Deprecate google login (#2385)

leotsarev · web-flow · commit 269d1de3f2fa · 2023-10-14T08:17:12.000Z
* cleanup user profile files

* Add google deprecate page
diff --git a/src/JoinRpg.Portal/Controllers/UserProfile/AccountController.cs b/src/JoinRpg.Portal/Controllers/UserProfile/AccountController.cs
@@ -1,6 +1,7 @@
 using System.Security.Claims;
 using Joinrpg.Web.Identity;
 using JoinRpg.Data.Interfaces;
+using JoinRpg.Interfaces;
 using JoinRpg.Portal.Identity;
 using JoinRpg.Portal.Infrastructure.Authentication;
 using JoinRpg.Services.Interfaces.Notification;
@@ -355,8 +356,6 @@ public ActionResult ExternalLogin(string provider, string returnUrl)
         return Challenge(authenticationProperties, provider);
     }
 
-    //
-    // GET: /Account/ExternalLoginCallback
     [AllowAnonymous]
     public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
     {
@@ -379,6 +378,7 @@ public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
         var email = loginInfo.Principal.FindFirstValue(ClaimTypes.Email);
 
         // If sign in failed, may be we have user with same email. Let's bind.
+        // TODO if we need to bind more google accounts
         if (!result.Succeeded && !string.IsNullOrWhiteSpace(email))
         {
             var user = await UserManager.FindByEmailAsync(email);
@@ -395,6 +395,11 @@ public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
 
         if (result.Succeeded)
         {
+            var isGoogle = loginInfo.LoginProvider == ProviderDescViewModel.Google.ProviderId;
+            if (isGoogle)
+            {
+                return RedirectToAction("GoogleDeprecated", new { returnUrl });
+            }
             return RedirectToLocal(returnUrl);
         }
 
@@ -420,6 +425,19 @@ public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
 
     }
 
+    public async Task<ActionResult> GoogleDeprecated(string returnUrl, [FromServices] ICurrentUserAccessor currentUserAccessor)
+    {
+        var user = await UserRepository.WithProfile(currentUserAccessor.UserId);
+
+        var viewModel = new GoogleDeprecatedViewModel(
+            VkLogin: user.GetSocialLogins().Single(s => s.LoginProvider.ProviderId == ProviderDescViewModel.Vk.ProviderId),
+            HasPassword: user.PasswordHash != null,
+            RedirectUrl: Url.IsLocalUrl(returnUrl) ? returnUrl : "/",
+            Email: currentUserAccessor.Email);
+
+        return View(viewModel);
+    }
+
     //
     // POST: /Account/ExternalLoginConfirmation
     [HttpPost]
diff --git a/src/JoinRpg.Portal/Infrastructure/Authentication/CurrentUserAccessor.cs b/src/JoinRpg.Portal/Infrastructure/Authentication/CurrentUserAccessor.cs
@@ -3,7 +3,6 @@
 using JoinRpg.Interfaces;
 using JoinRpg.Portal.Infrastructure.Authentication;
 using JoinRpg.PrimitiveTypes;
-#nullable enable
 
 namespace JoinRpg.Web.Helpers;
 
diff --git a/src/JoinRpg.Portal/Infrastructure/Authentication/ExternalLoginProfileExtractor.cs b/src/JoinRpg.Portal/Infrastructure/Authentication/ExternalLoginProfileExtractor.cs
@@ -3,11 +3,11 @@
 using Joinrpg.Web.Identity;
 using JoinRpg.PrimitiveTypes;
 using JoinRpg.Services.Interfaces;
+using JoinRpg.Web.Models;
 using Microsoft.AspNetCore.Identity;
 
 namespace JoinRpg.Portal.Infrastructure.Authentication;
 
-#nullable enable 
 /// <summary>
 /// Task of this class is to extract useful data from social logins
 /// </summary>
@@ -24,42 +24,29 @@ public async Task TryExtractProfile(JoinIdentityUser user, ExternalLoginInfo log
 
         if (TryGetVkId(loginInfo) is VkId vkId)
         {
-            var vkAvatar = TryGetClaim(loginInfo, VkontakteAuthenticationConstants.Claims.PhotoUrl);
+            var vkAvatar = loginInfo.Principal.FindFirstValue(VkontakteAuthenticationConstants.Claims.PhotoUrl);
 
             if (vkAvatar is not null)
             {
                 await userService.SetVkIfNotSetWithoutAccessChecks(user.Id, vkId,
                   new AvatarInfo(new Uri(vkAvatar), 50, 50));
             }
         }
-
-        if (TryGetClaim(loginInfo, "urn:google:photo") is string googleAvatar)
-        {
-            await userService.SetGoogleIfNotSetWithoutAccessChecks(user.Id,
-                 new AvatarInfo(new Uri(googleAvatar), 96, 96));
-        }
-        //var googleProfileLink = loginInfo.Principal.FindFirstValue("urn:google:profile");
     }
 
-    /// <summary>
-    /// This method is required, because FindFirstValue is not properly null-annotated
-    /// </summary>
-    private static string? TryGetClaim(ExternalLoginInfo loginInfo, string claimType)
-        => loginInfo.Principal.FindFirstValue(claimType);
-
     private static UserFullName TryGetUserName(ExternalLoginInfo loginInfo)
     {
         var bornName = BornName.FromOptional(loginInfo.Principal.FindFirstValue(ClaimTypes.GivenName));
         var surName = SurName.FromOptional(loginInfo.Principal.FindFirstValue(ClaimTypes.Surname));
-        var prefferedName = new PrefferedName(loginInfo.Principal.FindFirstValue(ClaimTypes.Name));
+        var prefferedName = new PrefferedName(loginInfo.Principal.FindFirstValue(ClaimTypes.Name)!);
 
         return new UserFullName(prefferedName, bornName, surName, FatherName: null);
     }
 
     private static VkId? TryGetVkId(ExternalLoginInfo loginInfo)
     {
-        return loginInfo.LoginProvider == "Vkontakte"
-            && TryGetClaim(loginInfo, ClaimTypes.NameIdentifier) is string id
+        return loginInfo.LoginProvider == ProviderDescViewModel.Vk.ProviderId
+            && loginInfo.Principal.FindFirstValue(ClaimTypes.NameIdentifier) is string id
             ? new VkId(id)
             : null;
     }
diff --git a/src/JoinRpg.Portal/Views/Account/GoogleDeprecated.cshtml b/src/JoinRpg.Portal/Views/Account/GoogleDeprecated.cshtml
@@ -0,0 +1,96 @@
+﻿@using JoinRpg.Web.Models;
+@model JoinRpg.Web.Models.GoogleDeprecatedViewModel
+@{
+    ViewBag.Title = "Проверка доступности аккаунта";
+}
+
+<h2>@ViewBag.Title</h2>
+<div>
+    <p class="alert alert-warning">
+        <b>Прочтите это сообщение внимательно, чтобы не потерять доступ к своему аккаунту</b>. <br />
+        Вы вошли в свой аккаунт, используя вход через Google. С 1 декабря 2023 года это способ входа будет отключен — это связано с тем, что с 1 декабря авторизация
+        с использованием иностранных провайдеров запрещена на территории РФ. Чтобы не потерять доступ к своему аккаунту, убедитесь, что у вас настроены альтернативные способы
+        входа.
+    </p>
+
+    <table class="table">
+      <tr><th>Способ входа</th><th>Статус</th><th>Действие</th></tr>
+      <tr>
+        <td>Вконтакте</td>
+        <td>
+                @if (Model.VkLogin.Present)
+                {
+                    <span class="label label-success">Настроен</span>
+                }
+                else
+                {
+                    <span class="label label-warning">Не подключена</span>
+                }
+        </td>
+        <td>
+          @if (Model.VkLogin.Present)
+          {
+                    <text>Проверьте, что у вас есть доступ к <a href="@Model.VkLogin.ProviderLink">@Model.VkLogin.ProviderLink</a>.</text>
+          }
+          else
+          {
+                    <form asp-controller="Manage" asp-action="LinkLogin" style="display:inline">
+                        <input type="hidden" value="@Model.VkLogin.LoginProvider.ProviderId" name="provider" />
+                        <button type="submit" class="btn btn-default">Подключить</button>
+                    </form>
+          }
+         </td>
+       </tr>
+        <tr>
+            <td>Пароль</td>
+            <td>
+                @if (Model.HasPassword)
+                {
+                  <span class="label label-success">Настроен</span> 
+                }
+                else
+                {
+                    <span class="label label-warning">Не установлен</span>
+                }
+            </td>
+            <td>
+                @if (Model.HasPassword)
+                {
+                    <p>Попробуйте залогиниться по паролю, чтобы убедиться, что вы его помните.</p>
+                    @using (Html.BeginForm("Login", "Account", new { ReturnUrl = Model.RedirectUrl }, FormMethod.Post, antiforgery: true, new { @class = "form-horizontal", role = "form" }))
+                    {
+                        @Html.AntiForgeryToken()
+                        @Html.HiddenFor(m => m.Email)
+                        <div class="form-group">
+                            <label class="control-label col-md-2">Пароль</label>
+                            <div class="col-md-3">
+                                @Html.Password("Password", "", new { @class = "form-control" })
+                            </div>
+                            <div class="col-md-2">
+                                <input type="submit" value="Войти" class="btn btn-success" />
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            
+                        </div>
+                    }
+                    <text>Если вы не помните пароль, то @Html.ActionLink("сбросьте", "ForgotPassword") его.</text>
+                }
+                else
+                {
+                    <a asp-controller="Manage" asp-action="SetPassword" class="btn btn-default">Установить пароль.</a>
+                }
+            </td>
+        </tr>
+        <tr>
+            <td>Email</td>
+            <td><span class="label label-success">Установлена</span>.</td>
+            <td>
+                Проверьте, что у вас есть доступ к почте <a href="@Model.Email">@Model.Email</a>. Это позволит вам сбросить пароль, если вы его забудете. Если у вас нет доступа, обратитесь в техподдержку.
+            </td>
+        </tr>
+    </table>
+
+    <a href="@Model.RedirectUrl" class="btn btn-success" style="text-align: center">Я все проверил и хочу продолжить</a>
+
+</div>
diff --git a/src/JoinRpg.WebPortal.Models/UserProfile/AccountViewModels.cs b/src/JoinRpg.WebPortal.Models/UserProfile/AccountViewModels.cs
@@ -19,10 +19,12 @@ public class ExternalLoginConfirmationViewModel
 
 public class ExternalLoginListViewModel
 {
-    public string ReturnUrl { get; set; }
-    public List<AuthenticationDescriptionViewModel> ExternalLogins { get; set; }
+    public required string ReturnUrl { get; set; }
+    public required List<AuthenticationDescriptionViewModel> ExternalLogins { get; set; }
 }
 
+public record GoogleDeprecatedViewModel(bool HasPassword, string RedirectUrl, UserLoginInfoViewModel VkLogin, string Email);
+
 public class AuthenticationDescriptionViewModel
 {
     public string AuthenticationType { get; set; }
diff --git a/src/JoinRpg.WebPortal.Models/UserProfile/UserLoginInfoViewModel.cs b/src/JoinRpg.WebPortal.Models/UserProfile/UserLoginInfoViewModel.cs
@@ -2,16 +2,15 @@
 
 namespace JoinRpg.Web.Models;
 
-#nullable enable
 
-public record UserLoginInfoViewModel
+public record ProviderDescViewModel(string ProviderId, string FriendlyName)
 {
-    public record ProviderDescViewModel(string ProviderId, string FriendlyName)
-    {
-        public static readonly ProviderDescViewModel Google = new("Google", "Google");
-        public static readonly ProviderDescViewModel Vk = new("Vkontakte", "ВК");
-    }
+    public static readonly ProviderDescViewModel Google = new("Google", "Google");
+    public static readonly ProviderDescViewModel Vk = new("Vkontakte", "ВК");
+}
 
+public record UserLoginInfoViewModel
+{
     public ProviderDescViewModel LoginProvider { get; init; } = null!;
 
     public string? ProviderLink { get; set; }
@@ -21,15 +20,16 @@ public record ProviderDescViewModel(string ProviderId, string FriendlyName)
     public bool AllowLink { get; set; }
     public bool AllowUnlink { get; set; }
     public bool NeedToReLink { get; set; }
+    public bool Present => ProviderLink is not null && ProviderKey is not null;
 }
 
 public static class UserLoginInfoViewModelBuilder
 {
     public static IEnumerable<UserLoginInfoViewModel> GetSocialLogins(this User user)
     {
         var canRemoveLogins = user.PasswordHash != null || user.ExternalLogins.Count > 1;
-        yield return GetModel(UserLoginInfoViewModel.ProviderDescViewModel.Google);
-        var vk = GetModel(UserLoginInfoViewModel.ProviderDescViewModel.Vk);
+        yield return GetModel(ProviderDescViewModel.Google);
+        var vk = GetModel(ProviderDescViewModel.Vk);
         if (vk.ProviderKey is not null)
         {
             vk.ProviderLink = $"https://vk.com/id{vk.ProviderKey}";
@@ -44,7 +44,7 @@ public static IEnumerable<UserLoginInfoViewModel> GetSocialLogins(this User user
 
         yield return vk;
 
-        UserLoginInfoViewModel GetModel(UserLoginInfoViewModel.ProviderDescViewModel provider)
+        UserLoginInfoViewModel GetModel(ProviderDescViewModel provider)
         {
             if (user.ExternalLogins.SingleOrDefault(l =>
                 l.Provider.ToLowerInvariant() == provider.ProviderId.ToLowerInvariant()

Original file line number	Diff line number	Diff line change
`@@ -19,10 +19,12 @@ public class ExternalLoginConfirmationViewModel`
`19`	`19`
`20`	`20`	`public class ExternalLoginListViewModel`
`21`	`21`	`{`
`22`		`- public string ReturnUrl { get; set; }`
`23`		`- public List<AuthenticationDescriptionViewModel> ExternalLogins { get; set; }`
	`22`	`+ public required string ReturnUrl { get; set; }`
	`23`	`+ public required List<AuthenticationDescriptionViewModel> ExternalLogins { get; set; }`
`24`	`24`	`}`
`25`	`25`
	`26`	`+public record GoogleDeprecatedViewModel(bool HasPassword, string RedirectUrl, UserLoginInfoViewModel VkLogin, string Email);`
	`27`	`+`
`26`	`28`	`public class AuthenticationDescriptionViewModel`
`27`	`29`	`{`
`28`	`30`	`public string AuthenticationType { get; set; }`