private Task <bool> AddClaimsAsync(UserWithClaims user, ExternalLoginInfo externalLogin, string email, bool isFirst = false)
{
var newClaims = new List <Claim>();
void AddClaim(Claim claim)
{
newClaims.Add(claim);
user.Claims.Add(claim);
}
foreach (var squidexClaim in externalLogin.Principal.GetSquidexClaims())
{
AddClaim(squidexClaim);
}
if (!user.HasPictureUrl())
{
AddClaim(new Claim(SquidexClaimTypes.PictureUrl, GravatarHelper.CreatePictureUrl(email)));
}
if (!user.HasDisplayName())
{
AddClaim(new Claim(SquidexClaimTypes.DisplayName, email));
}
if (isFirst)
{
AddClaim(new Claim(SquidexClaimTypes.Permissions, Permissions.Admin));
}
return(MakeIdentityOperation(() => userManager.SyncClaimsAsync(user.Identity, newClaims)));
}
private static Client CreateClientFromUser(UserWithClaims user)
{
return(new Client
{
ClientId = user.Id,
ClientName = $"{user.Email} Client",
ClientClaimsPrefix = null,
ClientSecrets = new List <Secret>
{
new Secret(user.ClientSecret().Sha256())
},
AccessTokenLifetime = (int)TimeSpan.FromDays(30).TotalSeconds,
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = new List <string>
{
Constants.ApiScope,
Constants.RoleScope,
Constants.PermissionsScope
},
Claims = new List <Claim>
{
new Claim(OpenIdClaims.Subject, user.Id)
}
});
}
private async Task <ProfileVM> GetProfileVM(UserWithClaims user, ChangeProfileModel model = null, string errorMessage = null, string successMessage = null)
{
var taskForProviders = signInManager.GetExternalProvidersAsync();
var taskForPassword = userManager.HasPasswordAsync(user.Identity);
var taskForLogins = userManager.GetLoginsAsync(user.Identity);
await Task.WhenAll(taskForProviders, taskForPassword, taskForLogins);
var result = new ProfileVM
{
Id = user.Id,
Email = user.Email,
ErrorMessage = errorMessage,
ExternalLogins = taskForLogins.Result,
ExternalProviders = taskForProviders.Result,
DisplayName = user.DisplayName(),
IsHidden = user.IsHidden(),
HasPassword = taskForPassword.Result,
HasPasswordAuth = identityOptions.Value.AllowPasswordAuth,
SuccessMessage = successMessage
};
if (model != null)
{
SimpleMapper.Map(model, result);
}
return(result);
}
private Task <bool> LockAsync(UserWithClaims user, bool isFirst)
{
if (isFirst || !identityOptions.LockAutomatically)
{
return(Task.FromResult(true));
}
return(MakeIdentityOperation(() => userManager.SetLockoutEndDateAsync(user.Identity, DateTimeOffset.UtcNow.AddYears(100))));
}
private async Task <bool> AddClaimsAsync(UserWithClaims user, ExternalLoginInfo externalLogin, string email, bool isFirst = false)
{
var update = new UserValues
{
CustomClaims = externalLogin.Principal.GetSquidexClaims().ToList()
};
if (!user.HasPictureUrl())
{
update.PictureUrl = GravatarHelper.CreatePictureUrl(email);
}
if (!user.HasDisplayName())
{
update.DisplayName = email;
}
if (isFirst)
{
update.Permissions = new PermissionSet(Permissions.Admin);
}
return(await MakeIdentityOperation(() => userManager.SyncClaims(user.Identity, update)));
}
private Task <bool> AddUserAsync(UserWithClaims user)
{
return(MakeIdentityOperation(() => userManager.CreateAsync(user.Identity)));
}
private Task <bool> AddLoginAsync(UserWithClaims user, UserLoginInfo externalLogin)
{
return(MakeIdentityOperation(() => userManager.AddLoginAsync(user.Identity, externalLogin)));
}
public async Task <IActionResult> ExternalCallback(string?returnUrl = null)
{
var externalLogin = await signInManager.GetExternalLoginInfoWithDisplayNameAsync();
if (externalLogin == null)
{
return(RedirectToAction(nameof(Login)));
}
var result = await signInManager.ExternalLoginSignInAsync(externalLogin.LoginProvider, externalLogin.ProviderKey, true);
if (!result.Succeeded && result.IsLockedOut)
{
return(View(nameof(LockedOut)));
}
var isLoggedIn = result.Succeeded;
UserWithClaims?user;
if (isLoggedIn)
{
user = await userManager.FindByLoginWithClaimsAsync(externalLogin.LoginProvider, externalLogin.ProviderKey);
}
else
{
var email = externalLogin.Principal.FindFirst(ClaimTypes.Email).Value;
user = await userManager.FindByEmailWithClaimsAsync(email);
if (user != null)
{
isLoggedIn =
await AddLoginAsync(user, externalLogin) &&
await AddClaimsAsync(user, externalLogin, email) &&
await LoginAsync(externalLogin);
}
else
{
user = new UserWithClaims(userFactory.Create(email), new List <Claim>());
var isFirst = userManager.Users.LongCount() == 0;
isLoggedIn =
await AddUserAsync(user) &&
await AddLoginAsync(user, externalLogin) &&
await AddClaimsAsync(user, externalLogin, email, isFirst) &&
await LockAsync(user, isFirst) &&
await LoginAsync(externalLogin);
userEvents.OnUserRegistered(user);
if (await userManager.IsLockedOutAsync(user.Identity))
{
return(View(nameof(LockedOut)));
}
}
}
if (!isLoggedIn)
{
return(RedirectToAction(nameof(Login)));
}
else if (user != null && !user.HasConsent() && !identityOptions.NoConsent)
{
return(RedirectToAction(nameof(Consent), new { returnUrl }));
}
else
{
return(RedirectToReturnUrl(returnUrl));
}
}
private async Task <IdentityResult> UpdatePictureAsync(List <IFormFile> file, UserWithClaims user)
{
if (file.Count != 1)
{
return(IdentityResult.Failed(new IdentityError {
Description = "Please upload a single file."
}));
}
var thumbnailStream = new MemoryStream();
try
{
await assetThumbnailGenerator.CreateThumbnailAsync(file[0].OpenReadStream(), thumbnailStream, 128, 128, "Crop");
thumbnailStream.Position = 0;
}
catch
{
return(IdentityResult.Failed(new IdentityError {
Description = "Picture is not a valid image."
}));
}
await userPictureStore.UploadAsync(user.Id, thumbnailStream);
return(await userManager.UpdateSafeAsync(user.Identity, new UserValues { PictureUrl = SquidexClaimTypes.PictureUrlStore }));
}
private async Task <IdentityResult> AddLoginAsync(UserWithClaims user)
{
var externalLogin = await signInManager.GetExternalLoginInfoWithDisplayNameAsync(userManager.GetUserId(User));
return(await userManager.AddLoginAsync(user.Identity, externalLogin));
}
