public async Task <IActionResult> Index()
{
if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageServerSettings))
{
return(Forbid());
}
var settings = await _serverService.GetSettingsAsync();
var shape = await _serverSettingsDisplayManager.BuildEditorAsync(settings, updater : _updateModelAccessor.ModelUpdater, isNew : false);
return(View(shape));
}
public async Task ExecuteAsync(RecipeExecutionContext context)
{
if (!string.Equals(context.Name, "OpenIdServerSettings", StringComparison.OrdinalIgnoreCase))
{
return;
}
var model = context.Step.ToObject <OpenIdServerSettingsStepModel>();
var settings = await _serverService.GetSettingsAsync();
settings.TestingModeEnabled = model.TestingModeEnabled;
settings.AccessTokenFormat = model.AccessTokenFormat;
settings.Authority = model.Authority;
settings.EnableTokenEndpoint = model.EnableTokenEndpoint;
settings.EnableAuthorizationEndpoint = model.EnableAuthorizationEndpoint;
settings.EnableLogoutEndpoint = model.EnableLogoutEndpoint;
settings.EnableUserInfoEndpoint = model.EnableUserInfoEndpoint;
settings.AllowPasswordFlow = model.AllowPasswordFlow;
settings.AllowClientCredentialsFlow = model.AllowClientCredentialsFlow;
settings.AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow;
settings.AllowRefreshTokenFlow = model.AllowRefreshTokenFlow;
settings.AllowImplicitFlow = model.AllowImplicitFlow;
settings.UseRollingTokens = model.UseRollingTokens;
settings.CertificateStoreLocation = model.CertificateStoreLocation;
settings.CertificateStoreName = model.CertificateStoreName;
settings.CertificateThumbprint = model.CertificateThumbprint;
await _serverService.UpdateSettingsAsync(settings);
}
public async Task ProcessDeploymentStepAsync(DeploymentStep step, DeploymentPlanResult result)
{
var openIdServerStep = step as OpenIdServerDeploymentStep;
if (openIdServerStep == null)
{
return;
}
var settings = await _openIdServerService
.GetSettingsAsync();
var settingsModel = new OpenIdServerSettingsStepModel
{
AccessTokenFormat = settings.AccessTokenFormat,
Authority = settings.Authority?.AbsoluteUri,
EncryptionCertificateStoreLocation = settings.EncryptionCertificateStoreLocation,
EncryptionCertificateStoreName = settings.EncryptionCertificateStoreName,
EncryptionCertificateThumbprint = settings.EncryptionCertificateThumbprint,
SigningCertificateStoreLocation = settings.SigningCertificateStoreLocation,
SigningCertificateStoreName = settings.SigningCertificateStoreName,
SigningCertificateThumbprint = settings.SigningCertificateThumbprint,
// The recipe step only reads these flags, and uses constants for the paths.
// Conversely, we export true for endpoints with a path, false for those without.
EnableAuthorizationEndpoint = !string.IsNullOrWhiteSpace(settings.AuthorizationEndpointPath),
EnableLogoutEndpoint = !string.IsNullOrWhiteSpace(settings.LogoutEndpointPath),
EnableTokenEndpoint = !string.IsNullOrWhiteSpace(settings.TokenEndpointPath),
EnableUserInfoEndpoint = !string.IsNullOrWhiteSpace(settings.UserinfoEndpointPath),
EnableIntrospectionEndpoint = !string.IsNullOrWhiteSpace(settings.IntrospectionEndpointPath),
EnableRevocationEndpoint = !string.IsNullOrWhiteSpace(settings.RevocationEndpointPath),
AllowAuthorizationCodeFlow = settings.AllowAuthorizationCodeFlow,
AllowClientCredentialsFlow = settings.AllowClientCredentialsFlow,
AllowHybridFlow = settings.AllowHybridFlow,
AllowImplicitFlow = settings.AllowImplicitFlow,
AllowPasswordFlow = settings.AllowPasswordFlow,
AllowRefreshTokenFlow = settings.AllowRefreshTokenFlow,
DisableAccessTokenEncryption = settings.DisableAccessTokenEncryption,
DisableRollingRefreshTokens = settings.DisableRollingRefreshTokens,
UseReferenceAccessTokens = settings.UseReferenceAccessTokens,
RequireProofKeyForCodeExchange = settings.RequireProofKeyForCodeExchange,
};
// Use nameof(OpenIdServerSettings) as name,
// to match the recipe step.
var obj = new JObject(
new JProperty(
"name",
nameof(OpenIdServerSettings)));
obj.Merge(JObject.FromObject(settingsModel));
result.Steps.Add(obj);
}
private async Task <OpenIdServerSettings> GetServerSettingsAsync(IOpenIdServerService service)
{
var settings = await service.GetSettingsAsync();
if ((await service.ValidateSettingsAsync(settings)).Any(result => result != ValidationResult.Success))
{
_logger.LogWarning("The OpenID Connect module is not correctly configured.");
return(null);
}
return(settings);
}
public async Task ProcessDeploymentStepAsync(DeploymentStep step, DeploymentPlanResult result)
{
var openIdServerStep = step as OpenIdServerDeploymentStep;
if (openIdServerStep == null)
{
return;
}
var serverSettings = await _openIdServerService.GetSettingsAsync();
result.Steps.Add(new JObject(
new JProperty("name", "OpenIdServer"),
new JProperty("OpenIdServer", JObject.FromObject(serverSettings))
));
}
public async Task ExecuteAsync(RecipeExecutionContext context)
{
if (!string.Equals(context.Name, "OpenIdServerSettings", StringComparison.OrdinalIgnoreCase))
{
return;
}
var model = context.Step.ToObject <OpenIdServerSettingsStepModel>();
var settings = await _serverService.GetSettingsAsync();
settings.TestingModeEnabled = model.TestingModeEnabled;
settings.AccessTokenFormat = model.AccessTokenFormat;
settings.Authority = model.Authority;
settings.CertificateStoreLocation = model.CertificateStoreLocation;
settings.CertificateStoreName = model.CertificateStoreName;
settings.CertificateThumbprint = model.CertificateThumbprint;
settings.AuthorizationEndpointPath = model.EnableAuthorizationEndpoint ?
new PathString("/connect/authorize") : PathString.Empty;
settings.LogoutEndpointPath = model.EnableLogoutEndpoint ?
new PathString("/connect/logout") : PathString.Empty;
settings.TokenEndpointPath = model.EnableTokenEndpoint ?
new PathString("/connect/token") : PathString.Empty;
settings.UserinfoEndpointPath = model.EnableUserInfoEndpoint ?
new PathString("/connect/userinfo") : PathString.Empty;
if (model.AllowImplicitFlow)
{
settings.GrantTypes.Add(GrantTypes.Implicit);
}
else
{
settings.GrantTypes.Remove(GrantTypes.Implicit);
}
if (model.AllowClientCredentialsFlow)
{
settings.GrantTypes.Add(GrantTypes.ClientCredentials);
}
else
{
settings.GrantTypes.Remove(GrantTypes.ClientCredentials);
}
if (model.AllowPasswordFlow)
{
settings.GrantTypes.Add(GrantTypes.Password);
}
else
{
settings.GrantTypes.Remove(GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
settings.GrantTypes.Add(GrantTypes.RefreshToken);
}
else
{
settings.GrantTypes.Remove(GrantTypes.RefreshToken);
}
settings.UseRollingTokens = model.UseRollingTokens;
await _serverService.UpdateSettingsAsync(settings);
}