Untitled

mail@pastecode.io avatar
unknown
plain_text
10 days ago
4.4 kB
4
Indexable
Never
public async Task<AuthenticatedUser> ValidateGoogleLoginAsync(string googleToken, string portalDomain, string clientId)
{
    if (string.IsNullOrEmpty(googleToken))
    {
        throw new TokenInvalidException();
    }

    if (string.IsNullOrEmpty(portalDomain))
    {
        throw new InvalidPortalRequestedException(portalDomain);
    }

    GoogleJsonWebSignature.Payload payload = null;

    try
    {
        payload = await GoogleJsonWebSignature.ValidateAsync(googleToken);
    }
    catch (Exception)
    {
        // Token is invalid
        throw new TokenInvalidException();
    }

    // Check if the payload is null
    if (payload is null)
    {
        throw new TokenInvalidException();
    }

    // Check for the audience.
    var portal = _portalRepository.GetByDomain(portalDomain) ??
                   throw new InvalidPortalRequestedException(portalDomain);

    // var loginProvider = JsonConvert.DeserializeObject<LoginProviders>(portal.LoginProviders, new JsonSerializerSettings
    // {
    //    NullValueHandling = NullValueHandling.Ignore,
    //    MissingMemberHandling = MissingMemberHandling.Ignore
    // });
    var loginProviders = JObject.Parse(portal.LoginProviders);
    var jsonGoogle = JObject.Parse(loginProviders["Google"].ToString());
    var googleClientId = Convert.ToString(jsonGoogle?["details"]?["client_id"], CultureInfo.InvariantCulture);

    if (!string.Equals(googleClientId, Convert.ToString(payload.Audience, CultureInfo.InvariantCulture), StringComparison.Ordinal))
    {
        throw new InvalidClientException();
    }

    // Validate the user.
    var user = _userService.GetUsersByEmail(payload.Email).FirstOrDefault() ??
                throw new InvalidUserException();

    // Check the user active status.
    if (user.Status != UserStatus.Active)
    {
        throw new InactiveUserException();
    }

    // need to ask when to increase login attempt.
    // Verify the login attempts of the user.
    CheckCurrentLoginAttempt(user);

    // return the authenticated user.
    return CreateAuthenticatedUserResponse(user, portalDomain, clientId);
}

public AuthenticatedUser ValidateMicrosoftLogin(string microsoftToken, string portalDomain, string clientId)
{
    if (string.IsNullOrEmpty(microsoftToken))
    {
        throw new TokenInvalidException();
    }

    if (string.IsNullOrEmpty(portalDomain))
    {
        throw new InvalidPortalRequestedException(portalDomain);
    }

    var payload = JObject.Parse(microsoftToken);

    // Convert to unix time to utc datetime.
    var expDateTimeUtc = DateTimeOffset.FromUnixTimeSeconds((long)payload["exp"]).UtcDateTime;

    // Vaidate token expiry
    if (_systemClock.UtcNow > expDateTimeUtc)
    {
        throw new TokenExpiredException();
    }

    var issuerHost = string.Empty;
    try
    {
        issuerHost = new Uri((string)payload["iss"]).Host;
    }
    catch (Exception)
    {
        throw new InvalidClientException();
    }

    // Validate issuer.
    if (!string.Equals(issuerHost, "sts.windows.net", StringComparison.Ordinal))
    {
        throw new InvalidClientException();
    }

    var portal = _portalRepository.GetByDomain(portalDomain) ??
                    throw new InvalidPortalRequestedException(portalDomain);

    // Validate client id for microsoft.
    string audience = (string)payload["oid"];
    var loginProviders = JObject.Parse(portal.LoginProviders);
    var microsoftClientId = Convert.ToString(loginProviders?["Google"]?["details"]?["client_id"], CultureInfo.InvariantCulture);

    if (!string.Equals(microsoftClientId, audience, StringComparison.Ordinal))
    {
        throw new TokenInvalidException();
    }

    // Validate the user.
    var userEmail = (string)payload["email"];
    var user = _userService.GetUsersByEmail(userEmail).FirstOrDefault() ??
                throw new InvalidUserException();

    // Check the user active status.
    if (user.Status != UserStatus.Active)
    {
        throw new InactiveUserException();
    }

    // Verify the login attempts of the user.
    CheckCurrentLoginAttempt(user);

    // return the authenticated user.
    return CreateAuthenticatedUserResponse(user, portalDomain, clientId);
}
Leave a Comment