public override void Handle(FlowEvent @event, FlowContext context)
{
if (@event.Equals(FlowEvent.UserFirstTimeSsoVisit))
{
AssociateUserWithExternalIdentity();
HandleUserWithSsoIdentity(context);
}
else if (@event.Equals(FlowEvent.ExistingSsoUserWithoutRoles))
{
HandleUserWithSsoIdentity(context);
}
}
public override void Handle(FlowEvent @event, FlowContext context)
{
if (@event.Equals(FlowEvent.LoginCompleted))
{
var externalUserUuid = GetUserExternalUuid();
var cvrNumber = _parser.MatchCvrNumber();
if (externalUserUuid.IsNone)
{
_logger.Warning("No external UUID passed from STS Adgangsstyring");
context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleUnknownError());
}
else if (cvrNumber.IsNone)
{
_logger.Warning("CVR number not provided from STS Adgangsstyring");
context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleUnknownError());
}
else if (CurrentUserHasKitosPrivilege())
{
_logger.Debug("User with UUID {uuid} and CVR {cvr} did have privilege", externalUserUuid.Value, cvrNumber.Value);
context.TransitionTo(_stateFactory.CreatePrivilegeVerifiedState(externalUserUuid.Value, cvrNumber.Value), _ => _.HandleUserPrivilegeVerified());
}
else
{
var privileges = GetPrivilegesString();
_logger.Information("Missing privilege for user with UUID {uuid} and CVR {cvr}. Failed with XML privileges {xmlPrivilegesBase64}", externalUserUuid.Value, cvrNumber.Value, privileges);
context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleUserPrivilegeInvalid());
}
}
}
public override void Handle(FlowEvent @event, FlowContext context)
{
if (@event.Equals(FlowEvent.UserHasNoRoleInOrganization))
{
_organizationRoleService.MakeUser(_user, _ssoOrganization);
context.TransitionTo(_ssoStateFactory.CreateUserLoggedIn(_user), _ => _.HandleRoleAssigned());
}
}
public override void Handle(FlowEvent @event, FlowContext context)
{
if (@event.Equals(FlowEvent.UserPrivilegeVerified))
{
var userResult = _ssoUserIdentityRepository.GetByExternalUuid(_userUuid);
if (userResult.HasValue) // User has used the same SSO identity before and exists
{
var user = userResult.Value.User;
if (user.CanAuthenticate())
{
context.TransitionTo(_ssoStateFactory.CreateUserLoggedIn(user),
_ => _.HandleUserSeenBefore());
}
else
{
var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid, _cvrNumber);
if (!stsBrugerInfo.HasValue)
{
context.TransitionTo(_ssoStateFactory.CreateErrorState(), _ => _.HandleUnableToResolveUserInStsOrganisation());
}
else
{
context.TransitionTo(_ssoStateFactory.CreateUserIdentifiedState(user, stsBrugerInfo.Value),
_ => _.HandleExistingSsoUserWithoutRoles());
}
}
}
else // Try to find the user by email
{
var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid, _cvrNumber);
if (!stsBrugerInfo.HasValue)
{
context.TransitionTo(_ssoStateFactory.CreateErrorState(), _ => _.HandleUnableToResolveUserInStsOrganisation());
}
else
{
var userByKitosEmail = FindUserByEmail(stsBrugerInfo);
if (userByKitosEmail.HasValue)
{
context.TransitionTo(_ssoStateFactory.CreateUserIdentifiedState(userByKitosEmail.Value, stsBrugerInfo.Value),
_ => _.HandleUserFirstTimeSsoVisit());
}
else
{
context.TransitionTo(_ssoStateFactory.CreateFirstTimeUserNotFoundState(stsBrugerInfo.Value),
_ => _.HandleUnableToLocateUser());
}
}
}
}
}
public override void Handle(FlowEvent @event, FlowContext context)
{
if (@event.Equals(FlowEvent.OrganizationNotFound))
{
if (_user.CanAuthenticate())
{
context.TransitionTo(_stateFactory.CreateUserLoggedIn(_user), _ => _.HandleUserHasRoleInOrganization());
}
else
{
context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleNoRoleAndOrganization());
}
}
}
public override void Handle(FlowEvent @event, FlowContext context)
{
if (@event.Equals(FlowEvent.OrganizationFound))
{
var rolesInOrganization = _organizationRoleService.GetRolesInOrganization(_user, _ssoOrganization.Id);
if (rolesInOrganization.Any())
{
context.TransitionTo(_ssoStateFactory.CreateUserLoggedIn(_user), _ => _.HandleUserHasRoleInOrganization());
}
else
{
context.TransitionTo(_ssoStateFactory.CreateAssigningRoleState(_user, _ssoOrganization), _ => _.HandleUserHasNoRoleInOrganization());
}
}
}