public async Task <IActionResult> ExistingMember([FromBody] TenantMember memb)
{
if ((User == null) || (!User.IsInRole("ief")))
{
return(new UnauthorizedObjectResult("Unauthorized"));
}
var tenantName = memb.tenantName.ToUpper();
var tenantId = await GetTenantIdFromNameAsync(memb.tenantName);
if (tenantId == null)
{
return(new NotFoundObjectResult(new { userMessage = "Tenant does not exist", status = 404, version = 1.0 }));
}
var http = await _graph.GetClientAsync();
if (await IsMemberAsync(tenantId, memb.userId, true)) // skip already an admin
{
return(new JsonResult(new { tenantId, name = tenantName, roles = new string[] { "admin", "member" } }));
}
else if (await IsMemberAsync(tenantId, memb.userId, false))
{
return(new JsonResult(new { tenantId, name = tenantName, roles = new string[] { "member" } }));
}
return(new NotFoundObjectResult(new { userMessage = "User is not a member of this tenant", status = 404, version = 1.0 }));
}
public async Task <IActionResult> Member([FromBody] TenantMember memb)
{
_logger.LogTrace("Member: {0}", memb.tenantName);
if ((User == null) || (!User.IsInRole("ief")))
{
return(new UnauthorizedObjectResult("Unauthorized"));
}
_logger.LogTrace("Authorized");
var tenantName = memb.tenantName.ToUpper();
var tenantId = await GetTenantIdFromNameAsync(memb.tenantName);
_logger.LogTrace("Tenant id: {0}", tenantId);
if (tenantId == null)
{
return(new NotFoundObjectResult(new { userMessage = "Tenant does not exist", status = 404, version = 1.0 }));
}
var http = await _graph.GetClientAsync();
if (await IsMemberAsync(tenantId, memb.userId, true)) // skip already an admin
{
return(new JsonResult(new { tenantId, roles = new string[] { "admin", "member" } }));
}
else if (await IsMemberAsync(tenantId, memb.userId, false))
{
return(new JsonResult(new { tenantId, roles = new string[] { "member" } }));
}
else
{
var resp = await http.PostAsync(
$"{Graph.BaseUrl}groups/{tenantId}/members/$ref",
new StringContent(
$"{{\"@odata.id\": \"https://graph.microsoft.com/v1.0/directoryObjects/{memb.userId}\"}}",
System.Text.Encoding.UTF8,
"application/json"));
if (!resp.IsSuccessStatusCode)
{
return(BadRequest("Add member failed"));
}
return(new JsonResult(new { tenantId, roles = new string[] { "member" }, isNewMember = true }));
}
}
public async Task <IActionResult> ExistingMember([FromBody] TenantMember memb)
{
if ((User == null) || (!User.IsInRole("ief")))
{
return(new UnauthorizedObjectResult("Unauthorized"));
}
var ts = await GetTenantsForUser(memb.userId);
var tenant = ts.FirstOrDefault(t => t.tenantName == memb.tenantName);
if (tenant != null)
{
return(new JsonResult(new {
tenant.tenantId,
name = tenant.tenantName,
requireMFA = await IsMFARequired(tenant.tenantId),
tenant.roles, // .Aggregate((a, s) => $"{a},{s}"),
allTenants = ts.Select(t => t.tenantName) // .Aggregate((a, s) => $"{a},{s}")
}));
}
return(new NotFoundObjectResult(new { userMessage = "User is not a member of this tenant", status = 404, version = 1.0 }));
}
public async Task <IActionResult> ExistingMember([FromBody] TenantMember memb)
{
if ((User == null) || (!User.IsInRole("ief")))
{
return(new UnauthorizedObjectResult("Unauthorized"));
}
Member tenant = null;
IEnumerable <Member> ts = null;
if (!String.IsNullOrEmpty(memb.userId)) // for an AAD user new to B2C this could be empty
{
ts = await GetTenantsForUser(memb.userId);
if (ts != null)
{
tenant = ts.FirstOrDefault(t => t.tenantName == memb.tenantName);
}
}
if (tenant != null)
{
var t = await _ext.GetAsync(new TenantDetails()
{
id = tenant.tenantId
});
return(new JsonResult(new {
tenant.tenantId,
name = tenant.tenantName,
requireMFA = t.requireMFA,
tenant.roles, // .Aggregate((a, s) => $"{a},{s}"),
allTenants = ts.Select(t => t.tenantName) // .Aggregate((a, s) => $"{a},{s}")
}));
}
else if (String.Equals("commonaad", memb.identityProvider)) // perhaps this tenant allows users from same directory as creator
{
var id = await GetTenantIdFromNameAsync(memb.tenantName);
if (!String.IsNullOrEmpty(id))
{
var t = await _ext.GetAsync(new TenantDetails()
{
id = id
});
if (String.Equals(memb.directoryId, t.directoryId) && t.allowSameIssuerMembers)
{
return(new JsonResult(new
{
id,
name = memb.tenantName,
requireMFA = t.requireMFA,
roles = new string[] { "member" },
allTenants = new string[] { memb.tenantName },
newUser = String.IsNullOrEmpty(memb.userId)
}));
}
}
}
return(new NotFoundObjectResult(new { userMessage = "User is not a member of this tenant", status = 404, version = 1.0 }));
}
