public async Task TokenValidated(TokenValidatedContext context)
        {
            var userSessionBusinessLogic = context.HttpContext.RequestServices.GetService <IUserSessionBusinessLogic>();

            var isValid = await userSessionBusinessLogic.GetIsPrincipalValid(context.Ticket.Principal);

            if (isValid)
            {
                context.HandleResponse();
            }
        }
Пример #2
0
        public Task ExecutionTokenValidation(TokenValidatedContext context)
        {
            try
            {
                if (context == null)
                {
                    throw new ArgumentNullException(nameof(context));
                }
                if (context.Principal == null)
                {
                    throw new ArgumentNullException(nameof(context.Principal));
                }

                var emailAddress        = StringExtensions.Coalesce(context.Principal.GetClaimValue("Email"), context.Principal.GetClaimValue("Email Address"));
                var odsCode             = context.Principal.GetClaimValue("ODS");
                var organisationDetails = _ldapService.GetOrganisationDetailsByOdsCode(odsCode);
                if (organisationDetails != null)
                {
                    var organisation = _applicationService.GetOrganisation(organisationDetails.ODSCode);
                    var loggedOnUser = _applicationService.LogonUser(new User
                    {
                        EmailAddress   = emailAddress,
                        DisplayName    = context.Principal.GetClaimValue("DisplayName"),
                        OrganisationId = organisation.OrganisationId
                    });

                    if (!loggedOnUser.IsAuthorised)
                    {
                        context.Response.Redirect("/AccessDenied");
                        context.HandleResponse();
                    }
                    else
                    {
                        if (context.Principal.Identity is ClaimsIdentity identity)
                        {
                            identity.AddOrReplaceClaimValue("Email", emailAddress);
                            identity.AddClaim(new Claim("OrganisationName", organisationDetails.OrganisationName));
                            identity.AddClaim(new Claim("UserSessionId", loggedOnUser.UserSessionId.ToString()));
                            identity.AddClaim(new Claim("UserId", loggedOnUser.UserId.ToString()));
                            identity.AddClaim(new Claim("ProviderODSCode", odsCode));
                        }
                    }
                }
            }
            catch (Exception exc)
            {
                _logger.LogError(exc, "An error occurred attempting to authorise the user");
                throw;
            }
            return(Task.CompletedTask);
        }
        /// <summary>
        /// Checks if the user is reviewed and assigns the automatic user roles
        /// </summary>
        /// <param name="context"></param>
        /// <returns></returns>
        public override async Task TokenValidated(TokenValidatedContext context)
        {
            var user = await GetUserDetails(context);

            if (user == null)
            {
                var localUrl = context.Properties.Items["localUrl"];
                context.Response.Redirect(BuildTermsNewUserUri(_cpConfig, localUrl));
                context.HandleResponse();
            }
            else
            {
                await EnsureUserIsReviewed(user);

                if (!user.IsFederated)
                {
                    await EnsureUserRoles(user);
                }
            }
        }