public async Task <ActionResult <TokenResponse> > ClaimAuthCode(AuthCodeClaimDTO authCodeClaimDTO)
{
authCodeClaimDTO.SecurityKey = CryptographyUtils.Base64Decode(authCodeClaimDTO.SecurityKey);
var dbAuthCode = await applicationDbContext.UserAuthenticationCodes.FirstOrDefaultAsync(code => code.Token == authCodeClaimDTO.Token);
if (dbAuthCode == null)
{
return(BadRequest());
}
string md5Key = CryptographyUtils.ComputeSHA256Hash(authCodeClaimDTO.SecurityKey);
if (dbAuthCode.SecurityKey.ToLower() != md5Key.ToLower())
{
return(BadRequest());
}
var user = await applicationDbContext.Users.Where(x => x.Id == dbAuthCode.UserId).FirstOrDefaultAsync();
string purpose = authCodeClaimDTO.Purpose == ApplicationConstants.ExternalLoginTokenPurposeName ?
ApplicationConstants.ExternalLoginTokenPurposeName : authCodeClaimDTO.Purpose == ApplicationConstants.PersistentLoginTokenPurposeName ?
ApplicationConstants.PersistentLoginTokenPurposeName : string.Empty;
if (string.IsNullOrEmpty(purpose))
{
return(BadRequest("Proposito incorrecto"));
}
bool result = await userManager.VerifyUserTokenAsync(user, ApplicationConstants.AuthCodeTokenProviderName, purpose,
authCodeClaimDTO.Token);
if (!result)
{
return(BadRequest());
}
return(await BuildLoginToken(user.Email, authCodeClaimDTO.Purpose == ApplicationConstants.PersistentLoginTokenPurposeName));
}
public async Task <ActionResult> PersistLogin([FromQuery] LoginWithPersistDTO loginWithPersistDTO)
{
var user = await GetUserFromContext();
if (user == null)
{
return(RedirectToAction(nameof(RedirectToLogin)));
}
loginWithPersistDTO.SecurityKeyHash = CryptographyUtils.Base64Decode(HttpUtility.UrlDecode(loginWithPersistDTO.SecurityKeyHash));
if (!(await PersistentRedirectUrlExist(loginWithPersistDTO.returnUrl)))
{
return(BadRequest("returnUrl no es un valor valido"));
}
var token = await userManager.GenerateUserTokenAsync(user, ApplicationConstants.AuthCodeTokenProviderName, ApplicationConstants.PersistentLoginTokenPurposeName);
var authenticationCode = new UserAuthenticationCode
{
Expiration = DateTime.UtcNow.AddMinutes(5),
SecurityKey = loginWithPersistDTO.SecurityKeyHash,
Token = token,
UserId = user.Id
};
applicationDbContext.Add(authenticationCode);
await applicationDbContext.SaveChangesAsync();
string url = $"{loginWithPersistDTO.returnUrl}?authcode={HttpUtility.UrlEncode(token)}";
if (!string.IsNullOrEmpty(loginWithPersistDTO.InternalUrl))
{
url += $"&internalUrl={HttpUtility.UrlEncode(loginWithPersistDTO.InternalUrl)}";
}
return(Redirect(url));
}
public async Task <ActionResult> ExternalLogin([FromQuery] ExternalLoginDTO externalLoginDTO)
{
externalLoginDTO.SecurityKeyHash = CryptographyUtils.Base64Decode(HttpUtility.UrlDecode(externalLoginDTO.SecurityKeyHash));
if (!(await ExternalRedirectUrlExist(externalLoginDTO.returnUrl)))
{
return(BadRequest("returnUrl no es un valor valido"));
}
var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "Account", new { externalLoginDTO.returnUrl });
HttpContext.Response.Cookies.Append(ApplicationConstants.KeyHashCookieName, externalLoginDTO.SecurityKeyHash,
new Microsoft.AspNetCore.Http.CookieOptions()
{
HttpOnly = true,
MaxAge = TimeSpan.FromMinutes(10),
Secure = true,
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax
});
var properties = signInManager.ConfigureExternalAuthenticationProperties(externalLoginDTO.Provider, redirectUrl, externalLoginDTO.SecurityKeyHash);
return(Challenge(properties, externalLoginDTO.Provider));
}
