/// <summary>
/// Method that tries to login in the user with a cookie.
/// Requires Profile API to be initialised.
/// </summary>
/// <param name="signInComponent">Initialised SignIn Component</param>
/// <param name="autoLogIn">Indicates whether user login was performed.</param>
/// <param name="migrated">Indicate whether the user is migrating. This happens when we can't find the identity userid, but we can the legacy sso id</param>
private void TryLoginUser(ref IDnaIdentityWebServiceProxy signInComponent, ref bool autoLogIn, ref bool migrated)
{
autoLogIn = false;
_userID = 0;
// Check to see if they are logged in
_userLoggedIn = signInComponent.IsUserLoggedIn;
if (!_userLoggedIn)
{
try
{
// Try to log them into the service
_userLoggedIn = signInComponent.LoginUser();
autoLogIn = _userLoggedIn;
}
catch (ProfileAPIException ex)
{
// Catch any Profile Exceptions, but don't throw as we can carry on without the user being logged in
InputContext.Diagnostics.WriteWarningToLog("User", "Failed to log in user");
InputContext.Diagnostics.WriteExceptionToLog(ex);
_userLoggedIn = false;
}
//catch (MySql.Data.MySqlClient.MySqlException ex)
//{
// InputContext.Diagnostics.WriteWarningToLog("User", "Failed to log in user");
// InputContext.Diagnostics.WriteExceptionToLog(ex);
// _userLoggedIn = false;
//}
}
_loginName = signInComponent.LoginName;
// Now get the userid if we logged them in ok
if (_userLoggedIn)
{
GetDnaUserIDFromSignInID(signInComponent, "");
if (_userID == 0 && signInComponent.SignInSystemType == SignInSystem.Identity)
{
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "legacy_user_id"))
{
int legacyID = 0;
if (int.TryParse(signInComponent.GetUserAttribute("legacy_user_id"), out legacyID))
{
GetDnaUserIDFromSignInID(signInComponent, legacyID.ToString());
migrated = true;
}
}
}
}
}
/// <summary>
/// <param name="signInComponent"></param>
/// <param name="ssoLoginName"></param>
/// <param name="ssoEmail"></param>
/// <param name="ssoFirstNames"></param>
/// <param name="ssoLastName"></param>
/// <param name="identityUserID"></param>
/// <param name="ssoUserID"></param>
/// <param name="ssoDisplayName"></param>
/// </summary>
private bool ReadUserSSODetails(IDnaIdentityWebServiceProxy signInComponent, out string ssoLoginName, out string ssoEmail, out string ssoFirstNames, out string ssoLastName, out string identityUserID, out int ssoUserID, out string ssoDisplayName)
{
ssoLoginName = signInComponent.LoginName;
ssoDisplayName = string.Empty;
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "displayname"))
{
ssoDisplayName = signInComponent.GetUserAttribute("displayname");
}
ssoEmail = string.Empty;
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "email"))
{
ssoEmail = signInComponent.GetUserAttribute("email");
}
ssoFirstNames = string.Empty;
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "firstname"))
{
ssoFirstNames = signInComponent.GetUserAttribute("firstname");
}
ssoLastName = string.Empty;
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "lastname"))
{
ssoLastName = signInComponent.GetUserAttribute("lastname");
}
ssoUserID = 0;
identityUserID = signInComponent.UserID;
if (signInComponent.GetUserAttribute("legacy_user_id").Length > 0)
{
ssoUserID = Convert.ToInt32(signInComponent.GetUserAttribute("legacy_user_id"));
}
return true;
}
/// <summary>
/// Checks to see if the current users email is in the banned email list
/// </summary>
/// <param name="signInComponent">The Signin component for this request</param>
/// <returns>True if they are, false if not</returns>
/// <remarks>If there are any problems encounted within the method, then it defaults by returning true for safety reasons.</remarks>
private bool IsEmailInBannedList(IDnaIdentityWebServiceProxy signInComponent)
{
// User should be logged in before calling this method
if (!signInComponent.IsUserLoggedIn)
{
return true;
}
// Get the current users cookie
DnaCookie cookie;
if (signInComponent.SignInSystemType == SignInSystem.Identity)
{
cookie = InputContext.GetCookie("IDENTITY");
}
else
{
cookie = InputContext.GetCookie("SSO2-UID");
}
bool validCookie = (cookie != null && cookie.Value != null && cookie.Value.Length >= 64);
// Check to see if the users cookie is in the banned cookie list
if (validCookie)
{
// Lock the banned list while we check
Monitor.Enter(_lock);
try
{
foreach (string bannedCookie in AppContext.BannedCookies)
{
// If we find a match, then return true as they are banned
if (cookie.Value.CompareTo(bannedCookie) == 0)
{
return true;
}
}
}
finally
{
Monitor.Exit(_lock);
}
}
// Now check to see if their email is in the banned list in the database
string ssoEmail = string.Empty;
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "email"))
{
// Get the email for this current user
ssoEmail = signInComponent.GetUserAttribute("email");
}
else
{
// The service does not support emails, nothing to check. Return not banned
return false;
}
// Make sure we have an email from SSO
if (ssoEmail.Length == 0)
{
return true;
}
// Check it against the database
using (IDnaDataReader reader = InputContext.CreateDnaDataReader("IsEmailInBannedList"))
{
// Add the email param, execute and then check the return value
reader.AddParameter("Email", ssoEmail);
reader.Execute();
// Check to make sure we got something back!
if (!reader.HasRows || !reader.Read())
{
return true;
}
// If they are banned and they have a valid cookie, add them to the banned list and return true
if (reader.GetInt32("IsBanned") > 0)
{
// Add the users cookie to the banned cookie list, and then return
if (validCookie)
{
// Lock the banned list while we add the cookie
Monitor.Enter(_lock);
try
{
AppContext.BannedCookies.Add(cookie.Value);
}
finally
{
Monitor.Exit(_lock);
}
}
return true;
}
}
// If we get here, then we're not banned
return false;
}
