private IActionResult ValidateOktaUserRole() { string UserName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("preferred_username").Value; PayoutUser payoutUser = _userManager.FindByEmailAsync(UserName).Result; if (payoutUser != null) { try { string OktaUserId = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault(); string UserRole = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId, _optionOktaKeys.APIKey).Keys.FirstOrDefault(); var IsInRoleResult = _userManager.IsInRoleAsync(payoutUser, UserRole).Result; if (!IsInRoleResult) { SetUserRole(new UserRoleViewModel { Username = payoutUser.Email, Role = UserRole }); } } catch { return(Ok("NotInGroup")); } } return(BadRequest()); }
public async Task <IActionResult> DeleteRole([FromBody] PayoutRole model) { try { PayoutRole payoutRole = await _roleManager.FindByNameAsync(model.Name); var resultDel = await _roleManager.DeleteAsync(payoutRole); if (resultDel.Succeeded) { if (OktaRequests.DeleteGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, model.Name)) { return(Ok(resultDel)); } } foreach (var error in resultDel.Errors) { ModelState.AddModelError("error", error.Description); } } catch (Exception ex) { _logger.LogError($"error while deleting Role: {ex}"); return(StatusCode((int)HttpStatusCode.InternalServerError, "error while deleting Role: " + ex.Message)); } return(BadRequest()); }
public async Task <IActionResult> CreateUser([FromBody] PayoutUser model) { try { PayoutUser payoutUser = await _userManager.FindByEmailAsync(model.Email); if (payoutUser == null) { model.UserName = model.Email; model.IsDisabled = false; IdentityResult chkUser = await _userManager.CreateAsync(model); if (chkUser.Succeeded) { if (model.IsOkta == true) { payoutUser = _userManager.FindByEmailAsync(model.Email).Result; OktaRequests.CreateUserInOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, payoutUser); } else { string code = _userManager.GenerateEmailConfirmationTokenAsync(model).Result; //code = System.Web.HttpUtility.UrlEncode(code); var callbackUrl = Url.Action( "ConfirmEmail", "Account", new { userId = model.Id, code = code }, protocol: Request.Scheme); string Body = string.Format(@"Please confirm your account by clicking this <a href=""{0}"">link</a>", callbackUrl); Helpers.SendEmail(_optionMailCredentials, model.Email, "Payout RS - password confirmation message", Body); } return(Ok(chkUser)); } foreach (var error in chkUser.Errors) { ModelState.AddModelError("error", error.Description); } } else { ModelState.AddModelError("error", "Username already exist"); return(BadRequest(ModelState)); } } catch (Exception ex) { _logger.LogError($"error while creating User: {ex}"); return(StatusCode((int)HttpStatusCode.InternalServerError, "error while creating User: " + ex.Message)); } return(BadRequest()); }
public IActionResult SetUserRole([FromBody] UserRoleViewModel objUserRoleViewModel) { try { PayoutUser payoutUser = _userManager.FindByEmailAsync(objUserRoleViewModel.Username).Result; var roles = _userManager.GetRolesAsync(payoutUser).Result; var result = _userManager.RemoveFromRolesAsync(payoutUser, roles.ToArray()).Result; Dictionary <string, string> OktaUserId = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, objUserRoleViewModel.Username); if (objUserRoleViewModel.IsOkta) { Dictionary <string, string> GroupsUser = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId.FirstOrDefault().Value, _optionOktaKeys.APIKey); foreach (string GroupId in GroupsUser.Values) { if (!OktaRequests.RemoveUserFromGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, GroupId, OktaUserId.FirstOrDefault().Value)) { return(StatusCode((int)HttpStatusCode.InternalServerError, "error unassigning role from user in Okta")); } } } result = _userManager.AddToRoleAsync(payoutUser, objUserRoleViewModel.Role).Result; if (objUserRoleViewModel.IsOkta) { string OktaGroup = OktaRequests.GetGroupIdFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, objUserRoleViewModel.Role); if (!OktaRequests.AddUserToGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, OktaGroup, OktaUserId.FirstOrDefault().Value)) { return(StatusCode((int)HttpStatusCode.InternalServerError, "error while setting role to user in Okta")); } } if (result.Succeeded) { return(Ok(result)); } foreach (var error in result.Errors) { ModelState.AddModelError("error", error.Description); } } catch (Exception ex) { _logger.LogError($"error while setting role to user: {ex}"); return(StatusCode((int)HttpStatusCode.InternalServerError, "error while setting role to user: " + ex.Message)); } return(BadRequest()); }
public async Task <IActionResult> CreateRole([FromBody] PayoutRole model) { try { bool x = await _roleManager.RoleExistsAsync(model.Name); if (!x) { var role = new PayoutRole(); model.IsDisabled = false; IdentityResult chkRole = await _roleManager.CreateAsync(model); if (chkRole.Succeeded) { if (model.Name.ToLower().Contains("payout")) { if (OktaRequests.AddGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, model.Name)) { string GroupId = OktaRequests.GetGroupIdFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, model.Name); if (GroupId != "") { if (OktaRequests.AssignGroupToApp(_optionOktaKeys.URL, _optionOktaKeys.APIKey, GroupId, _optionOktaKeys.ClientId)) { return(Ok(chkRole)); } } } } } foreach (var error in chkRole.Errors) { ModelState.AddModelError("error", error.Description); } } else { ModelState.AddModelError("error", "Role already exist"); return(BadRequest(ModelState)); } } catch (Exception ex) { _logger.LogError($"error while creating Role: {ex}"); return(StatusCode((int)HttpStatusCode.InternalServerError, "error while creating Role: " + ex.Message)); } return(BadRequest()); }
public async Task <IActionResult> CreateToken() { try { string UserName = ""; string OktaUserId = ""; string UserRole = ""; if (System.Threading.Thread.CurrentPrincipal != null && ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).Claims.Count() > 0) { UserName = ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).FindFirst("preferred_username").Value; UserRole = ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).Claims.Where(x => x.Type.Contains("identity/claims/role")).Select(x => x.Value).FirstOrDefault(); } else { UserName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("preferred_username").Value; } PayoutUser user = await _userManager.FindByNameAsync(UserName); if (((ClaimsIdentity)HttpContext.User.Identity).Claims.Count() > 0) { OktaUserId = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault(); UserRole = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId, _optionOktaKeys.APIKey).Keys.FirstOrDefault(); if (user == null) { user = new PayoutUser(); user.Email = UserName; user.UserName = UserName; user.FirstName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("given_name").Value; user.LastName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("family_name").Value; var result = CreateUserFromOkta(user, UserRole).Result; } } var userClaims = await _userManager.GetClaimsAsync(user); return(Redirect(CreateToken(user, UserRole).Result)); } catch (Exception ex) { _logger.LogError($"error while creating token: {ex}"); return(StatusCode((int)HttpStatusCode.InternalServerError, "error while creating token")); } }
public IActionResult ChangeOktaUserGroups(string UserName, bool IsChecked = false) { //string IdProvider = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault(); Dictionary <string, string> OktaGroupsFromUser = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, UserName, _optionOktaKeys.APIKey); Dictionary <string, string> OktaUser = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserName); if (OktaUser.Count == 0) { PayoutUser User = _userManager.FindByEmailAsync(UserName).Result; OktaRequests.CreateUserInOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, User); OktaUser = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserName); } foreach (KeyValuePair <string, string> UserRole in OktaGroupsFromUser) { if (!OktaRequests.RemoveUserFromGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserRole.Value, OktaUser.First().Value)) { return(BadRequest()); } } if (IsChecked) { string RS_Role = _userManager.GetRolesAsync(_userManager.FindByEmailAsync(UserName).Result).Result.FirstOrDefault(); string OktaGroup = OktaRequests.GetGroupIdFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, RS_Role); if (!OktaRequests.AddUserToGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, OktaGroup, OktaUser.First().Value)) { return(BadRequest()); } } return(Ok()); }