public AuthenticatedUser(User user, Credential cred)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (cred == null)
{
throw new ArgumentNullException("cred");
}
User = user;
CredentialUsed = cred;
}
private void SendCredentialChangeNotice(User user, Credential changed, string bodyTemplate, string subjectTemplate)
{
// What kind of credential is this?
var credViewModel = AuthService.DescribeCredential(changed);
string name = credViewModel.AuthUI == null ? credViewModel.TypeCaption : credViewModel.AuthUI.AccountNoun;
string body = String.Format(
CultureInfo.CurrentCulture,
bodyTemplate,
name);
string subject = String.Format(
CultureInfo.CurrentCulture,
subjectTemplate,
Config.GalleryOwner.DisplayName,
name);
SendSupportMessage(user, body, subject);
}
public void SendCredentialAddedNotice(User user, Credential added)
{
SendCredentialChangeNotice(
user,
added,
Strings.Emails_CredentialAdded_Body,
Strings.Emails_CredentialAdded_Subject);
}
public virtual AuthenticatedUser Authenticate(Credential credential)
{
if (credential.Type.StartsWith(CredentialTypes.Password.Prefix, StringComparison.OrdinalIgnoreCase))
{
// Password credentials cannot be used this way.
throw new ArgumentException(Strings.PasswordCredentialsCannotBeUsedHere, "credential");
}
using (Trace.Activity("Authenticate Credential: " + credential.Type))
{
var matched = FindMatchingCredential(credential);
if (matched == null)
{
Trace.Information("No user matches credential of type: " + credential.Type);
return null;
}
Trace.Verbose("Successfully authenticated '" + matched.User.Username + "' with '" + matched.Type + "' credential");
return new AuthenticatedUser(matched.User, matched);
}
}
private async Task<ActionResult> RemoveCredential(User user, Credential cred, string message)
{
// Count login credentials
if (CountLoginCredentials(user) <= 1)
{
TempData["Message"] = Strings.CannotRemoveOnlyLoginCredential;
}
else if (cred != null)
{
await AuthService.RemoveCredential(user, cred);
// Notify the user of the change
MessageService.SendCredentialRemovedNotice(user, cred);
TempData["Message"] = message;
}
return RedirectToAction("Account");
}
public static bool ValidatePasswordCredential(IEnumerable<Credential> creds, string password, out Credential matched)
{
matched = creds.FirstOrDefault(c => ValidatePasswordCredential(c, password));
return matched != null;
}
public static bool ValidatePasswordCredential(Credential cred, string password)
{
Func<string, Credential, bool> validator;
if (!_validators.TryGetValue(cred.Type, out validator))
{
return false;
}
return validator(password, cred);
}
private async Task ReplaceCredentialInternal(User user, Credential credential)
{
// Find the credentials we're replacing, if any
var toRemove = user.Credentials
.Where(cred =>
// If we're replacing a password credential, remove ALL password credentials
(credential.Type.StartsWith(CredentialTypes.Password.Prefix, StringComparison.OrdinalIgnoreCase) &&
cred.Type.StartsWith(CredentialTypes.Password.Prefix, StringComparison.OrdinalIgnoreCase)) ||
cred.Type == credential.Type)
.ToList();
foreach (var cred in toRemove)
{
user.Credentials.Remove(cred);
Entities.DeleteOnCommit(cred);
}
if (toRemove.Any())
{
await Auditing.SaveAuditRecord(new UserAuditRecord(
user, UserAuditAction.RemovedCredential, toRemove));
}
user.Credentials.Add(credential);
await Auditing.SaveAuditRecord(new UserAuditRecord(
user, UserAuditAction.AddedCredential, credential));
}
private Credential FindMatchingCredential(Credential credential)
{
var results = Entities
.Set<Credential>()
.Include(u => u.User)
.Include(u => u.User.Roles)
.Where(c => c.Type == credential.Type && c.Value == credential.Value)
.ToList();
if (results.Count == 0)
{
return null;
}
else if (results.Count == 1)
{
return results[0];
}
else
{
// Don't put the credential itself in trace, but do put the Key for lookup later.
string message = String.Format(
CultureInfo.CurrentCulture,
Strings.MultipleMatchingCredentials,
credential.Type,
results.First().Key);
Trace.Error(message);
throw new InvalidOperationException(message);
}
}
public virtual CredentialViewModel DescribeCredential(Credential credential)
{
var kind = GetCredentialKind(credential.Type);
Authenticator auther = null;
if (kind == CredentialKind.External)
{
string providerName = credential.Type.Split('.')[1];
if (!Authenticators.TryGetValue(providerName, out auther))
{
auther = null;
}
}
return new CredentialViewModel()
{
Type = credential.Type,
TypeCaption = FormatCredentialType(credential.Type),
Identity = credential.Identity,
Value = kind == CredentialKind.Token ? credential.Value : String.Empty,
Kind = kind,
AuthUI = auther == null ? null : auther.GetUI()
};
}
public virtual async Task RemoveCredential(User user, Credential cred)
{
await Auditing.SaveAuditRecord(new UserAuditRecord(user, UserAuditAction.RemovedCredential, cred));
user.Credentials.Remove(cred);
Entities.Credentials.Remove(cred);
Entities.SaveChanges();
}
public virtual async Task AddCredential(User user, Credential credential)
{
await Auditing.SaveAuditRecord(new UserAuditRecord(user, UserAuditAction.AddedCredential, credential));
user.Credentials.Add(credential);
Entities.SaveChanges();
}
public virtual async Task ReplaceCredential(User user, Credential credential)
{
await ReplaceCredentialInternal(user, credential);
Entities.SaveChanges();
}
public virtual Task ReplaceCredential(string username, Credential credential)
{
var user = Entities
.Users
.Include(u => u.Credentials)
.SingleOrDefault(u => u.Username == username);
if (user == null)
{
throw new InvalidOperationException(Strings.UserNotFound);
}
return ReplaceCredential(user, credential);
}
public virtual Task<AuthenticatedUser> Register(string username, string password, string emailAddress)
{
var hashedPassword = CryptographyService.GenerateSaltedHash(password, Constants.PBKDF2HashAlgorithmId);
var passCred = new Credential(CredentialTypes.Password.Pbkdf2, hashedPassword);
return Register(username, emailAddress, passCred);
}
public virtual async Task<AuthenticatedUser> Register(string username, string emailAddress, Credential credential)
{
var existingUser = Entities.Users
.FirstOrDefault(u => u.Username == username || u.EmailAddress == emailAddress);
if (existingUser != null)
{
if (String.Equals(existingUser.Username, username, StringComparison.OrdinalIgnoreCase))
{
throw new EntityException(Strings.UsernameNotAvailable, username);
}
else
{
throw new EntityException(Strings.EmailAddressBeingUsed, emailAddress);
}
}
var apiKey = Guid.NewGuid();
var newUser = new User(username)
{
EmailAllowed = true,
UnconfirmedEmailAddress = emailAddress,
EmailConfirmationToken = CryptographyService.GenerateToken(),
CreatedUtc = DateTime.UtcNow
};
// Add a credential for the password and the API Key
newUser.Credentials.Add(CredentialBuilder.CreateV1ApiKey(apiKey));
newUser.Credentials.Add(credential);
if (!Config.ConfirmEmailAddresses)
{
newUser.ConfirmEmailAddress();
}
// Write an audit record
await Auditing.SaveAuditRecord(new UserAuditRecord(newUser, UserAuditAction.Registered));
Entities.Users.Add(newUser);
Entities.SaveChanges();
return new AuthenticatedUser(newUser, credential);
}
