private ActionResult List(string categorySlug, string query, UrlToken <SortOrder> order, UrlToken <SortDirection> direction, int?page, int?size)
{
CategoryModel category = null;
if (!string.IsNullOrEmpty(categorySlug))
{
category = _categoryRepository.GetBySlug(categorySlug);
if (category == null)
{
throw new HttpException((int)HttpStatusCode.NotFound, Resources.Error_NotFound_Category);
}
}
int totalItemsCount;
var collection = _productRepository.GetProducts(category, query, order, direction, ref page, ref size, out totalItemsCount);
var viewModel = new ProductListViewModel(collection)
{
Category = category,
Query = query,
Page = page.GetValueOrDefault(),
Size = size.GetValueOrDefault(),
Order = order,
Direction = direction,
TotalItemsCount = totalItemsCount
};
return(ViewAsync(Views.List, Views._List, viewModel));
}
public async Task StartAsync(IDialogContext context)
{
Logger.Info("StartAsync...");
var incoming = context.Activity as Activity;
var jsonText = JsonConvert.SerializeObject(incoming.ChannelData);
Logger.Info($"JsonText={jsonText}");
var channelData = JsonConvert.DeserializeObject <OCSBot.Shared.Models.DirectLineChannelData>(jsonText);
Logger.Info($"ChannelData.DirectLineBotID={channelData.DirectLineBotID}");
var storage = new AgentStatusStorage(ConfigurationHelper.GetString("BotStatusDBConnectionString"));
var localConversation = (await storage.FindMyConversationActivityAsync(channelData.UserID)).FirstOrDefault();
Logger.Info($"localConversation={localConversation}");
var resumptionCookie = UrlToken.Decode <ResumptionCookie>(localConversation.LocalActivity);
var localActivity = resumptionCookie.GetMessage();
var message = ((Activity)context.Activity).Text.Replace("reply:", "");
message = $"[{incoming.From.Name}]{message}";
var reply = localActivity.CreateReply(message);
Logger.Info($"reply={JsonConvert.SerializeObject(reply)}");
var localConnector = new ConnectorClient(new Uri(localActivity.ServiceUrl),
new MicrosoftAppCredentials(
ConfigurationHelper.GetString("MicrosoftAppId"),
ConfigurationHelper.GetString("MicrosoftAppPassword")),
true);
Microsoft.Bot.Connector.Conversations localConversations = new Microsoft.Bot.Connector.Conversations(localConnector);
localConversations.ReplyToActivity(reply);
Logger.Info("Done");
}
public UrlBuilder(Provider <UrlToken> urlToken, IUrlHelper urlHelper)
{
Ensure.NotNull(urlToken, "urlToken");
Ensure.NotNull(urlHelper, "urlHelper");
this.urlToken = urlToken.Optional;
this.urlHelper = urlHelper;
}
/// <summary>
/// Generates the state to be utilized with the authentication request.
/// </summary>
/// <param name="context">Context for the dialog.</param>
/// <returns>A string that represents the current state for the user.</returns>
/// <exception cref="ArgumentNullException">
/// <paramref name="context"/> is null.
/// </exception>
private string GenerateState(IDialogContext context)
{
Dictionary <string, string> state;
Guid uniqueId = Guid.NewGuid();
context.AssertNotNull(nameof(context));
try
{
state = new Dictionary <string, string>
{
{ BotConstants.BotIdKey, conversationReference.Bot.Id },
{ BotConstants.ChannelIdKey, conversationReference.ChannelId },
{ BotConstants.ConversationIdKey, conversationReference.Conversation.Id },
{ BotConstants.UniqueIdentifierKey, uniqueId.ToString() },
{ BotConstants.ServiceUrlKey, conversationReference.ServiceUrl },
{ BotConstants.UserIdKey, conversationReference.User.Id }
};
// Save the unique identifier in the user's private conversation store. This value will be
// utilized to verify the authentication request.
context.PrivateConversationData.SetValue(BotConstants.UniqueIdentifierKey, uniqueId);
return(UrlToken.Encode(state));
}
finally
{
state = null;
}
}
private void RequestLogin(Microsoft.Bot.Connector.Activity message)
{
var resumptionCookie = new ResumptionCookie(message);
var encodedResumptionCookie = UrlToken.Encode <ResumptionCookie>(resumptionCookie);
Microsoft.Bot.Connector.Activity oriMessage = resumptionCookie.GetMessage();
var reply = oriMessage.CreateReply(Messages.BOT_PLEASE_LOGIN);
reply.Recipient = oriMessage.From;
reply.Type = Microsoft.Bot.Connector.ActivityTypes.Message;
reply.Attachments = new List <Microsoft.Bot.Connector.Attachment>();
List <Microsoft.Bot.Connector.CardAction> cardButtons = new List <Microsoft.Bot.Connector.CardAction>();
var encodedCookie = UrlToken.Encode(resumptionCookie);
Microsoft.Bot.Connector.CardAction button = new Microsoft.Bot.Connector.CardAction()
{
Value = $"{ConfigurationHelper.GetString("AgentLogin_URL")}?cookie={encodedCookie}",
Type = "signin",
Title = Messages.BOT_SIGNIN_BUTTON_TEXT,
Image = "https://michistorageea.blob.core.windows.net/cdn/login.png"
};
cardButtons.Add(button);
Microsoft.Bot.Connector.SigninCard plCard = new Microsoft.Bot.Connector.SigninCard(
text: $"{Messages.BOT_PLEASE_LOGIN}",
buttons: cardButtons);
Microsoft.Bot.Connector.Attachment plAttachment = plCard.ToAttachment();
reply.Attachments.Add(plAttachment);
ConnectorClient connector = new ConnectorClient(new Uri(message.ServiceUrl));
var response = connector.Conversations.SendToConversation(reply);
}
public async Task <HttpResponseMessage> Get(string code, string state, CancellationToken cancellationToken)
{
// 從 state 參數轉換為原本的 ConversationReference
ConversationReference conversationReference = UrlToken.Decode <ConversationReference>(state);
// 請求拿到 Google OAuth 的 Access Token
var accessToken = await GoogleOAuthHelper.ExchangeCodeForGoogleAccessToken(code, BotUtility.OAuthCallbackURL);
var msg = conversationReference.GetPostToBotMessage();
// 取得目前談話對象的容器,並且把 UserData 加入 Access Token
using (var scope = DialogModule.BeginLifetimeScope(Conversation.Container, msg))
{
IStateClient sc = scope.Resolve <IStateClient>();
BotData userData = sc.BotState.GetUserData(msg.ChannelId, msg.From.Id);
userData.SetProperty(BotUtility.AccessToken, accessToken.AccessToken);
sc.BotState.SetUserData(msg.ChannelId, msg.From.Id, userData);
}
// 設定 ResumeAsync 回到 MessagesController 的識別值 (例如: 使用 token 關鍵字, 真實案例不適合這樣用)
msg.Text = "token:" + accessToken.AccessToken;
// 要記得使用 RsumeAsync 才能夠接回原本的 converstaion
await Conversation.ResumeAsync(conversationReference, msg);
return(Request.CreateResponse("ok"));
}
public void UrlToken_Can_Serialize_Address()
{
var expected = MakeAddress();
var encoded = UrlToken.Encode(expected);
var actual = UrlToken.Decode <Address>(encoded);
Assert.AreEqual(expected, actual);
}
public void SetUp()
{
this.deserializedObject = new UrlToken()
{
Path = "blah"
};
this.uriProvider = new PreAuthenticatedUriProvider(new MockedCryptoSerializer(this));
}
public void UrlToken_Can_Serialize_ConversationReference()
{
// https://github.com/Microsoft/BotBuilder/pull/1279
var expected = MakeCookie();
var encoded = UrlToken.Encode(expected);
var actual = UrlToken.Decode <ConversationReference>(encoded);
Assert.AreEqual(expected, actual);
}
private string getStateParam(ConversationReference conversationRef)
{
var queryString = HttpUtility.ParseQueryString(string.Empty);
queryString["conversationRef"] = UrlToken.Encode(conversationRef);
queryString["providerassembly"] = this.authProvider.GetType().Assembly.FullName;
queryString["providertype"] = this.authProvider.GetType().FullName;
queryString["providername"] = this.authProvider.Name;
return(HttpServerUtility.UrlTokenEncode(Encoding.UTF8.GetBytes(queryString.ToString())));
}
private string getStateParam(ResumptionCookie resumptionCookie)
{
var queryString = HttpUtility.ParseQueryString(string.Empty);
queryString["resumption"] = UrlToken.Encode(resumptionCookie);
queryString["providerassembly"] = this.authProvider.GetType().Assembly.FullName;
queryString["providertype"] = this.authProvider.GetType().FullName;
queryString["providername"] = this.authProvider.Name;
return(HttpServerUtility.UrlTokenEncode(Encoding.UTF8.GetBytes(queryString.ToString())));
}
private static CallbackModel GetCallbackModel(string state)
{
var model = new CallbackModel
{
Query = GetQuery(state)
};
model.ConversationReference = UrlToken.Decode <ConversationReference>(model.Query["conversationRef"]);
model.Message = model.ConversationReference.GetPostToBotMessage();
return(model);
}
public async Task SayMyName(IDialogContext context)
{
try
{
// make a simple request to Microsoft Graph API using the Active Directory access token.
var me = await client.Me.Request().GetAsync();
await context.PostAsync($"Your name is {me.DisplayName}");
}
catch (AdalSilentTokenAcquisitionException)
{
await context.PostAsync(loginUri.AbsoluteUri + UrlToken.Encode(cookie));
}
}
private static string BuildExtraParameters(ResumptionCookie resumptionCookie)
{
var encodedCookie = UrlToken.Encode(resumptionCookie);
//var queryString = HttpUtility.ParseQueryString(string.Empty);
//queryString["userId"] = resumptionCookie.Address.UserId;
//queryString["botId"] = resumptionCookie.Address.BotId;
//queryString["conversationId"] = resumptionCookie.Address.ConversationId;
//queryString["serviceUrl"] = resumptionCookie.Address.ServiceUrl;
//queryString["channelId"] = resumptionCookie.Address.ChannelId;
//queryString["locale"] = resumptionCookie.Locale ?? "en";
//return TokenEncoder(queryString.ToString());
return(encodedCookie);
}
public void VerifyPreAuthenticatedUrl(string url, string urlTokenPath, string expiration, bool expectedResult)
{
Console.WriteLine(DateTime.UtcNow.ToString("u"));
// "http://bahaha/filofax?$token=XYZ"
this.deserializedObject = new UrlToken()
{
Path = urlTokenPath,
Expiration =
expiration != null ? (DateTime?)DateTime.Parse(expiration, CultureInfo.InvariantCulture) : null
};
var result = this.uriProvider.VerifyPreAuthenticatedUrl(url,
new DateTime(2050, 1, 1, 1, 1, 1, DateTimeKind.Utc));
Assert.That(result, Is.EqualTo(expectedResult));
}
public static string GetGoogleLoginURL(ConversationReference conversationReference, string oauthCallback)
{
// 把 conversationreference 的内容放到 state 的參數裏面
string stateToken = UrlToken.Encode(conversationReference);
var uri = BotUtility.GetUri("https://accounts.google.com/o/oauth2/v2/auth",
Tuple.Create("client_id", Google_clientId),
Tuple.Create("redirect_uri", oauthCallback),
Tuple.Create("response_type", "code"),
Tuple.Create("access_type", "online"),
Tuple.Create("scope", Uri.EscapeDataString("profile")),
Tuple.Create("state", stateToken)
);
return(uri.ToString());
}
private UploadSettings FindSettings(RouteData routeData)
{
UrlToken urlToken = FindUrlToken(routeData);
if (urlToken != null)
{
if (configuration.Value.Profiles.TryGetValue(urlToken.Value, out var settings))
{
return(settings);
}
return(null);
}
return(configuration.Value.Default);
}
public static async Task <HttpResponseMessage> Resolve(HttpRequestMessage request, int maxWriteAttempts)
{
NameValueCollection parameters = null;
if (request.Method == HttpMethod.Get)
{
parameters = request.RequestUri.ParseQueryString();
}
else if (request.Method == HttpMethod.Post)
{
parameters = await request.Content.ReadAsFormDataAsync();
}
// Create the message that is send to conversation to resume the login flow
string state = parameters["state"];
var resumptionCookie = UrlToken.Decode <ResumptionCookie>(state);
var message = resumptionCookie.GetMessage();
string dialogId;
using (var scope = DialogModule.BeginLifetimeScope(Conversation.Container, message))
{
IStateClient sc = scope.Resolve <IStateClient>();
BotData userData = sc.BotState.GetUserData(message.ChannelId, message.From.Id);
dialogId = userData.GetProperty <string>(AuthenticationConstants.AuthHandlerKey);
}
AuthCallbackHandler handler;
switch (dialogId)
{
case AuthenticationConstants.AuthDialogId_AzureAD:
handler = new mStack.API.Bots.AzureAD.AuthCallbackHandler(maxWriteAttempts);
break;
case AuthenticationConstants.AuthDialogId_ExactOnline:
handler = new mStack.API.Bots.ExactOnline.AuthCallbackHandler(maxWriteAttempts);
break;
default:
throw new ArgumentException("Unknown auth handler type.");
}
return(await handler.ProcessOAuthCallback(parameters));
}
public async Task <HttpResponseMessage> LogOut([FromUri] string conversationRef)
{
// Get the conversation reference from the URL (this was specified when triggering logout in the first place). Send a message
// to the user confirming logout is complete.
var conversationRefDecoded = UrlToken.Decode <ConversationReference>(conversationRef);
var message = conversationRefDecoded.GetPostToBotMessage();
var client = new ConnectorClient(new Uri(message.ServiceUrl));
var replyMessage = message.CreateReply("You are now logged out.");
await client.Conversations.SendToConversationAsync((Activity)replyMessage);
// Show a message in the browser indicating logout is complete.
var resp = new HttpResponseMessage(HttpStatusCode.OK);
resp.Content = new StringContent($"<html><head><script type='text/javascript'>window.close();</script></head><body>You are now logged out of SharePoint. You can close this tab.</body></html>", System.Text.Encoding.UTF8, @"text/html");
return(resp);
}
public async Task <ITokenInfo> GetTokenInfoAsync(UrlToken urlToken, bool skipValidation = false)
{
const string InvalidTokenMessage = "Autorization token is invalid";
try
{
if (urlToken is ValidUrlToken validUrlToken)
{
return(skipValidation
? _noValidationBuilder.Build(validUrlToken.RawToken)
: await _validationBuilder.ValidateAndBuildAsync(validUrlToken.RawToken));
}
throw new ApplicationException(InvalidTokenMessage);
}
catch (Exception ex)
{
throw new ApplicationException(InvalidTokenMessage, ex);
}
}
public async Task <string> Get(string cookie, CancellationToken token)
{
// get the TokenCache stored per-user from within OpenIdConnectOptions.Events.OnAuthorizationCodeReceived
var authenticateContext = new AuthenticateContext(CookieAuthenticationDefaults.AuthenticationScheme);
await this.HttpContext.Authentication.AuthenticateAsync(authenticateContext);
string tokenBase64;
if (authenticateContext.Properties.TryGetValue(Keys.TokenCache, out tokenBase64))
{
byte[] tokenBlob = Convert.FromBase64String(tokenBase64);
// decode the resumption cookie from the url
var resume = UrlToken.Decode <ResumptionCookie>(cookie);
var continuation = resume.GetMessage();
using (var scope = DialogModule.BeginLifetimeScope(Container.Instance, continuation))
{
var botData = scope.Resolve <IBotData>();
await botData.LoadAsync(token);
var data = botData.UserData;
var tenantID = this.User.FindFirst(Keys.TenantID);
var objectIdentifier = this.User.FindFirst(Keys.ObjectID);
data.SetValue(Keys.ObjectID, objectIdentifier.Value);
data.SetValue(Keys.TenantID, tenantID.Value);
data.SetValue(Keys.TokenCache, tokenBlob);
await botData.FlushAsync(token);
}
return("You're now logged-in - continue talking to the bot!");
}
else
{
throw new InvalidOperationException();
}
}
public static async Task <object> HandleOAuthCallback(HttpRequestMessage req, uint maxWriteAttempts)
{
try
{
var queryParams = req.RequestUri.ParseQueryString();
if (req.Method != HttpMethod.Post)
{
throw new ArgumentException("The OAuth postback handler only supports POST requests.");
}
var formData = await req.Content.ReadAsFormDataAsync();
string stateStr = formData["state"];
string code = formData["code"];
var resumptionCookie = UrlToken.Decode <ResumptionCookie>(stateStr);
var message = resumptionCookie.GetMessage();
using (var scope = DialogModule.BeginLifetimeScope(Conversation.Container, message))
{
AuthenticationSettings authSettings = AuthenticationSettings.GetFromAppSettings();
var client = scope.Resolve <IConnectorClient>();
AuthenticationResult authenticationResult = await AzureActiveDirectoryHelper.GetTokenByAuthCodeAsync(code, authSettings);
IStateClient sc = scope.Resolve <IStateClient>();
//IMPORTANT: DO NOT REMOVE THE MAGIC NUMBER CHECK THAT WE DO HERE. THIS IS AN ABSOLUTE SECURITY REQUIREMENT
//REMOVING THIS WILL REMOVE YOUR BOT AND YOUR USERS TO SECURITY VULNERABILITIES.
//MAKE SURE YOU UNDERSTAND THE ATTACK VECTORS AND WHY THIS IS IN PLACE.
int magicNumber = GenerateRandomNumber();
bool writeSuccessful = false;
uint writeAttempts = 0;
while (!writeSuccessful && writeAttempts++ < maxWriteAttempts)
{
try
{
BotData userData = sc.BotState.GetUserData(message.ChannelId, message.From.Id);
userData.SetProperty(AuthenticationConstants.AuthResultKey, authenticationResult);
userData.SetProperty(AuthenticationConstants.MagicNumberKey, magicNumber);
userData.SetProperty(AuthenticationConstants.MagicNumberValidated, "false");
sc.BotState.SetUserData(message.ChannelId, message.From.Id, userData);
writeSuccessful = true;
}
catch (HttpOperationException)
{
writeSuccessful = false;
}
}
var resp = new HttpResponseMessage(HttpStatusCode.OK);
if (!writeSuccessful)
{
message.Text = String.Empty; // fail the login process if we can't write UserData
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent("<html><body>Could not log you in at this time, please try again later</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
else
{
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent($"<html><body>Almost done! Please copy this number and paste it back to your chat so your authentication can complete:<br/> <h1>{magicNumber}</h1>.</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
return(resp);
}
}
catch (Exception ex)
{
// Callback is called with no pending message as a result the login flow cannot be resumed.
return(req.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
}
}
public async Task <HttpResponseMessage> OAuthCallback(
[FromUri] string code,
[FromUri] string state,
CancellationToken cancellationToken)
{
try
{
var queryParams = state;
object tokenCache = null;
if (string.Equals(AuthSettings.Mode, "v1", StringComparison.OrdinalIgnoreCase))
{
tokenCache = new Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache();
}
else if (string.Equals(AuthSettings.Mode, "v2", StringComparison.OrdinalIgnoreCase))
{
tokenCache = new Microsoft.Identity.Client.TokenCache();
}
else if (string.Equals(AuthSettings.Mode, "b2c", StringComparison.OrdinalIgnoreCase))
{
}
var resumptionCookie = UrlToken.Decode <ResumptionCookie>(queryParams);
// Create the message that is send to conversation to resume the login flow
var message = resumptionCookie.GetMessage();
using (var scope = DialogModule.BeginLifetimeScope(Conversation.Container, message))
{
var client = scope.Resolve <IConnectorClient>();
AuthResult authResult = null;
if (string.Equals(AuthSettings.Mode, "v1", StringComparison.OrdinalIgnoreCase))
{
// Exchange the Auth code with Access token
var token = await AzureActiveDirectoryHelper.GetTokenByAuthCodeAsync(code, (Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache) tokenCache);
authResult = token;
}
else if (string.Equals(AuthSettings.Mode, "v2", StringComparison.OrdinalIgnoreCase))
{
// Exchange the Auth code with Access token
var token = await AzureActiveDirectoryHelper.GetTokenByAuthCodeAsync(code, (Microsoft.Identity.Client.TokenCache) tokenCache, Models.AuthSettings.Scopes);
authResult = token;
}
else if (string.Equals(AuthSettings.Mode, "b2c", StringComparison.OrdinalIgnoreCase))
{
}
IStateClient sc = scope.Resolve <IStateClient>();
//IMPORTANT: DO NOT REMOVE THE MAGIC NUMBER CHECK THAT WE DO HERE. THIS IS AN ABSOLUTE SECURITY REQUIREMENT
//REMOVING THIS WILL REMOVE YOUR BOT AND YOUR USERS TO SECURITY VULNERABILITIES.
//MAKE SURE YOU UNDERSTAND THE ATTACK VECTORS AND WHY THIS IS IN PLACE.
int magicNumber = GenerateRandomNumber();
bool writeSuccessful = false;
uint writeAttempts = 0;
while (!writeSuccessful && writeAttempts++ < MaxWriteAttempts)
{
try
{
BotData userData = sc.BotState.GetUserData(message.ChannelId, message.From.Id);
userData.SetProperty(ContextConstants.AuthResultKey, authResult);
userData.SetProperty(ContextConstants.MagicNumberKey, magicNumber);
userData.SetProperty(ContextConstants.MagicNumberValidated, "false");
sc.BotState.SetUserData(message.ChannelId, message.From.Id, userData);
writeSuccessful = true;
}
catch (HttpOperationException)
{
writeSuccessful = false;
}
}
var resp = new HttpResponseMessage(HttpStatusCode.OK);
if (!writeSuccessful)
{
message.Text = String.Empty; // fail the login process if we can't write UserData
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent("<html><body>Could not log you in at this time, please try again later</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
else
{
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent($"<html><body>Almost done! Please copy this number and paste it back to your chat so your authentication can complete:<br/> <h1>{magicNumber}</h1>.</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
return(resp);
}
}
catch (Exception ex)
{
// Callback is called with no pending message as a result the login flow cannot be resumed.
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
}
}
public async Task DispatchAsync(IDialogContext context, IAwaitable <Microsoft.Bot.Connector.IMessageActivity> item)
{
Microsoft.Bot.Connector.Activity activity = (Microsoft.Bot.Connector.Activity) await item;
Logger.Info($"message received from {activity.From.Name}/{activity.From.Id} : {JsonConvert.SerializeObject(activity)}");
Logger.Info($"message received to {activity.Recipient.Name}/{activity.Recipient.Id}");
var storage = new AgentStatusStorage(
ConfigurationHelper.GetString("BotStatusDBConnectionString"));
if (activity.From.Name.EndsWith("@ocsuser"))
{
//Messages from OCS User, when message from OCS User sent to this method, it has to be coming from DirectLine
AgentStatus agent = null;
//retrieve ChannelData which includes channelId for our conversation
//TODO:figure out a way that simplier
JObject o = (JObject)activity.ChannelData;
var os = JsonConvert.SerializeObject(o);
DirectLineChannelData channelData = JsonConvert.DeserializeObject <DirectLineChannelData>(os);
Logger.Info($"ChannelData = {channelData}");
//ConversationStatus conversation = null;
Logger.Info($"RoundTrip = {channelData.RoundTrip}");
//first message send to agent, find an available agent
//TODO:the agent has been selected in OCS Bot, need to make it sync
// Instead of selecting another one here...
agent = (await storage.FindAvailableAgentsAsync()).FirstOrDefault();
var convRecord = (await storage.FindConversationActivityAsync(a => a.UserID == agent.Id)).FirstOrDefault();
convRecord.RemoteConversationID = channelData.ConversationId;
convRecord.RemoteBotId = activity.From.Id;//remote user id actually...
convRecord.RemoteActivity = UrlToken.Encode <ResumptionCookie>(
new ResumptionCookie((Microsoft.Bot.Connector.Activity)activity));
convRecord.RemoteUserId = channelData.UserID;
convRecord.RemoteUserName = channelData.UserName;
await storage.UpdateConversationActivityAsync(convRecord);
Logger.Info($"agent:{agent}");
if (!agent.IsLoggedIn)
{
//Agent somehow is occupied (logout?)
Logger.Info("Agent is occupied");
var reply = activity.CreateReply($"Agent is occupied");
ConnectorClient connector = new ConnectorClient(new Uri(activity.ServiceUrl));
await connector.Conversations.ReplyToActivityAsync(reply);
}
else
{
//Agnet is available to answer questions, send message to agent
Logger.Info("Sending to conversation...");
//TODO:Need to check if current agent is this user
//agent.IsOccupied = true;
//await storage.UpdateAgentStatusAsync(agent);
//First retrieve last conversaion if exists
//resumptionCookie = UrlToken.Decode<ResumptionCookie>(conversation.AgentResumptionCookie);
var localResumptionCookie = UrlToken.Decode <ResumptionCookie>(convRecord.LocalActivity);
Logger.Info($"AgentBot::LocalResumptionCookie:{localResumptionCookie}");
var localActivity = localResumptionCookie.GetMessage();
var localReply = localActivity.CreateReply($"[{activity.From.Name}]{activity.Text}");
var localConnector = new ConnectorClient(new Uri(localActivity.ServiceUrl),
new MicrosoftAppCredentials(
ConfigurationHelper.GetString("MicrosoftAppId"),
ConfigurationHelper.GetString("MicrosoftAppPassword")),
true);
Microsoft.Bot.Connector.Conversations localConversation = new Microsoft.Bot.Connector.Conversations(localConnector);
localConversation.ReplyToActivity(localReply);
Logger.Info("done");
return;
}
}
else
{
resumptionCookie = new ResumptionCookie(await item);
await MessageReceivedAsync(context, item);
}
}
public async Task <ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return(View(model));
}
#if true
//Send message to Agent
string resumption = Request.UrlReferrer.Query.Split('=')[1];
ResumptionCookie resumptionCookie = null;
//string resumption = Request.QueryString["cookie"];
resumptionCookie = UrlToken.Decode <ResumptionCookie>(resumption);
var appId = Configuration.ConfigurationHelper.GetString("MicrosoftAgentBotAppId");
var appPassword = Configuration.ConfigurationHelper.GetString("MicrosoftAgentBotAppPassword");
var agentBotCredentail = new MicrosoftAppCredentials(
appId: appId,
password: appPassword);
Activity activity = (Activity)resumptionCookie.GetMessage();
var userId = activity.From.Id;
//Michael - demo - do not check id/password
FormsAuthentication.SetAuthCookie(userId, true);
StateClient sc = activity.GetStateClient(agentBotCredentail);
BotData data = await sc.BotState.GetUserDataAsync(activity.ChannelId, activity.From.Id);
data.SetProperty("Agent:Authenticated", true);
data.SetProperty("Agent:IsAgent", true);
await sc.BotState.SetUserDataAsync(activity.ChannelId, activity.From.Id, data);
// Let the user know back in the conversation
//var client = new ConnectorClient(new Uri(activity.ServiceUrl),
// "34ee43c1-8b3c-467d-a719-e1c88694b390",
// "2Pg2M0gfS6uhgUHRX1wZYi9");
////var client = new ConnectorClient(new Uri(activity.ServiceUrl));
//Activity replyActivity = activity.CreateReply("You've been succesfully authenticated!");
//await client.Conversations.ReplyToActivityAsync(replyActivity);
//Activity replyActivity = activity.CreateReply("You've been succesfully authenticated!");
OCSBot.Shared.AgentStatusStorage storage = new OCSBot.Shared.AgentStatusStorage(
Configuration.ConfigurationHelper.GetString("BotStatusDBConnectionString"));
await storage.UpdateConversationActivityAsync(new OCSBot.Shared.Models.ConversationRecord
{
UserID = userId,
LocalActivity = resumption,
LocalChannelID = activity.ChannelId,
LocalConversationID = activity.Conversation.Id,
LocalBotId = activity.Recipient.Id,
LocalUserName = activity.From.Name
});
//await storage.UpdateConversationStatusAsync(new OCSBot.Shared.Models.ConversationStatus
//{
// AgentID = userId,
// ConversationId = activity.Conversation.Id,
// AgentResumptionCookie = resumption
//});
await storage.UpdateAgentStatusAsync(new OCSBot.Shared.Models.AgentStatus()
{
Id = userId,
IsLoggedIn = true,
Office = "POST",
Name = "Michael SH Chi",
IsOccupied = false,
LastConversationEndTime = null,
LastConversationStartTime = null,
LoginTime = DateTime.UtcNow,
ConversationId = activity.Conversation.Id,
AgentIdInChannel = activity.From.Id,
AgentNameInChannel = activity.From.Name,
ChannelId = activity.ChannelId,
BotIdInChannel = activity.Recipient.Id,
BotNameInChannel = activity.Recipient.Name,
ServiceURL = activity.ServiceUrl
});
//Conversation.ResumeAsync(resumptionCookie, activity).Wait(5000, System.Threading.CancellationToken.None);
//replyActivity.From = new ChannelAccount(activity.Recipient.Id,activity.Recipient.Name);
//replyActivity.Recipient = new ChannelAccount(activity.From.Id, activity.From.Name);
//client.Conversations.ReplyToActivityAsync(replyActivity.Conversation.Id, activity.Id, replyActivity).Wait(5000, System.Threading.CancellationToken.None);
return(RedirectToLocal("/authenticated.html"));
#endif
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout : false);
switch (result)
{
case SignInStatus.Success:
//TODO:send message to Bot
#if false
//Send message to Agent
string resumption = Request.UrlReferrer.Query.Split('=')[1];
ResumptionCookie resumptionCookie = null;
//string resumption = Request.QueryString["cookie"];
resumptionCookie = UrlToken.Decode <ResumptionCookie>(resumption);
var agentBotCredentail = new MicrosoftAppCredentials(
appId: "a6bae9f3-0817-443b-9247-ffdd02dabccd",
password: "******");
Activity activity = (Activity)resumptionCookie.GetMessage();
StateClient sc = activity.GetStateClient(agentBotCredentail);
BotData data = await sc.BotState.GetUserDataAsync(activity.ChannelId, activity.From.Id);
data.SetProperty("Authenticated", true);
await sc.BotState.SetUserDataAsync(activity.ChannelId, activity.From.Id, data);
// Let the user know back in the conversation
var client = new ConnectorClient(new Uri(activity.ServiceUrl),
"a6bae9f3-0817-443b-9247-ffdd02dabccd",
"bsi2LBN820jcYRfgYxXqtnN");
Activity replyActivity = activity.CreateReply("You've been succesfully authenticated!");
await client.Conversations.ReplyToActivityAsync(replyActivity.Conversation.Id, activity.Id, replyActivity);
#endif
return(RedirectToLocal(returnUrl));
case SignInStatus.LockedOut:
return(View("Lockout"));
case SignInStatus.RequiresVerification:
return(RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe }));
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return(View(model));
}
}
public void EncodeTest(string Value, string Expected)
{
string Actual = new UrlToken(Value).Encode();
Assert.Equal(Expected, Actual);
}
public async Task LogOut(IDialogContext context)
{
// We will store the conversation reference in the callback URL. When Office 365 logs out it will hit the LogOut endpoint and pass
// that reference. That event signifies that log out has completed, and will prompt a message from the bot to the user to indicate that fact.
var conversationRef = context.Activity.ToConversationReference();
var options = GetDefaultOffice365Options();
options.RedirectUrl = $"{ConfigurationManager.AppSettings["PostLogoutUrl"]}?conversationRef={UrlToken.Encode(conversationRef)}";
// We need to know the resource ID. This *should be* stored in bot state from when user logged in.
string lastSiteCollectionUrl = null;
context.UserData.TryGetValue <string>(Constants.StateKeys.LastLoggedInSiteCollectionUrl, out lastSiteCollectionUrl);
options.ResourceId = lastSiteCollectionUrl;
await new ADALAuthProvider().Logout(options, context);
}
public async Task <HttpResponseMessage> ProcessOAuthCallback(NameValueCollection parameters)
{
try
{
var queryParams = parameters["state"];
var resumptionCookie = UrlToken.Decode <ResumptionCookie>(queryParams);
// Create the message that is send to conversation to resume the login flow
var message = resumptionCookie.GetMessage();
using (var scope = DialogModule.BeginLifetimeScope(Conversation.Container, message))
{
var client = scope.Resolve <IConnectorClient>();
AuthenticationResult authResult = null;
// Exchange the Auth code with Access token
authResult = await GetTokenByAuthCodeAsync(parameters);
IStateClient sc = scope.Resolve <IStateClient>();
//IMPORTANT: DO NOT REMOVE THE MAGIC NUMBER CHECK THAT WE DO HERE. THIS IS AN ABSOLUTE SECURITY REQUIREMENT
//REMOVING THIS WILL REMOVE YOUR BOT AND YOUR USERS TO SECURITY VULNERABILITIES.
//MAKE SURE YOU UNDERSTAND THE ATTACK VECTORS AND WHY THIS IS IN PLACE.
int magicNumber = GenerateRandomNumber();
bool writeSuccessful = false;
uint writeAttempts = 0;
while (!writeSuccessful && writeAttempts++ < _maxWriteAttempts)
{
try
{
BotData userData = sc.BotState.GetUserData(message.ChannelId, message.From.Id);
userData.SetProperty(dialogId + '_' + AuthenticationConstants.AuthResultKey, authResult);
userData.SetProperty(dialogId + '_' + AuthenticationConstants.MagicNumberKey, magicNumber);
userData.SetProperty(dialogId + '_' + AuthenticationConstants.MagicNumberValidated, "false");
sc.BotState.SetUserData(message.ChannelId, message.From.Id, userData);
writeSuccessful = true;
}
catch (HttpOperationException)
{
writeSuccessful = false;
}
}
var resp = new HttpResponseMessage(HttpStatusCode.OK);
if (!writeSuccessful)
{
message.Text = String.Empty; // fail the login process if we can't write UserData
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent("<html><body>Could not log you in at this time, please try again later</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
else
{
await Conversation.ResumeAsync(resumptionCookie, message);
resp.Content = new StringContent($"<html><body>Almost done! Please copy this number and paste it back to your chat so your authentication can complete:<br/> <h1>{magicNumber}</h1>.</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
return(resp);
}
}
catch (Exception ex)
{
// Callback is called with no pending message as a result the login flow cannot be resumed.
var resp = new HttpResponseMessage(HttpStatusCode.InternalServerError);
return(resp);
}
}
public async Task <HttpResponseMessage> Callback([FromUri] string code, [FromUri] string state, CancellationToken cancellationToken)
{
try
{
// Use the state parameter to get correct IAuthProvider and ResumptionCookie
var decoded = Encoding.UTF8.GetString(HttpServerUtility.UrlTokenDecode(state));
var queryString = HttpUtility.ParseQueryString(decoded);
var assembly = Assembly.Load(queryString["providerassembly"]);
var type = assembly.GetType(queryString["providertype"]);
var providername = queryString["providername"];
IAuthProvider authProvider;
if (type.GetConstructor(new Type[] { typeof(string) }) != null)
{
authProvider = (IAuthProvider)Activator.CreateInstance(type, providername);
}
else
{
authProvider = (IAuthProvider)Activator.CreateInstance(type);
}
// Get the conversation reference
var conversationRef = UrlToken.Decode <ConversationReference>(queryString["conversationRef"]);
Activity message = conversationRef.GetPostToBotMessage();
using (var scope = DialogModule.BeginLifetimeScope(Conversation.Container, message))
{
// Get the UserData from the original conversation
IBotDataStore <BotData> stateStore = scope.Resolve <IBotDataStore <BotData> >();
var key = Address.FromActivity(message);
var userData = await stateStore.LoadAsync(key, BotStoreType.BotUserData, CancellationToken.None);
// Get Access Token using authorization code
var authOptions = userData.GetProperty <AuthenticationOptions>($"{authProvider.Name}{ContextConstants.AuthOptions}");
var token = await authProvider.GetTokenByAuthCodeAsync(authOptions, code);
// Generate magic number and attempt to write to userdata
int magicNumber = GenerateRandomNumber();
bool writeSuccessful = false;
uint writeAttempts = 0;
while (!writeSuccessful && writeAttempts++ < MaxWriteAttempts)
{
try
{
userData.SetProperty($"{authProvider.Name}{ContextConstants.AuthResultKey}", token);
if (authOptions.UseMagicNumber)
{
userData.SetProperty($"{authProvider.Name}{ContextConstants.MagicNumberKey}", magicNumber);
userData.SetProperty($"{authProvider.Name}{ContextConstants.MagicNumberValidated}", "false");
}
await stateStore.SaveAsync(key, BotStoreType.BotUserData, userData, CancellationToken.None);
await stateStore.FlushAsync(key, CancellationToken.None);
writeSuccessful = true;
}
catch (Exception)
{
writeSuccessful = false;
}
}
var resp = new HttpResponseMessage(HttpStatusCode.OK);
if (!writeSuccessful)
{
message.Text = String.Empty; // fail the login process if we can't write UserData
await Conversation.ResumeAsync(conversationRef, message);
if (ConfigurationManager.AppSettings.AllKeys.Contains("BotAuth:ErrorHtml"))
{
resp.Content = new StringContent(ConfigurationManager.AppSettings["BotAuth:ErrorHtml"], System.Text.Encoding.UTF8, @"text/html");
}
else
{
resp.Content = new StringContent("<html><body>Could not log you in at this time, please try again later</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
}
else
{
await Conversation.ResumeAsync(conversationRef, message);
if (ConfigurationManager.AppSettings.AllKeys.Contains("BotAuth:SucceedHtml"))
{
resp.Content = new StringContent(string.Format(ConfigurationManager.AppSettings["BotAuth:SucceedHtml"], magicNumber), System.Text.Encoding.UTF8, @"text/html");
}
else
{
resp.Content = new StringContent($"<html><body>Almost done! Please copy this number and paste it back to your chat so your authentication can complete:<br/> <h1>{magicNumber}</h1>.</body></html>", System.Text.Encoding.UTF8, @"text/html");
}
}
return(resp);
}
}
catch (Exception ex)
{
// Callback is called with no pending message as a result the login flow cannot be resumed.
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
}
}
public static string EncodeResumptionCookie(ResumptionCookie resumptionCookie)
{
var encodedCookie = UrlToken.Encode(resumptionCookie);
return(encodedCookie);
}
