Пример #1
0
        private IActionResult ValidateOktaUserRole()
        {
            string     UserName   = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("preferred_username").Value;
            PayoutUser payoutUser = _userManager.FindByEmailAsync(UserName).Result;

            if (payoutUser != null)
            {
                try
                {
                    string OktaUserId     = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault();
                    string UserRole       = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId, _optionOktaKeys.APIKey).Keys.FirstOrDefault();
                    var    IsInRoleResult = _userManager.IsInRoleAsync(payoutUser, UserRole).Result;

                    if (!IsInRoleResult)
                    {
                        SetUserRole(new UserRoleViewModel {
                            Username = payoutUser.Email, Role = UserRole
                        });
                    }
                }
                catch
                {
                    return(Ok("NotInGroup"));
                }
            }

            return(BadRequest());
        }
Пример #2
0
        public IActionResult SetUserRole([FromBody] UserRoleViewModel objUserRoleViewModel)
        {
            try
            {
                PayoutUser payoutUser = _userManager.FindByEmailAsync(objUserRoleViewModel.Username).Result;

                var roles  = _userManager.GetRolesAsync(payoutUser).Result;
                var result = _userManager.RemoveFromRolesAsync(payoutUser, roles.ToArray()).Result;

                Dictionary <string, string> OktaUserId = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, objUserRoleViewModel.Username);
                if (objUserRoleViewModel.IsOkta)
                {
                    Dictionary <string, string> GroupsUser = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId.FirstOrDefault().Value, _optionOktaKeys.APIKey);
                    foreach (string GroupId in GroupsUser.Values)
                    {
                        if (!OktaRequests.RemoveUserFromGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, GroupId, OktaUserId.FirstOrDefault().Value))
                        {
                            return(StatusCode((int)HttpStatusCode.InternalServerError, "error unassigning role from user in Okta"));
                        }
                    }
                }

                result = _userManager.AddToRoleAsync(payoutUser, objUserRoleViewModel.Role).Result;

                if (objUserRoleViewModel.IsOkta)
                {
                    string OktaGroup = OktaRequests.GetGroupIdFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, objUserRoleViewModel.Role);
                    if (!OktaRequests.AddUserToGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, OktaGroup, OktaUserId.FirstOrDefault().Value))
                    {
                        return(StatusCode((int)HttpStatusCode.InternalServerError, "error while setting role to user in Okta"));
                    }
                }

                if (result.Succeeded)
                {
                    return(Ok(result));
                }

                foreach (var error in result.Errors)
                {
                    ModelState.AddModelError("error", error.Description);
                }
            }
            catch (Exception ex)
            {
                _logger.LogError($"error while setting role to user: {ex}");
                return(StatusCode((int)HttpStatusCode.InternalServerError, "error while setting role to user: " + ex.Message));
            }

            return(BadRequest());
        }
Пример #3
0
        public async Task <IActionResult> CreateToken()
        {
            try
            {
                string UserName   = "";
                string OktaUserId = "";
                string UserRole   = "";
                if (System.Threading.Thread.CurrentPrincipal != null && ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).Claims.Count() > 0)
                {
                    UserName = ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).FindFirst("preferred_username").Value;
                    UserRole = ((ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity).Claims.Where(x => x.Type.Contains("identity/claims/role")).Select(x => x.Value).FirstOrDefault();
                }
                else
                {
                    UserName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("preferred_username").Value;
                }

                PayoutUser user = await _userManager.FindByNameAsync(UserName);

                if (((ClaimsIdentity)HttpContext.User.Identity).Claims.Count() > 0)
                {
                    OktaUserId = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault();
                    UserRole   = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, OktaUserId, _optionOktaKeys.APIKey).Keys.FirstOrDefault();

                    if (user == null)
                    {
                        user           = new PayoutUser();
                        user.Email     = UserName;
                        user.UserName  = UserName;
                        user.FirstName = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("given_name").Value;
                        user.LastName  = ((ClaimsIdentity)HttpContext.User.Identity).FindFirst("family_name").Value;

                        var result = CreateUserFromOkta(user, UserRole).Result;
                    }
                }

                var userClaims = await _userManager.GetClaimsAsync(user);

                return(Redirect(CreateToken(user, UserRole).Result));
            }
            catch (Exception ex)
            {
                _logger.LogError($"error while creating token: {ex}");
                return(StatusCode((int)HttpStatusCode.InternalServerError, "error while creating token"));
            }
        }
Пример #4
0
        public IActionResult ChangeOktaUserGroups(string UserName, bool IsChecked = false)
        {
            //string IdProvider = ((ClaimsIdentity)HttpContext.User.Identity).Claims.Where(x => x.Type.Contains("nameidentifier")).Select(x => x.Value).FirstOrDefault();
            Dictionary <string, string> OktaGroupsFromUser = OktaRequests.getGroupsFromUserOkta(_optionOktaKeys.URL, UserName, _optionOktaKeys.APIKey);
            Dictionary <string, string> OktaUser           = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserName);

            if (OktaUser.Count == 0)
            {
                PayoutUser User = _userManager.FindByEmailAsync(UserName).Result;
                OktaRequests.CreateUserInOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, User);

                OktaUser = OktaRequests.GetUserFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserName);
            }


            foreach (KeyValuePair <string, string> UserRole in OktaGroupsFromUser)
            {
                if (!OktaRequests.RemoveUserFromGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, UserRole.Value, OktaUser.First().Value))
                {
                    return(BadRequest());
                }
            }

            if (IsChecked)
            {
                string RS_Role   = _userManager.GetRolesAsync(_userManager.FindByEmailAsync(UserName).Result).Result.FirstOrDefault();
                string OktaGroup = OktaRequests.GetGroupIdFromOkta(_optionOktaKeys.URL, _optionOktaKeys.APIKey, RS_Role);

                if (!OktaRequests.AddUserToGroup(_optionOktaKeys.URL, _optionOktaKeys.APIKey, OktaGroup, OktaUser.First().Value))
                {
                    return(BadRequest());
                }
            }

            return(Ok());
        }