예제 #1
0
 protected override void ProcessRecord()
 {
     var usersClient = Client.GetUsersClient();
     var user = new User(Login, Email, FirstName, LastName, MobilePhone);
     user = usersClient.Add(user);
     WriteObject(user);
 }
        // GET: AltLanding
        public ActionResult Landing(string oktaId)
        {
            Okta.Core.Models.User oktaUser = new Okta.Core.Models.User();
            oktaUser.Id = oktaId;
            List <AppLink> myApps = oktaAppMgmt.GetUserAppLinks(oktaUser);

            return(View(myApps));
        }
        public OktaMembershipUser OktaUserToOktaMembershipUser(User oktaUser, bool populateApps = true)
        {
            bool isApproved = false;
            bool isLockedOut = false;
            var status = oktaUser.Status;
            if (status == "ACTIVE")
            {
                isApproved = true;
            }
            if (status == "PASSWORD_EXPIRED" | status == "LOCKED_OUT" | status == "RECOVERY")
            {
                isLockedOut = true;
            }
            DateTime lastLockoutDate = new DateTime(1754, 1, 1);
            string passwordQuestion = "";
            if (oktaUser.Credentials.RecoveryQuestion.Answer != null)
            {
                passwordQuestion = oktaUser.Credentials.RecoveryQuestion.Answer;
            }
            OktaMembershipUser user = new OktaMembershipUser(
                Membership.Provider.Name.ToString(),
                oktaUser.Profile.Login,
                oktaUser.Id,
                oktaUser.Profile.Email,
                passwordQuestion,
                "", // "comment" - Okta doesn't have this concept by default
                isApproved,
                isLockedOut,
                oktaUser.Created,
                oktaUser.LastLogin,
                oktaUser.LastUpdated,
                oktaUser.PasswordChanged,
                lastLockoutDate
                );

            if(!populateApps) {
                return user;
            }

            var userAppLinks = users.GetUserAppLinksClient(oktaUser);
            var appLinks = userAppLinks.ToList<AppLink>();
            user.apps = from link in appLinks select new OktaAppLink(link);

            user.FirstName = oktaUser.Profile.FirstName;
            user.LastName = oktaUser.Profile.LastName;
            user.PhoneNumber = oktaUser.Profile.MobilePhone;

            return user;
        }
 public OktaMembershipUser GetOktaMembershipUser(User oktaUser, bool populateApps = true)
 {
     return OktaUserToOktaMembershipUser(oktaUser, populateApps);
 }
예제 #5
0
 public UserGroupsClient GetUserGroupsClient(User user)
 {
     return new UserGroupsClient(user, BaseClient);
 }
예제 #6
0
 public UserFactorsClient GetUserFactorsClient(User user)
 {
     return new UserFactorsClient(user, BaseClient);
 }
예제 #7
0
 public UserAppLinksClient GetUserAppLinksClient(User user)
 {
     return new UserAppLinksClient(user, BaseClient);
 }
        /// <summary>
        /// Creates a new user account with the profile data in the "values" dictionary.
        /// 
        /// See also: http://msdn.microsoft.com/en-us/library/gg537973%28v=vs.111%29.aspx
        /// </summary>
        /// <param name="userName">The user name</param>
        /// <param name="userPassword">The password</param>
        /// <param name="requireConfirmation">(Unused) Specify that the user account must be confirmed</param>
        /// <param name="values">A dictonary that should contain the keys "FirstName", "LastName", and "PhoneNumber"</param>
        /// <returns>
        /// (Unused) Always returns "". Intended to be used to return a token that could be sent to the user to confirm the user account. 
        /// </returns>
        public override string CreateUserAndAccount(string userName, string userPassword, bool requireConfirmation, IDictionary<string, object> values)
        {
            var userProfile = new User(
                userName, // Login
                userName, // Email
                values["FirstName"].ToString(),  // FirstName
                values["LastName"].ToString(),  // LastName
                values["PhoneNumber"].ToString() // MobilePhone
                );
            // FIXME: This could be made simpler?
            userProfile.Credentials = new LoginCredentials();
            userProfile.Credentials.Password.Value = userPassword;

            try
            {
                var createdUser = okta.users.Add(userProfile);
                return "";
            }
            catch (OktaException oktaException)
            {
                string errorSummary = oktaException.ErrorCauses[0].ErrorSummary;
                var status = MembershipCreateStatus.UserRejected;
                if (errorSummary.StartsWith("login: An object with this field already exists"))
                {
                    status = MembershipCreateStatus.DuplicateUserName;
                }
                else if (errorSummary.StartsWith("Passwords must have at least"))
                {
                    status = MembershipCreateStatus.InvalidPassword;
                }
                throw new MembershipCreateUserException(status);
            }
        }
예제 #9
0
        public ActionResult VerifyActivate(string recoveryToken, string oktaId)
        {
            logger.Debug("VerifyActivate ");

            if (string.IsNullOrEmpty(recoveryToken) && TempData["recoveryToken"] != null)
            {
                recoveryToken = TempData["recoveryToken"].ToString();
            }

            //set parameters
            string relayState = Request["relayState"];

            if (string.IsNullOrEmpty(relayState) && Request.QueryString["RelayState"] != null)
            {
                relayState = Request.QueryString["RelayState"];
            }
            else if (string.IsNullOrEmpty(relayState) && TempData["relayState"] != null)
            {
                relayState = (string)TempData["relayState"];
            }
            TempData["relayState"] = relayState;
            string stateToken = Request["stateToken"];

            if (string.IsNullOrEmpty(stateToken) && TempData["stateToken"] != null)
            {
                stateToken = TempData["stateToken"].ToString();
            }
            TempData["stateToken"] = stateToken;

            string userName = Request["userName"];

            if (string.IsNullOrEmpty(userName) && TempData["userName"] != null)
            {
                userName = TempData["userName"].ToString();
            }
            TempData["userName"] = userName;



            //TempData["helpLink"] = MvcApplication.helpLink;
            string tokenFailedErrorMessage = "We could not activate your account at this time. Please try clicking the link in your email again " +
                                             "or contact the service center via the information at the bottom of the page.";

            //get UserClient based on Org credentials
            OktaClient  oktaClient  = new OktaClient(MvcApplication.apiToken, MvcApplication.apiUrl);
            UsersClient usersClient = oktaClient.GetUsersClient();

            //Validate Token from branded email response link
            //get user profile data
            //compare with received token
            if (!string.IsNullOrEmpty(recoveryToken) && !string.IsNullOrEmpty(oktaId))
            {
                //validate token
                //get custom profile for user
                User       oktaBaseUser = new Okta.Core.Models.User();
                CustomUser customUser   = new CustomUser(oktaBaseUser);
                customUser = oktaUserMgmt.GetCustomUser(oktaId);
                if (customUser.Status != "STAGED")
                {
                    //if it doesnt work out return to beginning
                    logger.Error("Token validation is not appropriate for current user state " + customUser.Status);
                    TempData["errMessage"] = tokenFailedErrorMessage;
                    return(RedirectToAction("Index", "Home"));
                }
                if (string.IsNullOrEmpty(customUser.Profile.activation_passCode) || string.IsNullOrEmpty(customUser.Profile.activation_setDate))
                {
                    logger.Error("Token validation information is not available");
                    TempData["errMessage"] = tokenFailedErrorMessage;
                    return(RedirectToAction("Index", "Home"));
                }


                //this is a one time token, so if profile received reset the data.
                string activation_passCode = customUser.Profile.activation_passCode;
                string activation_setDate  = customUser.Profile.activation_setDate;
                customUser.Profile.activation_passCode = "";
                customUser.Profile.activation_setDate  = "";

                bool rspSetCustomUserProfile = oktaUserMgmt.UpdateCustomUserAttributesOnly(customUser);
                if (!rspSetCustomUserProfile)
                {
                    logger.Error("Unable to Set User Custom Profile to reset activation passCode: " + customUser.Profile.Email);
                    TempData["errMessage"] = tokenFailedErrorMessage;
                    return(RedirectToAction("Index", "Home"));
                }

                //compare to passed in token
                //Get current time
                DateTime currentTime = DateTime.Now;
                DateTime setTime     = DateTime.Parse(activation_setDate);
                //Get the difference in Minutes between the set time and Current Time.
                TimeSpan timeSpan   = currentTime.Subtract(setTime);
                long     myInterval = Convert.ToInt32(timeSpan.TotalHours);
                long     authExpiry = Convert.ToInt32(appSettings["custom.ActivationExpire_hours"]);
                //check received passcode matches what was saved in storage app attribute

                if (activation_passCode == recoveryToken)
                {
                    //check for expired activation code
                    if (authExpiry > myInterval)
                    {
                        //continue to set password
                        User oktaUser = new User();
                        oktaUser.Id = oktaId;

                        try
                        {
                            //transistion user accout from STAGED to PROVISIONED
                            var rspUri = usersClient.Activate(oktaUser, sendEmail: false);
                            //rsp is email activation link for embedded workflow
                            //this cannot be branded so we are setting password directly
                        }
                        catch (OktaException ex)
                        {
                            if (ex.ErrorCode == "E0000001")
                            {
                                logger.Error("Api Valiadation Failed: " + userName);
                            }
                            else
                            {
                                logger.Error(userName + " = " + ex.ErrorCode + ":" + ex.ErrorSummary);
                                // generic failure
                            }
                            TempData["errMessage"] = tokenFailedErrorMessage;
                            return(RedirectToAction("Index", "Home"));
                        }//end catch

                        logger.Debug("Token Validated Successfully proceed to create password");
                        return(RedirectToAction("GetPassword"));
                    }
                    else
                    {
                        logger.Debug("Token is correct, but has exceeded time limit " + appSettings["custom.ActivationExpire_hours"] + " hours");
                        TempData["errMessage"] = tokenFailedErrorMessage;
                        return(RedirectToAction("Index", "Home"));
                    }
                }
                else
                {
                    logger.Error("Cannot Validate Token: " + recoveryToken + " locator: " + oktaId);
                    TempData["errMessage"] = tokenFailedErrorMessage;
                    return(RedirectToAction("Index", "Home"));
                }
            }
            else
            {
                //if it doesnt work out return to beginning
                logger.Error("Cannot Validate Token: " + recoveryToken + " locator: " + oktaId);
                TempData["errMessage"] = tokenFailedErrorMessage;
                return(RedirectToAction("Index", "Home"));
            }
        }
예제 #10
0
        // POST: Registration/Register
        public ActionResult Register(RegistrationViewModel registration)
        {
            logger.Debug("Register user " + registration.Email);
            //set parameters
            string relayState = Request["relayState"];

            if (string.IsNullOrEmpty(relayState) && Request.QueryString["RelayState"] != null)
            {
                relayState = Request.QueryString["RelayState"];
            }
            else if (string.IsNullOrEmpty(relayState) && TempData["relayState"] != null)
            {
                relayState = (string)TempData["relayState"];
            }
            TempData["relayState"] = relayState;
            //string stateToken = Request["stateToken"];
            //if (string.IsNullOrEmpty(stateToken) && TempData["stateToken"] != null)
            //{
            //    stateToken = TempData["stateToken"].ToString();
            //}
            //TempData["stateToken"] = stateToken;
            //string oktaId = Request["oktaId"];
            //if (string.IsNullOrEmpty(oktaId) && TempData["oktaId"] != null)
            //{
            //    oktaId = TempData["oktaId"].ToString();
            //}
            //TempData["oktaId"] = oktaId;
            //string userName = Request["userName"];
            //if (string.IsNullOrEmpty(userName) && TempData["userName"] != null)
            //{
            //    userName = TempData["userName"].ToString();
            //}
            //TempData["userName"] = userName;

            CustomUser newCustomUser   = null;
            CustomUser addedCustomUser = null;

            //User addedOktaUser = new Okta.Core.Models.User();
            //CustomUser addedCustomUser = new CustomUser(addedOktaUser);

            if (!ModelState.IsValid)
            {
                logger.Debug("registration data was not received correctly");
                TempData["errMessage"] = "We found a few errors with your registration data. Please check the fields below for specific messages.";
                return(View("Index", registration));
            }


            //check for existing account
            newCustomUser = VerifyIdentity(registration);
            if (newCustomUser != null && newCustomUser.Id != null)
            {
                // If the user exists, redirect back to registration where they can choose to reset password

                return(RedirectToAction("Index", "Home", new { email = registration.Email }));
            }
            else
            {
                //new user not found
                User newOktaUser = new Okta.Core.Models.User();
                newCustomUser = new CustomUser(newOktaUser);
                //tranform user profile from registration to customuser
                newCustomUser.Profile.Login     = registration.Email;
                newCustomUser.Profile.Email     = registration.Email;
                newCustomUser.Profile.FirstName = registration.FirstName;
                newCustomUser.Profile.LastName  = registration.LastName;
                newCustomUser.Profile.customId  = registration.customId;
            }

            ////CustomUser customUserProfileExt = new CustomUser();
            //CustomUser customUserProfileExt = null;
            //customUserProfileExt = oktaUserMgmt.GetCustomUser(registration.Email);
            //if (customUserProfileExt != null && customUserProfileExt.Id != null)
            //{
            //    // If the user exists, redirect to ForgotUsername/UserFound
            //    // TODO: Update to VerifyIdentity when available (not the same flow as ForgotUsername
            //    //return RedirectToAction("UserFound", "ForgotUsername", new { email = registration.Email });
            //    return RedirectToAction("UserFound", new { email = registration.Email });
            //}


            //new user creation
            //create user with profile
            //will create user with multiple api calls
            //first user is created with status=STAGED with no password
            //branded email sent to user with custom activation link
            //hitting custom activation link will activate account and prompt user for password
            //lastly set password
            Random random    = new Random();
            string firstName = null;
            //generate passCode as one time activation token
            string activation_passCode      = random.Next(99999, 1000000).ToString();
            string activation_setDate       = DateTime.Now.ToString();
            string createFailedErrorMessage = "We could not register your account at this time. Please try again or contact the service center via the information" +
                                              " at the bottom of the page if this has happened multiple times.";

            newCustomUser.Profile.activation_passCode = activation_passCode;
            newCustomUser.Profile.activation_setDate  = activation_setDate;

            //addedCustomUser = oktaUserMgmt.AddCustomUser(newCustomUser, activation_passCode, activation_setDate);
            addedCustomUser = oktaUserMgmt.AddCustomUser(newCustomUser);
            if (addedCustomUser != null)
            {
                //if (addedCustomUser.Status == "ACTIVE")
                //{
                //    //error, newly created user should be STAGED and must have okta Id
                //    logger.Error("user creation success for email " + registration.Email + " status " + addedCustomUser.Status);
                //    TempData["errMessage"] = "Created User success for " + registration.Email;
                //    TempData["txtUserName"] = addedCustomUser.Profile.Login;
                //    TempData["txtPassword"] = newCustomUser.Credentials.Password.Value;
                //    return RedirectToAction("SilentLogin", "Home");
                //}

                if (addedCustomUser.Status != "STAGED" || string.IsNullOrEmpty(addedCustomUser.Id))
                {
                    //error, newly created user should be STAGED and must have okta Id
                    logger.Error("user creation failed for email " + registration.Email + " status " + addedCustomUser.Status);
                    TempData["errMessage"] = createFailedErrorMessage;
                    return(View("Index", registration));
                }
            }
            else
            {
                logger.Error("user creation failed for email " + registration.Email);
                TempData["errMessage"] = createFailedErrorMessage;
                return(View("Index", registration));
            }

            //send branded email with activation link
            TempData["recoveryToken"] = addedCustomUser.Profile.activation_passCode;
            TempData["oktaId"]        = addedCustomUser.Id;
            if (string.IsNullOrEmpty(addedCustomUser.Profile.FirstName))
            {
                var index = registration.Email.IndexOf(".");
                if (index > 0)
                {
                    firstName = registration.Email.Substring(0, index);
                }
                else
                {
                    var index2 = registration.Email.IndexOf("@");
                    if (index2 > 0)
                    {
                        firstName = registration.Email.Substring(0, index2);
                    }
                    else
                    {
                        firstName = registration.Email;
                    }
                }
            }
            else
            {
                firstName = addedCustomUser.Profile.FirstName;
            }
            firstName             = CultureInfo.CurrentCulture.TextInfo.ToTitleCase(firstName);
            TempData["firstName"] = firstName;

            TempData["linkExpiry"] = appSettings["custom.ActivationExpire_hours"];
            SendEmail(addedCustomUser, TempData["relayState"] == null ? null : TempData["relayState"].ToString());
            logger.Debug("Branded Email Sent " + addedCustomUser.Profile.Email + " with passCode " + activation_passCode);

            //with branded, display sent message
            return(RedirectToAction("Success"));
        }