DocSpace-client/common/ASC.Api.Core/Auth/ConfirmAuthHandler.cs

using System;
using System.Collections.Generic;
using System.Net;
using System.Security.Authentication;
using System.Security.Claims;
using System.Text.Encodings.Web;
using System.Threading.Tasks;

using ASC.Common;
using ASC.Core;
using ASC.Security.Cryptography;

using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;

namespace ASC.Api.Core.Auth
{
    [Scope(Additional = typeof(ConfirmAuthHandlerExtension))]
    public class ConfirmAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
    {
        private readonly SecurityContext _securityContext;
        private readonly UserManager _userManager;
        private readonly IServiceProvider _serviceProvider;

        public ConfirmAuthHandler(
            IOptionsMonitor<AuthenticationSchemeOptions> options, 
            ILoggerFactory logger, 
            UrlEncoder encoder, 
            ISystemClock clock) : 
            base(options, logger, encoder, clock)
        { }

        public ConfirmAuthHandler(
            IOptionsMonitor<AuthenticationSchemeOptions> options,
            ILoggerFactory logger,
            UrlEncoder encoder,
            ISystemClock clock,
            SecurityContext securityContext,
            UserManager userManager,
            IServiceProvider serviceProvider) :
            base(options, logger, encoder, clock)
        {
            _securityContext = securityContext;
            _userManager = userManager;
            _serviceProvider = serviceProvider;
        }

        protected override Task<AuthenticateResult> HandleAuthenticateAsync()
        {
            using var scope = _serviceProvider.CreateScope();

            var emailValidationKeyHelper = scope.ServiceProvider.GetService<EmailValidationKeyModelHelper>();
            var emailValidationKeyModel = emailValidationKeyHelper.GetModel();

            if (!emailValidationKeyModel.Type.HasValue)
            {
                return _securityContext.IsAuthenticated
                    ? Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(Context.User, new AuthenticationProperties(), Scheme.Name)))
                    : Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Unauthorized.ToString())));
            }

            EmailValidationKeyProvider.ValidationResult checkKeyResult;
            try
            {
                checkKeyResult = emailValidationKeyHelper.Validate(emailValidationKeyModel);
            }
            catch (ArgumentNullException)
            {
                checkKeyResult = EmailValidationKeyProvider.ValidationResult.Invalid;
            }

            var claims = new List<Claim>()
            {
                new Claim(ClaimTypes.Role, emailValidationKeyModel.Type.ToString())
            };

            if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok)
            {
                Guid userId;
                if (!_securityContext.IsAuthenticated)
                {
                    if (emailValidationKeyModel.UiD.HasValue && !emailValidationKeyModel.UiD.Equals(Guid.Empty))
                        userId = emailValidationKeyModel.UiD.Value;
                    else
                    {
                        if(emailValidationKeyModel.Type == Web.Studio.Utility.ConfirmType.EmailActivation
                            || emailValidationKeyModel.Type == Web.Studio.Utility.ConfirmType.EmpInvite
                            || emailValidationKeyModel.Type == Web.Studio.Utility.ConfirmType.LinkInvite)
                            userId = ASC.Core.Configuration.Constants.CoreSystem.ID;
                        else
                            userId = _userManager.GetUserByEmail(emailValidationKeyModel.Email).ID;
                    }
                }
                else
                    userId = _securityContext.CurrentAccount.ID;

                _securityContext.AuthenticateMeWithoutCookie(userId, claims);
            }

            var result = checkKeyResult switch
            {
                EmailValidationKeyProvider.ValidationResult.Ok => AuthenticateResult.Success(new AuthenticationTicket(Context.User, new AuthenticationProperties(), Scheme.Name)),
                _ => AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Unauthorized.ToString()))
            };

            return Task.FromResult(result);
        }
    }

    public class ConfirmAuthHandlerExtension
    {
        public static void Register(DIHelper services) => 
            services.TryAdd<EmailValidationKeyModelHelper>();
    }
}
-												Confirm: fixed invite link

											
										
										
											2019-09-27 12:28:51 +00:00
+								using System;
 								using System.Collections.Generic;
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
+								using System.Net;
 								using System.Security.Authentication;
-												Auth: added additional roles

											
										
										
											2019-09-23 15:36:22 +00:00
+								using System.Security.Claims;
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
+								using System.Text.Encodings.Web;
 								using System.Threading.Tasks;
-												Auth: added additional roles

											
										
										
											2019-09-23 15:36:22 +00:00
-												Refactoring: scope

											
										
										
											2020-10-22 17:57:18 +00:00
+								using ASC.Common;
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
+								using ASC.Core;
 								using ASC.Security.Cryptography;
-												Added DIHelper

											
										
										
											2020-02-17 08:58:14 +00:00
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
+								using Microsoft.AspNetCore.Authentication;
-												Wizard: api

											
										
										
											2020-07-02 14:11:59 +00:00
+								using Microsoft.Extensions.DependencyInjection;
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
+								using Microsoft.Extensions.Logging;
 								using Microsoft.Extensions.Options;
 								namespace ASC.Api.Core.Auth
 								{
-												Refactoring: scope

											
										
										
											2020-10-22 17:57:18 +00:00
+								    [Scope(Additional = typeof(ConfirmAuthHandlerExtension))]
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
+								    public class ConfirmAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
 								    {
-												Api: priveate properties replaced with fields, used single line expressions, cosmetic

											
										
										
											2022-01-31 16:36:51 +00:00
+								        private readonly SecurityContext _securityContext;
 								        private readonly UserManager _userManager;
 								        private readonly IServiceProvider _serviceProvider;
 								        public ConfirmAuthHandler(
 								            IOptionsMonitor<AuthenticationSchemeOptions> options,
 								            ILoggerFactory logger,
 								            UrlEncoder encoder,
 								            ISystemClock clock) :
 								            base(options, logger, encoder, clock)
 								        { }
-												DI: TenantManager

											
										
										
											2019-09-17 12:42:32 +00:00
+								        public ConfirmAuthHandler(
-												Merge branch 'master' into refactoring/di

# Conflicts:
#	common/ASC.Common/ASC.Common.csproj
#	common/ASC.Core.Common/ASC.Core.Common.csproj
#	common/ASC.Core.Common/Context/Impl/UserManager.cs
#	products/ASC.People/Server/Controllers/PeopleController.cs

											
										
										
											2019-09-25 15:56:28 +00:00
+								            IOptionsMonitor<AuthenticationSchemeOptions> options,
 								            ILoggerFactory logger,
 								            UrlEncoder encoder,
 								            ISystemClock clock,
-												DI: TenantManager

											
										
										
											2019-09-17 12:42:32 +00:00
+								            SecurityContext securityContext,
-												ConfirmAuth: auth by email

											
										
										
											2021-04-27 17:27:23 +00:00
+								            UserManager userManager,
-												Wizard: api

											
										
										
											2020-07-02 14:11:59 +00:00
+								            IServiceProvider serviceProvider) :
-												DI: TenantManager

											
										
										
											2019-09-17 12:42:32 +00:00
+								            base(options, logger, encoder, clock)
-												ConfirmAuthHandler di

											
										
										
											2019-09-10 13:31:03 +00:00
+								        {
-												Api: priveate properties replaced with fields, used single line expressions, cosmetic

											
										
										
											2022-01-31 16:36:51 +00:00
+								            _securityContext = securityContext;
 								            _userManager = userManager;
 								            _serviceProvider = serviceProvider;
-												ConfirmAuthHandler di

											
										
										
											2019-09-10 13:31:03 +00:00
+								        }
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
+								        protected override Task<AuthenticateResult> HandleAuthenticateAsync()
 								        {
-												Api: priveate properties replaced with fields, used single line expressions, cosmetic

											
										
										
											2022-01-31 16:36:51 +00:00
+								            using var scope = _serviceProvider.CreateScope();
-												Fix confirm

											
										
										
											2020-10-07 10:45:53 +00:00
 								            var emailValidationKeyHelper = scope.ServiceProvider.GetService<EmailValidationKeyModelHelper>();
 								            var emailValidationKeyModel = emailValidationKeyHelper.GetModel();
-												Auth: added additional roles

											
										
										
											2019-09-23 15:36:22 +00:00
-												Confirm: fix auth

											
										
										
											2019-09-27 15:53:40 +00:00
+								            if (!emailValidationKeyModel.Type.HasValue)
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
+								            {
-												Api: priveate properties replaced with fields, used single line expressions, cosmetic

											
										
										
											2022-01-31 16:36:51 +00:00
+								                return _securityContext.IsAuthenticated
-												Confirm: fix auth

											
										
										
											2019-09-27 15:53:40 +00:00
+								                    ? Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(Context.User, new AuthenticationProperties(), Scheme.Name)))
 								                    : Task.FromResult(AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Unauthorized.ToString())));
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
+								            }
-												Settings: GetPasswordSettings available for everyone
ConfirmAuthHandler: handle ArgumentNullException

											
										
										
											2019-09-27 14:03:24 +00:00
+								            EmailValidationKeyProvider.ValidationResult checkKeyResult;
 								            try
 								            {
-												Fix confirm

											
										
										
											2020-10-07 10:45:53 +00:00
+								                checkKeyResult = emailValidationKeyHelper.Validate(emailValidationKeyModel);
-												Settings: GetPasswordSettings available for everyone
ConfirmAuthHandler: handle ArgumentNullException

											
										
										
											2019-09-27 14:03:24 +00:00
+								            }
 								            catch (ArgumentNullException)
 								            {
 								                checkKeyResult = EmailValidationKeyProvider.ValidationResult.Invalid;
 								            }
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
-												ConfirmAuth: PasswordChange

											
										
										
											2019-09-24 12:27:13 +00:00
+								            var claims = new List<Claim>()
-												Auth: added additional roles

											
										
										
											2019-09-23 15:36:22 +00:00
+								            {
-												Auth: added check confirm method

											
										
										
											2019-09-26 13:36:53 +00:00
+								                new Claim(ClaimTypes.Role, emailValidationKeyModel.Type.ToString())
-												Auth: added additional roles

											
										
										
											2019-09-23 15:36:22 +00:00
+								            };
-												Confirm: fixed invite link

											
										
										
											2019-09-27 12:28:51 +00:00
+								            if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok)
-												Auth: added additional roles

											
										
										
											2019-09-23 15:36:22 +00:00
+								            {
-												ConfirmAuth: auth by email

											
										
										
											2021-04-27 17:27:23 +00:00
+								                Guid userId;
-												Api: priveate properties replaced with fields, used single line expressions, cosmetic

											
										
										
											2022-01-31 16:36:51 +00:00
+								                if (!_securityContext.IsAuthenticated)
-												ConfirmAuthHandler: auth by uid

											
										
										
											2019-09-27 09:18:48 +00:00
+								                {
-												Confirm: fixed invite link

											
										
										
											2019-09-27 12:28:51 +00:00
+								                    if (emailValidationKeyModel.UiD.HasValue && !emailValidationKeyModel.UiD.Equals(Guid.Empty))
-												ConfirmAuth: auth by email

											
										
										
											2021-04-27 17:27:23 +00:00
+								                        userId = emailValidationKeyModel.UiD.Value;
-												Confirm: fixed invite link

											
										
										
											2019-09-27 12:28:51 +00:00
+								                    else
 								                    {
-												Api: priveate properties replaced with fields, used single line expressions, cosmetic

											
										
										
											2022-01-31 16:36:51 +00:00
+								                        if(emailValidationKeyModel.Type == Web.Studio.Utility.ConfirmType.EmailActivation
 								                            || emailValidationKeyModel.Type == Web.Studio.Utility.ConfirmType.EmpInvite
 								                            || emailValidationKeyModel.Type == Web.Studio.Utility.ConfirmType.LinkInvite)
-												ConfirmAuth: auth by email

											
										
										
											2021-04-27 17:27:23 +00:00
+								                            userId = ASC.Core.Configuration.Constants.CoreSystem.ID;
 								                        else
-												Api: priveate properties replaced with fields, used single line expressions, cosmetic

											
										
										
											2022-01-31 16:36:51 +00:00
+								                            userId = _userManager.GetUserByEmail(emailValidationKeyModel.Email).ID;
-												Confirm: fixed invite link

											
										
										
											2019-09-27 12:28:51 +00:00
+								                    }
-												ConfirmAuthHandler: auth by uid

											
										
										
											2019-09-27 09:18:48 +00:00
+								                }
 								                else
-												Api: priveate properties replaced with fields, used single line expressions, cosmetic

											
										
										
											2022-01-31 16:36:51 +00:00
+								                    userId = _securityContext.CurrentAccount.ID;
-												ConfirmAuth: auth by email

											
										
										
											2021-04-27 17:27:23 +00:00
-												Api: priveate properties replaced with fields, used single line expressions, cosmetic

											
										
										
											2022-01-31 16:36:51 +00:00
+								                _securityContext.AuthenticateMeWithoutCookie(userId, claims);
-												Auth: added additional roles

											
										
										
											2019-09-23 15:36:22 +00:00
+								            }
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
 								            var result = checkKeyResult switch
 								            {
 								                EmailValidationKeyProvider.ValidationResult.Ok => AuthenticateResult.Success(new AuthenticationTicket(Context.User, new AuthenticationProperties(), Scheme.Name)),
 								                _ => AuthenticateResult.Fail(new AuthenticationException(HttpStatusCode.Unauthorized.ToString()))
 								            };
 								            return Task.FromResult(result);
 								        }
 								    }
-												Refactoring: scope

											
										
										
											2020-10-22 17:57:18 +00:00
 								    public class ConfirmAuthHandlerExtension
 								    {
-												Api: priveate properties replaced with fields, used single line expressions, cosmetic

											
										
										
											2022-01-31 16:36:51 +00:00
+								        public static void Register(DIHelper services) =>
-												Refactoring: scope

											
										
										
											2020-10-22 17:57:18 +00:00
+								            services.TryAdd<EmailValidationKeyModelHelper>();
 								    }
-												Api: added confirm auth scheme

											
										
										
											2019-09-10 12:42:15 +00:00
+								}