public async Task <IActionResult> OnGetAsync()
{
/* if (!Request.Headers.ContainsKey("Authorization"))
* return RedirectToPage("Index");
*
* string authorizationHeader = Request.Headers["Authorization"];
* var verifytoken = new VerifyToken();
* var currenttoken = verifytoken.ValidateCurrentToken(authorizationHeader);
*
* if (!currenttoken)
* {
* return RedirectToPage("Index");
* }
* return Page();*/
if (!Request.Headers.ContainsKey("Authorization"))
{
return(RedirectToPage("Index"));
}
string authorizationHeader = Request.Headers["Authorization"];
var validatedToken = await VerifyToken.ValidateToken_new(authorizationHeader);
if (validatedToken.ValidTo < DateTime.UtcNow)
{
Console.WriteLine("Invalid token");
HttpContext.Session.Remove("JWToken");
return(RedirectToPage("Index"));
}
return(Page());
}
public void TestSerialization()
{
var sut = new VerifyToken();
JsonHelper.GetSerializedKeys(sut).Should().BeEquivalentTo(new SortedSet <string> {
"id", "name", "status", "expires_on", "issued_on", "modified_on", "not_before"
});
}
public async Task <IActionResult> ConfirmEmail([FromBody] VerifyToken model)
{
var token = _userManager.Users
.Where(u => u.Email == model.Email)
.Select(u => u.VerificationToken)
.SingleOrDefault();
if (token != model.Token)
{
return(BadRequest("The Token Supplied Doesn't Match"));
}
var userConfirmEmail = await _userManager.FindByEmailAsync(model.Email);
userConfirmEmail.EmailConfirmed = true;
await _userManager.UpdateAsync(userConfirmEmail);
return(new JsonResult("Account Confirmed Login To Continue Transaction"));
}
//http://blog.valeriogheri.com/asp-net-webapi-identity-system-how-to-login-with-facebook-access-token
public async Task <IHttpActionResult> GoogleLogin(AddExternalLoginBindingModel model)
{
if (string.IsNullOrEmpty(model.ExternalAccessToken))
{
return(BadRequest("Invalid OAuth access token"));
}
ApplicationUser user = null;
// Get the fb access token and make a graph call to the /me endpoint
VerifyToken verifyToken = new VerifyToken();
var fbUser = await verifyToken.VerifyGoogleAccessToken(null, model.ExternalAccessToken);
if (fbUser == null)
{
return(BadRequest("Invalid OAuth access token"));
}
if (!fbUser.aud.Equals(VerifyToken.CLIENT_ID))
{
return(BadRequest("Invalid OAuth access token"));
}
try
{
using (var dbTransaction = db.Database.BeginTransaction())
{
if (model.Email != null)
{
// model.Email is an application account's email, not google login's email
user = await UserManager.FindByEmailAsync(model.Email);
if (user == null)
{
return(BadRequest("Invalid Email"));
}
//
bool isGoogleLoginAlreadyBelongToTheUser = false;
var userLogins = await UserManager.GetLoginsAsync(user.Id);
foreach (UserLoginInfo userLoginInfo in userLogins)
{
if (userLoginInfo.LoginProvider.Equals("Google") && userLoginInfo.ProviderKey.Equals(fbUser.sub))
{
isGoogleLoginAlreadyBelongToTheUser = true;
break;
}
}
if (!isGoogleLoginAlreadyBelongToTheUser)
{
bool isGoogleLoginAlreadyBelongToSomeOtherUser = db.Users.Where(u => u.Logins.Any(l => l.LoginProvider.Equals("Google") && l.ProviderKey.Equals(fbUser.sub))).Count() > 0;
if (isGoogleLoginAlreadyBelongToSomeOtherUser)
{
return(BadRequest("Invalid OAuth access token"));
}
else
{
if (!user.EmailConfirmed && !user.Email.ToLower().Equals(fbUser.Email.ToLower()))
{
return(BadRequest("Application account's email is not confirmed yet"));
}
//add login
//user.Logins.Add(new IdentityUserLogin() { LoginProvider = "Google", ProviderKey = fbUser.sub });
IdentityResult result = await UserManager.AddLoginAsync(user.Id, new UserLoginInfo("Google", fbUser.sub));
if (!result.Succeeded)
{
return(GetErrorResult(result));
}
//make email confirmed
user.EmailConfirmed = true;
}
}
else
{
//nothing to do
}
}
else
{
//try to find user
user = db.Users.Where(u => u.Logins.Any(l => l.LoginProvider.Equals("Google") && l.ProviderKey.Equals(fbUser.sub))).SingleOrDefault();
if (user == null)
{
// user not found so
//create user and add login
string randomPassword;
//At least one lower case letter
Regex r1 = new Regex("[a-z]+");
//At least one upper case letter
Regex r2 = new Regex("[A-Z]+");
//At least one digit
Regex r3 = new Regex("[0-9]+");
string NewPassword = System.Web.Security.Membership.GeneratePassword(10, 5);
while (!(r1.IsMatch(NewPassword) && r2.IsMatch(NewPassword) && r3.IsMatch(NewPassword)))
{
//regenerate new password
NewPassword = System.Web.Security.Membership.GeneratePassword(10, 5);
}
randomPassword = NewPassword;
user = new ApplicationUser()
{
UserName = fbUser.Email, Email = fbUser.Email, EmailConfirmed = true
};
IdentityResult result = await UserManager.CreateAsync(user, randomPassword);
if (!result.Succeeded)
{
return(GetErrorResult(result));
//return Conflict();
}
//user.Logins.Add(new IdentityUserLogin() { LoginProvider = "Google", ProviderKey = fbUser.sub });
IdentityResult result2 = await UserManager.AddLoginAsync(user.Id, new UserLoginInfo("Google", fbUser.sub));
if (!result2.Succeeded)
{
return(GetErrorResult(result2));
}
}
else
{
//nothing to do
}
}
db.SaveChanges();
dbTransaction.Commit();
}
}
catch (Exception e)
{
return(Conflict());
}
// Finally sign-in the user: this is the key part of the code that creates the bearer token and authenticate the user
var identity = new ClaimsIdentity(Startup.OAuthOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id, null, ClaimsIdentity.DefaultIssuer));
identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName, null, ClaimsIdentity.DefaultIssuer));
identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "ASP.NET Identity", null, ClaimsIdentity.DefaultIssuer));
identity.AddClaim(new Claim("AspNet.Identity.SecurityStamp", user.SecurityStamp, null, ClaimsIdentity.DefaultIssuer));
AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = new Microsoft.Owin.Infrastructure.SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
var tokenExpirationTimeSpan = TimeSpan.FromDays(14);
ticket.Properties.ExpiresUtc = currentUtc.Add(tokenExpirationTimeSpan);
var accesstoken = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket);
Authentication.SignIn(identity);
// Create the response
JObject blob = new JObject(
new JProperty("userName", user.UserName),
new JProperty("access_token", accesstoken),
new JProperty("token_type", "bearer"),
new JProperty("expires_in", (long)tokenExpirationTimeSpan.TotalSeconds),
new JProperty(".issued", ticket.Properties.IssuedUtc.ToString()),
new JProperty(".expires", ticket.Properties.ExpiresUtc.ToString())
);
var json = Newtonsoft.Json.JsonConvert.SerializeObject(blob);
// Return OK
return(Ok(blob));
}
