public async Task When_Passing_Null_Parameter_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); // ACT & ASSERT await Assert.ThrowsAsync <ArgumentNullException>(() => _authenticateHelper.ProcessRedirection(null, null, null, null)); }
public async Task <LoginPwdAuthenticateResult> Execute(LoginPasswordAuthParameter parameter, AuthorizationParameter authorizationParameter, string code, string issuerName) { if (parameter == null) { throw new ArgumentNullException(nameof(parameter)); } if (authorizationParameter == null) { throw new ArgumentNullException(nameof(authorizationParameter)); } var resourceOwner = await _resourceOwnerAuthenticateHelper.Authenticate(parameter.Login, parameter.Password, new[] { Constants.AMR }).ConfigureAwait(false); if (resourceOwner == null) { throw new IdentityServerAuthenticationException("the resource owner credentials are not correct"); } var claims = resourceOwner.Claims == null ? new List <Claim>() : resourceOwner.Claims.ToList(); claims.Add(new Claim(ClaimTypes.AuthenticationInstant, DateTimeOffset.UtcNow.ConvertToUnixTimestamp().ToString(CultureInfo.InvariantCulture), ClaimValueTypes.Integer)); return(new LoginPwdAuthenticateResult { ActionResult = await _authenticateHelper.ProcessRedirection(authorizationParameter, code, resourceOwner.Id, claims, issuerName).ConfigureAwait(false), Claims = claims }); }
/// <summary> /// Returns an action result to the controller's action. /// 1). Redirect to the consent screen if the user is authenticated AND the request doesn't contain a login prompt. /// 2). Do nothing /// </summary> /// <param name="authorizationParameter">The parameter</param> /// <param name="resourceOwnerPrincipal">Resource owner principal</param> /// <param name="code">Encrypted parameter</param> /// <returns>Action result to the controller's action</returns> public async Task <ActionResult> Execute( AuthorizationParameter authorizationParameter, ClaimsPrincipal resourceOwnerPrincipal, string code) { if (authorizationParameter == null) { throw new ArgumentNullException("authorizationParameter"); } var resourceOwnerIsAuthenticated = resourceOwnerPrincipal.IsAuthenticated(); var promptParameters = _parameterParserHelper.ParsePrompts(authorizationParameter.Prompt); // 1). if (resourceOwnerIsAuthenticated && promptParameters != null && !promptParameters.Contains(PromptParameter.login)) { var subject = resourceOwnerPrincipal.GetSubject(); var claims = resourceOwnerPrincipal.Claims.ToList(); return(await _authenticateHelper.ProcessRedirection(authorizationParameter, code, subject, claims)); } // 2). return(_actionResultFactory.CreateAnEmptyActionResultWithNoEffect()); }
public async Task <LocalOpenIdAuthenticationResult> Execute(LocalAuthenticateParameter localAuthenticateParameter, AuthorizationParameter authorizationParameter, string code, string imagePath, string hostUrl) { if (localAuthenticateParameter == null) { throw new ArgumentNullException(nameof(localAuthenticateParameter)); } if (authorizationParameter == null) { throw new ArgumentNullException(nameof(authorizationParameter)); } var resourceOwner = await _localAuthenticateAction.Execute(localAuthenticateParameter, imagePath, hostUrl); if (resourceOwner == null) { throw new IdentityServerAuthenticationException("the resource owner credentials are not correct"); } var claims = resourceOwner.Claims == null ? new List <Claim>() : resourceOwner.Claims.ToList(); claims.Add(new Claim(ClaimTypes.AuthenticationInstant, DateTimeOffset.UtcNow.ConvertToUnixTimestamp().ToString(CultureInfo.InvariantCulture), ClaimValueTypes.Integer)); return(new LocalOpenIdAuthenticationResult { ActionResult = await _authenticateHelper.ProcessRedirection(authorizationParameter, code, resourceOwner.Id, claims), Claims = claims }); }
public async Task <ExternalOpenIdAuthenticationResult> Execute( List <Claim> claims, AuthorizationParameter authorizationParameter, string code) { // 1. Check parameters. if (claims == null || !claims.Any()) { throw new ArgumentNullException(nameof(claims)); } if (authorizationParameter == null) { throw new ArgumentNullException(nameof(authorizationParameter)); } if (string.IsNullOrWhiteSpace(code)) { throw new ArgumentNullException(nameof(code)); } // 2. Subject cannot be extracted. var subject = claims.GetSubject(); if (string.IsNullOrWhiteSpace(subject)) { throw new IdentityServerException(ErrorCodes.UnhandledExceptionCode, ErrorDescriptions.NoSubjectCanBeExtracted); } // 3. Create the resource owner if needed. var resourceOwner = await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(subject); if (resourceOwner == null) { var standardClaims = await _claimRepository.GetAllAsync(); resourceOwner = new ResourceOwner { Id = subject, IsLocalAccount = false, TwoFactorAuthentication = TwoFactorAuthentications.NONE, Claims = claims.Where(c => standardClaims.Any(sc => sc == c.Type)).ToList() }; if (!resourceOwner.Claims.Any(c => c.Type == Jwt.Constants.StandardResourceOwnerClaimNames.Subject)) { resourceOwner.Claims.Add(new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject)); } await _resourceOwnerRepository.InsertAsync(resourceOwner); } return(new ExternalOpenIdAuthenticationResult { ActionResult = await _authenticateHelper.ProcessRedirection(authorizationParameter, code, "subject", claims), Claims = resourceOwner.Claims }); }
public async Task <ActionResult> LoginCallbackOpenId(string code, string error) { if (string.IsNullOrWhiteSpace(code)) { throw new ArgumentNullException("code"); } // 1 : retrieve the request from the cookie var cookieName = string.Format(ExternalAuthenticateCookieName, code); var request = Request.Cookies[string.Format(ExternalAuthenticateCookieName, code)]; if (request == null) { throw new IdentityServerException(ErrorCodes.UnhandledExceptionCode, ErrorDescriptions.TheRequestCannotBeExtractedFromTheCookie); } // 2 : remove the cookie Response.Cookies.Append(cookieName, string.Empty, new CookieOptions { Expires = DateTime.UtcNow.AddDays(-1) }); // 3 : Raise an exception is there's an authentication error if (!string.IsNullOrWhiteSpace(error)) { throw new IdentityServerException(ErrorCodes.UnhandledExceptionCode, string.Format(ErrorDescriptions.AnErrorHasBeenRaisedWhenTryingToAuthenticate, error)); } // 4. Check if the user is authenticated var authenticatedUser = await _authenticationService.GetAuthenticatedUser(this, Host.Constants.CookieNames.ExternalCookieName).ConfigureAwait(false); if (authenticatedUser == null || !authenticatedUser.Identity.IsAuthenticated || !(authenticatedUser.Identity is ClaimsIdentity)) { throw new IdentityServerException(ErrorCodes.UnhandledExceptionCode, ErrorDescriptions.TheUserNeedsToBeAuthenticated); } // 5. Rerieve the claims & insert the resource owner if needed. var claimsIdentity = authenticatedUser.Identity as ClaimsIdentity; var claims = authenticatedUser.Claims.ToList(); var resourceOwner = await _profileActions.GetResourceOwner(authenticatedUser.GetSubject()).ConfigureAwait(false); string sub = string.Empty; if (resourceOwner == null) { try { sub = await AddExternalUser(authenticatedUser).ConfigureAwait(false); } catch (IdentityServerException ex) { return(RedirectToAction("Index", "Error", new { code = ex.Code, message = ex.Message, area = "Shell" })); } catch (Exception ex) { return(RedirectToAction("Index", "Error", new { code = ErrorCodes.InternalError, message = ex.Message, area = "Shell" })); } } if (resourceOwner != null) { claims = resourceOwner.Claims.ToList(); } else { var nameIdentifier = claims.First(c => c.Type == ClaimTypes.NameIdentifier); claims.Remove(nameIdentifier); claims.Add(new Claim(ClaimTypes.NameIdentifier, sub)); } var subject = claims.GetSubject(); // 6. Try to authenticate the resource owner & returns the claims. var authorizationRequest = _dataProtector.Unprotect <AuthorizationRequest>(request); var issuerName = Request.GetAbsoluteUriWithVirtualPath(); var actionResult = await _authenticateHelper.ProcessRedirection(authorizationRequest.ToParameter(), request, subject, claims, issuerName).ConfigureAwait(false); // 7. Store claims into new cookie if (actionResult != null) { await SetLocalCookie(claims.ToOpenidClaims(), authorizationRequest.SessionId).ConfigureAwait(false); await _authenticationService.SignOutAsync(HttpContext, Host.Constants.CookieNames.ExternalCookieName, new Microsoft.AspNetCore.Authentication.AuthenticationProperties()).ConfigureAwait(false); LogAuthenticateUser(actionResult, authorizationRequest.ProcessId); return(this.CreateRedirectionFromActionResult(actionResult, authorizationRequest)); } return(RedirectToAction("OpenId", "Authenticate", new { code = code })); }
public async Task <ActionResult> SendCode(CodeViewModel codeViewModel) { if (codeViewModel == null) { throw new ArgumentNullException(nameof(codeViewModel)); } ViewBag.IsAuthenticated = false; codeViewModel.Validate(ModelState); if (!ModelState.IsValid) { await TranslateView(DefaultLanguage).ConfigureAwait(false); return(View(codeViewModel)); } // 1. Check user is authenticated var authenticatedUser = await _authenticationService.GetAuthenticatedUser(this, Host.Constants.CookieNames.TwoFactorCookieName).ConfigureAwait(false); if (authenticatedUser == null || authenticatedUser.Identity == null || !authenticatedUser.Identity.IsAuthenticated) { throw new IdentityServerException(ErrorCodes.UnhandledExceptionCode, ErrorDescriptions.TwoFactorAuthenticationCannotBePerformed); } // 2. Resend the confirmation code. if (codeViewModel.Action == CodeViewModel.RESEND_ACTION) { await TranslateView(DefaultLanguage).ConfigureAwait(false); var resourceOwner = await _userActions.GetUser(authenticatedUser).ConfigureAwait(false); var claim = resourceOwner.Claims.FirstOrDefault(c => c.Type == codeViewModel.ClaimName); if (claim != null) { resourceOwner.Claims.Remove(claim); } resourceOwner.Claims.Add(new Claim(codeViewModel.ClaimName, codeViewModel.ClaimValue)); var claimsLst = resourceOwner.Claims.Select(c => new ClaimAggregate(c.Type, c.Value)); await _userActions.UpdateClaims(authenticatedUser.GetSubject(), claimsLst).ConfigureAwait(false); string code; try { code = await _authenticateActions.GenerateAndSendCode(authenticatedUser.GetSubject()).ConfigureAwait(false); _simpleIdentityServerEventSource.GetConfirmationCode(code); } catch { ModelState.AddModelError("message_error", "An internal error occured while trying to send the confirmation code"); } return(View(codeViewModel)); } // 3. Validate the confirmation code if (!await _authenticateActions.ValidateCode(codeViewModel.Code).ConfigureAwait(false)) { await TranslateView(DefaultLanguage).ConfigureAwait(false); ModelState.AddModelError("Code", "confirmation code is not valid"); _simpleIdentityServerEventSource.ConfirmationCodeNotValid(codeViewModel.Code); return(View(codeViewModel)); } // 4. Remove the code if (!await _authenticateActions.RemoveCode(codeViewModel.Code).ConfigureAwait(false)) { await TranslateView(DefaultLanguage).ConfigureAwait(false); ModelState.AddModelError("Code", "an error occured while trying to remove the code"); return(View(codeViewModel)); } // 5. Authenticate the resource owner await _authenticationService.SignOutAsync(HttpContext, Host.Constants.CookieNames.TwoFactorCookieName, new AuthenticationProperties()).ConfigureAwait(false); // 6. Redirect the user agent if (!string.IsNullOrWhiteSpace(codeViewModel.AuthRequestCode)) { var request = _dataProtector.Unprotect <AuthorizationRequest>(codeViewModel.AuthRequestCode); await SetLocalCookie(authenticatedUser.Claims, request.SessionId).ConfigureAwait(false); var issuerName = Request.GetAbsoluteUriWithVirtualPath(); var actionResult = await _authenticateHelper.ProcessRedirection(request.ToParameter(), codeViewModel.AuthRequestCode, authenticatedUser.GetSubject(), authenticatedUser.Claims.ToList(), issuerName).ConfigureAwait(false); LogAuthenticateUser(actionResult, request.ProcessId); var result = this.CreateRedirectionFromActionResult(actionResult, request); return(result); } else { await SetLocalCookie(authenticatedUser.Claims, Guid.NewGuid().ToString()).ConfigureAwait(false); } // 7. Redirect the user agent to the User view. return(RedirectToAction("Index", "User", new { area = "UserManagement" })); }
public async Task <ActionResult> LoginCallbackOpenId(string code, string error) { if (string.IsNullOrWhiteSpace(code)) { throw new ArgumentNullException("code"); } // 1 : retrieve the request from the cookie var cookieName = string.Format(ExternalAuthenticateCookieName, code); var request = Request.Cookies[string.Format(ExternalAuthenticateCookieName, code)]; if (request == null) { throw new IdentityServerException(SimpleIdentityServer.Core.Errors.ErrorCodes.UnhandledExceptionCode, SimpleIdentityServer.Core.Errors.ErrorDescriptions.TheRequestCannotBeExtractedFromTheCookie); } // 2 : remove the cookie Response.Cookies.Append(cookieName, string.Empty, new CookieOptions { Expires = DateTime.UtcNow.AddDays(-1) }); // 3 : Raise an exception is there's an authentication error if (!string.IsNullOrWhiteSpace(error)) { throw new IdentityServerException( SimpleIdentityServer.Core.Errors.ErrorCodes.UnhandledExceptionCode, string.Format(SimpleIdentityServer.Core.Errors.ErrorDescriptions.AnErrorHasBeenRaisedWhenTryingToAuthenticate, error)); } // 4. Check if the user is authenticated var authenticatedUser = await _authenticationService.GetAuthenticatedUser(this, _authenticateOptions.ExternalCookieName); if (authenticatedUser == null || !authenticatedUser.Identity.IsAuthenticated || !(authenticatedUser.Identity is ClaimsIdentity)) { throw new IdentityServerException( SimpleIdentityServer.Core.Errors.ErrorCodes.UnhandledExceptionCode, SimpleIdentityServer.Core.Errors.ErrorDescriptions.TheUserNeedsToBeAuthenticated); } // 5. Rerieve the claims var claimsIdentity = authenticatedUser.Identity as ClaimsIdentity; var claims = claimsIdentity.Claims.ToList(); var subject = claims.GetSubject(); // 6. Try to authenticate the resource owner & returns the claims. var authorizationRequest = _dataProtector.Unprotect <AuthorizationRequest>(request); var actionResult = await _authenticateHelper.ProcessRedirection(authorizationRequest.ToParameter(), request, subject, claims); // 7. Store claims into new cookie if (actionResult != null) { await SetLocalCookie(claims.ToOpenidClaims(), authorizationRequest.SessionId); await _authenticationService.SignOutAsync(HttpContext, _authenticateOptions.ExternalCookieName, new Microsoft.AspNetCore.Authentication.AuthenticationProperties()); LogAuthenticateUser(actionResult, authorizationRequest.ProcessId); return(this.CreateRedirectionFromActionResult(actionResult, authorizationRequest)); } return(RedirectToAction("OpenId", "Authenticate", new { code = code })); }