Untitled
unknown
plain_text
10 days ago
4.4 kB
4
Indexable
Never
public async Task<AuthenticatedUser> ValidateGoogleLoginAsync(string googleToken, string portalDomain, string clientId) { if (string.IsNullOrEmpty(googleToken)) { throw new TokenInvalidException(); } if (string.IsNullOrEmpty(portalDomain)) { throw new InvalidPortalRequestedException(portalDomain); } GoogleJsonWebSignature.Payload payload = null; try { payload = await GoogleJsonWebSignature.ValidateAsync(googleToken); } catch (Exception) { // Token is invalid throw new TokenInvalidException(); } // Check if the payload is null if (payload is null) { throw new TokenInvalidException(); } // Check for the audience. var portal = _portalRepository.GetByDomain(portalDomain) ?? throw new InvalidPortalRequestedException(portalDomain); // var loginProvider = JsonConvert.DeserializeObject<LoginProviders>(portal.LoginProviders, new JsonSerializerSettings // { // NullValueHandling = NullValueHandling.Ignore, // MissingMemberHandling = MissingMemberHandling.Ignore // }); var loginProviders = JObject.Parse(portal.LoginProviders); var jsonGoogle = JObject.Parse(loginProviders["Google"].ToString()); var googleClientId = Convert.ToString(jsonGoogle?["details"]?["client_id"], CultureInfo.InvariantCulture); if (!string.Equals(googleClientId, Convert.ToString(payload.Audience, CultureInfo.InvariantCulture), StringComparison.Ordinal)) { throw new InvalidClientException(); } // Validate the user. var user = _userService.GetUsersByEmail(payload.Email).FirstOrDefault() ?? throw new InvalidUserException(); // Check the user active status. if (user.Status != UserStatus.Active) { throw new InactiveUserException(); } // need to ask when to increase login attempt. // Verify the login attempts of the user. CheckCurrentLoginAttempt(user); // return the authenticated user. return CreateAuthenticatedUserResponse(user, portalDomain, clientId); } public AuthenticatedUser ValidateMicrosoftLogin(string microsoftToken, string portalDomain, string clientId) { if (string.IsNullOrEmpty(microsoftToken)) { throw new TokenInvalidException(); } if (string.IsNullOrEmpty(portalDomain)) { throw new InvalidPortalRequestedException(portalDomain); } var payload = JObject.Parse(microsoftToken); // Convert to unix time to utc datetime. var expDateTimeUtc = DateTimeOffset.FromUnixTimeSeconds((long)payload["exp"]).UtcDateTime; // Vaidate token expiry if (_systemClock.UtcNow > expDateTimeUtc) { throw new TokenExpiredException(); } var issuerHost = string.Empty; try { issuerHost = new Uri((string)payload["iss"]).Host; } catch (Exception) { throw new InvalidClientException(); } // Validate issuer. if (!string.Equals(issuerHost, "sts.windows.net", StringComparison.Ordinal)) { throw new InvalidClientException(); } var portal = _portalRepository.GetByDomain(portalDomain) ?? throw new InvalidPortalRequestedException(portalDomain); // Validate client id for microsoft. string audience = (string)payload["oid"]; var loginProviders = JObject.Parse(portal.LoginProviders); var microsoftClientId = Convert.ToString(loginProviders?["Google"]?["details"]?["client_id"], CultureInfo.InvariantCulture); if (!string.Equals(microsoftClientId, audience, StringComparison.Ordinal)) { throw new TokenInvalidException(); } // Validate the user. var userEmail = (string)payload["email"]; var user = _userService.GetUsersByEmail(userEmail).FirstOrDefault() ?? throw new InvalidUserException(); // Check the user active status. if (user.Status != UserStatus.Active) { throw new InactiveUserException(); } // Verify the login attempts of the user. CheckCurrentLoginAttempt(user); // return the authenticated user. return CreateAuthenticatedUserResponse(user, portalDomain, clientId); }
Leave a Comment