public async Task <AuthenticationResponse> PostRegSysAuthenticationRequest(
[FromBody] RegSysAuthenticationRequest request)
{
return((await _authenticationHandler.AuthorizeViaRegSys(request))
.Transient403(HttpContext));
}
public async Task <AuthenticationResponse> AuthorizeViaRegSys(RegSysAuthenticationRequest request)
{
AuthenticationResult authenticationResult = null;
foreach (var provider in _authenticationProviders)
{
var providerResult = await provider.ValidateRegSysAuthenticationRequestAsync(request);
if (providerResult.IsAuthenticated)
{
authenticationResult = providerResult;
break;
}
}
if (authenticationResult == null)
{
_logger.LogWarning(LogEvents.Audit, "Authentication failed for {Username} {RegNo}", request.Username, request.RegNo);
return(null);
}
var uid = $"RegSys:{_conventionSettings.ConventionNumber}:{authenticationResult.RegNo}";
var identityRecord = await _regSysIdentityRepository.FindOneAsync(a => a.Uid == uid);
if (identityRecord == null)
{
identityRecord = new RegSysIdentityRecord
{
Id = Guid.NewGuid(),
Uid = uid,
Roles = new List <string>()
{
"Attendee"
}
};
await _regSysIdentityRepository.InsertOneAsync(identityRecord);
}
if (!String.IsNullOrWhiteSpace(request.AccessToken))
{
var accessToken = await _regSysAccessTokenRepository.FindOneAsync(a => a.Token == request.AccessToken);
if (accessToken != null && !accessToken.ClaimedAtDateTimeUtc.HasValue)
{
identityRecord.Roles = identityRecord.Roles
.Concat(accessToken.GrantRoles)
.Distinct()
.ToArray();
accessToken.ClaimedByUid = identityRecord.Uid;
accessToken.ClaimedAtDateTimeUtc = DateTime.UtcNow;
await _regSysAccessTokenRepository.ReplaceOneAsync(accessToken);
}
}
identityRecord.Username = authenticationResult.Username;
await _regSysIdentityRepository.ReplaceOneAsync(identityRecord);
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, uid),
new Claim(ClaimTypes.GivenName, authenticationResult.Username),
new Claim(ClaimTypes.PrimarySid, authenticationResult.RegNo.ToString()),
new Claim(ClaimTypes.GroupSid, _conventionSettings.ConventionNumber.ToString()),
new Claim(ClaimTypes.System, "RegSys")
};
claims.AddRange(identityRecord.Roles.Select(role => new Claim(ClaimTypes.Role, role)));
var expiration = DateTime.UtcNow.Add(_authenticationSettings.DefaultTokenLifeTime);
var token = _tokenFactory.CreateTokenFromClaims(claims, expiration);
var response = new AuthenticationResponse
{
Uid = uid,
Token = token,
TokenValidUntil = expiration,
Username = $"{authenticationResult.Username} ({authenticationResult.RegNo})"
};
_logger.LogInformation(LogEvents.Audit, "Authentication successful for {Username} {RegNo} ({Uid}) via {Source}",
authenticationResult.Username, authenticationResult.RegNo, response.Uid, authenticationResult.Source);
return(response);
}
public async Task <AuthenticationResponse> AuthorizeViaRegSys(RegSysAuthenticationRequest request)
{
AuthenticationResult authenticationResult = null;
foreach (var provider in _authenticationProviders)
{
var providerResult = await provider.ValidateRegSysAuthenticationRequestAsync(request);
if (providerResult.IsAuthenticated)
{
authenticationResult = providerResult;
break;
}
}
if (authenticationResult == null)
{
_logger.LogWarning("Authentication failed for {Username} {RegNo}", request.Username, request.RegNo);
return(null);
}
var uid = $"RegSys:{_conventionSettings.ConventionNumber}:{authenticationResult.RegNo}";
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, uid),
new Claim(ClaimTypes.GivenName, authenticationResult.Username),
new Claim(ClaimTypes.PrimarySid, authenticationResult.RegNo.ToString()),
new Claim(ClaimTypes.GroupSid, _conventionSettings.ConventionNumber.ToString()),
new Claim(ClaimTypes.Role, "Attendee"),
new Claim(ClaimTypes.System, "RegSys")
};
var expiration = DateTime.UtcNow.Add(_authenticationSettings.DefaultTokenLifeTime);
var token = _tokenFactory.CreateTokenFromClaims(claims, expiration);
var response = new AuthenticationResponse
{
Uid = uid,
Token = token,
TokenValidUntil = expiration,
Username = $"{authenticationResult.Username} ({authenticationResult.RegNo})"
};
var identityRecord = await _regSysIdentityRepository.FindOneAsync(a => a.Uid == uid);
if (identityRecord == null)
{
identityRecord = new RegSysIdentityRecord
{
Id = Guid.NewGuid(),
Uid = uid
};
await _regSysIdentityRepository.InsertOneAsync(identityRecord);
}
identityRecord.Username = authenticationResult.Username;
await _regSysIdentityRepository.ReplaceOneAsync(identityRecord);
_logger.LogInformation("Authentication successful for {Username} {RegNo} via {Source}",
authenticationResult.Username, authenticationResult.RegNo, authenticationResult.Source);
return(response);
}
public async Task <AuthenticationResult> ValidateRegSysAuthenticationRequestAsync(RegSysAuthenticationRequest request)
{
bool isValid = await VerifyCredentialSetAsync(request.RegNo, request.Username, request.Password);
return(isValid
? new AuthenticationResult
{
IsAuthenticated = true,
RegNo = request.RegNo,
Username = request.Username,
Source = GetType().Name
}
: new AuthenticationResult
{
IsAuthenticated = false,
Source = GetType().Name
});
}
public async Task <AuthenticationResult> ValidateRegSysAuthenticationRequestAsync(RegSysAuthenticationRequest request)
{
var result = new AuthenticationResult
{
Source = GetType().Name,
IsAuthenticated = false
};
var alternativePin =
(await _regSysAlternativePinRepository.FindAllAsync(a => a.RegNo == request.RegNo))
.SingleOrDefault();
if (alternativePin != null && request.Password == alternativePin.Pin)
{
result.IsAuthenticated = true;
result.RegNo = alternativePin.RegNo;
result.Username = alternativePin.NameOnBadge;
alternativePin.PinConsumptionDatesUtc.Add(DateTime.UtcNow);
await _regSysAlternativePinRepository.ReplaceOneAsync(alternativePin);
}
return(result);
}
