public async Task <IActionResult> Backdoor()
{
if (ManagerConfiguration.IsBackdoorEnabled)
{
await Connection.User.AuthenticateAsync(new TokenRequestModel
{
Identifier = new UserIdentifier
{
OrganizationKey = ManagerConfiguration.BackdoorOrganizationKey,
UserKey = ManagerConfiguration.BackdoorUserKey
},
Password = ManagerConfiguration.BackdoorPassword,
ClientClaims = "FullFrame"
});
Connection.AddCookieTokenToResponse();
return(Redirect($"/case-list/{HttpUtility.UrlEncode(Connection.UserIdentifier.OrganizationKey)}"));
}
return(BadRequest());
}
public async Task <UserAuthenticatedResponse> AuthenticateUserAsync(AuthenticateUserRequest authenticateUserRequest, string linkEncryptionKey)
{
if (String.IsNullOrEmpty(authenticateUserRequest.Token))
{
return(new UserAuthenticatedResponse()
{
IsAuthenticated = false
});
}
// Get the magic link object back out from the token.
var magicLink = ModuleUtility.DecryptMagicLink(authenticateUserRequest.Token, linkEncryptionKey);
// Now we have a magic link object, we need to compare the email on the token, with the one that was passed in.
if (magicLink.RecipientEmail.ToLower() != authenticateUserRequest.Email.ToLower() ||
magicLink.ExipirationDate < DateTime.UtcNow // next let's check that this link hasn't expired.
) // Next we check to make sure the folder keys are the same.
{
return(new UserAuthenticatedResponse()
{
IsAuthenticated = false
});
}
// Before we can operate, and get any folder details, we're also going to need to authenticate the user in the backend. This will properly set things on the connection
// such that it can make a backed call.
try
{
await connection.User.AuthenticateAsync(new TokenRequestModel
{
Identifier = ModuleUtility.GetFolderScopedUserIdentifier(magicLink.FolderIdentifier, authenticateUserRequest.Email, "leo"),
Password = authenticateUserRequest.Password
});
connection.AddCookieTokenToResponse();
// Now we can do the password check. We're going to check that the password in our database matches on hash
// the password that came in on the request.
var folder = await connection.Folder.GetAsync(magicLink.FolderIdentifier);
// get the recipients, so we can find this particular recipient.
var officers = folder.MetaLEOUploadOfficerListRead();
var recipient = officers.Where(rec => rec.Email.ToLower() == magicLink.RecipientEmail.ToLower()).FirstOrDefault();
// We check to make sure that there's a recipient on this folder that matches by email, and that the plain text
// password that was passed in matches the password in our database.
if (recipient != null && BCrypt.Verify(authenticateUserRequest.Password, recipient.PasswordHash))
{
await this.auditLogStore.AddEntry(
new AuditLogEntry()
{
EntryType = AuditLogEntryType.LEOUploadUserLogin,
Message = "An officer Has Logged in.",
ModuleType = Modules.ModuleType.LEOUpload
},
folder.Identifier,
connection
);
return(new UserAuthenticatedResponse()
{
IsAuthenticated = true,
FolderIdentifier = folder.Identifier,
PathIdentifier = GetOfficerPath(folder.Identifier, recipient.FirstName, recipient.LastName)
});
}
else
{
return(new UserAuthenticatedResponse()
{
IsAuthenticated = false
});
}
}
catch (Exception)
{
return(new UserAuthenticatedResponse()
{
IsAuthenticated = false
});
}
}