private void CreateDefaultUser()
{
var email = _configuration["DefaultUserEmail"];
using (var transaction = _dbContext.Database.BeginTransaction()) {
try {
if (_accountManager.CreateUser(email) &&
_accountManager.CreateDefaultRoles() &&
_accountManager.SetUserRole(
email,
new SingleAccountEdit()
{
Permission = YearApPermissionLevels.Admin,
VersionStamp = _accountManager.GetAccountInfoByEmail(email).LastUpdate
}))
{
transaction.Commit();
_emailService.SendMessage(email,
_configuration["WelcomeEmail:Subject"],
_configuration["WelcomeEmail:Text"]);
}
else
{
transaction.Rollback();
}
}catch (Exception e) {
Console.WriteLine(e.Message);
transaction.Rollback();
}
}
}
private void ThereIsUserWithRole(string userEmail, YearApPermissionLevels role)
{
using (var scope = WebHost.Services.CreateScope()) {
var services = scope.ServiceProvider;
manager = services.GetService <IAccountManagementService>();
manager.CreateUser(userEmail);
var accountInfo = manager.GetAccountInfoByEmail(userEmail);
manager.SetUserRole(userEmail, new SingleAccountEdit()
{
Permission = role, VersionStamp = accountInfo.LastUpdate
});
}
}
public async Task <IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
{
if (remoteError != null)
{
_logger.LogError($"Error from external provider: {remoteError}");
return(Redirect(AccessDeniedPath));
}
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null)
{
_logger.LogWarning("External provider returned no info");
return(Redirect(AccessDeniedPath));
}
// Sign in the user with this external login provider if the user already has a login.
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent : false, bypassTwoFactor : true);
var email = info.Principal.FindFirstValue(ClaimTypes.Email);
var user = _userManager.FindByEmailAsync(email).Result;
if (result.Succeeded)
{
_logger.LogInformation("User logged in with {Name} provider.", info.LoginProvider);
user.LastLoginTime = DateTime.UtcNow;
_userManager.UpdateAsync(user).Wait();
return(RedirectToLocal(returnUrl));
}
if (result.IsLockedOut)
{
_logger.LogWarning($"User {email} is locked out");
return(Redirect(AccessDeniedPath));
}
// if the user doesn't exist but his email is @fee.org, create the user
var emailCreated = true;
if (user == null && email.EndsWith(FeeEmailDomain))
{
_logger.LogInformation($"Creating read-only user for email {email}");
emailCreated = _accountManager.CreateUser(email);
user = _userManager.FindByEmailAsync(email).Result;
var editOperation = new SingleAccountEdit()
{
Permission = YearApPermissionLevels.ReadOnly,
VersionStamp = user.LastUpdate,
Flag = EditType.New,
};
emailCreated = emailCreated && _accountManager.SetUserRole(email, editOperation);
var emailSending = _emailService.SendMessage(email,
_configuration.GetValue <string>("WelcomeEmail:Subject", ""),
_configuration.GetValue <string>("WelcomeEmail:Text", ""));
if (!emailSending.IsSuccessful)
{
_logger.LogError($"Tried to send an email to {email}, but it failed with {emailSending.ErrorMessage}");
}
}
// if the user exists but didn't succeed, associate his account to the new provider
if (user != null && emailCreated)
{
_logger.LogInformation($"Associating {email} with external provider");
var associate = await _userManager.AddLoginAsync(user, info);
if (associate.Succeeded)
{
await _signInManager.SignInAsync(user, isPersistent : false);
_logger.LogInformation("User logged in with {Name} provider.", info.LoginProvider);
user.LastLoginTime = DateTime.UtcNow;
_userManager.UpdateAsync(user).Wait();
return(RedirectToLocal(returnUrl));
}
}
_logger.LogWarning("User doesn't exist");
// if the user doesn't exist, his access is denied
return(Redirect(AccessDeniedPath));
}