/// <summary>
/// Gets the request context data.
/// </summary>
/// <param name="idToken">The identifier token.</param>
/// <param name="authState">State of the authentication.</param>
/// <param name="identityProviderId">The identity provider identifier.</param>
/// <param name="oidcIdentityClaim">The oidc identity claim.</param>
/// <exception cref="System.ArgumentNullException"></exception>
/// <exception cref="AuthenticationException">
/// </exception>
private OpenIdConnectRequestContextResult GetRequestContextData(JwtSecurityToken idToken, OpenIdConnectAuthorizationState authState, long identityProviderId,
string oidcIdentityClaim)
{
if (idToken == null)
{
throw new ArgumentNullException(nameof(idToken));
}
// Get the claim from the id token
var claim = idToken.Claims.FirstOrDefault(c => c.Type == oidcIdentityClaim);
if (claim == null)
{
EventLog.Application.WriteError("The identity token does not contain claim {0}.", oidcIdentityClaim);
throw new OidcProviderInvalidConfigurationException();
}
var claimValue = claim.Value;
// Find the identity user for this tenant, provider and claim for this provider with the specified value
var requestContextData = Factory.IdentityProviderRequestContextCache.GetRequestContextData(authState.TenantId, identityProviderId, claimValue, true);
if (requestContextData == null)
{
using (new TenantAdministratorContext(authState.TenantId))
{
AuditLogInstance.Get().OnLogon(false, claimValue, null); // Didn't seem worth passing the agent information into the method to handle this edge case
}
throw new AuthenticationException("The request context could not be found. The user name may be incorrect or the account may be locked, disabled or expired.");
}
return(new OpenIdConnectRequestContextResult(requestContextData, claimValue));
}
/// <summary>
/// Signs a software platform user into the system using an existing cookie.
/// </summary>
private HttpResponseMessage <LoginResult> SigninSoftwarePlatformWithCookie()
{
var userAgent = Request?.Headers?.UserAgent?.ToString();
var context = EDC.ReadiNow.IO.RequestContext.GetContext();
var contextData = new RequestContextData(context.Identity, context.Tenant, CultureHelper.GetUiThreadCulture(CultureType.Specific), context.TimeZone);
AuditLogInstance.Get().OnLogon(true, context.Identity.Name, userAgent);
return(new HttpResponseMessage <LoginResult>(GetSuccessfulLoginResult(contextData, context.Identity.Id), HttpStatusCode.OK));
}
/// <summary>
/// Reverts to.
/// </summary>
/// <param name="transactionId">The transaction identifier.</param>
/// <param name="tenantId">The tenant identifier.</param>
public static void RevertTo(long transactionId, long?tenantId = null)
{
string message = $"Reverting to transaction {transactionId}";
if (tenantId >= 0)
{
message += $" for tenant {tenantId}";
}
long userId;
RequestContext.TryGetUserId(out userId);
try
{
using (DatabaseContextInfo info = new DatabaseContextInfo(message))
using (DatabaseContext ctx = DatabaseContext.GetContext( ))
{
using (IDbCommand command = ctx.CreateCommand("spRevertTo", CommandType.StoredProcedure))
{
ctx.AddParameter(command, "@transactionId", DbType.Int64, transactionId);
if (tenantId != null)
{
ctx.AddParameter(command, "@tenantId", DbType.Int64, tenantId);
}
ctx.AddParameter(command, "@context", DbType.AnsiString, DatabaseContextInfo.GetMessageChain(userId));
command.ExecuteNonQuery( );
}
}
}
finally
{
if (tenantId >= 0)
{
TenantHelper.Invalidate(tenantId);
}
}
AuditLogInstance.Get( ).OnTenantRollback(true, transactionId.ToString( ));
}
/// <summary>
/// Signout of the console..
/// </summary>
/// <param name="isAuthorized">if set to <c>true</c> is authorized.</param>
/// <returns></returns>
private HttpResponseMessage <ResponseResult> SignoutImpl(bool isAuthorized)
{
if (isAuthorized)
{
// Audit the logout event
AuditLogInstance.Get().OnLogoff(true, ReadiNow.IO.RequestContext.GetContext().Identity.Name);
}
try
{
CookieHelper.DeleteAuthenticationAndXsrfCookies();
return(new HttpResponseMessage <ResponseResult>(new ResponseResult {
Success = true
}, HttpStatusCode.OK));
}
catch (Exception exc)
{
EventLog.Application.WriteWarning("Software Platform signout error. Cleanup of .ASPXAUTH cookie failed. {0}", exc.Message);
}
return(new HttpResponseMessage <ResponseResult>(new ResponseResult {
Success = false
}, HttpStatusCode.InternalServerError));
}
public void TestAuditLogInstance()
{
Assert.IsInstanceOf <AuditLog>(AuditLogInstance.Get());
}
/// <summary>
/// Signs a software platform user into the system.
/// </summary>
/// <param name="jsonLoginCredential">The json login credential.</param>
/// <returns></returns>
private HttpResponseMessage <LoginResult> SigninSoftwarePlatform(JsonLoginCredential jsonLoginCredential)
{
var userAgent = Request?.Headers?.UserAgent?.ToString();
try
{
using (new SecurityBypassContext( ))
{
try
{
UserAccountValidator.Authenticate(jsonLoginCredential.Username, jsonLoginCredential.Password,
jsonLoginCredential.Tenant, true);
}
catch (ArgumentException ex)
{
throw new InvalidCredentialException("Invalid user name, password or tenant", ex);
}
RequestContext context = ReadiNow.IO.RequestContext.GetContext( );
RequestContextData contextData;
UserAccount account = ReadiNow.Model.Entity.Get <UserAccount>(context.Identity.Id, true);
if (account != null)
{
/////
// If we are in integration test mode, update the test authorization info.
/////
if (TestAuthorization.IsEnabled)
{
TestAuthorization.Instance.SetTokenIdentifier(context.Tenant.Id, WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance, account.Name);
}
// Update cache
contextData = Factory.IdentityProviderRequestContextCache.GetRequestContextData(ReadiNow.IO.RequestContext.TenantId, WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance, jsonLoginCredential.Username, true);
}
else
{
throw new InvalidOperationException("No UserAccount found.");
}
ReadiNowIdentityProvider identityProvider = ReadiNow.Model.Entity.Get <ReadiNowIdentityProvider>(WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance);
if (!(identityProvider.IsProviderEnabled ?? true))
{
throw new AuthenticationException("The identity provider is not enabled.");
}
contextData.Identity.IdentityProviderTypeAlias = LoginConstants.ReadiNowIdentityProviderTypeAlias;
CookieHelper.CreateAuthenticationAndXsrfCookies(ReadiNow.IO.RequestContext.TenantId, WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance, jsonLoginCredential.Username, account.Id, jsonLoginCredential.Persistent);
AuditLogInstance.Get().OnLogon(true, jsonLoginCredential.Username, userAgent);
return(new HttpResponseMessage <LoginResult>(GetSuccessfulLoginResult(contextData, account.Id), HttpStatusCode.OK));
}
}
catch (Exception exc)
{
if (ReadiNow.IO.RequestContext.IsSet)
{
AuditLogInstance.Get().OnLogon(false, jsonLoginCredential.Username, userAgent);
}
EventLog.Application.WriteWarning("Software Platform login error. Username: {0}, Tenant: {1}. {2}", jsonLoginCredential.Username ?? "<null>", jsonLoginCredential.Tenant ?? "<null>", exc.Message);
throw; // rely on the ExceptionFilter to handle it.
}
}
