Exemplo n.º 1
0
        public async Task <Tuple <bool, Organization> > RequiresTwoFactorAsync(User user)
        {
            var individualRequired = _userManager.SupportsUserTwoFactor &&
                                     await _userManager.GetTwoFactorEnabledAsync(user) &&
                                     (await _userManager.GetValidTwoFactorProvidersAsync(user)).Count > 0;

            Organization firstEnabledOrg = null;
            var          orgs            = (await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id))
                                           .ToList();

            if (orgs.Any())
            {
                var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();

                var twoFactorOrgs = orgs.Where(o => OrgUsing2fa(orgAbilities, o.Id));
                if (twoFactorOrgs.Any())
                {
                    var userOrgs = await _organizationRepository.GetManyByUserIdAsync(user.Id);

                    firstEnabledOrg = userOrgs.FirstOrDefault(
                        o => orgs.Any(om => om.Id == o.Id) && o.TwoFactorIsEnabled());
                }
            }

            return(new Tuple <bool, Organization>(individualRequired || firstEnabledOrg != null, firstEnabledOrg));
        }
Exemplo n.º 2
0
        private async Task <Tuple <bool, bool, Organization> > RequiresTwoFactorAsync(User user, ValidatedTokenRequest request)
        {
            if (request.GrantType == "client_credentials")
            {
                // Do not require MFA for api key logins
                return(new Tuple <bool, bool, Organization>(false, false, null));
            }

            var individualRequired = _userManager.SupportsUserTwoFactor &&
                                     await _userManager.GetTwoFactorEnabledAsync(user) &&
                                     (await _userManager.GetValidTwoFactorProvidersAsync(user)).Count > 0;

            Organization firstEnabledOrg = null;
            var          orgs            = (await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id))
                                           .ToList();

            if (orgs.Any())
            {
                var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();

                var twoFactorOrgs = orgs.Where(o => OrgUsing2fa(orgAbilities, o.Id));
                if (twoFactorOrgs.Any())
                {
                    var userOrgs = await _organizationRepository.GetManyByUserIdAsync(user.Id);

                    firstEnabledOrg = userOrgs.FirstOrDefault(
                        o => orgs.Any(om => om.Id == o.Id) && o.TwoFactorIsEnabled());
                }
            }

            var requires2FA = individualRequired || firstEnabledOrg != null;
            var requires2FABecauseNewDevice = !requires2FA
                                              &&
                                              await _userService.Needs2FABecauseNewDeviceAsync(
                user,
                GetDeviceFromRequest(request)?.Identifier,
                request.GrantType);

            requires2FA = requires2FA || requires2FABecauseNewDevice;

            return(new Tuple <bool, bool, Organization>(requires2FA, requires2FABecauseNewDevice, firstEnabledOrg));
        }
Exemplo n.º 3
0
        public async Task LogUserEventAsync(Guid userId, EventType type)
        {
            var now    = DateTime.UtcNow;
            var events = new List <IEvent>
            {
                new EventMessage(_currentContext)
                {
                    UserId       = userId,
                    ActingUserId = userId,
                    Type         = type,
                    Date         = now
                }
            };

            var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();

            var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, userId);

            var orgEvents = orgs.Where(o => CanUseEvents(orgAbilities, o.Id))
                            .Select(o => new EventMessage(_currentContext)
            {
                OrganizationId = o.Id,
                UserId         = userId,
                ActingUserId   = userId,
                Type           = type,
                Date           = DateTime.UtcNow
            });

            if (orgEvents.Any())
            {
                events.AddRange(orgEvents);
                await _eventWriteService.CreateManyAsync(events);
            }
            else
            {
                await _eventWriteService.CreateAsync(events.First());
            }
        }
Exemplo n.º 4
0
        public async Task <bool> CanAccessPremium(User user)
        {
            if (user.Premium)
            {
                return(true);
            }
            if (!_currentContext?.Organizations?.Any() ?? true)
            {
                return(false);
            }

            var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();

            return(_currentContext.Organizations.Any(o => orgAbilities.ContainsKey(o.Id) &&
                                                     orgAbilities[o.Id].UsersGetPremium && orgAbilities[o.Id].Enabled));
        }
Exemplo n.º 5
0
        public async Task <bool> CanAccessPremium(User user)
        {
            if (user.Premium)
            {
                return(true);
            }
            var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);

            if (!orgs.Any())
            {
                return(false);
            }
            var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();

            return(orgs.Any(o => orgAbilities.ContainsKey(o.Id) &&
                            orgAbilities[o.Id].UsersGetPremium && orgAbilities[o.Id].Enabled));
        }