add passkey functionality
This commit is contained in:
sbwalker
3
Oqtane.Server/Pages/Passkey.cshtml
Normal file
3
Oqtane.Server/Pages/Passkey.cshtml
Normal file
@ -0,0 +1,3 @@
|
||||
@page "/pages/passkey"
|
||||
@namespace Oqtane.Pages
|
||||
@model Oqtane.Pages.PasskeyModel
|
||||
144
Oqtane.Server/Pages/Passkey.cshtml.cs
Normal file
144
Oqtane.Server/Pages/Passkey.cshtml.cs
Normal file
@ -0,0 +1,144 @@
|
||||
using System.Net;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.Mvc.RazorPages;
|
||||
using Oqtane.Enums;
|
||||
using Oqtane.Extensions;
|
||||
using Oqtane.Infrastructure;
|
||||
using Oqtane.Managers;
|
||||
using Oqtane.Security;
|
||||
using Oqtane.Shared;
|
||||
|
||||
namespace Oqtane.Pages
|
||||
{
|
||||
[AllowAnonymous]
|
||||
public class PasskeyModel : PageModel
|
||||
{
|
||||
private readonly UserManager<IdentityUser> _identityUserManager;
|
||||
private readonly SignInManager<IdentityUser> _identitySignInManager;
|
||||
private readonly IUserManager _userManager;
|
||||
private readonly ILogManager _logger;
|
||||
|
||||
public PasskeyModel(UserManager<IdentityUser> identityUserManager, SignInManager<IdentityUser> identitySignInManager, IUserManager userManager, ILogManager logger)
|
||||
{
|
||||
_identityUserManager = identityUserManager;
|
||||
_identitySignInManager = identitySignInManager;
|
||||
_userManager = userManager;
|
||||
_logger = logger;
|
||||
}
|
||||
|
||||
public async Task<IActionResult> OnPostAsync(string operation, string credential, string returnurl)
|
||||
{
|
||||
if (HttpContext.GetSiteSettings().GetValue("LoginOptions:Passkeys", "false") == "true")
|
||||
{
|
||||
IdentityUser identityuser;
|
||||
|
||||
switch (operation.ToLower())
|
||||
{
|
||||
case "create":
|
||||
if (User.Identity.IsAuthenticated)
|
||||
{
|
||||
identityuser = await _identityUserManager.FindByNameAsync(User.Identity.Name);
|
||||
if (identityuser != null)
|
||||
{
|
||||
var creationOptionsJson = await _identitySignInManager.MakePasskeyCreationOptionsAsync(new()
|
||||
{
|
||||
Id = identityuser.Id,
|
||||
Name = identityuser.UserName,
|
||||
DisplayName = identityuser.UserName
|
||||
});
|
||||
returnurl += $"?options={WebUtility.UrlEncode(creationOptionsJson)}";
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Create Attempt - User {User} Does Not Exist", User.Identity.Name);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Create Attempt - User Not Authenticated");
|
||||
}
|
||||
break;
|
||||
case "validate":
|
||||
if (User.Identity.IsAuthenticated && !string.IsNullOrEmpty(credential))
|
||||
{
|
||||
identityuser = await _identityUserManager.FindByNameAsync(User.Identity.Name);
|
||||
if (identityuser != null)
|
||||
{
|
||||
var attestationResult = await _identitySignInManager.PerformPasskeyAttestationAsync(credential);
|
||||
if (attestationResult.Succeeded)
|
||||
{
|
||||
attestationResult.Passkey.Name = identityuser.UserName + "'s Passkey";
|
||||
var addPasskeyResult = await _identityUserManager.AddOrUpdatePasskeyAsync(identityuser, attestationResult.Passkey);
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Passkey Validation Failed For User {Username} - {Message}", User.Identity.Name, attestationResult.Failure.Message);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Validation Attempt - User {User} Does Not Exist", User.Identity.Name);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Validation Attempt - User Not Authenticated Or Credential Not Provided");
|
||||
}
|
||||
break;
|
||||
case "request":
|
||||
if (!User.Identity.IsAuthenticated)
|
||||
{
|
||||
identityuser = null;
|
||||
var requestOptionsJson = await _identitySignInManager.MakePasskeyRequestOptionsAsync(identityuser);
|
||||
returnurl += $"?options={WebUtility.UrlEncode(requestOptionsJson)}";
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Request Attempt - User Is Already Authenticated");
|
||||
}
|
||||
break;
|
||||
case "login":
|
||||
if (!User.Identity.IsAuthenticated && !string.IsNullOrEmpty(credential))
|
||||
{
|
||||
var result = await _identitySignInManager.PasskeySignInAsync(credential);
|
||||
if (result.Succeeded)
|
||||
{
|
||||
var user = _userManager.GetUser(User.Identity.Name, HttpContext.GetAlias().SiteId);
|
||||
if (user != null && !user.IsDeleted && UserSecurity.ContainsRole(user.Roles, RoleNames.Registered))
|
||||
{
|
||||
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Passkey Login Successful For User {Username}", User.Identity.Name);
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Passkey Login Failed For User {Username}", User.Identity.Name);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Passkey Login Failed - Invalid Credential");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Login Attempt");
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Request - Passkeys Are Not Enabled For Site");
|
||||
}
|
||||
|
||||
if (!returnurl.StartsWith("/"))
|
||||
{
|
||||
returnurl = "/" + returnurl;
|
||||
}
|
||||
|
||||
return LocalRedirect(Url.Content("~" + returnurl));
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user