Beispiel #1
0
        public ActionResult Authorize(string appid, string scope, string state, string redirect_uri, string user_code, string login_pwd, GrantCodeRight[] grants, int takeAll)
        {
            string     device_id  = Request.Headers["device-id"];
            OAuthApp   app        = OAuthAppCache.Instance.Find(it => it.APP_CODE.Equals(appid));
            GrantScope scopeModel = ScopeCache.Instance.Find(it => it.SCOPE_CODE.Equals(scope));

            if (app == null)
            {
                return(View("fatal", FuncResult.FailResult("未注册的应用")));
            }
            if (scopeModel == null)
            {
                return(View("fatal", FuncResult.FailResult("无效的授权范围")));
            }
            if (!this.OAuthContext.IsLogined)
            {
                if (string.IsNullOrEmpty(user_code))
                {
                    return(View("fatal", FuncResult.FailResult("必须输入账号")));
                }
                if (string.IsNullOrEmpty(login_pwd))
                {
                    return(View("fatal", FuncResult.FailResult("必须输入密码")));
                }
                string message;
                if (!this.UserLogin(user_code, login_pwd, app.APP_ID, out message))
                {
                    return(View("fatal", FuncResult.FailResult(message)));
                }
            }
            user_code = this.OAuthContext.UserInfo.UserCode;
            GrantProvider grant = new GrantProvider(appid, user_code, scope, device_id ?? this.OAuthContext.Device_Id);

            if (!grant.Grant(takeAll == 1, grants))
            {
                return(View("fatal", FuncResult.FailResult("授权失败,请重试")));
            }
            string return_url = xUtils.CombinaRedirectUri(redirect_uri, state, grant.Auth_Code);

            return(Redirect(return_url));
        }
Beispiel #2
0
        public ActionResult Authorize(string appid, string scope, string state, string redirect_uri)
        {
            string authHeader = Request.Headers["auth"];
            string device_id  = Request.Headers["device-id"];
            string appVersion = Request.Headers["app-version"];

            Log.Info("HTTP HEADER: auth={0}&device_id={1}&app-version={2}", authHeader, device_id, appVersion);
            if (!string.IsNullOrEmpty(authHeader))
            {
                scope = string.IsNullOrEmpty(scope) ? "basic_api" : scope;
                string message;
                try
                {
                    if (!this.LoginByToken(authHeader, device_id, appVersion, out message))
                    {
                        return(View("fatal", message));
                    }
                }
                catch (Exception ex)
                {
                    message = ex.Message;
                    Log.Info("APP登录失败", ex);
                    return(View("fatal", new { Message = message }));
                }
            }

            OAuthApp app = OAuthAppCache.Instance.Find(it => it.APP_CODE.Equals(appid));

            //var scopeModel = ScopeCache.Instance.Find(it => it.SCOPE_CODE.Equals(scope));
            GrantScope[] scopeModel = ScopeCache.Instance.FindAll(scope);
            if (scopeModel == null || scopeModel.Length <= 0)
            {
                return(View("fatal", FuncResult.FailResult("无效的授权范围")));
            }
            var scopeids    = scopeModel.Select(it => it.SCOPE_ID);
            var scopeRights = ScopeRightProvider.GetScopeRights(scopeids.ToArray());

            ViewBag.ScopeRights = scopeRights;
            if (app == null)
            {
                return(View("fatal", FuncResult.FailResult("未注册的应用")));
            }
            this.OAuthContext.CurrentApp = app;

            if (string.IsNullOrEmpty(redirect_uri))
            {
                return(View("fatal", FuncResult.FailResult("redirect_uri不能为空")));
            }
            if (this.OAuthContext.IsLogined)                                                                                //已登录
            {
                bool isAlreadyAuthorized = xUtils.IsAlreayAuthorized(app.APP_ID, this.OAuthContext.UserInfo.UserId, scope); //是否已授权

                if (app.IS_INTERNAL || !scopeModel.HasExpllicit() || isAlreadyAuthorized)                                   //内部应用、隐式授权作用域以及已经授权过
                {
                    GrantProvider provider = new GrantProvider(appid, this.OAuthContext.UserInfo.UserCode, scope, device_id ?? this.OAuthContext.Device_Id);
                    if (!provider.Grant(!isAlreadyAuthorized, null))//获取授权作用范围内所有权限
                    {
                        return(View("fatal", FuncResult.FailResult("授权失败")));
                    }
                    string auth_code  = provider.Auth_Code;
                    string return_url = xUtils.CombinaRedirectUri(redirect_uri, state, auth_code);
                    return(Redirect(return_url));
                }
                else
                {
                    //显式授权
                    return(View());
                }
            }
            else//未登录
            {
                if (app.IS_INTERNAL)
                {
                    return(View("Internal_Login"));
                }
                //登录后授权
                return(View());
            }
        }