public void ConfigureServices(IServiceCollection services)
{
services.Configure <CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
_loginConfig = services.WireUpDependencies(_loginConfig, Configuration, _environment);
services.AddDbContext <LoginContext>(options => options.UseSqlServer(_loginConfig.SqlConnectionString));
services.AddDbContext <LoginUserContext>(options => options.UseSqlServer(_loginConfig.SqlConnectionString));
services.AddIdentityServer(_loginConfig, _environment, _logger);
services.AddAntiforgery(options => options.Cookie = new CookieBuilder()
{
Name = ".Login.AntiForgery", HttpOnly = true
});
services.AddAuthentication()
.AddJwtBearer(jwt =>
{
jwt.Authority = "http://localhost:5000";
jwt.RequireHttpsMetadata = false;
jwt.Audience = "api1";
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
public EmailService(HttpClient httpClient, ILogger <EmailService> logger, ILoginConfig config)
{
_logger = logger;
var notificationsApiClientConfiguration = new NotificationsApiClientConfiguration()
{
ApiBaseUrl = config.NotificationsApiClientConfiguration.ApiBaseUrl,
#pragma warning disable 618
ClientToken = config.NotificationsApiClientConfiguration.ClientToken,
#pragma warning restore 618
ClientId = config.NotificationsApiClientConfiguration.ClientId,
ClientSecret = config.NotificationsApiClientConfiguration.ClientSecret,
IdentifierUri = config.NotificationsApiClientConfiguration.IdentifierUri,
Tenant = config.NotificationsApiClientConfiguration.Tenant,
};
if (string.IsNullOrWhiteSpace(config.NotificationsApiClientConfiguration.ClientId))
{
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", config.NotificationsApiClientConfiguration.ClientToken);
}
else
{
var azureAdToken = new AzureADBearerTokenGenerator(notificationsApiClientConfiguration).Generate().Result;
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", azureAdToken);
}
_notificationApi = new NotificationsApi(httpClient, notificationsApiClientConfiguration);
}
internal OauthLogin(ILoginConfig config, ILoginCredentials credentials, ITokenManager tokenManager)
{
Credentials = credentials;
Config = config;
this.tokenManager = tokenManager;
userTokens = new Dictionary <string, List <IOauthToken> >();
}
public RequestPasswordResetHandler(IEmailService emailService,
ILoginConfig loginConfig, LoginContext loginContext, IWebUserService userService)
{
_emailService = emailService;
_loginConfig = loginConfig;
_loginContext = loginContext;
_userService = userService;
}
public CreateInvitationHandler(LoginContext loginContext, IEmailService emailService, ILoginConfig loginConfig,
IUserService userService)
{
_loginContext = loginContext;
_emailService = emailService;
_loginConfig = loginConfig;
_userService = userService;
}
public TokenManager(ILoginConfig config, ILoginCredentials credentials, IResponseManager responseManager, IValidationManager validationManager, IOauthTokenFactory tokenFactory, IHttpHandler client)
{
this.config = config;
this.credentials = credentials;
this.responseManager = responseManager;
this.validationManager = validationManager;
this.tokenFactory = tokenFactory;
this.client = client;
}
public CreateInvitationHandler(LoginContext loginContext, IEmailService emailService, ILoginConfig loginConfig,
IUserAccountService userAccountService, ILogger <CreateInvitationHandler> logger)
{
_loginContext = loginContext;
_emailService = emailService;
_loginConfig = loginConfig;
_userAccountService = userAccountService;
_logger = logger;
}
public void SetUp()
{
BuildLoginContext();
EmailService = Substitute.For <IEmailService>();
LoginConfig = Substitute.For <ILoginConfig>();
LoginConfig.BaseUrl.Returns("https://baseurl");
UserService = Substitute.For <IUserService>();
CreateInvitationHandler = BuildCreateInvitationHandler();
}
public void ConfigureServices(IServiceCollection services)
{
services.Configure <CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
_loginConfig = services.WireUpDependencies(_loginConfig, Configuration, _environment, _serviceProvider);
services.AddDbContext <LoginContext>((services, options) =>
services.GetRequiredService <IContextSecurityProvider>()
.Secure(options, _loginConfig.SqlConnectionString));
services.AddDbContext <LoginUserContext>((services, options) =>
services.GetRequiredService <IContextSecurityProvider>()
.Secure(options, _loginConfig.SqlConnectionString));
services.AddIdentityServer(_loginConfig, _environment, _logger);
services.AddAntiforgery(options => options.Cookie = new CookieBuilder()
{
Name = ".Login.AntiForgery", HttpOnly = true
});
services.AddSession(opt =>
{
opt.IdleTimeout = TimeSpan.FromHours(1);
opt.Cookie = new CookieBuilder()
{
Name = ".Login.Session",
HttpOnly = true,
IsEssential = true
};
});
services.AddAuthentication()
.AddJwtBearer(jwt =>
{
jwt.Authority = "http://*****:*****@config}", nsbConfig?.SharedServiceBusEndpointUrl);
services.AddSingleton(nsbConfig);
services.AddNServiceBus();
}
public static void AddIdentityServer(this IServiceCollection services, ILoginConfig loginConfig, IHostingEnvironment environment, ILogger logger)
{
services.AddIdentity <LoginUser, IdentityRole>(
options =>
{
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Lockout.MaxFailedAccessAttempts = loginConfig.MaxFailedAccessAttempts;
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromDays(14);
})
.AddPasswordValidator <CustomPasswordValidator <LoginUser> >()
.AddEntityFrameworkStores <LoginUserContext>()
.AddDefaultTokenProviders();
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = ".Login.Identity.Application";
options.Cookie.HttpOnly = true;
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromHours(1);
});
var isBuilder = services
.AddIdentityServer(options =>
{
options.UserInteraction.ErrorUrl = "/Error";
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder => builder.UseSqlServer(loginConfig.SqlConnectionString);
options.DefaultSchema = "IdentityServer";
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder => builder.UseSqlServer(loginConfig.SqlConnectionString);
options.DefaultSchema = "IdentityServer";
options.EnableTokenCleanup = true;
})
.AddAspNetIdentity <LoginUser>();
if (environment.IsDevelopment())
{
isBuilder.AddDeveloperSigningCredential();
}
else
{
isBuilder.AddCertificateFromStore(loginConfig.CertificateThumbprint, logger);
}
}
public static void SetConfig(string configPath)
{
_config = new CurrentConfig(GetConfig.UseJsonFile(configPath)
.UseTypeParser(new DictionaryParser())
.Build());
Site = _config.Site;
Browser = _config.Browser;
Pages = _config.Pages;
if (_config.Login == null)
{
return;
}
Login = _config.Login;
}
public void SetUp()
{
ClientId = Guid.NewGuid();
EmailService = Substitute.For <IEmailService>();
UserService = Substitute.For <IWebUserService>();
UserService.GeneratePasswordResetToken(Arg.Any <LoginUser>()).Returns("Token");
LoginConfig = Substitute.For <ILoginConfig>();
LoginConfig.BaseUrl.Returns("https://baseurl");
LoginConfig.PasswordResetExpiryInHours = 1;
var dbContextOptions = new DbContextOptionsBuilder <LoginContext>()
.UseInMemoryDatabase(databaseName: Guid.NewGuid().ToString())
.Options;
LoginContext = new LoginContext(dbContextOptions);
Handler = new RequestPasswordResetHandler(EmailService, LoginConfig, LoginContext, UserService);
}
public ValidationManager(ILoginConfig config, IHttpHandler client)
{
this.config = config;
this.client = client;
}
public static ILoginConfig WireUpDependencies(this IServiceCollection services, ILoginConfig loginConfig, IConfiguration configuration, IHostingEnvironment environment, IServiceProvider serviceProvider)
{
services.AddMediatR(typeof(CreateInvitationHandler).Assembly);
services.AddTransient <IConfigurationService, ConfigurationService>();
loginConfig = new ConfigurationService(serviceProvider.GetService <IMediator>())
.GetLoginConfig(
configuration["EnvironmentName"],
configuration["ConfigurationStorageConnectionString"],
"1.0",
"SFA.DAS.LoginService", environment).Result;
services.AddTransient(sp => loginConfig);
if (environment.IsDevelopment())
{
services.AddTransient <IEmailService, EmailService.DevEmailService>();
}
else
{
services.AddHttpClient <IEmailService, EmailService.EmailService>();
}
services.AddTransient <IUserService, UserService>();
services.AddTransient <IClientService, ClientService>();
services.AddTransient <SignInManager <LoginUser> >();
services.AddHttpClient <ICallbackService, CallbackService>()
.SetHandlerLifetime(TimeSpan.FromMinutes(5))
.AddPolicyHandler(GetRetryPolicy());
return(loginConfig);
}
/// <summary>
/// Constructs the internal login dialog.
/// </summary>
/// <param name="config">The dialog configuration.</param>
protected virtual AppCompatDialogFragment ConstructLoginDialog(ILoginConfig config)
{
return(new LoginAppCompatDialogFragment(config));
}
/// <summary>
/// Presents a login dialog based on the provided configuration.
/// </summary>
/// <param name="config">The dialog configuration.</param>
protected override IDisposable PresentLogin(ILoginConfig config)
{
return(ShowDialog(ConstructLoginDialog(config), config));
}
public static void UseLogin(ILoginConfig loginConfig) => Login = loginConfig;
public static void UseLogin(string usernameOrRole) => Login = _config.SetLoginConfig(usernameOrRole).Login;
public OAuthLoginBuilder WithConfig(ILoginConfig config)
{
Config = config;
return(this);
}
