public async Task UpdateAsync_UserDoesNotExist_OkAsync() { using (var context = new IdentitySqliteContext()) { var addedUser = await new UserFactory(Role.Employee, email: "*****@*****.**") .PleaseAsync(context); var target = new UserServiceForIdentityServer(context, new Mock <ILogger <UserServiceForIdentityServer> >().Object); var user = await target.UserByUserNameOrNullAsync(addedUser.UserName); Assert.NotNull(user); Assert.Equal(addedUser.Id, user.Id); Assert.Equal(Role.Employee, user.Role); var newUser = new IdentityServer.Database.Models.User { FirstName = Faker.Name.First(), LastName = Faker.Name.Last(), UserName = "******" }; await target.UpdateAsync(newUser); user = await target.UserByUserNameOrNullAsync(addedUser.UserName); Assert.NotNull(user); Assert.Equal(addedUser.Id, user.Id); Assert.Equal(Role.Employee, user.Role); } }
public async Task <IActionResult> LoginViaGoogleCallbackAsync() { var result = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme); if (result?.Succeeded != true || result.Principal == null) { throw new InvalidOperationException("External authentication error"); } var externalUser = new GoogleClaims(result.Principal); externalUser.HasEmailOrFail(); // use externalProvider and externalUserId to find your user, or provision a new user User user = await _userIdentityService.UserByEmailOrCreateAsync(externalUser); await _signInManager.SignInAsync(user, true); await _events.RaiseAsync(new UserLoginSuccessEvent( username : user.UserName, subjectId : user.Id.ToString(), name : user.UserName)); // delete temporary cookie used during external authentication await HttpContext.SignOutAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme); var returnUrl = result.Properties.Items["returnUrl"]; if (string.IsNullOrEmpty(returnUrl)) { returnUrl = Url.Action("Index", "Home"); } return(Redirect(returnUrl)); }
private async Task ValidateUserAsync(User user) { Role role = await _userService.RoleOfUserAsync(user.Id); if (role == Role.SystemAdministrator) { throw new NoPermissionsException($"Nobody is able to log in as {Role.SystemAdministrator}"); } }
public async Task <IActionResult> LoginAsAnotherUserAsync(LoginAsAnotherPersonViewModel model, string button) { if (!LoginAsAnotherUserOpportunityAvailable()) { return(NotFound()); } // check if we are in the context of an authorization request AuthorizationRequest context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // the user clicked the "cancel" button if (button != "login") { return(await RedirectToLoginPageAsync(context, model.ReturnUrl)); } if (ModelState.IsValid) { User user = await _userManager.FindByIdAsync(model.SelectedUserId.ToString()); if (user != null) { await ValidateUserAsync(user); HttpContext.Session.SetInt32(CustomClaimTypes.LoggedInAsAnotherPerson, 1); // It 's necessary to update security stamp, otherwise we get an exception await _userManager.UpdateSecurityStampAsync(user); await _signInManager.SignInAsync(user, isPersistent : true); await _events.RaiseAsync(new UserLoginSuccessEvent( username : user.UserName, subjectId : user.Id.ToString(), name : user.UserName)); return(await RedirectToReturnUrlAsync(context, model.ReturnUrl)); } await _events.RaiseAsync(new UserLoginFailureEvent( username : model.SelectedUserId.ToString(), error : "invalid UserId", clientId : context?.ClientId)); ModelState.AddModelError( nameof(LoginAsAnotherPersonViewModel.SelectedUserId), "Invalid username or password"); } IReadOnlyCollection <User> users = await _userService.UsersWithRoleAsync(); var vm = new LoginAsAnotherPersonViewModel(users, model.ReturnUrl, model.SelectedUserId); return(PartialView("LoginAsAnotherPerson", vm)); }
public async Task CreateUserAsync_NoOtherUsers_RoleDependsOnOtherUsers_OkAsync( bool hasAnyOtherUser, Role roleOfCreatedUser) { var stub = new UserManagerStub( IdentityResult.Success, IdentityResult.Success, (user, role) => { Assert.Equal(roleOfCreatedUser.ToString(), role); }, IdentityResult.Success); var emailDomainValidatorService = new EmailDomainValidatorService("example.com"); var target = new UserIdentityServiceStub(stub, emailDomainValidatorService, hasAnyOtherUser); IdentityServer.Database.Models.User createdUser = await target.CreateUserAsync(ClaimsUser()); Assert.Equal(UserExampleEmail, createdUser.Email); Assert.Equal(UserExampleEmail, createdUser.UserName); Assert.Equal(ExampleFirstName, createdUser.FirstName); Assert.Equal(ExampleLastName, createdUser.LastName); Assert.True(createdUser.EmailConfirmed); }