Untitled
unknown
plain_text
a year ago
4.4 kB
11
Indexable
public async Task<AuthenticatedUser> ValidateGoogleLoginAsync(string googleToken, string portalDomain, string clientId)
{
if (string.IsNullOrEmpty(googleToken))
{
throw new TokenInvalidException();
}
if (string.IsNullOrEmpty(portalDomain))
{
throw new InvalidPortalRequestedException(portalDomain);
}
GoogleJsonWebSignature.Payload payload = null;
try
{
payload = await GoogleJsonWebSignature.ValidateAsync(googleToken);
}
catch (Exception)
{
// Token is invalid
throw new TokenInvalidException();
}
// Check if the payload is null
if (payload is null)
{
throw new TokenInvalidException();
}
// Check for the audience.
var portal = _portalRepository.GetByDomain(portalDomain) ??
throw new InvalidPortalRequestedException(portalDomain);
// var loginProvider = JsonConvert.DeserializeObject<LoginProviders>(portal.LoginProviders, new JsonSerializerSettings
// {
// NullValueHandling = NullValueHandling.Ignore,
// MissingMemberHandling = MissingMemberHandling.Ignore
// });
var loginProviders = JObject.Parse(portal.LoginProviders);
var jsonGoogle = JObject.Parse(loginProviders["Google"].ToString());
var googleClientId = Convert.ToString(jsonGoogle?["details"]?["client_id"], CultureInfo.InvariantCulture);
if (!string.Equals(googleClientId, Convert.ToString(payload.Audience, CultureInfo.InvariantCulture), StringComparison.Ordinal))
{
throw new InvalidClientException();
}
// Validate the user.
var user = _userService.GetUsersByEmail(payload.Email).FirstOrDefault() ??
throw new InvalidUserException();
// Check the user active status.
if (user.Status != UserStatus.Active)
{
throw new InactiveUserException();
}
// need to ask when to increase login attempt.
// Verify the login attempts of the user.
CheckCurrentLoginAttempt(user);
// return the authenticated user.
return CreateAuthenticatedUserResponse(user, portalDomain, clientId);
}
public AuthenticatedUser ValidateMicrosoftLogin(string microsoftToken, string portalDomain, string clientId)
{
if (string.IsNullOrEmpty(microsoftToken))
{
throw new TokenInvalidException();
}
if (string.IsNullOrEmpty(portalDomain))
{
throw new InvalidPortalRequestedException(portalDomain);
}
var payload = JObject.Parse(microsoftToken);
// Convert to unix time to utc datetime.
var expDateTimeUtc = DateTimeOffset.FromUnixTimeSeconds((long)payload["exp"]).UtcDateTime;
// Vaidate token expiry
if (_systemClock.UtcNow > expDateTimeUtc)
{
throw new TokenExpiredException();
}
var issuerHost = string.Empty;
try
{
issuerHost = new Uri((string)payload["iss"]).Host;
}
catch (Exception)
{
throw new InvalidClientException();
}
// Validate issuer.
if (!string.Equals(issuerHost, "sts.windows.net", StringComparison.Ordinal))
{
throw new InvalidClientException();
}
var portal = _portalRepository.GetByDomain(portalDomain) ??
throw new InvalidPortalRequestedException(portalDomain);
// Validate client id for microsoft.
string audience = (string)payload["oid"];
var loginProviders = JObject.Parse(portal.LoginProviders);
var microsoftClientId = Convert.ToString(loginProviders?["Google"]?["details"]?["client_id"], CultureInfo.InvariantCulture);
if (!string.Equals(microsoftClientId, audience, StringComparison.Ordinal))
{
throw new TokenInvalidException();
}
// Validate the user.
var userEmail = (string)payload["email"];
var user = _userService.GetUsersByEmail(userEmail).FirstOrDefault() ??
throw new InvalidUserException();
// Check the user active status.
if (user.Status != UserStatus.Active)
{
throw new InactiveUserException();
}
// Verify the login attempts of the user.
CheckCurrentLoginAttempt(user);
// return the authenticated user.
return CreateAuthenticatedUserResponse(user, portalDomain, clientId);
}Editor is loading...
Leave a Comment