public ActionResult ValidateUser()
{
PswMigrationResponse pswMigrationRsp = new PswMigrationResponse();
LdapServiceModel ldapServiceModel = null;
CustomUser oktaUser = null;
string username = null;
string password = null;
username = Request["username"];
password = Request["password"];
ldapServiceModel = new LdapServiceModel();
ldapServiceModel.ldapServer = appSettings["ldap.server"];
ldapServiceModel.ldapPort = appSettings["ldap.port"];
ldapServiceModel.baseDn = appSettings["ldap.baseDn"];
//use received username and password to bind with LDAP
//if password is valid, set password in Okta
try
{
//check username in Okta and password status
oktaUser = _oktaUserMgmt.GetCustomUser(username);
}
catch (OktaException)
{
//trap error, handle User is null
}
if (oktaUser != null)
{
if (string.IsNullOrEmpty(oktaUser.Profile.IsPasswordInOkta) || oktaUser.Profile.IsPasswordInOkta == "false")
{
//check user credentials in LDAP
bool rspIsAuthenticated = _credAuthentication.IsAuthenticated(username, password, ldapServiceModel);
if (rspIsAuthenticated)
{
//set password in Okta
bool rspSetPsw = _oktaUserMgmt.SetUserPassword(oktaUser.Id, password);
if (rspSetPsw)
{
//update attribute in user profile when set password successful
oktaUser.Profile.IsPasswordInOkta = "true";
bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser);
if (rspPartialUpdate)
{
pswMigrationRsp.status = "set password in Okta successful";
pswMigrationRsp.isPasswordInOkta = "true";
}
else
{
pswMigrationRsp.status = "set password in Okta successful";
pswMigrationRsp.isPasswordInOkta = "unknown";
}
}
else
{
//update attribute in user profile when set password fails
oktaUser.Profile.IsPasswordInOkta = "true";
bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(oktaUser);
if (rspPartialUpdate)
{
pswMigrationRsp.status = "set password in Okta failed";
pswMigrationRsp.isPasswordInOkta = "false";
}
else
{
pswMigrationRsp.status = "set password in Okta failed";
pswMigrationRsp.isPasswordInOkta = "unknown";
}
}
}
else
{
//arrive here is user creds not validated in Ldap
pswMigrationRsp.status = "LDAP validation failed";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
//no work required
pswMigrationRsp.status = oktaUser.Status;
pswMigrationRsp.isPasswordInOkta = "true";
}
//build response
pswMigrationRsp.oktaId = oktaUser.Id;
pswMigrationRsp.login = oktaUser.Profile.Login;
}
else
{
//arrive here if user not found in Okta
//check user credentials and get profile from LDAP
CustomUser rspCustomUser = _credAuthentication.IsCreated(username, password, ldapServiceModel);
if (rspCustomUser != null)
{
rspCustomUser.Profile.Login = username + _userdomain;
Okta.Core.Models.Password pswd = new Okta.Core.Models.Password();
pswd.Value = password;
rspCustomUser.Credentials.Password = pswd;
//create Okta user with password
rspAddCustomUser = _oktaUserMgmt.AddCustomUser(rspCustomUser);
if (rspAddCustomUser != null)
{
Uri rspUri = new Uri("https://tbd.com");
bool rspActivate = _oktaUserMgmt.ActivateUser(rspAddCustomUser, out rspUri);
if (rspActivate)
{
rspCustomUser.Profile.IsPasswordInOkta = "true";
bool rspPartialUpdate = _oktaUserMgmt.UpdateCustomUserAttributesOnly(rspAddCustomUser);
if (rspPartialUpdate)
{
pswMigrationRsp.oktaId = rspAddCustomUser.Id;
pswMigrationRsp.login = rspAddCustomUser.Profile.Login;
pswMigrationRsp.status = "Created in Okta";
pswMigrationRsp.isPasswordInOkta = "true";
}
else
{
pswMigrationRsp.oktaId = rspAddCustomUser.Id;
pswMigrationRsp.login = rspAddCustomUser.Profile.Login;
pswMigrationRsp.status = "Created in Okta";
pswMigrationRsp.isPasswordInOkta = "unknown";
}
}
else
{
pswMigrationRsp.oktaId = "none";
pswMigrationRsp.login = "******";
pswMigrationRsp.status = "User NOT Created in Okta";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
pswMigrationRsp.oktaId = "none";
pswMigrationRsp.login = "******";
pswMigrationRsp.status = "User NOT Created in Okta";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
else
{
pswMigrationRsp.oktaId = "none";
pswMigrationRsp.login = "******";
pswMigrationRsp.status = "User NOT Created in Okta";
pswMigrationRsp.isPasswordInOkta = "false";
}
}
return(Content(content: JsonConvert.SerializeObject(pswMigrationRsp), contentType: "application/json"));
}
// POST: Registration/Register
public ActionResult Register(RegistrationViewModel registration)
{
logger.Debug("Register user " + registration.Email);
//set parameters
string relayState = Request["relayState"];
if (string.IsNullOrEmpty(relayState) && Request.QueryString["RelayState"] != null)
{
relayState = Request.QueryString["RelayState"];
}
else if (string.IsNullOrEmpty(relayState) && TempData["relayState"] != null)
{
relayState = (string)TempData["relayState"];
}
TempData["relayState"] = relayState;
//string stateToken = Request["stateToken"];
//if (string.IsNullOrEmpty(stateToken) && TempData["stateToken"] != null)
//{
// stateToken = TempData["stateToken"].ToString();
//}
//TempData["stateToken"] = stateToken;
//string oktaId = Request["oktaId"];
//if (string.IsNullOrEmpty(oktaId) && TempData["oktaId"] != null)
//{
// oktaId = TempData["oktaId"].ToString();
//}
//TempData["oktaId"] = oktaId;
//string userName = Request["userName"];
//if (string.IsNullOrEmpty(userName) && TempData["userName"] != null)
//{
// userName = TempData["userName"].ToString();
//}
//TempData["userName"] = userName;
CustomUser newCustomUser = null;
CustomUser addedCustomUser = null;
//User addedOktaUser = new Okta.Core.Models.User();
//CustomUser addedCustomUser = new CustomUser(addedOktaUser);
if (!ModelState.IsValid)
{
logger.Debug("registration data was not received correctly");
TempData["errMessage"] = "We found a few errors with your registration data. Please check the fields below for specific messages.";
return(View("Index", registration));
}
//check for existing account
newCustomUser = VerifyIdentity(registration);
if (newCustomUser != null && newCustomUser.Id != null)
{
// If the user exists, redirect back to registration where they can choose to reset password
return(RedirectToAction("Index", "Home", new { email = registration.Email }));
}
else
{
//new user not found
User newOktaUser = new Okta.Core.Models.User();
newCustomUser = new CustomUser(newOktaUser);
//tranform user profile from registration to customuser
newCustomUser.Profile.Login = registration.Email;
newCustomUser.Profile.Email = registration.Email;
newCustomUser.Profile.FirstName = registration.FirstName;
newCustomUser.Profile.LastName = registration.LastName;
newCustomUser.Profile.customId = registration.customId;
}
////CustomUser customUserProfileExt = new CustomUser();
//CustomUser customUserProfileExt = null;
//customUserProfileExt = oktaUserMgmt.GetCustomUser(registration.Email);
//if (customUserProfileExt != null && customUserProfileExt.Id != null)
//{
// // If the user exists, redirect to ForgotUsername/UserFound
// // TODO: Update to VerifyIdentity when available (not the same flow as ForgotUsername
// //return RedirectToAction("UserFound", "ForgotUsername", new { email = registration.Email });
// return RedirectToAction("UserFound", new { email = registration.Email });
//}
//new user creation
//create user with profile
//will create user with multiple api calls
//first user is created with status=STAGED with no password
//branded email sent to user with custom activation link
//hitting custom activation link will activate account and prompt user for password
//lastly set password
Random random = new Random();
string firstName = null;
//generate passCode as one time activation token
string activation_passCode = random.Next(99999, 1000000).ToString();
string activation_setDate = DateTime.Now.ToString();
string createFailedErrorMessage = "We could not register your account at this time. Please try again or contact the service center via the information" +
" at the bottom of the page if this has happened multiple times.";
newCustomUser.Profile.activation_passCode = activation_passCode;
newCustomUser.Profile.activation_setDate = activation_setDate;
//addedCustomUser = oktaUserMgmt.AddCustomUser(newCustomUser, activation_passCode, activation_setDate);
addedCustomUser = oktaUserMgmt.AddCustomUser(newCustomUser);
if (addedCustomUser != null)
{
//if (addedCustomUser.Status == "ACTIVE")
//{
// //error, newly created user should be STAGED and must have okta Id
// logger.Error("user creation success for email " + registration.Email + " status " + addedCustomUser.Status);
// TempData["errMessage"] = "Created User success for " + registration.Email;
// TempData["txtUserName"] = addedCustomUser.Profile.Login;
// TempData["txtPassword"] = newCustomUser.Credentials.Password.Value;
// return RedirectToAction("SilentLogin", "Home");
//}
if (addedCustomUser.Status != "STAGED" || string.IsNullOrEmpty(addedCustomUser.Id))
{
//error, newly created user should be STAGED and must have okta Id
logger.Error("user creation failed for email " + registration.Email + " status " + addedCustomUser.Status);
TempData["errMessage"] = createFailedErrorMessage;
return(View("Index", registration));
}
}
else
{
logger.Error("user creation failed for email " + registration.Email);
TempData["errMessage"] = createFailedErrorMessage;
return(View("Index", registration));
}
//send branded email with activation link
TempData["recoveryToken"] = addedCustomUser.Profile.activation_passCode;
TempData["oktaId"] = addedCustomUser.Id;
if (string.IsNullOrEmpty(addedCustomUser.Profile.FirstName))
{
var index = registration.Email.IndexOf(".");
if (index > 0)
{
firstName = registration.Email.Substring(0, index);
}
else
{
var index2 = registration.Email.IndexOf("@");
if (index2 > 0)
{
firstName = registration.Email.Substring(0, index2);
}
else
{
firstName = registration.Email;
}
}
}
else
{
firstName = addedCustomUser.Profile.FirstName;
}
firstName = CultureInfo.CurrentCulture.TextInfo.ToTitleCase(firstName);
TempData["firstName"] = firstName;
TempData["linkExpiry"] = appSettings["custom.ActivationExpire_hours"];
SendEmail(addedCustomUser, TempData["relayState"] == null ? null : TempData["relayState"].ToString());
logger.Debug("Branded Email Sent " + addedCustomUser.Profile.Email + " with passCode " + activation_passCode);
//with branded, display sent message
return(RedirectToAction("Success"));
}
