protected override void ProcessRecord() { var usersClient = Client.GetUsersClient(); var user = new User(Login, Email, FirstName, LastName, MobilePhone); user = usersClient.Add(user); WriteObject(user); }
// GET: AltLanding public ActionResult Landing(string oktaId) { Okta.Core.Models.User oktaUser = new Okta.Core.Models.User(); oktaUser.Id = oktaId; List <AppLink> myApps = oktaAppMgmt.GetUserAppLinks(oktaUser); return(View(myApps)); }
public OktaMembershipUser OktaUserToOktaMembershipUser(User oktaUser, bool populateApps = true) { bool isApproved = false; bool isLockedOut = false; var status = oktaUser.Status; if (status == "ACTIVE") { isApproved = true; } if (status == "PASSWORD_EXPIRED" | status == "LOCKED_OUT" | status == "RECOVERY") { isLockedOut = true; } DateTime lastLockoutDate = new DateTime(1754, 1, 1); string passwordQuestion = ""; if (oktaUser.Credentials.RecoveryQuestion.Answer != null) { passwordQuestion = oktaUser.Credentials.RecoveryQuestion.Answer; } OktaMembershipUser user = new OktaMembershipUser( Membership.Provider.Name.ToString(), oktaUser.Profile.Login, oktaUser.Id, oktaUser.Profile.Email, passwordQuestion, "", // "comment" - Okta doesn't have this concept by default isApproved, isLockedOut, oktaUser.Created, oktaUser.LastLogin, oktaUser.LastUpdated, oktaUser.PasswordChanged, lastLockoutDate ); if(!populateApps) { return user; } var userAppLinks = users.GetUserAppLinksClient(oktaUser); var appLinks = userAppLinks.ToList<AppLink>(); user.apps = from link in appLinks select new OktaAppLink(link); user.FirstName = oktaUser.Profile.FirstName; user.LastName = oktaUser.Profile.LastName; user.PhoneNumber = oktaUser.Profile.MobilePhone; return user; }
public OktaMembershipUser GetOktaMembershipUser(User oktaUser, bool populateApps = true) { return OktaUserToOktaMembershipUser(oktaUser, populateApps); }
public UserGroupsClient GetUserGroupsClient(User user) { return new UserGroupsClient(user, BaseClient); }
public UserFactorsClient GetUserFactorsClient(User user) { return new UserFactorsClient(user, BaseClient); }
public UserAppLinksClient GetUserAppLinksClient(User user) { return new UserAppLinksClient(user, BaseClient); }
/// <summary> /// Creates a new user account with the profile data in the "values" dictionary. /// /// See also: http://msdn.microsoft.com/en-us/library/gg537973%28v=vs.111%29.aspx /// </summary> /// <param name="userName">The user name</param> /// <param name="userPassword">The password</param> /// <param name="requireConfirmation">(Unused) Specify that the user account must be confirmed</param> /// <param name="values">A dictonary that should contain the keys "FirstName", "LastName", and "PhoneNumber"</param> /// <returns> /// (Unused) Always returns "". Intended to be used to return a token that could be sent to the user to confirm the user account. /// </returns> public override string CreateUserAndAccount(string userName, string userPassword, bool requireConfirmation, IDictionary<string, object> values) { var userProfile = new User( userName, // Login userName, // Email values["FirstName"].ToString(), // FirstName values["LastName"].ToString(), // LastName values["PhoneNumber"].ToString() // MobilePhone ); // FIXME: This could be made simpler? userProfile.Credentials = new LoginCredentials(); userProfile.Credentials.Password.Value = userPassword; try { var createdUser = okta.users.Add(userProfile); return ""; } catch (OktaException oktaException) { string errorSummary = oktaException.ErrorCauses[0].ErrorSummary; var status = MembershipCreateStatus.UserRejected; if (errorSummary.StartsWith("login: An object with this field already exists")) { status = MembershipCreateStatus.DuplicateUserName; } else if (errorSummary.StartsWith("Passwords must have at least")) { status = MembershipCreateStatus.InvalidPassword; } throw new MembershipCreateUserException(status); } }
public ActionResult VerifyActivate(string recoveryToken, string oktaId) { logger.Debug("VerifyActivate "); if (string.IsNullOrEmpty(recoveryToken) && TempData["recoveryToken"] != null) { recoveryToken = TempData["recoveryToken"].ToString(); } //set parameters string relayState = Request["relayState"]; if (string.IsNullOrEmpty(relayState) && Request.QueryString["RelayState"] != null) { relayState = Request.QueryString["RelayState"]; } else if (string.IsNullOrEmpty(relayState) && TempData["relayState"] != null) { relayState = (string)TempData["relayState"]; } TempData["relayState"] = relayState; string stateToken = Request["stateToken"]; if (string.IsNullOrEmpty(stateToken) && TempData["stateToken"] != null) { stateToken = TempData["stateToken"].ToString(); } TempData["stateToken"] = stateToken; string userName = Request["userName"]; if (string.IsNullOrEmpty(userName) && TempData["userName"] != null) { userName = TempData["userName"].ToString(); } TempData["userName"] = userName; //TempData["helpLink"] = MvcApplication.helpLink; string tokenFailedErrorMessage = "We could not activate your account at this time. Please try clicking the link in your email again " + "or contact the service center via the information at the bottom of the page."; //get UserClient based on Org credentials OktaClient oktaClient = new OktaClient(MvcApplication.apiToken, MvcApplication.apiUrl); UsersClient usersClient = oktaClient.GetUsersClient(); //Validate Token from branded email response link //get user profile data //compare with received token if (!string.IsNullOrEmpty(recoveryToken) && !string.IsNullOrEmpty(oktaId)) { //validate token //get custom profile for user User oktaBaseUser = new Okta.Core.Models.User(); CustomUser customUser = new CustomUser(oktaBaseUser); customUser = oktaUserMgmt.GetCustomUser(oktaId); if (customUser.Status != "STAGED") { //if it doesnt work out return to beginning logger.Error("Token validation is not appropriate for current user state " + customUser.Status); TempData["errMessage"] = tokenFailedErrorMessage; return(RedirectToAction("Index", "Home")); } if (string.IsNullOrEmpty(customUser.Profile.activation_passCode) || string.IsNullOrEmpty(customUser.Profile.activation_setDate)) { logger.Error("Token validation information is not available"); TempData["errMessage"] = tokenFailedErrorMessage; return(RedirectToAction("Index", "Home")); } //this is a one time token, so if profile received reset the data. string activation_passCode = customUser.Profile.activation_passCode; string activation_setDate = customUser.Profile.activation_setDate; customUser.Profile.activation_passCode = ""; customUser.Profile.activation_setDate = ""; bool rspSetCustomUserProfile = oktaUserMgmt.UpdateCustomUserAttributesOnly(customUser); if (!rspSetCustomUserProfile) { logger.Error("Unable to Set User Custom Profile to reset activation passCode: " + customUser.Profile.Email); TempData["errMessage"] = tokenFailedErrorMessage; return(RedirectToAction("Index", "Home")); } //compare to passed in token //Get current time DateTime currentTime = DateTime.Now; DateTime setTime = DateTime.Parse(activation_setDate); //Get the difference in Minutes between the set time and Current Time. TimeSpan timeSpan = currentTime.Subtract(setTime); long myInterval = Convert.ToInt32(timeSpan.TotalHours); long authExpiry = Convert.ToInt32(appSettings["custom.ActivationExpire_hours"]); //check received passcode matches what was saved in storage app attribute if (activation_passCode == recoveryToken) { //check for expired activation code if (authExpiry > myInterval) { //continue to set password User oktaUser = new User(); oktaUser.Id = oktaId; try { //transistion user accout from STAGED to PROVISIONED var rspUri = usersClient.Activate(oktaUser, sendEmail: false); //rsp is email activation link for embedded workflow //this cannot be branded so we are setting password directly } catch (OktaException ex) { if (ex.ErrorCode == "E0000001") { logger.Error("Api Valiadation Failed: " + userName); } else { logger.Error(userName + " = " + ex.ErrorCode + ":" + ex.ErrorSummary); // generic failure } TempData["errMessage"] = tokenFailedErrorMessage; return(RedirectToAction("Index", "Home")); }//end catch logger.Debug("Token Validated Successfully proceed to create password"); return(RedirectToAction("GetPassword")); } else { logger.Debug("Token is correct, but has exceeded time limit " + appSettings["custom.ActivationExpire_hours"] + " hours"); TempData["errMessage"] = tokenFailedErrorMessage; return(RedirectToAction("Index", "Home")); } } else { logger.Error("Cannot Validate Token: " + recoveryToken + " locator: " + oktaId); TempData["errMessage"] = tokenFailedErrorMessage; return(RedirectToAction("Index", "Home")); } } else { //if it doesnt work out return to beginning logger.Error("Cannot Validate Token: " + recoveryToken + " locator: " + oktaId); TempData["errMessage"] = tokenFailedErrorMessage; return(RedirectToAction("Index", "Home")); } }
// POST: Registration/Register public ActionResult Register(RegistrationViewModel registration) { logger.Debug("Register user " + registration.Email); //set parameters string relayState = Request["relayState"]; if (string.IsNullOrEmpty(relayState) && Request.QueryString["RelayState"] != null) { relayState = Request.QueryString["RelayState"]; } else if (string.IsNullOrEmpty(relayState) && TempData["relayState"] != null) { relayState = (string)TempData["relayState"]; } TempData["relayState"] = relayState; //string stateToken = Request["stateToken"]; //if (string.IsNullOrEmpty(stateToken) && TempData["stateToken"] != null) //{ // stateToken = TempData["stateToken"].ToString(); //} //TempData["stateToken"] = stateToken; //string oktaId = Request["oktaId"]; //if (string.IsNullOrEmpty(oktaId) && TempData["oktaId"] != null) //{ // oktaId = TempData["oktaId"].ToString(); //} //TempData["oktaId"] = oktaId; //string userName = Request["userName"]; //if (string.IsNullOrEmpty(userName) && TempData["userName"] != null) //{ // userName = TempData["userName"].ToString(); //} //TempData["userName"] = userName; CustomUser newCustomUser = null; CustomUser addedCustomUser = null; //User addedOktaUser = new Okta.Core.Models.User(); //CustomUser addedCustomUser = new CustomUser(addedOktaUser); if (!ModelState.IsValid) { logger.Debug("registration data was not received correctly"); TempData["errMessage"] = "We found a few errors with your registration data. Please check the fields below for specific messages."; return(View("Index", registration)); } //check for existing account newCustomUser = VerifyIdentity(registration); if (newCustomUser != null && newCustomUser.Id != null) { // If the user exists, redirect back to registration where they can choose to reset password return(RedirectToAction("Index", "Home", new { email = registration.Email })); } else { //new user not found User newOktaUser = new Okta.Core.Models.User(); newCustomUser = new CustomUser(newOktaUser); //tranform user profile from registration to customuser newCustomUser.Profile.Login = registration.Email; newCustomUser.Profile.Email = registration.Email; newCustomUser.Profile.FirstName = registration.FirstName; newCustomUser.Profile.LastName = registration.LastName; newCustomUser.Profile.customId = registration.customId; } ////CustomUser customUserProfileExt = new CustomUser(); //CustomUser customUserProfileExt = null; //customUserProfileExt = oktaUserMgmt.GetCustomUser(registration.Email); //if (customUserProfileExt != null && customUserProfileExt.Id != null) //{ // // If the user exists, redirect to ForgotUsername/UserFound // // TODO: Update to VerifyIdentity when available (not the same flow as ForgotUsername // //return RedirectToAction("UserFound", "ForgotUsername", new { email = registration.Email }); // return RedirectToAction("UserFound", new { email = registration.Email }); //} //new user creation //create user with profile //will create user with multiple api calls //first user is created with status=STAGED with no password //branded email sent to user with custom activation link //hitting custom activation link will activate account and prompt user for password //lastly set password Random random = new Random(); string firstName = null; //generate passCode as one time activation token string activation_passCode = random.Next(99999, 1000000).ToString(); string activation_setDate = DateTime.Now.ToString(); string createFailedErrorMessage = "We could not register your account at this time. Please try again or contact the service center via the information" + " at the bottom of the page if this has happened multiple times."; newCustomUser.Profile.activation_passCode = activation_passCode; newCustomUser.Profile.activation_setDate = activation_setDate; //addedCustomUser = oktaUserMgmt.AddCustomUser(newCustomUser, activation_passCode, activation_setDate); addedCustomUser = oktaUserMgmt.AddCustomUser(newCustomUser); if (addedCustomUser != null) { //if (addedCustomUser.Status == "ACTIVE") //{ // //error, newly created user should be STAGED and must have okta Id // logger.Error("user creation success for email " + registration.Email + " status " + addedCustomUser.Status); // TempData["errMessage"] = "Created User success for " + registration.Email; // TempData["txtUserName"] = addedCustomUser.Profile.Login; // TempData["txtPassword"] = newCustomUser.Credentials.Password.Value; // return RedirectToAction("SilentLogin", "Home"); //} if (addedCustomUser.Status != "STAGED" || string.IsNullOrEmpty(addedCustomUser.Id)) { //error, newly created user should be STAGED and must have okta Id logger.Error("user creation failed for email " + registration.Email + " status " + addedCustomUser.Status); TempData["errMessage"] = createFailedErrorMessage; return(View("Index", registration)); } } else { logger.Error("user creation failed for email " + registration.Email); TempData["errMessage"] = createFailedErrorMessage; return(View("Index", registration)); } //send branded email with activation link TempData["recoveryToken"] = addedCustomUser.Profile.activation_passCode; TempData["oktaId"] = addedCustomUser.Id; if (string.IsNullOrEmpty(addedCustomUser.Profile.FirstName)) { var index = registration.Email.IndexOf("."); if (index > 0) { firstName = registration.Email.Substring(0, index); } else { var index2 = registration.Email.IndexOf("@"); if (index2 > 0) { firstName = registration.Email.Substring(0, index2); } else { firstName = registration.Email; } } } else { firstName = addedCustomUser.Profile.FirstName; } firstName = CultureInfo.CurrentCulture.TextInfo.ToTitleCase(firstName); TempData["firstName"] = firstName; TempData["linkExpiry"] = appSettings["custom.ActivationExpire_hours"]; SendEmail(addedCustomUser, TempData["relayState"] == null ? null : TempData["relayState"].ToString()); logger.Debug("Branded Email Sent " + addedCustomUser.Profile.Email + " with passCode " + activation_passCode); //with branded, display sent message return(RedirectToAction("Success")); }