fix activation registration after local-network-access policy introduction
This commit is contained in:
Gary Sharp
@@ -12,10 +12,22 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
[DiscoAuthorize(Claims.DiscoAdminAccount)]
|
||||
public partial class ActivationController : AuthorizedDatabaseController
|
||||
{
|
||||
[HttpPost]
|
||||
public virtual ActionResult TestCallback(CallbackModel model)
|
||||
[HttpGet]
|
||||
public virtual async Task<ActionResult> Begin(CallbackModel model)
|
||||
{
|
||||
return this.PrecompiledPartialView<Views.Activation._ActivateCallback>(model);
|
||||
// validate timestamp
|
||||
var thresholdStart = DateTimeOffset.UtcNow.AddSeconds(-20).ToUnixTimeMilliseconds();
|
||||
var thresholdEnd = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds();
|
||||
if (model.Timestamp < thresholdStart || model.Timestamp > thresholdEnd)
|
||||
return new HttpStatusCodeResult(400, "Invalid timestamp");
|
||||
|
||||
// validate proof
|
||||
var service = new ActivationService(Database);
|
||||
var expectedProof = service.CalculateCallbackProof(model.CorrelationId, model.UserId, model.Timestamp);
|
||||
if (model.Proof != expectedProof)
|
||||
return new HttpStatusCodeResult(400, "Invalid proof");
|
||||
|
||||
return await Begin();
|
||||
}
|
||||
|
||||
[HttpPost, ValidateAntiForgeryToken]
|
||||
@@ -33,7 +45,7 @@ namespace Disco.Web.Areas.API.Controllers
|
||||
RedirectUrl = challengeModel.RedirectUrl
|
||||
};
|
||||
|
||||
return View(model);
|
||||
return View(MVC.API.Activation.Views.Begin, model);
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
|
||||
@@ -5,9 +5,12 @@ namespace Disco.Web.Areas.API.Models.Activation
|
||||
{
|
||||
public class CallbackModel
|
||||
{
|
||||
public string Origin { get; set; }
|
||||
public Guid DeploymentId { get; set; }
|
||||
public Guid CorrelationId { get; set; }
|
||||
[StringLength(50)]
|
||||
public string UserId { get; set; }
|
||||
public long Timestamp { get; set; }
|
||||
public string Proof { get; set; }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,17 +0,0 @@
|
||||
@model Disco.Web.Areas.API.Models.Activation.CallbackModel
|
||||
@{
|
||||
Layout = null;
|
||||
}
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
</head>
|
||||
<body data-deploymentid="@Model.DeploymentId" data-correlationid="@Model.CorrelationId" data-userid="@Model.UserId">
|
||||
<script>
|
||||
const deploymentId = document.body.dataset.deploymentid;
|
||||
const correlationId = document.body.dataset.correlationid;
|
||||
const userId = document.body.dataset.userid;
|
||||
window.parent.activateCallbackResponse(deploymentId, correlationId, userId);
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
@@ -1,107 +0,0 @@
|
||||
#pragma warning disable 1591
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
// Runtime Version:4.0.30319.42000
|
||||
//
|
||||
// Changes to this file may cause incorrect behavior and will be lost if
|
||||
// the code is regenerated.
|
||||
// </auto-generated>
|
||||
//------------------------------------------------------------------------------
|
||||
|
||||
namespace Disco.Web.Areas.API.Views.Activation
|
||||
{
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using System.Web;
|
||||
using System.Web.Helpers;
|
||||
using System.Web.Mvc;
|
||||
using System.Web.Mvc.Ajax;
|
||||
using System.Web.Mvc.Html;
|
||||
using System.Web.Routing;
|
||||
using System.Web.Security;
|
||||
using System.Web.UI;
|
||||
using System.Web.WebPages;
|
||||
using Disco;
|
||||
using Disco.Models.Repository;
|
||||
using Disco.Services;
|
||||
using Disco.Services.Authorization;
|
||||
using Disco.Services.Web;
|
||||
using Disco.Web;
|
||||
using Disco.Web.Extensions;
|
||||
|
||||
[System.CodeDom.Compiler.GeneratedCodeAttribute("RazorGenerator", "2.0.0.0")]
|
||||
[System.Web.WebPages.PageVirtualPathAttribute("~/Areas/API/Views/Activation/_ActivateCallback.cshtml")]
|
||||
public partial class _ActivateCallback : Disco.Services.Web.WebViewPage<Disco.Web.Areas.API.Models.Activation.CallbackModel>
|
||||
{
|
||||
public _ActivateCallback()
|
||||
{
|
||||
}
|
||||
public override void Execute()
|
||||
{
|
||||
|
||||
#line 2 "..\..\Areas\API\Views\Activation\_ActivateCallback.cshtml"
|
||||
|
||||
Layout = null;
|
||||
|
||||
|
||||
#line default
|
||||
#line hidden
|
||||
WriteLiteral("\r\n<!DOCTYPE html>\r\n<html");
|
||||
|
||||
WriteLiteral(" lang=\"en\"");
|
||||
|
||||
WriteLiteral(">\r\n<head>\r\n</head>\r\n<body");
|
||||
|
||||
WriteLiteral(" data-deploymentid=\"");
|
||||
|
||||
|
||||
#line 9 "..\..\Areas\API\Views\Activation\_ActivateCallback.cshtml"
|
||||
Write(Model.DeploymentId);
|
||||
|
||||
|
||||
#line default
|
||||
#line hidden
|
||||
WriteLiteral("\"");
|
||||
|
||||
WriteLiteral(" data-correlationid=\"");
|
||||
|
||||
|
||||
#line 9 "..\..\Areas\API\Views\Activation\_ActivateCallback.cshtml"
|
||||
Write(Model.CorrelationId);
|
||||
|
||||
|
||||
#line default
|
||||
#line hidden
|
||||
WriteLiteral("\"");
|
||||
|
||||
WriteLiteral(" data-userid=\"");
|
||||
|
||||
|
||||
#line 9 "..\..\Areas\API\Views\Activation\_ActivateCallback.cshtml"
|
||||
Write(Model.UserId);
|
||||
|
||||
|
||||
#line default
|
||||
#line hidden
|
||||
WriteLiteral("\"");
|
||||
|
||||
WriteLiteral(@">
|
||||
<script>
|
||||
const deploymentId = document.body.dataset.deploymentid;
|
||||
const correlationId = document.body.dataset.correlationid;
|
||||
const userId = document.body.dataset.userid;
|
||||
window.parent.activateCallbackResponse(deploymentId, correlationId, userId);
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
");
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore 1591
|
||||
Reference in New Issue
Block a user