public void BuildLists(II18nService i18nService)
{
ConfigTypes = Enum.GetNames(typeof(SsoType))
.Select(configType => new SelectListItem
{
Value = configType,
Text = i18nService.T(configType),
}).ToList();
SpNameIdFormats = Enum.GetNames(typeof(Saml2NameIdFormat))
.Select(nameIdFormat => new SelectListItem
{
Value = nameIdFormat,
Text = i18nService.T(nameIdFormat),
}).ToList();
BindingTypes = Enum.GetNames(typeof(Saml2BindingType))
.Select(bindingType => new SelectListItem
{
Value = bindingType,
Text = i18nService.T(bindingType),
}).ToList();
SigningBehaviors = Enum.GetNames(typeof(Saml2SigningBehavior))
.Select(behavior => new SelectListItem
{
Value = behavior,
Text = i18nService.T(behavior),
}).ToList();
SigningAlgorithms = SamlSigningAlgorithms.GetEnumerable().Select(a =>
new SelectListItem(a, a)).ToList();
}
async private Task InvalidSecretErrorAsync(VerificationType verificationType)
{
var errorMessage = verificationType == VerificationType.OTP
? _i18nService.T("InvalidVerificationCode")
: _i18nService.T("InvalidMasterPassword");
await _platformUtilsService.ShowDialogAsync(errorMessage);
}
private async Task ValidateDependentPolicies(PolicyType type, Guid?orgId, bool enabled)
{
if (orgId == null)
{
throw new ArgumentNullException(nameof(orgId), "OrgId cannot be null");
}
switch (type)
{
case PolicyType.MasterPassword:
case PolicyType.PasswordGenerator:
case PolicyType.TwoFactorAuthentication:
case PolicyType.PersonalOwnership:
case PolicyType.DisableSend:
case PolicyType.SendOptions:
case PolicyType.ResetPassword:
break;
case PolicyType.SingleOrg:
if (enabled)
{
break;
}
var requireSso =
await _policyRepository.GetByOrganizationIdTypeAsync(orgId.Value, PolicyType.RequireSso);
if (requireSso?.Enabled == true)
{
ModelState.AddModelError(string.Empty, _i18nService.T("DisableRequireSsoError"));
}
break;
case PolicyType.RequireSso:
if (!enabled)
{
break;
}
var singleOrg = await _policyRepository.GetByOrganizationIdTypeAsync(orgId.Value, PolicyType.SingleOrg);
if (singleOrg?.Enabled != true)
{
ModelState.AddModelError(string.Empty, _i18nService.T("RequireSsoPolicyReqError"));
}
break;
default:
throw new ArgumentOutOfRangeException();
}
}
public async Task InitAsync()
{
_initialized = true;
FileFormatSelectedIndex = FileFormatOptions.FindIndex(k => k.Key == "json");
DisablePrivateVaultPolicyEnabled = await _policyService.PolicyAppliesToUser(PolicyType.DisablePersonalVaultExport);
UseOTPVerification = await _keyConnectorService.GetUsesKeyConnector();
if (UseOTPVerification)
{
InstructionText = _i18nService.T("ExportVaultOTPDescription");
SecretName = _i18nService.T("VerificationCode");
}
else
{
InstructionText = _i18nService.T("ExportVaultMasterPasswordDescription");
SecretName = _i18nService.T("MasterPassword");
}
UpdateWarning();
}
public object ProvideValue(IServiceProvider serviceProvider)
{
var val = _i18nService.T(Id, P1, P2, P3);
/*
* if (Header && Device.RuntimePlatform == Device.iOS)
* {
* return val.ToUpper();
* }
*/
return(val);
}
public async Task <IActionResult> Login(string returnUrl)
{
var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
if (!context.Parameters.AllKeys.Contains("domain_hint") ||
string.IsNullOrWhiteSpace(context.Parameters["domain_hint"]))
{
throw new Exception(_i18nService.T("NoDomainHintProvided"));
}
var ssoToken = context.Parameters[SsoTokenable.TokenIdentifier];
if (string.IsNullOrWhiteSpace(ssoToken))
{
return(Unauthorized("A valid SSO token is required to continue with SSO login"));
}
var domainHint = context.Parameters["domain_hint"];
var organization = await _organizationRepository.GetByIdentifierAsync(domainHint);
if (organization == null)
{
return(InvalidJson("OrganizationNotFoundByIdentifierError"));
}
var tokenable = _dataProtector.Unprotect(ssoToken);
if (!tokenable.TokenIsValid(organization))
{
return(Unauthorized("The SSO token associated with your request is expired. A valid SSO token is required to continue."));
}
return(RedirectToAction(nameof(ExternalChallenge), new
{
scheme = organization.Id.ToString(),
returnUrl,
state = context.Parameters["state"],
userIdentifier = context.Parameters["session_state"],
}));
}
public void BuildLists(II18nService i18nService)
{
Complexities = new List <SelectListItem>
{
new SelectListItem {
Value = null, Text = "--" + i18nService.T("Select") + "--"
},
new SelectListItem {
Value = "0", Text = i18nService.T("Weak") + " (0)"
},
new SelectListItem {
Value = "1", Text = i18nService.T("Weak") + " (1)"
},
new SelectListItem {
Value = "2", Text = i18nService.T("Weak") + " (2)"
},
new SelectListItem {
Value = "3", Text = i18nService.T("Good") + " (3)"
},
new SelectListItem {
Value = "4", Text = i18nService.T("Strong") + " (4)"
},
};
DefaultTypes = new List <SelectListItem>
{
new SelectListItem {
Value = null, Text = i18nService.T("UserPreference")
},
new SelectListItem {
Value = "password", Text = i18nService.T("Password")
},
new SelectListItem {
Value = "passphrase", Text = i18nService.T("Passphrase")
},
};
}
public void TranslateStrings(II18nService i18nService)
{
Complexities = new List <SelectListItem>
{
new SelectListItem {
Value = null, Text = "--" + i18nService.T("Select") + "--"
},
new SelectListItem {
Value = "0", Text = i18nService.T("Weak") + " (0)"
},
new SelectListItem {
Value = "1", Text = i18nService.T("Weak") + " (1)"
},
new SelectListItem {
Value = "2", Text = i18nService.T("Weak") + " (2)"
},
new SelectListItem {
Value = "3", Text = i18nService.T("Good") + " (3)"
},
new SelectListItem {
Value = "4", Text = i18nService.T("Strong") + " (4)"
},
};
DefaultTypes = new List <SelectListItem>
{
new SelectListItem {
Value = null, Text = i18nService.T("UserPreference")
},
new SelectListItem {
Value = "password", Text = i18nService.T("Password")
},
new SelectListItem {
Value = "passphrase", Text = i18nService.T("Passphrase")
},
};
EnableCheckboxText = PolicyType == PolicyType.PersonalOwnership
? i18nService.T("PersonalOwnershipCheckboxDesc") : i18nService.T("Enabled");
}
public void Init()
{
TwoFactorProviders[TwoFactorProviderType.Email].Name = _i18nService.T("Email");
TwoFactorProviders[TwoFactorProviderType.Email].Description = _i18nService.T("EmailDesc");
TwoFactorProviders[TwoFactorProviderType.Authenticator].Name = _i18nService.T("AuthenticatorAppTitle");
TwoFactorProviders[TwoFactorProviderType.Authenticator].Description =
_i18nService.T("AuthenticatorAppDesc");
TwoFactorProviders[TwoFactorProviderType.Duo].Description = _i18nService.T("DuoDesc");
TwoFactorProviders[TwoFactorProviderType.OrganizationDuo].Name =
string.Format("Duo ({0})", _i18nService.T("Organization"));
TwoFactorProviders[TwoFactorProviderType.OrganizationDuo].Description =
_i18nService.T("DuoOrganizationDesc");
TwoFactorProviders[TwoFactorProviderType.U2f].Name = _i18nService.T("U2fTitle");
TwoFactorProviders[TwoFactorProviderType.U2f].Description = _i18nService.T("U2fDesc");
TwoFactorProviders[TwoFactorProviderType.YubiKey].Name = _i18nService.T("YubiKeyTitle");
TwoFactorProviders[TwoFactorProviderType.YubiKey].Description = _i18nService.T("YubiKeyDesc");
}
public async Task <IActionResult> PreValidate(string domainHint)
{
IActionResult invalidJson(string errorMessageKey, Exception ex = null)
{
Response.StatusCode = ex == null ? 400 : 500;
return(Json(new ErrorResponseModel(_i18nService.T(errorMessageKey))
{
ExceptionMessage = ex?.Message,
ExceptionStackTrace = ex?.StackTrace,
InnerExceptionMessage = ex?.InnerException?.Message,
}));
}
try
{
// Validate domain_hint provided
if (string.IsNullOrWhiteSpace(domainHint))
{
return(invalidJson("NoOrganizationIdentifierProvidedError"));
}
// Validate organization exists from domain_hint
var organization = await _organizationRepository.GetByIdentifierAsync(domainHint);
if (organization == null)
{
return(invalidJson("OrganizationNotFoundByIdentifierError"));
}
if (!organization.UseSso)
{
return(invalidJson("SsoNotAllowedForOrganizationError"));
}
// Validate SsoConfig exists and is Enabled
var ssoConfig = await _ssoConfigRepository.GetByIdentifierAsync(domainHint);
if (ssoConfig == null)
{
return(invalidJson("SsoConfigurationNotFoundForOrganizationError"));
}
if (!ssoConfig.Enabled)
{
return(invalidJson("SsoNotEnabledForOrganizationError"));
}
// Validate Authentication Scheme exists and is loaded (cache)
var scheme = await _schemeProvider.GetSchemeAsync(organization.Id.ToString());
if (scheme == null || !(scheme is IDynamicAuthenticationScheme dynamicScheme))
{
return(invalidJson("NoSchemeOrHandlerForSsoConfigurationFoundError"));
}
// Run scheme validation
try
{
await dynamicScheme.Validate();
}
catch (Exception ex)
{
var translatedException = _i18nService.GetLocalizedHtmlString(ex.Message);
var errorKey = "InvalidSchemeConfigurationError";
if (!translatedException.ResourceNotFound)
{
errorKey = ex.Message;
}
return(invalidJson(errorKey, translatedException.ResourceNotFound ? ex : null));
}
}
catch (Exception ex)
{
return(invalidJson("PreValidationError", ex));
}
// Everything is good!
return(new EmptyResult());
}
public object ProvideValue(IServiceProvider serviceProvider)
{
return(_i18nService.T(Id, P1, P2, P3));
}
