Пример #1
0
        public async Task <UserSettings> PostValidate()
        {
            UserInfo user = await GetUserInfoAsync();

            if (user == null)
            {
                Dictionary <string, string> claims = await GetApiTokenClaimsAsync();

                string email = claims[ClaimTypes.Email];
                if (!await UserOperations.CheckNewUserAllowed(DbContext, email))
                {
                    throw new HttpResponseException(HttpStatusCode.Forbidden);
                }

                // User must either be on the master list, or invited.
                if (!MasterEmails.Contains(email))
                {
                    Invitation inv = await DbContext.Invitations.SingleOrDefaultAsync(i => i.Email == email);

                    if (inv == null)
                    {
                        throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden)
                        {
                            Content = new StringContent("Not invited")
                        });
                    }
                }

                string msaKey  = claims[ClaimTypes.NameIdentifier];
                string msaName = claims[ClaimTypes.Name];
                user = new UserInfo
                {
                    UserInfoId = Guid.NewGuid().ToString("d"),
                    Email      = email,
                    MicrosoftAccountProviderKeyApi = msaKey,
                    Name = msaName,
                };

                DbContext.UserInfos.Add(user);

                await DbContext.SaveChangesAsync();
            }

            return(UserOperations.GetUserSettings(user));
        }
Пример #2
0
        public async Task <ActionResult> ExternalLoginCallback(string returnUrl)
        {
            var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();

            if (loginInfo == null)
            {
                return(RedirectToAction("Login"));
            }

            // Sign in the user with this external login provider if the user already has a login
            SignInStatus result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent : false);

            switch (result)
            {
            case SignInStatus.Success:
                return(RedirectToLocal(returnUrl));

            case SignInStatus.LockedOut:
                return(View("Lockout"));

            case SignInStatus.RequiresVerification:
                return(RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = false }));

            case SignInStatus.Failure:
            default:

                // It's possible the account already exists through API use, in which case
                // we need to store the web MSA account key in the same account.
                ApplicationDbContext dbContext    = Request.GetOwinContext().Get <ApplicationDbContext>();
                UserInfo             existingUser = await dbContext.UserInfos
                                                    .SingleOrDefaultAsync(u => u.Email == loginInfo.Email);

                if (existingUser != null)
                {
                    existingUser.MicrosoftAccountProviderKeyWeb = loginInfo.Login.ProviderKey;
                    await dbContext.SaveChangesAsync();

                    result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent : false);

                    return(RedirectToLocal(returnUrl));
                }
                if (!await UserOperations.CheckNewUserAllowed(dbContext, loginInfo.Email))
                {
                    return(RedirectToAction("Login"));
                }

                // Because we set up the MSA scopes to include wl.emails, we'll have
                // the user's primary email at this point. We also get their display
                // name thanks to wl.basic, so we can create the account right
                // now. But first we need to check it they're invited (or on the master
                // list).
                var user = new ApplicationUser(loginInfo);
                if (!UiControllerBase.MasterEmails.Contains(user.Email))
                {
                    Invitation inv = await dbContext.Invitations.SingleOrDefaultAsync(i => i.Email == user.Email);

                    if (inv == null)
                    {
                        return(RedirectToAction("NotInvited"));
                    }
                }


                IdentityResult createUserResult = await UserManager.CreateAsync(user);

                if (createUserResult.Succeeded)
                {
                    // Usually at this point you'd call UserManager.AddLoginAsync
                    // to associate the external login with the new user. However,
                    // our user accounts are inextricably linked to the MSA login,
                    // so a) we don't need to and b) we can't - AddLoginAsync first
                    // checks that there isn't already an account associated with
                    // this login before proceeding, but of course it will find
                    // the user we just created when it does that.
                    // So we're done now, and just need to ask the sign in manager
                    // to set up the cookie for us.

                    await SignInManager.SignInAsync(user, isPersistent : false, rememberBrowser : false);

                    return(RedirectToLocal(returnUrl));
                }
                AddErrors(createUserResult);
                return(View("Error"));
            }
        }