private async Task <Entities.User> AutoProvisionWindowsUser(string provider,
string providerUserId, IEnumerable <Claim> claims)
{
if (_windowsKeyMap.ContainsKey(providerUserId))
{
// find matching user
var existingUser = await
_localUserService.GetUserBySubjectAsync(_windowsKeyMap[providerUserId]);
if (existingUser != null)
{
await _localUserService.AddExternalProviderToUser(
existingUser.Subject,
provider,
providerUserId);
await _localUserService.SaveChangesAsync();
return(existingUser);
}
}
var user = _localUserService.ProvisionUserFromExternalIdentity(provider, providerUserId,
new List <Claim>());
await _localUserService.SaveChangesAsync();
return(user);
}
public async Task <IActionResult> CallbackLink()
{
// read external identity from the temporary cookie
var result = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
if (result?.Succeeded != true)
{
throw new Exception("External authentication error");
}
if (_logger.IsEnabled(LogLevel.Debug))
{
var externalClaims = result.Principal.Claims.Select(c => $"{c.Type}: {c.Value}");
_logger.LogDebug("External claims: {@claims}", externalClaims);
}
// lookup our user and external provider info
var(provider, providerUserId, claims) = await FindFromExternalProvider(result);
if (HttpContext.User.Identity.IsAuthenticated)
{
var subject = HttpContext.User.Claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Subject);
try
{
await _localUserService.AddExternalProviderToUser(
subject.Value,
provider,
providerUserId);
await _localUserService.SaveChangesAsync();
}
catch (DbUpdateException e)
{
Debug.WriteLine(e.Message);
}
}
// delete temporary cookie used during external authentication
await HttpContext.SignOutAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
// retrieve return URL
var returnUrl = Base64UrlEncoder.Decode(result.Properties.Items["returnUrl"]) ?? "~/";
// check if external login is in the context of an OIDC request
var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
if (context != null)
{
if (context.IsNativeClient())
{
// The client is native, so this change in how to
// return the response is for better UX for the end user.
return(this.LoadingPage("Redirect", returnUrl));
}
}
return(Redirect(returnUrl));
}
public async Task <IActionResult> ActivateUser(string securityCode)
{
if (await _localUserService.ActivateUser(securityCode))
{
ViewData["Message"] = "Your account was successfully activated. " + "Navigate to your client application to log in";
}
else
{
ViewData["Message"] = "Your account could not be activated. " + "Please contact your administrator";
}
await _localUserService.SaveChangesAsync();
return(View());
}
public async Task <IActionResult> RegisterForMfa(
RegisterForMfaViewModel model)
{
if (ModelState.IsValid)
{
// read identity from the temporary cookie
var resultIdent = await HttpContext.AuthenticateAsync("idsrv.mfa");
if (resultIdent?.Succeeded != true)
{
throw new Exception("MFA authentication error");
}
var subject = resultIdent.Principal.FindFirst(JwtClaimTypes.Subject)?.Value;
if (await _localUserService.AddUserSecret(subject, "TOTP", model.Secret))
{
await _localUserService.SaveChangesAsync();
return(Redirect(model.ReturnUrl));
}
else
{
throw new Exception("MFA registration error");
}
}
return(View(model));
}
private async Task <User> AutoProvisionUser(string provider, string providerUserId, IEnumerable <Claim> claims)
{
var user = _localUserService.ProvisionUserFromExternalIdentity(provider, providerUserId, claims.ToList());
await _localUserService.SaveChangesAsync();
return(user);
}
public async Task <IActionResult> RequestPassword(RequestPasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var securityCode = await _localUserService.InitiatePasswordResetRequest(model.Email);
await _localUserService.SaveChangesAsync();
// create an activation link
var link = Url.ActionLink("ResetPassword", "PasswordReset", new { securityCode });
Debug.WriteLine(link);
return(View("PasswordResetRequestSent"));
}
private async Task <User> AutoProvisionUser(string provider, string providerUserId, IEnumerable <Claim> claims)
{
var mappedClaims = new List <Claim>();
foreach (var claim in claims)
{
if (_facebookClaimTypeMap.ContainsKey(claim.Type))
{
mappedClaims.Add(new Claim(_facebookClaimTypeMap[claim.Type], claim.Value));
}
}
//var user = _users.AutoProvisionUser(provider, providerUserId, claims.ToList());
var user = _localUserService.ProvisionUserFromExternalIdentity(provider, providerUserId, mappedClaims);
await _localUserService.SaveChangesAsync();
return(user);
}
private async Task <Rekommend.IDP.Entities.User> AutoProvisionUser(string provider, string providerUserId, IEnumerable <Claim> claims)
{
var mappedClaims = new List <Claim>();
// map the claims and ignore those for which no mapping exists
foreach (var claim in claims)
{
if (_facebookClaimTypeMap.ContainsKey(claim.Type))
{
mappedClaims.Add(new Claim(_facebookClaimTypeMap[claim.Type], claim.Value));
}
}
var user = _localUserService.ProvisionUserFromExternalIdentity(provider, providerUserId, mappedClaims);
await _localUserService.SaveChangesAsync();
return(user);
}
public async Task <IActionResult> RegisterForMfa(
RegisterForMfaViewModel model)
{
if (ModelState.IsValid)
{
var subject = User.FindFirst(JwtClaimTypes.Subject)?.Value;
if (await _localUserService.AddUserSecret(subject, "TOTP", model.Secret))
{
await _localUserService.SaveChangesAsync();
return(Redirect("~/"));
}
else
{
throw new Exception("MFA registration error");
}
}
return(View(model));
}
