public static async Task <IHttpResponse> Get(
[OptionalQueryParameter(Name = ProvideLoginMock.extraParamState)] IRefOptional <Authorization> authorizationRef,
[QueryParameter(Name = ProvideLoginMock.extraParamToken)] string token,
IAzureApplication application, IProvideUrl urlHelper,
IHttpRequest request,
RedirectResponse redirectResponse,
ServiceUnavailableResponse onNoServiceResponse,
BadRequestResponse onBadCredentials,
GeneralConflictResponse onFailure)
{
var authentication = EastFive.Azure.Auth.Method.ByMethodName(
ProvideLoginMock.IntegrationName, application);
var parameters = new Dictionary <string, string>()
{
{ ProvideLoginMock.extraParamToken, token },
};
if (authorizationRef.HasValue)
{
parameters.Add(ProvideLoginMock.extraParamState, authorizationRef.id.ToString());
}
return(await Redirection.ProcessRequestAsync(authentication,
parameters,
application,
request, urlHelper,
(redirect) =>
{
var response = redirectResponse(redirect);
return response;
},
(why) => onBadCredentials().AddReason($"Bad credentials:{why}"),
(why) => onNoServiceResponse().AddReason(why),
(why) => onFailure(why)));
}
private static async Task <TResult> GetClaimsAsync <TResult>(
Api.Azure.AzureApplication application, IRefOptional <Authorization> authorizationRefMaybe,
Func <IDictionary <string, string>, Guid?, bool, TResult> onClaims,
Func <string, TResult> onFailure)
{
if (!authorizationRefMaybe.HasValue)
{
return(onClaims(new Dictionary <string, string>(), default(Guid?), false));
}
var authorizationRef = authorizationRefMaybe.Ref;
return(await Api.AppSettings.ActorIdClaimType.ConfigurationString(
(accountIdClaimType) =>
{
return GetSessionAcountAsync(authorizationRef, application,
(accountId, authorized) =>
{
var claims = new Dictionary <string, string>()
{
{ accountIdClaimType, accountId.ToString() }
};
return onClaims(claims, accountId, authorized);
},
(why, authorized) => onClaims(new Dictionary <string, string>(), default(Guid?), authorized));
},
(why) => onClaims(new Dictionary <string, string>(), default(Guid?), false).AsTask()));
}
public static bool HasValueNotNull <T>(this IRefOptional <T> refOptional)
where T : IReferenceable
{
if (refOptional.IsDefaultOrNull())
{
return(false);
}
return(refOptional.HasValue && !refOptional.Ref.id.IsDefault());
}
public static async Task <IHttpResponse> GetAsync(
//[WorkflowNewId]
//[WorkflowVariable(
// Workflows.PasswordLoginCreateAccount.Variables.State,
// AuthorizationPropertyName)]
[OptionalQueryParameter(Name = AuthorizationPropertyName)]
IRefOptional <Authorization> authorizationRefOptional,
[WorkflowParameter(
Value = "d989b604-1e25-4d77-b79e-fe1c7d36f833",
Description = "Unique and static to each client (i.e. iOS or Web)")]
[QueryParameter(Name = ClientPropertyName)]
IRef <Client> clientRef,
[WorkflowNewId(Description = "No idea what this does.")]
[OptionalQueryParameter(Name = ValidationPropertyName)]
string validation,
IAuthApplication application, IProvideUrl urlHelper,
//ContentTypeResponse<Authentication> onFound,
[WorkflowVariable(
Workflows.PasswordLoginCreateAccount.Variables.Authorization,
Authentication.AuthenticationPropertyName)]
[WorkflowVariableRedirectUrl(
VariableName = Workflows.PasswordLoginCreateAccount.Variables.AuthorizationRedirect)]
RedirectResponse onFound,
ReferencedDocumentNotFoundResponse <Client> onInvalidClient)
{
return(await await clientRef.StorageGetAsync(
(client) =>
{
var authentication = new Authentication
{
authenticationRef = SecureGuid.Generate().AsRef <Authentication>(),
authorizationMaybe = authorizationRefOptional,
client = clientRef,
};
return authentication.StorageCreateAsync(
(entity) =>
{
var location = urlHelper.GetLocation <Authentication>(
auth => auth.authenticationRef.AssignQueryValue(authentication.authenticationRef),
application);
return onFound(location);
});
},
() => onInvalidClient().AsTask()));
}
public static Task <IHttpResponse> FindByFirstStepByActorAndTypeAsync(
[QueryParameter(Name = Resources.ProcessStage.OwnerPropertyName)] Guid ownerId,
[QueryParameter(Name = Resources.ProcessStage.TypePropertyName)] Type resourceType,
[QueryParameter(Name = "processstage." + Resources.ProcessStage.ConfirmablePropertyName + "." + Resources.ProcessStage.ConfirmableResource.ProcessStageNextPropertyName)]
IRefOptional <IReferenceable> nextStage,
EastFive.Api.Security security, IProvideUrl url,
MultipartAcceptArrayResponse onMultipart,
ReferencedDocumentNotFoundResponse onResourceNotFound,
UnauthorizedResponse onUnauthorized)
{
return(EastFive.Azure.ProcessStages.FindStartByActorAndResourceTypeAsync(ownerId, resourceType,
security,
(processStages) => onMultipart(processStages.Select(ps => GetResource(ps, url))),
() => onResourceNotFound(),
() => onUnauthorized()));
}
[HttpPost] //(MatchAllBodyParameters = false)]
public async static Task <HttpResponseMessage> CreateAsync(
[Property(Name = SessionIdPropertyName)] IRef <Session> sessionId,
[PropertyOptional(Name = AuthorizationPropertyName)] IRefOptional <Authorization> authorizationRefMaybe,
[Resource] Session session,
Api.Azure.AzureApplication application,
CreatedBodyResponse <Session> onCreated,
AlreadyExistsResponse onAlreadyExists,
ForbiddenResponse forbidden,
ConfigurationFailureResponse onConfigurationFailure,
GeneralConflictResponse onFailure)
{
session.refreshToken = Security.SecureGuid.Generate().ToString("N");
return(await Security.AppSettings.TokenScope.ConfigurationUri(
scope =>
{
return Security.SessionServer.Configuration.AppSettings.TokenExpirationInMinutes.ConfigurationDouble(
async(tokenExpirationInMinutes) =>
{
return await await GetClaimsAsync(application, authorizationRefMaybe,
(claims, accountIdMaybe, authorized) =>
{
session.account = accountIdMaybe;
session.authorized = authorized;
return session.StorageCreateAsync(
(sessionIdCreated) =>
{
return BlackBarLabs.Security.Tokens.JwtTools.CreateToken(sessionId.id,
scope, TimeSpan.FromMinutes(tokenExpirationInMinutes), claims,
(tokenNew) =>
{
session.token = tokenNew;
return onCreated(session);
},
(missingConfig) => onConfigurationFailure("Missing", missingConfig),
(configName, issue) => onConfigurationFailure(configName, issue));
},
() => onAlreadyExists());
},
(why) => onFailure(why).AsTask());
},
(why) => onConfigurationFailure("Missing", why).AsTask());
},
(why) => onConfigurationFailure("Missing", why).AsTask()));
}
public static Task <HttpResponseMessage> UpdateBodyAsync(
[UpdateId(Name = SessionIdPropertyName)] IRef <Session> sessionRef,
[PropertyOptional(Name = AuthorizationPropertyName)] IRefOptional <Authorization> authorizationRefMaybe,
Api.Azure.AzureApplication application,
ContentTypeResponse <Session> onUpdated,
NotFoundResponse onNotFound,
ForbiddenResponse forbidden,
ConfigurationFailureResponse onConfigurationFailure,
GeneralConflictResponse onFailure)
{
return(sessionRef.StorageUpdateAsync(
(sessionStorage, saveSessionAsync) =>
{
return Security.AppSettings.TokenScope.ConfigurationUri(
scope =>
{
return Security.SessionServer.Configuration.AppSettings.TokenExpirationInMinutes.ConfigurationDouble(
async(tokenExpirationInMinutes) =>
{
return await await GetClaimsAsync(application, authorizationRefMaybe,
async(claims, accountIdMaybe, authorized) =>
{
sessionStorage.authorization = authorizationRefMaybe;
sessionStorage.authorized = authorized;
sessionStorage.account = accountIdMaybe;
return await BlackBarLabs.Security.Tokens.JwtTools.CreateToken(sessionRef.id,
scope, TimeSpan.FromMinutes(tokenExpirationInMinutes), claims,
async(tokenNew) =>
{
sessionStorage.token = tokenNew;
await saveSessionAsync(sessionStorage);
return onUpdated(sessionStorage);
},
(missingConfig) => onConfigurationFailure("Missing", missingConfig).AsTask(),
(configName, issue) => onConfigurationFailure(configName, issue).AsTask());
},
why => onFailure(why).AsTask());
},
why => onConfigurationFailure("Missing", why).AsTask());
},
(why) => onConfigurationFailure("Missing", why).AsTask());
},
onNotFound: () => onNotFound()));
}
public async static Task <IHttpResponse> CreateAsync(
[Property(Name = AccountPropertyName)] Guid accountId,
[PropertyOptional(Name = AuthorizationPropertyName)] IRefOptional <Authorization> authorizationRefMaybe,
[Resource] XIntegration integration,
IAuthApplication application, EastFive.Api.SessionToken security,
CreatedResponse onCreated,
AlreadyExistsResponse onAlreadyExists,
ForbiddenResponse onForbidden,
ReferencedDocumentDoesNotExistsResponse <Authorization> onAuthorizationDoesNotExist,
GeneralConflictResponse onFailure)
{
if (!await application.CanAdministerCredentialAsync(accountId, security))
{
return(onForbidden());
}
return(await await authorizationRefMaybe.StorageGetAsync(
async authorization =>
{
if (!await application.ShouldAuthorizeIntegrationAsync(integration, authorization))
{
return onFailure("Authorization is not accessable to this account.");
}
return await CreateWithAuthorization(integration, authorization,
() => onCreated(),
() => onAlreadyExists(),
(why) => onFailure(why));
},
async() =>
{
if (authorizationRefMaybe.HasValue)
{
return onAuthorizationDoesNotExist();
}
return await integration.StorageCreateAsync(
(discard) => onCreated(),
() => onAlreadyExists());
}));
}
[Api.HttpPost] //(MatchAllBodyParameters = false)]
public async static Task <IHttpResponse> CreateAsync(
[Property(Name = AccountPropertyName)] Guid accountId,
[PropertyOptional(Name = AuthorizationPropertyName)] IRefOptional <Authorization> authorizationRefMaybe,
[Resource] Integration integration,
Api.Azure.AzureApplication application,
EastFive.Api.SessionToken security,
CreatedResponse onCreated,
AlreadyExistsResponse onAlreadyExists,
ForbiddenResponse forbidden,
ReferencedDocumentDoesNotExistsResponse <Authorization> onAuthenticationDoesNotExist,
GeneralConflictResponse onFailure)
{
if (!await application.CanAdministerCredentialAsync(accountId, security))
{
return(forbidden());
}
return(await await authorizationRefMaybe.StorageGetAsync(
authorization =>
{
// TODO? This
// var accountIdDidMatch = await await authorization.ParseCredentailParameters(
return CreateWithAuthorization(integration, authorization,
accountId,
() => onCreated(),
() => onAlreadyExists(),
(why) => onFailure(why));
},
async() =>
{
return await await integration.StorageCreateAsync(
discard =>
{
return SaveAccountLookupAsync(accountId, integration,
() => onCreated());
},
() => onAlreadyExists().AsTask());
}));
}
private static async Task <TResult> GetClaimsAsync <TResult>(
IAuthApplication application, IRefOptional <Authorization> authorizationRefMaybe,
Func <IDictionary <string, string>, Guid?, bool, TResult> onClaims,
Func <string, TResult> onFailure)
{
if (!authorizationRefMaybe.HasValueNotNull())
{
return(onClaims(new Dictionary <string, string>(), default(Guid?), false));
}
var authorizationRef = authorizationRefMaybe.Ref;
return(await Api.AppSettings.ActorIdClaimType.ConfigurationString(
(accountIdClaimType) =>
{
return GetSessionAcountAsync(authorizationRef, application,
(accountId, claims, authorized) =>
{
var claimsWithAccountId = claims
.Append(accountIdClaimType.PairWithValue(accountId.ToString()))
.ToDictionary();
return onClaims(claimsWithAccountId, accountId, authorized);
},
(why, authorized) => onClaims(new Dictionary <string, string>(), default(Guid?), authorized));
},
(why) =>
{
return GetSessionAcountAsync(authorizationRef, application,
(accountId, claims, authorized) =>
{
var claimsDictionary = claims
.NullToEmpty()
.ToDictionary();
return onClaims(claimsDictionary, accountId, authorized);
},
(why, authorized) => onClaims(new Dictionary <string, string>(), default(Guid?), authorized));
}));
}
public static Guid?GetIdMaybeNullSafe <T>(this IRefOptional <T> refOptional)
where T : IReferenceable
{
if (refOptional.IsDefaultOrNull())
{
return(default);
public static IQueryable <TResource> ById <TResource>(this IQueryable <TResource> query, IRefOptional <TResource> resourceRef)
where TResource : IReferenceable
{
if (!resourceRef.HasValue)
{
return(query);
}
return(query.ById(resourceRef.Ref));
}
public async static Task <TResult> AuthenticationAsync <TResult>(
EastFive.Azure.Auth.Method authentication, IDictionary <string, string> values,
IAzureApplication application, IHttpRequest request,
IInvokeApplication endpoints, Uri baseUri,
IRefOptional <Authorization> authorizationRefToCreate,
Func <Uri, Guid?, Func <IHttpResponse, IHttpResponse>, TResult> onRedirect,
Func <TResult> onAuthorizationNotFound,
Func <string, TResult> onCouldNotConnect,
Func <string, TResult> onGeneralFailure)
{
var telemetry = application.Telemetry;
return(await await authentication.RedeemTokenAsync(values, application,
async (externalAccountKey, authorizationRefMaybe, loginProvider, extraParams) =>
{
#region Handle case where there was a direct link or a POST
if (!authorizationRefMaybe.HasValue)
{
var authorization = new Authorization
{
authorizationRef = authorizationRefToCreate.HasValue?
authorizationRefToCreate.Ref
:
new Ref <Authorization>(Security.SecureGuid.Generate()),
Method = authentication.authenticationId,
parameters = extraParams,
authorized = true,
};
return await ProcessAsync(authorization,
async(authorizationUpdated) =>
{
bool created = await authorizationUpdated.StorageCreateAsync(
authIdDiscard =>
{
return true;
},
() =>
{
//if(authorizationRefToCreate.HasValueNotNull())
// throw new Exception("Authorization to create already exists.");
//throw new Exception("Duplicated update from ProcessAsync.");
return false;
});
},
authentication, externalAccountKey, extraParams,
application, request, endpoints, loginProvider, baseUri,
onRedirect,
onGeneralFailure,
telemetry);
}
#endregion
var authorizationRef = authorizationRefMaybe.Ref;
return await authorizationRef.StorageUpdateAsync(
async(authorization, saveAsync) =>
{
return await ProcessAsync(authorization,
saveAsync,
authentication, externalAccountKey, extraParams,
application, request, endpoints, loginProvider, baseUri,
onRedirect,
onGeneralFailure,
telemetry);
},
() =>
{
return onAuthorizationNotFound();
});
},
(authorizationRef, extraparams) => onGeneralFailure("Cannot use logout to authenticate").AsTask(),
(why) => onCouldNotConnect(why).AsTask(),
(why) => onGeneralFailure(why).AsTask()));
}
public async static Task <Session> CreateAsync(
IAuthApplication application, IRefOptional <Authorization> authorizationRefMaybe,
IRefOptional <Session> sessionToCreateMaybe = default)
{
var sessionId = sessionToCreateMaybe.HasValueNotNull() ?
sessionToCreateMaybe.Ref
:
Ref <Session> .SecureRef();
var session = new Session()
{
sessionId = sessionId,
refreshToken = Security.SecureGuid.Generate().ToString("N"),
authorization = authorizationRefMaybe,
};
return(await Security.AppSettings.TokenScope.ConfigurationUri(
scope =>
{
return Security.SessionServer.Configuration.AppSettings.TokenExpirationInMinutes.ConfigurationDouble(
async(tokenExpirationInMinutes) =>
{
return await await GetClaimsAsync(application, authorizationRefMaybe,
async(claims, accountIdMaybe, authorized) =>
{
session.account = accountIdMaybe;
session.authorized = authorized;
return await await session.StorageCreateAsync(
(sessionIdCreated) =>
{
return Api.Auth.JwtTools.CreateToken(session.id,
scope, TimeSpan.FromMinutes(tokenExpirationInMinutes), claims,
(tokenNew) =>
{
session.token = tokenNew;
return session;
},
(missingConfig) => throw new Exception(missingConfig),
(configName, issue) => throw new Exception(issue)).AsTask();
},
onAlreadyExists: () =>
{
return sessionId.StorageUpdateAsync(
async(sessionToUpdate, saveAsync) =>
{
sessionToUpdate.authorization = authorizationRefMaybe;
sessionToUpdate.account = accountIdMaybe;
sessionToUpdate.authorized = authorized;
await saveAsync(sessionToUpdate);
return Api.Auth.JwtTools.CreateToken(sessionToUpdate.id,
scope, TimeSpan.FromMinutes(tokenExpirationInMinutes), claims,
(tokenNew) =>
{
sessionToUpdate.token = tokenNew;
return sessionToUpdate;
},
(missingConfig) => throw new Exception(missingConfig),
(configName, issue) => throw new Exception(issue));
});
});
},
(why) => throw new Exception(why));
},
(why) => throw new Exception(why));
},
(why) => throw new Exception(why)));
}
public async static Task <IHttpResponse> CreateAsync(
[Api.Meta.Flows.WorkflowNewId]
[Property(Name = SessionIdPropertyName)]
IRef <Session> sessionId,
[Api.Meta.Flows.WorkflowParameter(Value = "{{XAuthorization}}")]
[PropertyOptional(Name = AuthorizationPropertyName)]
IRefOptional <Authorization> authorizationRefMaybe,
[Resource] Session session,
IAuthApplication application,
[Api.Meta.Flows.WorkflowVariable2(Workflows.AuthorizationFlow.Variables.AuthHeaderName, HeaderNamePropertyName)]
[Api.Meta.Flows.WorkflowVariable(Workflows.AuthorizationFlow.Variables.TokenName, TokenPropertyName)]
CreatedBodyResponse <Session> onCreated,
AlreadyExistsResponse onAlreadyExists,
ForbiddenResponse forbidden,
ConfigurationFailureResponse onConfigurationFailure,
GeneralConflictResponse onFailure)
{
session.refreshToken = Security.SecureGuid.Generate().ToString("N");
return(await Security.AppSettings.TokenScope.ConfigurationUri(
scope =>
{
return Security.SessionServer.Configuration.AppSettings.TokenExpirationInMinutes.ConfigurationDouble(
async(tokenExpirationInMinutes) =>
{
return await await GetClaimsAsync(application, authorizationRefMaybe,
(claims, accountIdMaybe, authorized) =>
{
session.account = accountIdMaybe;
session.authorized = authorized;
return session.StorageCreateAsync(
(sessionIdCreated) =>
{
return Api.Auth.JwtTools.CreateToken(sessionId.id,
scope, TimeSpan.FromMinutes(tokenExpirationInMinutes), claims,
(tokenNew) =>
{
session.token = tokenNew;
return onCreated(session);
},
(missingConfig) => onConfigurationFailure("Missing", missingConfig),
(configName, issue) => onConfigurationFailure(configName, issue));
},
() =>
{
return Api.Auth.JwtTools.CreateToken(sessionId.id,
scope, TimeSpan.FromMinutes(tokenExpirationInMinutes), claims,
(tokenNew) =>
{
session.token = tokenNew;
return onCreated(session);
},
(missingConfig) => onConfigurationFailure("Missing", missingConfig),
(configName, issue) => onConfigurationFailure(configName, issue));
// onAlreadyExists()
});
},
(why) => onFailure(why).AsTask());
},
(why) => onConfigurationFailure("Missing", why).AsTask());
},
(why) => onConfigurationFailure("Missing", why).AsTask()));
}
