2019-09-10 12:42:15 +00:00
|
|
|
|
using System;
|
2019-09-23 15:36:22 +00:00
|
|
|
|
using System.Collections.Generic;
|
2019-09-10 12:42:15 +00:00
|
|
|
|
using System.Net;
|
|
|
|
|
using System.Security.Authentication;
|
2019-09-23 15:36:22 +00:00
|
|
|
|
using System.Security.Claims;
|
2019-09-10 12:42:15 +00:00
|
|
|
|
using System.Text.Encodings.Web;
|
|
|
|
|
using System.Threading.Tasks;
|
2019-09-23 15:36:22 +00:00
|
|
|
|
|
2019-09-10 12:42:15 +00:00
|
|
|
|
using ASC.Core;
|
|
|
|
|
using ASC.Security.Cryptography;
|
|
|
|
|
using ASC.Web.Studio.Core;
|
|
|
|
|
using ASC.Web.Studio.Utility;
|
2019-09-23 15:36:22 +00:00
|
|
|
|
|
2019-09-10 12:42:15 +00:00
|
|
|
|
using Microsoft.AspNetCore.Authentication;
|
2019-09-23 15:36:22 +00:00
|
|
|
|
using Microsoft.AspNetCore.WebUtilities;
|
2019-09-10 12:42:15 +00:00
|
|
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
|
using Microsoft.Extensions.Options;
|
|
|
|
|
|
|
|
|
|
namespace ASC.Api.Core.Auth
|
|
|
|
|
{
|
|
|
|
|
public class ConfirmAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
|
|
|
|
|
{
|
|
|
|
|
public ConfirmAuthHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
|
|
|
|
|
{
|
2019-09-23 15:36:22 +00:00
|
|
|
|
var Request = QueryHelpers.ParseQuery(Context.Request.Headers["confirm"]);
|
|
|
|
|
_ = Request.TryGetValue("type", out var type);
|
|
|
|
|
var _type = typeof(ConfirmType).TryParseEnum(type, ConfirmType.EmpInvite);
|
|
|
|
|
|
|
|
|
|
if (SecurityContext.IsAuthenticated && _type != ConfirmType.EmailChange)
|
2019-09-10 12:42:15 +00:00
|
|
|
|
{
|
|
|
|
|
return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(Context.User, new AuthenticationProperties(), Scheme.Name)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_ = Request.TryGetValue("key", out var key);
|
|
|
|
|
_ = Request.TryGetValue("emplType", out var emplType);
|
|
|
|
|
_ = Request.TryGetValue("email", out var _email);
|
|
|
|
|
var validInterval = SetupInfo.ValidEmailKeyInterval;
|
|
|
|
|
|
|
|
|
|
EmailValidationKeyProvider.ValidationResult checkKeyResult;
|
|
|
|
|
switch (_type)
|
|
|
|
|
{
|
|
|
|
|
case ConfirmType.EmpInvite:
|
|
|
|
|
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval);
|
|
|
|
|
break;
|
|
|
|
|
case ConfirmType.LinkInvite:
|
|
|
|
|
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval);
|
|
|
|
|
break;
|
2019-09-23 15:36:22 +00:00
|
|
|
|
case ConfirmType.EmailChange:
|
|
|
|
|
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + SecurityContext.CurrentAccount.ID, key, validInterval);
|
|
|
|
|
break;
|
2019-09-10 12:42:15 +00:00
|
|
|
|
default:
|
|
|
|
|
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-23 15:36:22 +00:00
|
|
|
|
var claims = new List<Claim>()
|
|
|
|
|
{
|
|
|
|
|
new Claim(ClaimTypes.Role, _type.ToString())
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
if (!SecurityContext.IsAuthenticated)
|
|
|
|
|
{
|
|
|
|
|
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem, claims);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
SecurityContext.AuthenticateMe(SecurityContext.CurrentAccount, claims);
|
|
|
|
|
}
|
2019-09-10 12:42:15 +00:00
|
|
|
|
|
|
|
|
|
var result = checkKeyResult switch
|
|
|
|
|
{
|
|
|
|
|
EmailValidationKeyProvider.ValidationResult.Ok => AuthenticateResult.Success(new AuthenticationTicket(Context.User, new AuthenticationProperties(), Scheme.Name)),
|
|
|
|
|
_ => AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Unauthorized.ToString()))
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
return Task.FromResult(result);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|