示例#1
0
        public ResponseDTO <Session> SsoLogin(SsoUserRequestDTO request)
        {
            ResponseDTO <Session> response = new ResponseDTO <Session>();

            // Before anything happens, validate that this request is coming from the known sso server
            if (!_signatureService.isValidSignature(request.GetStringToSign(), request.Signature))
            {
                response.Data  = null;
                response.Error = "My signature: " + _signatureService.Sign(request.GetStringToSign()) + " Compared to: " + request.Signature;
                _loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
                return(response);
            }

            // Protect against replay attacks by checking the timestamp
            if (DateTimeOffset.Now.AddSeconds(5).ToUnixTimeMilliseconds() < request.Timestamp)
            {
                response.Data  = null;
                response.Error = ErrorStrings.OLD_SSO_REQUEST;
                _loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
                return(response);
            }

            // Convert request SsoId into Guid
            Guid ssoId = new Guid(request.SsoUserId);

            // Search for user in database
            ResponseDTO <UserAccountDTO> userAccountResponse = _userManagementService.GetUserBySsoId(ssoId);
            UserAccountDTO userDTO = userAccountResponse.Data;

            // If the user does not exist in the data store, register the user as a standard user
            if (userAccountResponse.Data == null)
            {
                // Verify the email is not null
                if (request.Email == null)
                {
                    response.Data  = null;
                    response.Error = "User email may not be null.";
                    _loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
                    return(response);
                }

                // Create an unassigned user account
                UserAccount user = new UserAccount()
                {
                    SsoId       = ssoId,
                    Username    = request.Email,
                    IsActive    = true,
                    AcceptedTOS = false,
                    RoleType    = Roles.UNASSIGNED
                };
                List <Claim> newClaims = _claimService.GetUserClaims(Roles.UNASSIGNED, request.Email).Data;

                // Add user to datastore
                ResponseDTO <bool> createUserResponse = _userManagementService.CreateUser(user, newClaims);

                // Check if user creation succeded
                if (!createUserResponse.Data)
                {
                    response.Data  = null;
                    response.Error = createUserResponse.Error;
                    _loggerService.LogError(LogConstants.FAIL_LOGIN, request.SsoUserId, "", response.Error, "");
                    return(response);
                }

                // User now exists in database, proceed with login as normal
                userDTO = new UserAccountDTO(user);
            }

            // Create session for user
            ResponseDTO <Session> sessionResponseDTO = _sessionService.CreateSession(userDTO.Id);

            _loggerService.LogAction(LogConstants.ACTION_LOGIN, userDTO.SsoId.ToString(), sessionResponseDTO.Data.SessionId.ToString());

            return(sessionResponseDTO);
        }