private async Task <Claim[]> GetUserLoginClaims(AuthenticatedUser user, bool wasMultiFactorAuthenticated)
{
await _contentObjectService.Refresh();
var claims = new List <Claim>();
if (_contentObjectService.LoginDiscontinuationConfiguration.IsLoginDiscontinued(user))
{
ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.DiscontinuedLogin);
}
if (user.User.HasPasswordCredential())
{
ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.PasswordLogin);
}
if (user.User.HasExternalCredential())
{
ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.ExternalLogin);
}
if (user.User.EnableMultiFactorAuthentication)
{
ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.EnabledMultiFactorAuthentication);
}
if (wasMultiFactorAuthenticated)
{
ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.WasMultiFactorAuthenticated);
}
ClaimsExtensions.AddExternalLoginCredentialTypeClaim(claims, user.CredentialUsed.Type);
return(claims.ToArray());
}
public override IdentityInformation GetIdentityInformation(ClaimsIdentity claimsIdentity)
{
return(ClaimsExtensions.GetIdentityInformation(
claimsIdentity,
DefaultAuthenticationType,
ClaimTypes.NameIdentifier,
ClaimTypeName,
ClaimTypes.Name));
}
private static Mock <ClaimsIdentity> BuildClaimsIdentity(string authType, bool authenticated, bool hasDiscontinuedLoginClaim)
{
var mockIdentity = new Mock <ClaimsIdentity>();
var claims = new List <Claim>();
if (hasDiscontinuedLoginClaim)
{
ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.DiscontinuedLogin);
}
mockIdentity.SetupGet(i => i.Claims).Returns(claims.ToArray());
mockIdentity.SetupGet(i => i.IsAuthenticated).Returns(authenticated);
mockIdentity.SetupGet(i => i.AuthenticationType).Returns(authType);
return(mockIdentity);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
// If the user has a discontinued login claim, redirect them to the homepage
var identity = filterContext.HttpContext.User.Identity as ClaimsIdentity;
if (!AllowDiscontinuedLogins && ClaimsExtensions.HasDiscontinuedLoginCLaims(identity))
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(
new
{
controller = "Pages",
action = "Home"
}));
}
base.OnAuthorization(filterContext);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
// If the user has a discontinued login claim or should enable 2FA, redirect them to the homepage
var identity = filterContext.HttpContext.User.Identity as ClaimsIdentity;
var askUserToEnable2FA = filterContext.Controller?.TempData?.ContainsKey(GalleryConstants.AskUserToEnable2FA);
if ((!AllowDiscontinuedLogins && ClaimsExtensions.HasDiscontinuedLoginClaims(identity)) ||
(askUserToEnable2FA.HasValue && askUserToEnable2FA.Value))
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(
new
{
area = "",
controller = "Pages",
action = "Home"
}));
}
base.OnAuthorization(filterContext);
}
private async Task <Claim[]> GetDiscontinuedLoginClaims(AuthenticatedUser user)
{
await _contentObjectService.Refresh();
var claims = new List <Claim>();
if (_contentObjectService.LoginDiscontinuationConfiguration.IsLoginDiscontinued(user))
{
ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.DiscontinuedLogin);
}
if (user.User.HasPasswordCredential())
{
ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.PasswordLogin);
}
if (user.User.HasExternalCredential())
{
ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.ExternalLogin);
}
return(claims.ToArray());
}
