예제 #1
0
        private void CreateDefaultUser()
        {
            var email = _configuration["DefaultUserEmail"];

            using (var transaction = _dbContext.Database.BeginTransaction()) {
                try {
                    if (_accountManager.CreateUser(email) &&
                        _accountManager.CreateDefaultRoles() &&
                        _accountManager.SetUserRole(
                            email,
                            new SingleAccountEdit()
                    {
                        Permission = YearApPermissionLevels.Admin,
                        VersionStamp = _accountManager.GetAccountInfoByEmail(email).LastUpdate
                    }))
                    {
                        transaction.Commit();
                        _emailService.SendMessage(email,
                                                  _configuration["WelcomeEmail:Subject"],
                                                  _configuration["WelcomeEmail:Text"]);
                    }
                    else
                    {
                        transaction.Rollback();
                    }
                }catch (Exception e) {
                    Console.WriteLine(e.Message);
                    transaction.Rollback();
                }
            }
        }
예제 #2
0
        private void ThereIsUserWithRole(string userEmail, YearApPermissionLevels role)
        {
            using (var scope = WebHost.Services.CreateScope()) {
                var services = scope.ServiceProvider;
                manager = services.GetService <IAccountManagementService>();

                manager.CreateUser(userEmail);
                var accountInfo = manager.GetAccountInfoByEmail(userEmail);
                manager.SetUserRole(userEmail, new SingleAccountEdit()
                {
                    Permission = role, VersionStamp = accountInfo.LastUpdate
                });
            }
        }
예제 #3
0
        public async Task <IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
        {
            if (remoteError != null)
            {
                _logger.LogError($"Error from external provider: {remoteError}");
                return(Redirect(AccessDeniedPath));
            }
            var info = await _signInManager.GetExternalLoginInfoAsync();

            if (info == null)
            {
                _logger.LogWarning("External provider returned no info");
                return(Redirect(AccessDeniedPath));
            }

            // Sign in the user with this external login provider if the user already has a login.
            var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent : false, bypassTwoFactor : true);

            var email = info.Principal.FindFirstValue(ClaimTypes.Email);
            var user  = _userManager.FindByEmailAsync(email).Result;

            if (result.Succeeded)
            {
                _logger.LogInformation("User logged in with {Name} provider.", info.LoginProvider);
                user.LastLoginTime = DateTime.UtcNow;
                _userManager.UpdateAsync(user).Wait();
                return(RedirectToLocal(returnUrl));
            }
            if (result.IsLockedOut)
            {
                _logger.LogWarning($"User {email} is locked out");
                return(Redirect(AccessDeniedPath));
            }
            // if the user doesn't exist but his email is @fee.org, create the user
            var emailCreated = true;

            if (user == null && email.EndsWith(FeeEmailDomain))
            {
                _logger.LogInformation($"Creating read-only user for email {email}");
                emailCreated = _accountManager.CreateUser(email);
                user         = _userManager.FindByEmailAsync(email).Result;
                var editOperation = new SingleAccountEdit()
                {
                    Permission   = YearApPermissionLevels.ReadOnly,
                    VersionStamp = user.LastUpdate,
                    Flag         = EditType.New,
                };
                emailCreated = emailCreated && _accountManager.SetUserRole(email, editOperation);
                var emailSending = _emailService.SendMessage(email,
                                                             _configuration.GetValue <string>("WelcomeEmail:Subject", ""),
                                                             _configuration.GetValue <string>("WelcomeEmail:Text", ""));
                if (!emailSending.IsSuccessful)
                {
                    _logger.LogError($"Tried to send an email to {email}, but it failed with {emailSending.ErrorMessage}");
                }
            }
            // if the user exists but didn't succeed, associate his account to the new provider
            if (user != null && emailCreated)
            {
                _logger.LogInformation($"Associating {email} with external provider");
                var associate = await _userManager.AddLoginAsync(user, info);

                if (associate.Succeeded)
                {
                    await _signInManager.SignInAsync(user, isPersistent : false);

                    _logger.LogInformation("User logged in with {Name} provider.", info.LoginProvider);
                    user.LastLoginTime = DateTime.UtcNow;
                    _userManager.UpdateAsync(user).Wait();

                    return(RedirectToLocal(returnUrl));
                }
            }
            _logger.LogWarning("User doesn't exist");
            // if the user doesn't exist, his access is denied
            return(Redirect(AccessDeniedPath));
        }