);
await _authLogger.LogAuthRecord(user.Id, HttpContext, true, model.AppId);
return(await _authManager.FinishAuth(user, model, app.ForceConfirmation));
}
else
{
// TODO: Handle
throw new AiurAPIModelException(ErrorType.HasDoneAlready, result.Errors.First().Description);
}
}
public async Task GrantTargetApp(GatewayUser user, string appId)
{
if (!await HasAuthorizedApp(user, appId))
{
var appGrant = new AppGrant
{
AppID = appId,
GatewayUserId = user.Id
};
_dbContext.LocalAppGrant.Add(appGrant);
await _dbContext.SaveChangesAsync();
}
}
public async void TestFindById()
{
// Arrange
var options = new DbContextOptionsBuilder <GatewayDbContext>().UseInMemoryDatabase("gateway_test_findbyid");
var db = new GatewayDbContext(options.Options);
// db.RemoveRange(db.Gateways);
// await db.SaveChangesAsync();
var gateway = new Gateway {
Id = 1, Name = "BBB", IPv4 = "192.168.4.12", SerialNumber = "sdsd"
};
var data = new List <Gateway>
{
gateway,
new Gateway {
Id = 2, Name = "ZZZ", IPv4 = "127.0.0.1", SerialNumber = "qwe123"
},
new Gateway {
Id = 3, Name = "asd", IPv4 = "127.0.0.1", SerialNumber = "qdsfs"
},
}.AsQueryable();
db.AddRange(data);
await db.SaveChangesAsync();
var repo = new GatewayRepository(db);
// Act
var result = await repo.FindById(1);
// Assert
Assert.Equal("BBB", result.Name);
}
public Task ClearTimeOutOAuthPack(GatewayDbContext dbContext)
{
var outDateTime = DateTime.UtcNow - TimeSpan.FromDays(1);
var outDateTime2 = DateTime.UtcNow - TimeSpan.FromMinutes(20);
dbContext.OAuthPack.Delete(t => t.UseTime < outDateTime);
dbContext.OAuthPack.Delete(t => t.CreateTime < outDateTime2);
return(dbContext.SaveChangesAsync());
}
public async Task <IActionResult> DropGrants([Required] string accessToken)
{
var appid = await _tokenManager.ValidateAccessToken(accessToken);
_dbContext.LocalAppGrant.Delete(t => t.AppID == appid);
await _dbContext.SaveChangesAsync();
return(this.Protocol(ErrorType.Success, "Successfully droped all users granted!"));
}
public async Task <IActionResult> Register(RegisterViewModel model)
{
if (!_captcha.ValidateCaptchaCode(model.CaptchaCode, HttpContext.Session))
{
ModelState.AddModelError(string.Empty, "Invalid captacha code!");
}
var app = (await _apiService.AppInfoAsync(model.AppId)).App;
if (!ModelState.IsValid)
{
model.Recover(app.AppName, app.IconPath);
return(View(model));
}
bool exists = _dbContext.UserEmails.Any(t => t.EmailAddress == model.Email.ToLower());
if (exists)
{
ModelState.AddModelError(string.Empty, $"An user with email '{model.Email}' already exists!");
model.Recover(app.AppName, app.IconPath);
return(View(model));
}
var user = new GatewayUser
{
UserName = model.Email,
Email = model.Email,
NickName = model.Email.Split('@')[0],
PreferedLanguage = model.PreferedLanguage,
IconFilePath = Values.DefaultImagePath,
RegisterIPAddress = HttpContext.Connection.RemoteIpAddress.ToString()
};
var result = await _userManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
var primaryMail = new UserEmail
{
EmailAddress = model.Email.ToLower(),
OwnerId = user.Id,
ValidateToken = Guid.NewGuid().ToString("N")
};
_dbContext.UserEmails.Add(primaryMail);
await _dbContext.SaveChangesAsync();
// Send him an confirmation email here:
await _emailSender.SendConfirmation(user.Id, primaryMail.EmailAddress, primaryMail.ValidateToken);
await _authLogger.LogAuthRecord(user.Id, HttpContext.Connection.RemoteIpAddress.ToString(), true, app.AppId);
await _signInManager.SignInAsync(user, isPersistent : true);
return(await _authManager.FinishAuth(user, model, app.ForceConfirmation));
}
AddErrors(result);
model.Recover(app.AppName, app.IconPath);
return(View(model));
}
public async Task<JsonResult> ChangeProfile(ChangeProfileAddressModel model)
{
var user = await _grantChecker.EnsureGranted(model.AccessToken, model.OpenId, t => t.ChangeBasicInfo);
user.NickName = model.NewNickName;
user.IconFilePath = model.NewIconFilePathName;
user.Bio = model.NewBio;
await _dbContext.SaveChangesAsync();
return Json(new AiurProtocol { Code = ErrorType.Success, Message = "Successfully changed this user's profile!" });
}
public Task LogAuthRecord(string userId, string ip, bool success, string appId)
{
var log = new AuditLogLocal
{
UserId = userId,
IPAddress = ip,
Success = success,
AppId = appId
};
_dbContext.AuditLogs.Add(log);
return(_dbContext.SaveChangesAsync());
}
public async Task <AuthoriseResponse> AuthoriseTransaction(AuthoriseRequest request)
{
var user = RouteData.GetUser();
var cardNumber = new CardNumber(request.CardNumber);
var stopwatch = new Stopwatch();
stopwatch.Start();
var response = await _cardAuthoriser.AuthoriseAsync(request);
stopwatch.Stop();
response.ProcessingTimeMs = Convert.ToInt32(stopwatch.ElapsedMilliseconds);
var transaction = Transaction.Create(response, cardNumber, user);
_dbContext.Transactions.Add(transaction);
await _dbContext.SaveChangesAsync();
return(response);
}
public async Task <IActionResult> CodeToOpenId(CodeToOpenIdAddressModel model)
{
var appId = await _tokenManager.ValidateAccessToken(model.AccessToken);
var targetPack = await _dbContext
.OAuthPack
.SingleOrDefaultAsync(t => t.Code == model.Code);
if (targetPack == null)
{
return(this.Protocol(ErrorType.WrongKey, "The code doesn't exists in our database."));
}
// Use time is more than 10 seconds from now.
if (targetPack.UseTime != DateTime.MinValue && targetPack.UseTime + TimeSpan.FromSeconds(10) < DateTime.UtcNow)
{
return(this.Protocol(ErrorType.HasDoneAlready, "Code is used already!"));
}
if (targetPack.ApplyAppId != appId)
{
return(this.Protocol(ErrorType.Unauthorized, "The app granted code is not the app granting access token!"));
}
var capp = (await _apiService.AppInfoAsync(targetPack.ApplyAppId)).App;
if (!capp.ViewOpenId)
{
return(this.Protocol(ErrorType.Unauthorized, "The app doesn't have view open id permission."));
}
targetPack.UseTime = DateTime.UtcNow;
await _dbContext.SaveChangesAsync();
var viewModel = new CodeToOpenIdViewModel
{
OpenId = targetPack.UserId,
Scope = "scope",
Message = "Successfully get user openid",
Code = ErrorType.Success
};
return(Json(viewModel));
}
public async void TestFindById()
{
// Arrange
var options = new DbContextOptionsBuilder <GatewayDbContext>().UseInMemoryDatabase("device_test_findbyid");
var db = new GatewayDbContext(options.Options);
var gateway = new Gateway {
Id = 1, Name = "ZZZ", IPv4 = "127.0.0.1", SerialNumber = "qwe123"
};
var device = new Device {
Id = 1, CreatedDate = new DateTime(), Status = Status.Online, UID = 1, Vendor = "Vendor", Gateway = gateway
};
db.Add(device);
await db.SaveChangesAsync();
var repo = new DeviceRepository(db);
// Act
var result = await repo.FindById(1);
// Assert
Assert.Equal(1, result.UID);
}
public async Task <IActionResult> Register(RegisterViewModel model)
{
if (!_allowRegistering)
{
return(Unauthorized());
}
if (!_captcha.Validate(model.CaptchaCode, HttpContext.Session))
{
ModelState.AddModelError(string.Empty, "Invalid captcha code!");
}
var app = (await _apiService.AppInfoAsync(model.AppId)).App;
if (!ModelState.IsValid)
{
model.Recover(app.AppName, app.IconPath);
return(View(model));
}
bool exists = _dbContext.UserEmails.Any(t => t.EmailAddress == model.Email.ToLower());
if (exists)
{
ModelState.AddModelError(string.Empty, $"An user with email '{model.Email}' already exists!");
model.Recover(app.AppName, app.IconPath);
return(View(model));
}
var countStart = DateTime.UtcNow - TimeSpan.FromDays(1);
var requestIp = HttpContext.Connection.RemoteIpAddress?.ToString();
if (await _dbContext.Users
.Where(t => t.RegisterIPAddress == requestIp)
.Where(t => t.AccountCreateTime > countStart)
.CountAsync() > 5)
{
ModelState.AddModelError(string.Empty, "You can't create more than 5 accounts in one day!");
model.Recover(app.AppName, app.IconPath);
return(View(model));
}
var user = new GatewayUser
{
UserName = model.Email,
Email = model.Email,
NickName = model.Email.Split('@')[0],
PreferedLanguage = model.PreferedLanguage,
IconFilePath = AuthValues.DefaultImagePath,
RegisterIPAddress = requestIp
};
var result = await _userManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
var primaryMail = new UserEmail
{
EmailAddress = model.Email.ToLower(),
OwnerId = user.Id,
ValidateToken = Guid.NewGuid().ToString("N"),
LastSendTime = DateTime.UtcNow
};
await _dbContext.UserEmails.AddAsync(primaryMail);
await _dbContext.SaveChangesAsync();
// Send him an confirmation email here:
_cannonService.FireAsync <ConfirmationEmailSender>(async(sender) =>
{
await sender.SendConfirmation(user.Id, primaryMail.EmailAddress, primaryMail.ValidateToken);
});
await _authLogger.LogAuthRecord(user.Id, HttpContext, true, app.AppId);
await _signInManager.SignInAsync(user, isPersistent : true);
return(await _authManager.FinishAuth(user, model, app.ForceConfirmation, app.TrustedApp));
}
AddErrors(result);
model.Recover(app.AppName, app.IconPath);
return(View(model));
}
public Task ClearTimeOutOAuthPack(GatewayDbContext dbContext)
{
dbContext.OAuthPack.Delete(t => t.UseTime + new TimeSpan(1, 0, 0, 0) < DateTime.UtcNow);
dbContext.OAuthPack.Delete(t => !t.IsAlive);
return(dbContext.SaveChangesAsync());
}
