protected override void ProcessRecord()
{
var usersClient = Client.GetUsersClient();
var user = new User(Login, Email, FirstName, LastName, MobilePhone);
user = usersClient.Add(user);
WriteObject(user);
}
// GET: AltLanding
public ActionResult Landing(string oktaId)
{
Okta.Core.Models.User oktaUser = new Okta.Core.Models.User();
oktaUser.Id = oktaId;
List <AppLink> myApps = oktaAppMgmt.GetUserAppLinks(oktaUser);
return(View(myApps));
}
public OktaMembershipUser OktaUserToOktaMembershipUser(User oktaUser, bool populateApps = true)
{
bool isApproved = false;
bool isLockedOut = false;
var status = oktaUser.Status;
if (status == "ACTIVE")
{
isApproved = true;
}
if (status == "PASSWORD_EXPIRED" | status == "LOCKED_OUT" | status == "RECOVERY")
{
isLockedOut = true;
}
DateTime lastLockoutDate = new DateTime(1754, 1, 1);
string passwordQuestion = "";
if (oktaUser.Credentials.RecoveryQuestion.Answer != null)
{
passwordQuestion = oktaUser.Credentials.RecoveryQuestion.Answer;
}
OktaMembershipUser user = new OktaMembershipUser(
Membership.Provider.Name.ToString(),
oktaUser.Profile.Login,
oktaUser.Id,
oktaUser.Profile.Email,
passwordQuestion,
"", // "comment" - Okta doesn't have this concept by default
isApproved,
isLockedOut,
oktaUser.Created,
oktaUser.LastLogin,
oktaUser.LastUpdated,
oktaUser.PasswordChanged,
lastLockoutDate
);
if(!populateApps) {
return user;
}
var userAppLinks = users.GetUserAppLinksClient(oktaUser);
var appLinks = userAppLinks.ToList<AppLink>();
user.apps = from link in appLinks select new OktaAppLink(link);
user.FirstName = oktaUser.Profile.FirstName;
user.LastName = oktaUser.Profile.LastName;
user.PhoneNumber = oktaUser.Profile.MobilePhone;
return user;
}
public OktaMembershipUser GetOktaMembershipUser(User oktaUser, bool populateApps = true)
{
return OktaUserToOktaMembershipUser(oktaUser, populateApps);
}
public UserGroupsClient GetUserGroupsClient(User user)
{
return new UserGroupsClient(user, BaseClient);
}
public UserFactorsClient GetUserFactorsClient(User user)
{
return new UserFactorsClient(user, BaseClient);
}
public UserAppLinksClient GetUserAppLinksClient(User user)
{
return new UserAppLinksClient(user, BaseClient);
}
/// <summary>
/// Creates a new user account with the profile data in the "values" dictionary.
///
/// See also: http://msdn.microsoft.com/en-us/library/gg537973%28v=vs.111%29.aspx
/// </summary>
/// <param name="userName">The user name</param>
/// <param name="userPassword">The password</param>
/// <param name="requireConfirmation">(Unused) Specify that the user account must be confirmed</param>
/// <param name="values">A dictonary that should contain the keys "FirstName", "LastName", and "PhoneNumber"</param>
/// <returns>
/// (Unused) Always returns "". Intended to be used to return a token that could be sent to the user to confirm the user account.
/// </returns>
public override string CreateUserAndAccount(string userName, string userPassword, bool requireConfirmation, IDictionary<string, object> values)
{
var userProfile = new User(
userName, // Login
userName, // Email
values["FirstName"].ToString(), // FirstName
values["LastName"].ToString(), // LastName
values["PhoneNumber"].ToString() // MobilePhone
);
// FIXME: This could be made simpler?
userProfile.Credentials = new LoginCredentials();
userProfile.Credentials.Password.Value = userPassword;
try
{
var createdUser = okta.users.Add(userProfile);
return "";
}
catch (OktaException oktaException)
{
string errorSummary = oktaException.ErrorCauses[0].ErrorSummary;
var status = MembershipCreateStatus.UserRejected;
if (errorSummary.StartsWith("login: An object with this field already exists"))
{
status = MembershipCreateStatus.DuplicateUserName;
}
else if (errorSummary.StartsWith("Passwords must have at least"))
{
status = MembershipCreateStatus.InvalidPassword;
}
throw new MembershipCreateUserException(status);
}
}
public ActionResult VerifyActivate(string recoveryToken, string oktaId)
{
logger.Debug("VerifyActivate ");
if (string.IsNullOrEmpty(recoveryToken) && TempData["recoveryToken"] != null)
{
recoveryToken = TempData["recoveryToken"].ToString();
}
//set parameters
string relayState = Request["relayState"];
if (string.IsNullOrEmpty(relayState) && Request.QueryString["RelayState"] != null)
{
relayState = Request.QueryString["RelayState"];
}
else if (string.IsNullOrEmpty(relayState) && TempData["relayState"] != null)
{
relayState = (string)TempData["relayState"];
}
TempData["relayState"] = relayState;
string stateToken = Request["stateToken"];
if (string.IsNullOrEmpty(stateToken) && TempData["stateToken"] != null)
{
stateToken = TempData["stateToken"].ToString();
}
TempData["stateToken"] = stateToken;
string userName = Request["userName"];
if (string.IsNullOrEmpty(userName) && TempData["userName"] != null)
{
userName = TempData["userName"].ToString();
}
TempData["userName"] = userName;
//TempData["helpLink"] = MvcApplication.helpLink;
string tokenFailedErrorMessage = "We could not activate your account at this time. Please try clicking the link in your email again " +
"or contact the service center via the information at the bottom of the page.";
//get UserClient based on Org credentials
OktaClient oktaClient = new OktaClient(MvcApplication.apiToken, MvcApplication.apiUrl);
UsersClient usersClient = oktaClient.GetUsersClient();
//Validate Token from branded email response link
//get user profile data
//compare with received token
if (!string.IsNullOrEmpty(recoveryToken) && !string.IsNullOrEmpty(oktaId))
{
//validate token
//get custom profile for user
User oktaBaseUser = new Okta.Core.Models.User();
CustomUser customUser = new CustomUser(oktaBaseUser);
customUser = oktaUserMgmt.GetCustomUser(oktaId);
if (customUser.Status != "STAGED")
{
//if it doesnt work out return to beginning
logger.Error("Token validation is not appropriate for current user state " + customUser.Status);
TempData["errMessage"] = tokenFailedErrorMessage;
return(RedirectToAction("Index", "Home"));
}
if (string.IsNullOrEmpty(customUser.Profile.activation_passCode) || string.IsNullOrEmpty(customUser.Profile.activation_setDate))
{
logger.Error("Token validation information is not available");
TempData["errMessage"] = tokenFailedErrorMessage;
return(RedirectToAction("Index", "Home"));
}
//this is a one time token, so if profile received reset the data.
string activation_passCode = customUser.Profile.activation_passCode;
string activation_setDate = customUser.Profile.activation_setDate;
customUser.Profile.activation_passCode = "";
customUser.Profile.activation_setDate = "";
bool rspSetCustomUserProfile = oktaUserMgmt.UpdateCustomUserAttributesOnly(customUser);
if (!rspSetCustomUserProfile)
{
logger.Error("Unable to Set User Custom Profile to reset activation passCode: " + customUser.Profile.Email);
TempData["errMessage"] = tokenFailedErrorMessage;
return(RedirectToAction("Index", "Home"));
}
//compare to passed in token
//Get current time
DateTime currentTime = DateTime.Now;
DateTime setTime = DateTime.Parse(activation_setDate);
//Get the difference in Minutes between the set time and Current Time.
TimeSpan timeSpan = currentTime.Subtract(setTime);
long myInterval = Convert.ToInt32(timeSpan.TotalHours);
long authExpiry = Convert.ToInt32(appSettings["custom.ActivationExpire_hours"]);
//check received passcode matches what was saved in storage app attribute
if (activation_passCode == recoveryToken)
{
//check for expired activation code
if (authExpiry > myInterval)
{
//continue to set password
User oktaUser = new User();
oktaUser.Id = oktaId;
try
{
//transistion user accout from STAGED to PROVISIONED
var rspUri = usersClient.Activate(oktaUser, sendEmail: false);
//rsp is email activation link for embedded workflow
//this cannot be branded so we are setting password directly
}
catch (OktaException ex)
{
if (ex.ErrorCode == "E0000001")
{
logger.Error("Api Valiadation Failed: " + userName);
}
else
{
logger.Error(userName + " = " + ex.ErrorCode + ":" + ex.ErrorSummary);
// generic failure
}
TempData["errMessage"] = tokenFailedErrorMessage;
return(RedirectToAction("Index", "Home"));
}//end catch
logger.Debug("Token Validated Successfully proceed to create password");
return(RedirectToAction("GetPassword"));
}
else
{
logger.Debug("Token is correct, but has exceeded time limit " + appSettings["custom.ActivationExpire_hours"] + " hours");
TempData["errMessage"] = tokenFailedErrorMessage;
return(RedirectToAction("Index", "Home"));
}
}
else
{
logger.Error("Cannot Validate Token: " + recoveryToken + " locator: " + oktaId);
TempData["errMessage"] = tokenFailedErrorMessage;
return(RedirectToAction("Index", "Home"));
}
}
else
{
//if it doesnt work out return to beginning
logger.Error("Cannot Validate Token: " + recoveryToken + " locator: " + oktaId);
TempData["errMessage"] = tokenFailedErrorMessage;
return(RedirectToAction("Index", "Home"));
}
}
// POST: Registration/Register
public ActionResult Register(RegistrationViewModel registration)
{
logger.Debug("Register user " + registration.Email);
//set parameters
string relayState = Request["relayState"];
if (string.IsNullOrEmpty(relayState) && Request.QueryString["RelayState"] != null)
{
relayState = Request.QueryString["RelayState"];
}
else if (string.IsNullOrEmpty(relayState) && TempData["relayState"] != null)
{
relayState = (string)TempData["relayState"];
}
TempData["relayState"] = relayState;
//string stateToken = Request["stateToken"];
//if (string.IsNullOrEmpty(stateToken) && TempData["stateToken"] != null)
//{
// stateToken = TempData["stateToken"].ToString();
//}
//TempData["stateToken"] = stateToken;
//string oktaId = Request["oktaId"];
//if (string.IsNullOrEmpty(oktaId) && TempData["oktaId"] != null)
//{
// oktaId = TempData["oktaId"].ToString();
//}
//TempData["oktaId"] = oktaId;
//string userName = Request["userName"];
//if (string.IsNullOrEmpty(userName) && TempData["userName"] != null)
//{
// userName = TempData["userName"].ToString();
//}
//TempData["userName"] = userName;
CustomUser newCustomUser = null;
CustomUser addedCustomUser = null;
//User addedOktaUser = new Okta.Core.Models.User();
//CustomUser addedCustomUser = new CustomUser(addedOktaUser);
if (!ModelState.IsValid)
{
logger.Debug("registration data was not received correctly");
TempData["errMessage"] = "We found a few errors with your registration data. Please check the fields below for specific messages.";
return(View("Index", registration));
}
//check for existing account
newCustomUser = VerifyIdentity(registration);
if (newCustomUser != null && newCustomUser.Id != null)
{
// If the user exists, redirect back to registration where they can choose to reset password
return(RedirectToAction("Index", "Home", new { email = registration.Email }));
}
else
{
//new user not found
User newOktaUser = new Okta.Core.Models.User();
newCustomUser = new CustomUser(newOktaUser);
//tranform user profile from registration to customuser
newCustomUser.Profile.Login = registration.Email;
newCustomUser.Profile.Email = registration.Email;
newCustomUser.Profile.FirstName = registration.FirstName;
newCustomUser.Profile.LastName = registration.LastName;
newCustomUser.Profile.customId = registration.customId;
}
////CustomUser customUserProfileExt = new CustomUser();
//CustomUser customUserProfileExt = null;
//customUserProfileExt = oktaUserMgmt.GetCustomUser(registration.Email);
//if (customUserProfileExt != null && customUserProfileExt.Id != null)
//{
// // If the user exists, redirect to ForgotUsername/UserFound
// // TODO: Update to VerifyIdentity when available (not the same flow as ForgotUsername
// //return RedirectToAction("UserFound", "ForgotUsername", new { email = registration.Email });
// return RedirectToAction("UserFound", new { email = registration.Email });
//}
//new user creation
//create user with profile
//will create user with multiple api calls
//first user is created with status=STAGED with no password
//branded email sent to user with custom activation link
//hitting custom activation link will activate account and prompt user for password
//lastly set password
Random random = new Random();
string firstName = null;
//generate passCode as one time activation token
string activation_passCode = random.Next(99999, 1000000).ToString();
string activation_setDate = DateTime.Now.ToString();
string createFailedErrorMessage = "We could not register your account at this time. Please try again or contact the service center via the information" +
" at the bottom of the page if this has happened multiple times.";
newCustomUser.Profile.activation_passCode = activation_passCode;
newCustomUser.Profile.activation_setDate = activation_setDate;
//addedCustomUser = oktaUserMgmt.AddCustomUser(newCustomUser, activation_passCode, activation_setDate);
addedCustomUser = oktaUserMgmt.AddCustomUser(newCustomUser);
if (addedCustomUser != null)
{
//if (addedCustomUser.Status == "ACTIVE")
//{
// //error, newly created user should be STAGED and must have okta Id
// logger.Error("user creation success for email " + registration.Email + " status " + addedCustomUser.Status);
// TempData["errMessage"] = "Created User success for " + registration.Email;
// TempData["txtUserName"] = addedCustomUser.Profile.Login;
// TempData["txtPassword"] = newCustomUser.Credentials.Password.Value;
// return RedirectToAction("SilentLogin", "Home");
//}
if (addedCustomUser.Status != "STAGED" || string.IsNullOrEmpty(addedCustomUser.Id))
{
//error, newly created user should be STAGED and must have okta Id
logger.Error("user creation failed for email " + registration.Email + " status " + addedCustomUser.Status);
TempData["errMessage"] = createFailedErrorMessage;
return(View("Index", registration));
}
}
else
{
logger.Error("user creation failed for email " + registration.Email);
TempData["errMessage"] = createFailedErrorMessage;
return(View("Index", registration));
}
//send branded email with activation link
TempData["recoveryToken"] = addedCustomUser.Profile.activation_passCode;
TempData["oktaId"] = addedCustomUser.Id;
if (string.IsNullOrEmpty(addedCustomUser.Profile.FirstName))
{
var index = registration.Email.IndexOf(".");
if (index > 0)
{
firstName = registration.Email.Substring(0, index);
}
else
{
var index2 = registration.Email.IndexOf("@");
if (index2 > 0)
{
firstName = registration.Email.Substring(0, index2);
}
else
{
firstName = registration.Email;
}
}
}
else
{
firstName = addedCustomUser.Profile.FirstName;
}
firstName = CultureInfo.CurrentCulture.TextInfo.ToTitleCase(firstName);
TempData["firstName"] = firstName;
TempData["linkExpiry"] = appSettings["custom.ActivationExpire_hours"];
SendEmail(addedCustomUser, TempData["relayState"] == null ? null : TempData["relayState"].ToString());
logger.Debug("Branded Email Sent " + addedCustomUser.Profile.Email + " with passCode " + activation_passCode);
//with branded, display sent message
return(RedirectToAction("Success"));
}
