Beispiel #1
0
        public async Task <ThirdPartySystemTokenResult> GetSystemAttributes(AuthorizationEndpoint endpoint, SystemLoginEndpoint loginEndpoint, HttpRequest request)
        {
            ThirdPartySystemTokenResult result = new ThirdPartySystemTokenResult();

            var service = await GetService(endpoint);

            var postExecuteService = await GetPostExecuteService(endpoint);


            var thirdPartyResult = await service.GetSystemToken(endpoint.ThirdPartyConfiguration, request);

            result.Attributes = thirdPartyResult.Attributes;

            if (postExecuteService != null)
            {
                var postExecuteResult = await postExecuteService.Execute(thirdPartyResult.Attributes, endpoint.ThirdPartyPostConfiguration);

                result.Attributes.Merge(postExecuteResult.UserInfoAttributes);
                result.AdditionalRedirectUrlQueryAttributes = postExecuteResult.AdditionalRedirectUrlQueryAttributes;
            }

            await SaveTokenRecord(thirdPartyResult.Attributes, thirdPartyResult.Token, endpoint, loginEndpoint);

            return(result);
        }
Beispiel #2
0
        private string GenerateSystemLoginUrl(SystemLoginEndpoint sysEndpoint, AuthorizationEndpoint authEndpoint)
        {
            var serviceReturnUrl = QueryHelpers.AddQueryString(sysEndpoint.BaseUrl, new Dictionary <string, string>()
            {
                { "sysname", sysEndpoint.Name }, { "authname", authEndpoint.Name }
            });

            return(serviceReturnUrl);
        }
Beispiel #3
0
        public async Task <string> RefreshToken(AuthorizationEndpoint endpoint, SystemLoginEndpoint loginEndpoint, string userKey, string systemToken)
        {
            var service = await GetService(endpoint);

            var newToken = await service.RefreshToken(endpoint.ThirdPartyConfiguration, systemToken);

            if (endpoint.KeepThirdPartyToken)
            {
                var record = await _thirdPartySystemTokenRecordStore.QueryByUserKey(userKey, loginEndpoint.ID, endpoint.ID);

                if (record != null)
                {
                    await _thirdPartySystemTokenRecordStore.UpdateToken(userKey, record.ID, newToken);
                }
            }

            return(newToken);
        }
Beispiel #4
0
        private async Task <IThirdPartySystemService> GetService(AuthorizationEndpoint endpoint)
        {
            if (!_thirdPartySystemServices.TryGetValue(endpoint.ThirdPartyType, out IThirdPartySystemService service))
            {
                var fragment = new TextFragment()
                {
                    Code = TextCodes.NotFoundThirdPartySystemServiceByType,
                    DefaultFormatting = "找不到类型为{0}的第三方系统服务,发生位置:{1}",
                    ReplaceParameters = new List <object>()
                    {
                        endpoint.ThirdPartyType, $"{typeof(AuthorizationEndpointIMP).FullName}.ThirdPartySystemServices"
                    }
                };

                throw new UtilityException((int)Errors.NotFoundThirdPartySystemServiceByType, fragment);
            }

            return(await Task.FromResult(service));
        }
Beispiel #5
0
        public async Task <GetSystemTokenResult> GetSystemToken(AuthorizationEndpoint endpoint, SystemLoginEndpoint loginEndpoint, string systemLoginRedirectUrl, string clientRedirectUrl)
        {
            GetSystemTokenResult result = new GetSystemTokenResult();
            var service = await GetService(endpoint);

            var postExecuteService = await GetPostExecuteService(endpoint);

            //获取第三方系统的令牌结果
            var getSystemTokenResult = await service.GetSystemToken(endpoint.ThirdPartyConfiguration, systemLoginRedirectUrl, clientRedirectUrl);

            result.Direct = getSystemTokenResult.Direct;


            //如果不是结果是直接,则需要进行后续处理
            if (getSystemTokenResult.Direct)
            {
                result.TokenResult = new ThirdPartySystemTokenResult()
                {
                    Attributes = getSystemTokenResult.Token.Attributes
                };

                if (postExecuteService != null)
                {
                    var postExecuteResult = await postExecuteService.Execute(getSystemTokenResult.Token.Attributes, endpoint.ThirdPartyPostConfiguration);

                    result.TokenResult.Attributes.Merge(postExecuteResult.UserInfoAttributes);
                    result.TokenResult.AdditionalRedirectUrlQueryAttributes = postExecuteResult.AdditionalRedirectUrlQueryAttributes;
                }


                await SaveTokenRecord(getSystemTokenResult.Token.Attributes, getSystemTokenResult.Token.Token, endpoint, loginEndpoint);
            }
            else
            {
                result.RedirectUrl = getSystemTokenResult.RedirectUrl;
            }


            return(result);
        }
Beispiel #6
0
        private async Task <string> GetUserKey(Dictionary <string, string> attributes, AuthorizationEndpoint endpoint, SystemLoginEndpoint loginEndpoint)
        {
            if (!attributes.TryGetValue(loginEndpoint.UserInfoKey, out string userKey))
            {
                var fragment = new TextFragment()
                {
                    Code = TextCodes.NotFoundUserInfoKeyInThirdPartyTokenAttributes,
                    DefaultFormatting = "在登录终结点{0}、验证终结点{1}的第三方及后续处理中获取的令牌键值对中,找不到键为{2}的值",
                    ReplaceParameters = new List <object>()
                    {
                        loginEndpoint.Name, endpoint.Name, loginEndpoint.UserInfoKey
                    }
                };

                throw new UtilityException((int)Errors.NotFoundUserInfoKeyInThirdPartyTokenAttributes, fragment);
            }

            return(await Task.FromResult(userKey));
        }
Beispiel #7
0
        private async Task SaveTokenRecord(Dictionary <string, string> attributes, string token, AuthorizationEndpoint endpoint, SystemLoginEndpoint loginEndpoint)
        {
            if (!endpoint.KeepThirdPartyToken)
            {
                return;
            }
            var userKey = await GetUserKey(attributes, endpoint, loginEndpoint);

            var service = await GetService(endpoint);

            var record = await _thirdPartySystemTokenRecordStore.QueryByUserKey(userKey, loginEndpoint.ID, endpoint.ID);

            bool needUpdate = false;

            if (record == null)
            {
                record = new ThirdPartySystemTokenRecord()
                {
                    ID = Guid.NewGuid(),
                    AuthorizationEndpointID = endpoint.ID,
                    SystemLoginEndpointID   = loginEndpoint.ID,
                    LastRefeshTime          = DateTime.UtcNow,
                    Timeout = await service.GetTimeout(endpoint.ThirdPartyConfiguration),
                    Token   = token,
                    UserKey = userKey
                };

                try
                {
                    await _thirdPartySystemTokenRecordStore.Add(record);
                }
                catch (UtilityException ex)
                {
                    if (ex.Code == (int)Errors.ExistSameThirdPartySystemTokenRecord)
                    {
                        record = await _thirdPartySystemTokenRecordStore.QueryByUserKey(userKey, loginEndpoint.ID, endpoint.ID);

                        needUpdate = true;
                    }
                    else
                    {
                        throw ex;
                    }
                }
            }
            else
            {
                needUpdate = true;
            }

            if (needUpdate)
            {
                record.Timeout = await service.GetTimeout(endpoint.ThirdPartyConfiguration);

                record.LastRefeshTime = DateTime.UtcNow;
                record.Token          = token;

                await _thirdPartySystemTokenRecordStore.Update(record);
            }
        }
Beispiel #8
0
        public async Task <string> GetRealRedirectUrl(AuthorizationEndpoint endpoint, HttpRequest request)
        {
            var service = await GetService(endpoint);

            return(await service.GetRealRedirectUrl(endpoint.ThirdPartyConfiguration, request));
        }
Beispiel #9
0
        public async Task <bool> VerifyToken(AuthorizationEndpoint endpoint, string systemToken)
        {
            var service = await GetService(endpoint);

            return(await service.VerifyToken(endpoint.ThirdPartyConfiguration, systemToken));
        }
Beispiel #10
0
 public async Task Update(AuthorizationEndpoint endpoint)
 {
     await _authorizationEndpointStore.Update(endpoint);
 }
Beispiel #11
0
 public async Task Add(AuthorizationEndpoint endpoint)
 {
     await _authorizationEndpointStore.Add(endpoint);
 }
Beispiel #12
0
        public async Task Logout(AuthorizationEndpoint endpoint, string systemToken)
        {
            var service = await GetService(endpoint);

            await service.Logout(endpoint.ThirdPartyConfiguration, systemToken);
        }
Beispiel #13
0
        public async Task <string> GetKeepLoginUrl(AuthorizationEndpoint endpoint, string systemToken)
        {
            var service = await GetService(endpoint);

            return(await service.GetKeepLoginUrl(endpoint.ThirdPartyConfiguration, systemToken));
        }
Beispiel #14
0
        public async Task <string> GetLoginUrl(AuthorizationEndpoint endpoint, string systemLoginRedirectUrl, string clientRedirectUrl)
        {
            var service = await GetService(endpoint);

            return(await service.GetLoginUrl(endpoint.ThirdPartyConfiguration, systemLoginRedirectUrl, clientRedirectUrl));
        }
Beispiel #15
0
 public async Task Delete(AuthorizationEndpoint endpoint)
 {
     await _authorizationEndpointStore.Delete(endpoint.ID);
 }
Beispiel #16
0
        public async Task <string> GetCommonToken(SystemLoginEndpoint endpoint, HttpRequest request)
        {
            //从request的query中获取authname
            if (!request.Query.TryGetValue("authname", out StringValues strAuthName))
            {
                var fragment = new TextFragment()
                {
                    Code = TextCodes.NotFoundAuthNameQuerystringInAuthRedirectUrl,
                    DefaultFormatting = "名称为{0}的系统登录终结点的第三方认证系统回调请求处理中,回调请求的Url中不包含authname参数,回调请求的Url为{1}",
                    ReplaceParameters = new List <object>()
                    {
                        endpoint.Name, request.Path.Value
                    }
                };

                throw new UtilityException((int)Errors.NotFoundAuthNameQuerystringInAuthRedirectUrl, fragment);
            }

            //根据authname获取登录终结点下面关联的验证终结点
            AuthorizationEndpoint authorizationEndpoint = await GetAuthorizationEndpoint(endpoint, strAuthName[0]);

            if (authorizationEndpoint == null)
            {
                var fragment = new TextFragment()
                {
                    Code = TextCodes.NotFoundAuthorizationEndpointInSystemLoginEndpointCanExecuteCallback,
                    DefaultFormatting = "名称为{0}的系统登录终结点中,找不到可以处理从第三方认证系统回调请求的关联认证终结点,请求url为{1}",
                    ReplaceParameters = new List <object>()
                    {
                        endpoint.Name, request.Path.Value
                    }
                };

                throw new UtilityException((int)Errors.NotFoundAuthorizationEndpointInSystemLoginEndpointCanExecuteCallback, fragment);
            }

            //调用验证终结点的方法,获取实际的重定向地址
            string redirectUrl = await authorizationEndpoint.GetRealRedirectUrl(request);

            //验证客户端重定向地址
            await validateClientRedirectUrl(endpoint, redirectUrl);

            //调用验证终结点的方法,获取第三方登陆系统处理后产生的键值对
            var authResult = await authorizationEndpoint.GetSystemAttributes(endpoint, request);


            //生成最终要重定向回接入方的Url
            var commonToken = new CommonToken()
            {
                SystemName         = endpoint.Name,
                AuthorizationName  = authorizationEndpoint.Name,
                UserInfoAttributes = authResult.Attributes
            };



            //生成通用令牌的JWT字符串
            var strCommonToken = _securityService.GenerateJWT(endpoint.SecretKey, new Dictionary <string, string>()
            {
                { "SystemName", commonToken.SystemName }, { "AuthorizationName", commonToken.AuthorizationName }, { "UserInfoAttributes", JsonSerializerHelper.Serializer <Dictionary <string, string> >(commonToken.UserInfoAttributes) }
            }, endpoint.ExpireSecond);
            //生成重定向回接入方系统的地址
            var strReturnUrl = QueryHelpers.AddQueryString(redirectUrl, authResult.AdditionalRedirectUrlQueryAttributes);

            strReturnUrl = QueryHelpers.AddQueryString(strReturnUrl, "commontoken", strCommonToken);

            return(strReturnUrl);
        }
Beispiel #17
0
 /// <summary>
 /// 删除
 /// </summary>
 /// <returns></returns>
 public async Task Delete(AuthorizationEndpoint endpoint)
 {
     await _imp.Delete(this);
 }