private async Task <OpenIdServerSettings> GetServerSettingsAsync(IOpenIdServerService service)
{
var settings = await service.GetSettingsAsync();
if ((await service.ValidateSettingsAsync(settings)).Any(result => result != ValidationResult.Success))
{
_logger.LogWarning("The OpenID Connect module is not correctly configured.");
return(null);
}
return(settings);
}
public override async Task <IDisplayResult> UpdateAsync(OpenIdServerSettings settings, IUpdateModel updater, string groupId)
{
var user = _httpContextAccessor.HttpContext?.User;
if (user == null || !await _authorizationService.AuthorizeAsync(user, Permissions.ManageServerSettings))
{
return(null);
}
if (groupId == SettingsGroupId)
{
var model = new OpenIdServerSettingsViewModel();
await updater.TryUpdateModelAsync(model, Prefix);
settings.TestingModeEnabled = model.TestingModeEnabled;
settings.AccessTokenFormat = model.AccessTokenFormat;
settings.Authority = model.Authority;
settings.CertificateStoreLocation = model.CertificateStoreLocation;
settings.CertificateStoreName = model.CertificateStoreName;
settings.CertificateThumbprint = model.CertificateThumbprint;
settings.EnableTokenEndpoint = model.EnableTokenEndpoint;
settings.EnableAuthorizationEndpoint = model.EnableAuthorizationEndpoint;
settings.EnableLogoutEndpoint = model.EnableLogoutEndpoint;
settings.EnableUserInfoEndpoint = model.EnableUserInfoEndpoint;
settings.AllowPasswordFlow = model.AllowPasswordFlow;
settings.AllowClientCredentialsFlow = model.AllowClientCredentialsFlow;
settings.AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow;
settings.AllowRefreshTokenFlow = model.AllowRefreshTokenFlow;
settings.AllowImplicitFlow = model.AllowImplicitFlow;
settings.UseRollingTokens = model.UseRollingTokens;
foreach (var result in await _serverService.ValidateSettingsAsync(settings))
{
if (result != ValidationResult.Success)
{
var key = result.MemberNames.FirstOrDefault() ?? string.Empty;
updater.ModelState.AddModelError(key, result.ErrorMessage);
}
}
// If the settings are valid, reload the current tenant.
if (updater.ModelState.IsValid)
{
_shellHost.ReloadShellContext(_shellSettings);
}
}
return(Edit(settings));
}
public async Task <IActionResult> IndexPost()
{
if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageServerSettings))
{
return(Forbid());
}
var settings = await _serverService.GetSettingsAsync();
var shape = await _serverSettingsDisplayManager.UpdateEditorAsync(settings, updater : _updateModelAccessor.ModelUpdater, isNew : false);
if (!ModelState.IsValid)
{
return(View(shape));
}
foreach (var result in await _serverService.ValidateSettingsAsync(settings))
{
if (result != ValidationResult.Success)
{
var key = result.MemberNames.FirstOrDefault() ?? string.Empty;
ModelState.AddModelError(key, result.ErrorMessage);
}
}
if (!ModelState.IsValid)
{
return(View(shape));
}
await _serverService.UpdateSettingsAsync(settings);
_notifier.Success(H["OpenID server configuration successfully updated."]);
await _shellHost.ReloadShellContextAsync(_shellSettings);
return(RedirectToAction(nameof(Index)));
}
public override async Task <IDisplayResult> UpdateAsync(OpenIdServerSettings settings, BuildEditorContext context)
{
var user = _httpContextAccessor.HttpContext?.User;
if (user == null || !await _authorizationService.AuthorizeAsync(user, Permissions.ManageServerSettings))
{
return(null);
}
if (context.GroupId == SettingsGroupId)
{
var model = new OpenIdServerSettingsViewModel();
await context.Updater.TryUpdateModelAsync(model, Prefix);
settings.TestingModeEnabled = model.TestingModeEnabled;
settings.AccessTokenFormat = model.AccessTokenFormat;
settings.Authority = model.Authority;
settings.CertificateStoreLocation = model.CertificateStoreLocation;
settings.CertificateStoreName = model.CertificateStoreName;
settings.CertificateThumbprint = model.CertificateThumbprint;
settings.AuthorizationEndpointPath = model.EnableAuthorizationEndpoint ?
new PathString("/connect/authorize") : PathString.Empty;
settings.LogoutEndpointPath = model.EnableLogoutEndpoint ?
new PathString("/connect/logout") : PathString.Empty;
settings.TokenEndpointPath = model.EnableTokenEndpoint ?
new PathString("/connect/token") : PathString.Empty;
settings.UserinfoEndpointPath = model.EnableUserInfoEndpoint ?
new PathString("/connect/userinfo") : PathString.Empty;
if (model.AllowAuthorizationCodeFlow)
{
settings.GrantTypes.Add(GrantTypes.AuthorizationCode);
}
else
{
settings.GrantTypes.Remove(GrantTypes.AuthorizationCode);
}
if (model.AllowImplicitFlow)
{
settings.GrantTypes.Add(GrantTypes.Implicit);
}
else
{
settings.GrantTypes.Remove(GrantTypes.Implicit);
}
if (model.AllowClientCredentialsFlow)
{
settings.GrantTypes.Add(GrantTypes.ClientCredentials);
}
else
{
settings.GrantTypes.Remove(GrantTypes.ClientCredentials);
}
if (model.AllowPasswordFlow)
{
settings.GrantTypes.Add(GrantTypes.Password);
}
else
{
settings.GrantTypes.Remove(GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
settings.GrantTypes.Add(GrantTypes.RefreshToken);
}
else
{
settings.GrantTypes.Remove(GrantTypes.RefreshToken);
}
settings.UseRollingTokens = model.UseRollingTokens;
foreach (var result in await _serverService.ValidateSettingsAsync(settings))
{
if (result != ValidationResult.Success)
{
var key = result.MemberNames.FirstOrDefault() ?? string.Empty;
context.Updater.ModelState.AddModelError(key, result.ErrorMessage);
}
}
// If the settings are valid, reload the current tenant.
if (context.Updater.ModelState.IsValid)
{
await _shellHost.ReloadShellContextAsync(_shellSettings);
}
}
return(await EditAsync(settings, context));
}