/// <summary>
/// Validates that URI schemes is not in the list of invalid URI scheme prefixes, as controlled by the ValidationOptions.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
protected virtual Task ValidateUriSchemesAsync(ClientConfigurationValidationContext context)
{
if (context.Client.RedirectUris?.Any() == true)
{
foreach (var uri in context.Client.RedirectUris)
{
if (_options.Validation.InvalidRedirectUriPrefixes
.Any(scheme => uri?.StartsWith(scheme, StringComparison.OrdinalIgnoreCase) == true))
{
context.SetError($"RedirectUri '{uri}' uses invalid scheme. If this scheme should be allowed, then configure it via ValidationOptions.");
}
}
}
if (context.Client.PostLogoutRedirectUris?.Any() == true)
{
foreach (var uri in context.Client.PostLogoutRedirectUris)
{
if (_options.Validation.InvalidRedirectUriPrefixes
.Any(scheme => uri?.StartsWith(scheme, StringComparison.OrdinalIgnoreCase) == true))
{
context.SetError($"PostLogoutRedirectUri '{uri}' uses invalid scheme. If this scheme should be allowed, then configure it via ValidationOptions.");
}
}
}
return(Task.CompletedTask);
}
protected internal override async Task FilterOutInvalidModelsAsync(IList <ClientModel> models, IDataImportResult result)
{
if (models == null)
{
throw new ArgumentNullException(nameof(models));
}
if (result == null)
{
throw new ArgumentNullException(nameof(result));
}
await base.FilterOutInvalidModelsAsync(models, result);
var copies = models.ToArray();
models.Clear();
foreach (var client in copies)
{
var context = new ClientConfigurationValidationContext(client);
await this.ClientValidator.ValidateAsync(context);
if (!context.IsValid)
{
await this.AddErrorAsync($"Client \"{client.ClientId}\": {context.ErrorMessage}", result);
continue;
}
models.Add(client);
}
}
/// <summary>
/// Finds a client by id (and runs the validation logic)
/// </summary>
/// <param name="clientId">The client id</param>
/// <returns>
/// The client or an InvalidOperationException
/// </returns>
public async Task <Client> FindClientByIdAsync(string clientId)
{
var client = await _inner.FindClientByIdAsync(clientId);
if (client != null)
{
_logger.LogTrace("Calling into client configuration validator: {validatorType}", _validatorType);
var context = new ClientConfigurationValidationContext(client);
await _validator.ValidateAsync(context);
if (context.IsValid)
{
_logger.LogDebug("client configuration validation for client {clientId} succeeded.", client.ClientId);
return(client);
}
_logger.LogError("Invalid client configuration for client {clientId}: {errorMessage}", client.ClientId, context.ErrorMessage);
await _events.RaiseAsync(new InvalidClientConfigurationEvent(client, context.ErrorMessage));
return(null);
}
return(null);
}
/// <summary>
/// Validates allowed CORS origins for valid format.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
protected virtual Task ValidateAllowedCorsOriginsAsync(ClientConfigurationValidationContext context)
{
if (context.Client.AllowedCorsOrigins?.Any() == true)
{
foreach (var origin in context.Client.AllowedCorsOrigins)
{
var fail = true;
if (!string.IsNullOrWhiteSpace(origin) && Uri.IsWellFormedUriString(origin, UriKind.Absolute))
{
var uri = new Uri(origin);
if (uri.AbsolutePath == "/" && !origin.EndsWith("/"))
{
fail = false;
}
}
if (fail)
{
if (!string.IsNullOrWhiteSpace(origin))
{
context.SetError($"AllowedCorsOrigins contains invalid origin: {origin}");
}
else
{
context.SetError($"AllowedCorsOrigins contains invalid origin. There is an empty value.");
}
return(Task.CompletedTask);
}
}
}
return(Task.CompletedTask);
}
public async Task ValidateAsync(ClientConfigurationValidationContext context)
{
//context.Client.ClientSecrets
//设置isvalid为验证是否成功
//context.IsValid = false;
await Task.CompletedTask;
}
public async Task ValidateAsync(ClientConfigurationValidationContext context)
{
string test;
test = "Hola Mundo";
//throw new NotImplementedException();
}
private async Task <ClientConfigurationValidationContext> ValidateAsync(Client client)
{
var context = new ClientConfigurationValidationContext(client);
await _validator.ValidateAsync(context);
return(context);
}
protected override Task ValidateAllowedCorsOriginsAsync(ClientConfigurationValidationContext context)
{
context.Client.AllowedCorsOrigins = context.Client
.AllowedCorsOrigins.Select(x => x.Replace("{0}.", string.Empty, StringComparison.OrdinalIgnoreCase))
.ToHashSet();
return(base.ValidateAllowedCorsOriginsAsync(context));
}
public async Task ValidateAsync()
{
var context = new ClientConfigurationValidationContext(_testClient);
await _abpClientConfigurationValidator.ValidateAsync(context);
context.IsValid.ShouldBeTrue();
}
/// <summary>
/// Validates grant type related configuration settings.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
protected virtual Task ValidateGrantTypesAsync(ClientConfigurationValidationContext context)
{
if (context.Client.AllowedGrantTypes?.Any() != true)
{
context.SetError("no allowed grant type specified");
}
return(Task.CompletedTask);
}
/// <summary>
/// Determines whether the configuration of a client is valid.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public async Task ValidateAsync(ClientConfigurationValidationContext context)
{
using var activity = Tracing.ValidationActivitySource.StartActivity("DefaultClientConfigurationValidator.Validate");
if (context.Client.ProtocolType == IdentityServerConstants.ProtocolTypes.OpenIdConnect)
{
await ValidateGrantTypesAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidateLifetimesAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidateRedirectUriAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidateAllowedCorsOriginsAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidateUriSchemesAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidateSecretsAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidatePropertiesAsync(context);
if (context.IsValid == false)
{
return;
}
}
}
/// <summary>
/// Determines whether the configuration of a client is valid.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public async Task ValidateAsync(ClientConfigurationValidationContext context)
{
if (context.Client.ProtocolType == IdentityServerConstants.ProtocolTypes.OpenIdConnect)
{
await ValidateGrantTypesAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidateLifetimesAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidateRedirectUriAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidateAllowedCorsOriginsAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidateUriSchemesAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidateSecretsAsync(context);
if (context.IsValid == false)
{
return;
}
await ValidatePropertiesAsync(context);
if (context.IsValid == false)
{
return;
}
}
}
/// <summary>
/// Validates allowed CORS origins for valid format.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
protected virtual Task ValidateAllowedCorsOriginsAsync(ClientConfigurationValidationContext context)
{
if (context.Client.AllowedCorsOrigins?.Any() == true)
{
foreach (var origin in context.Client.AllowedCorsOrigins)
{
if (string.IsNullOrWhiteSpace(origin))
{
context.SetError($"AllowedCorsOrigins contains invalid origin. There is an empty value.");
}
return(Task.CompletedTask);
}
}
return(Task.CompletedTask);
}
/// <summary>
/// Validates redirect URI related configuration.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
protected virtual Task ValidateRedirectUriAsync(ClientConfigurationValidationContext context)
{
if (context.Client.AllowedGrantTypes?.Any() == true)
{
if (context.Client.AllowedGrantTypes.Contains(GrantType.AuthorizationCode) ||
context.Client.AllowedGrantTypes.Contains(GrantType.Hybrid) ||
context.Client.AllowedGrantTypes.Contains(GrantType.Implicit))
{
if (context.Client.RedirectUris?.Any() == false)
{
context.SetError("No redirect URI configured.");
}
}
}
return(Task.CompletedTask);
}
/// <inheritdoc/>
protected override async Task ValidateLifetimesAsync(ClientConfigurationValidationContext context)
{
await base.ValidateLifetimesAsync(context);
if (context.IsValid)
{
if (_keyManagerOptions == null)
{
throw new System.Exception("KeyManagerOptions not configured.");
}
var keyMaxAge = (int)_keyManagerOptions.KeyRetirementAge.TotalSeconds;
var accessTokenAge = context.Client.AccessTokenLifetime;
if (keyMaxAge < accessTokenAge)
{
context.SetError("AccessTokenLifetime is greater than the IdentityServer signing key KeyRetirement value.");
}
}
}
/// <summary>
/// Validates secret related configuration.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
protected virtual Task ValidateSecretsAsync(ClientConfigurationValidationContext context)
{
if (context.Client.AllowedGrantTypes?.Any() == true)
{
foreach (var grantType in context.Client.AllowedGrantTypes)
{
if (!string.Equals(grantType, GrantType.Implicit))
{
if (context.Client.RequireClientSecret && context.Client.ClientSecrets.Count == 0)
{
context.SetError($"Client secret is required for {grantType}, but no client secret is configured.");
return(Task.CompletedTask);
}
}
}
}
return(Task.CompletedTask);
}
/// <summary>
/// Validates lifetime related configuration settings.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
protected virtual Task ValidateLifetimesAsync(ClientConfigurationValidationContext context)
{
if (context.Client.AccessTokenLifetime <= 0)
{
context.SetError("access token lifetime is 0 or negative");
return(Task.CompletedTask);
}
if (context.Client.IdentityTokenLifetime <= 0)
{
context.SetError("identity token lifetime is 0 or negative");
return(Task.CompletedTask);
}
if (context.Client.AllowedGrantTypes?.Contains(GrantType.DeviceFlow) == true &&
context.Client.DeviceCodeLifetime <= 0)
{
context.SetError("device code lifetime is 0 or negative");
}
// 0 means unlimited lifetime
if (context.Client.AbsoluteRefreshTokenLifetime < 0)
{
context.SetError("absolute refresh token lifetime is negative");
return(Task.CompletedTask);
}
// 0 might mean that sliding is disabled
if (context.Client.SlidingRefreshTokenLifetime < 0)
{
context.SetError("sliding refresh token lifetime is negative");
return(Task.CompletedTask);
}
return(Task.CompletedTask);
}
public async Task ValidateAsync(ClientConfigurationValidationContext context)
{
}
/// <summary>
/// Determines whether the configuration of a client is valid.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public Task ValidateAsync(ClientConfigurationValidationContext context)
{
context.IsValid = true;
return(Task.CompletedTask);
}
/// <summary>
/// Validates properties related configuration settings.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
protected virtual Task ValidatePropertiesAsync(ClientConfigurationValidationContext context)
{
return(Task.CompletedTask);
}
