public async Task <ResourceOwner> Execute(string phoneNumber)
{
if (string.IsNullOrWhiteSpace(phoneNumber))
{
throw new ArgumentNullException(nameof(phoneNumber));
}
// 1. Send the confirmation code (SMS).
await _generateAndSendSmsCodeOperation.Execute(phoneNumber);
// 2. Try to get the resource owner.
var resourceOwner = await _resourceOwnerRepository.GetResourceOwnerByClaim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumber, phoneNumber);
if (resourceOwner != null)
{
return(resourceOwner);
}
// 3. Create a new resource owner.
var claims = new List <Claim>
{
new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumber, phoneNumber),
new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumberVerified, "false")
};
var record = new AddUserParameter(Guid.NewGuid().ToString(), claims);
await _userActions.AddUser(record).ConfigureAwait(false);
return(await _resourceOwnerRepository.GetResourceOwnerByClaim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumber, phoneNumber));
}
public BaseResponse <bool> AddUser(AddUserParameter parameter)
{
BaseResponse <bool> response = new BaseResponse <bool>();
try
{
HBUser user = new HBUser();
user.UserToken = parameter.UserToken;
user.PWD = parameter.PWD;
user.RoleID = parameter.RoleID;
user.OrganizationID = parameter.OrganizationID;
user.AddUserID = parameter.AddUserID;
user.LastUpdateDate = DateTime.Now;
user.LastUpdateID = parameter.AddUserID;
OperationResult operationResult = hbUserReosiory.AddNew <HBUser>(user);
if (operationResult.ResultType != EnumOperationResultType.Success)
{
throw new Exception("添加用户异常");
}
return(response);
}
catch (Exception e)
{
response.IsSuccessful = false;
return(response);
}
throw new NotImplementedException();
}
public static AddUserParameter ToAddUserParameter(this UpdateResourceOwnerViewModel updateResourceOwnerViewModel)
{
if (updateResourceOwnerViewModel == null)
{
throw new ArgumentNullException(nameof(updateResourceOwnerViewModel));
}
var result = new AddUserParameter
{
Login = updateResourceOwnerViewModel.Login,
Password = updateResourceOwnerViewModel.NewPassword
};
if (!string.IsNullOrWhiteSpace(updateResourceOwnerViewModel.Name))
{
result.Claims.Add(new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.Name, updateResourceOwnerViewModel.Name));
}
if (!string.IsNullOrWhiteSpace(updateResourceOwnerViewModel.Email))
{
result.Claims.Add(new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.Email, updateResourceOwnerViewModel.Email));
}
if (!string.IsNullOrWhiteSpace(updateResourceOwnerViewModel.PhoneNumber))
{
result.Claims.Add(new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumber, updateResourceOwnerViewModel.PhoneNumber));
}
return(result);
}
public BaseResponse <bool> AddUser(AddUserParameter parameter)
{
BaseResponse <bool> response = new BaseResponse <bool>();
try
{
#region 输入合法性验证
if (string.IsNullOrEmpty(parameter.UserToken))
{
response.IsSuccessful = false;
response.Reason = "账户ID不能为空";
return(response);
}
if (string.IsNullOrEmpty(parameter.PWD))
{
response.IsSuccessful = false;
response.Reason = "账户密码不能为空";
return(response);
}
if (parameter.PWD.Length < 6)
{
response.IsSuccessful = false;
response.Reason = "密码长度至少是6位";
return(response);
}
var isExisted = hbUserReosiory.GetDatas <HBUser>(t => !t.IsDeleted && !string.IsNullOrEmpty(t.UserToken) && t.UserToken.Equals(parameter.UserToken), true).Any();
if (isExisted)
{
response.IsSuccessful = false;
response.Reason = "账户已存在";
return(response);
}
#endregion
HBUser user = new HBUser();
user.UserToken = parameter.UserToken;
user.PWD = MD5Helper.MD5Encrypt64(Utilitys.DecodeBase64("UTF-8", parameter.PWD));//密码MD5加密
user.RoleID = parameter.RoleID;
user.OrganizationID = parameter.OrganizationID;
user.AddUserID = parameter.AddUserID;
user.LastUpdateDate = DateTime.Now;
user.LastUpdateUserID = parameter.AddUserID;
user.UseStatus = true;
OperationResult operationResult = hbUserReosiory.AddNew <HBUser>(user);
if (operationResult.ResultType != EnumOperationResultType.Success)
{
throw new Exception("添加用户异常");
}
return(response);
}
catch (Exception e)
{
response.IsSuccessful = false;
return(response);
}
}
public async Task<bool> Add(AddUserParameter parameter)
{
_managerEventSource.StartToAddResourceOwner(parameter.Login);
_addUserParameterValidator.Validate(parameter);
var result = await _addUserOperation.Execute(parameter, null);
_managerEventSource.FinishToAddResourceOwner(parameter.Login);
return result;
}
public async Task <bool> Execute(AddUserParameter addUserParameter)
{
if (addUserParameter == null)
{
throw new ArgumentNullException(nameof(addUserParameter));
}
if (string.IsNullOrEmpty(addUserParameter.Login))
{
throw new ArgumentNullException(nameof(addUserParameter.Login));
}
if (string.IsNullOrWhiteSpace(addUserParameter.Password))
{
throw new ArgumentNullException(nameof(addUserParameter.Password));
}
if (await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(addUserParameter.Login,
addUserParameter.Password) != null)
{
throw new IdentityServerException(
Errors.ErrorCodes.UnhandledExceptionCode,
Errors.ErrorDescriptions.TheRoWithCredentialsAlreadyExists);
}
var newClaims = new List <Claim>
{
new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt, DateTime.UtcNow.ToString()),
new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, addUserParameter.Login)
};
var newResourceOwner = new ResourceOwner
{
Id = addUserParameter.Login,
Claims = newClaims,
TwoFactorAuthentication = TwoFactorAuthentications.NONE,
IsLocalAccount = true,
Password = _authenticateResourceOwnerService.GetHashedPassword(addUserParameter.Password)
};
var claims = (await _claimRepository.GetAllAsync()).Select(c => c.Code);
if (addUserParameter.Claims != null)
{
foreach (var claim in addUserParameter.Claims.Where(c => claims.Contains(c.Type)))
{
newResourceOwner.Claims.Add(claim);
}
}
if (!newResourceOwner.Claims.Any(c => c.Type == Jwt.Constants.StandardResourceOwnerClaimNames.Subject))
{
newResourceOwner.Claims.Add(new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, addUserParameter.Login));
}
await _resourceOwnerRepository.InsertAsync(newResourceOwner);
return(true);
}
public async Task <ResourceOwner> Execute(string phoneNumber, string authenticatedUserSubject = null)
{
if (string.IsNullOrWhiteSpace(phoneNumber))
{
throw new ArgumentNullException(nameof(phoneNumber));
}
// 1. Check user exists
ResourceOwner resourceOwner = null;
if (!string.IsNullOrWhiteSpace(authenticatedUserSubject))
{
resourceOwner = await _userActions.GetUser(authenticatedUserSubject).ConfigureAwait(false);
if (!resourceOwner.Claims.Any(c => c.Type == Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumber && c.Value == phoneNumber))
{
throw new InvalidOperationException("the phone number is not valid");
}
}
else
{
resourceOwner = await _userActions.GetUserByClaim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumber, phoneNumber);
}
if (!_smsAuthenticationOptions.IsSelfProvisioningEnabled && resourceOwner == null)
{
throw new InvalidOperationException("the user doesn't exist");
}
// 2. Send the confirmation code (SMS).
await _generateAndSendSmsCodeOperation.Execute(phoneNumber);
if (resourceOwner != null)
{
return(resourceOwner);
}
// 3. Create a new resource owner.
var claims = new List <Claim>
{
new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumber, phoneNumber),
new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumberVerified, "false")
};
var record = new AddUserParameter(claims);
await _userActions.AddUser(record).ConfigureAwait(false);
return(await _userActions.GetUserByClaim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.PhoneNumber, phoneNumber));
}
public BaseResponse <bool> AddUser(AddUserParameter parameter)
{
if (Validate(parameter))
{
return(userManager.AddUser(parameter));
}
else
{
BaseResponse <bool> response = new BaseResponse <bool>();
response.IsSuccessful = false;
response.Code = "JWT_ERR";
response.Reason = "JWT_ERR";
return(response);
}
}
public void Validate(AddUserParameter parameter)
{
if (parameter == null)
{
throw new ArgumentNullException(nameof(parameter));
}
if (string.IsNullOrWhiteSpace(parameter.Login))
{
throw new IdentityServerManagerException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterIsMissing, "login"));
}
if (string.IsNullOrWhiteSpace(parameter.Password))
{
throw new IdentityServerManagerException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterIsMissing, "password"));
}
}
public async Task When_ResourceOwner_With_Same_Credentials_Exists_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new AddUserParameter(null);
_resourceOwnerRepositoryStub.Setup(r => r.GetAsync(It.IsAny <string>()))
.Returns(Task.FromResult(new ResourceOwner()));
// ACT
var exception = await Assert.ThrowsAsync <IdentityServerException>(() => _addResourceOwnerAction.Execute(parameter, null));
// ASSERTS
Assert.NotNull(exception);
Assert.True(exception.Code == ErrorCodes.UnhandledExceptionCode);
Assert.True(exception.Message == ErrorDescriptions.TheRoWithCredentialsAlreadyExists);
}
public async Task When_ResourceOwner_Cannot_Be_Added_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
_subjectBuilderStub.Setup(s => s.BuildSubject()).Returns(Task.FromResult("sub")); _accountFilterStub.Setup(s => s.Check(It.IsAny <IEnumerable <Claim> >())).Returns(Task.FromResult(new AccountFilterResult
{
IsValid = true
}));
_resourceOwnerRepositoryStub.Setup(r => r.InsertAsync(It.IsAny <ResourceOwner>())).Returns(Task.FromResult(false));
var parameter = new AddUserParameter(null);
// ACT
var exception = await Assert.ThrowsAsync <IdentityServerException>(() => _addResourceOwnerAction.Execute(parameter, null));
// ASSERTS
Assert.NotNull(exception);
Assert.Equal("unhandled_exception", exception.Code);
Assert.Equal("An error occured while trying to insert the resource owner", exception.Message);
}
public async Task When_Add_ResourceOwner_Then_Operation_Is_Called()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new AddUserParameter
{
Login = "******",
Password = "******"
};
_authenticateResourceOwnerServiceStub.Setup(r => r.AuthenticateResourceOwnerAsync(It.IsAny <string>(), It.IsAny <string>()))
.Returns(Task.FromResult((ResourceOwner)null));
// ACT
await _addResourceOwnerAction.Execute(parameter);
// ASSERT
_resourceOwnerRepositoryStub.Verify(r => r.InsertAsync(It.IsAny <ResourceOwner>()));
}
public async Task Execute(AddUserParameter addUserParameter)
{
if (addUserParameter == null)
{
throw new ArgumentNullException(nameof(addUserParameter));
}
if (string.IsNullOrEmpty(addUserParameter.Login))
{
throw new ArgumentNullException(nameof(addUserParameter.Login));
}
if (string.IsNullOrWhiteSpace(addUserParameter.Password))
{
throw new ArgumentNullException(nameof(addUserParameter.Password));
}
if (await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(addUserParameter.Login,
addUserParameter.Password) != null)
{
throw new IdentityServerException(
Errors.ErrorCodes.UnhandledExceptionCode,
Errors.ErrorDescriptions.TheRoWithCredentialsAlreadyExists);
}
var claims = new List <Claim>
{
new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt, DateTime.UtcNow.ToString()),
new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, addUserParameter.Login)
};
var newResourceOwner = new ResourceOwner
{
Id = addUserParameter.Login,
Claims = claims,
TwoFactorAuthentication = TwoFactorAuthentications.NONE,
IsLocalAccount = true,
Password = _authenticateResourceOwnerService.GetHashedPassword(addUserParameter.Password)
};
await _resourceOwnerRepository.InsertAsync(newResourceOwner);
}
public async Task When_Add_ResourceOwner_Then_Operation_Is_Called()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new AddUserParameter(new List <Claim>());
_accountFilterStub.Setup(s => s.Check(It.IsAny <IEnumerable <Claim> >())).Returns(Task.FromResult(new AccountFilterResult
{
IsValid = true
}));
_subjectBuilderStub.Setup(s => s.BuildSubject()).Returns(Task.FromResult("sub"));
_resourceOwnerRepositoryStub.Setup(r => r.GetAsync(It.IsAny <string>()))
.Returns(Task.FromResult((ResourceOwner)null));
_resourceOwnerRepositoryStub.Setup(r => r.InsertAsync(It.IsAny <ResourceOwner>())).Returns(Task.FromResult(true));
// ACT
await _addResourceOwnerAction.Execute(parameter, null);
// ASSERT
_resourceOwnerRepositoryStub.Verify(r => r.InsertAsync(It.IsAny <ResourceOwner>()));
_openidEventSourceStub.Verify(o => o.AddResourceOwner("sub"));
}
/// <summary>
/// Add an external account.
/// </summary>
/// <param name="authenticatedUser"></param>
/// <returns></returns>
protected async Task <string> AddExternalUser(ClaimsPrincipal authenticatedUser)
{
var openidClaims = authenticatedUser.Claims.ToOpenidClaims().ToList();
if (_basicAuthenticateOptions.ClaimsIncludedInUserCreation != null && _basicAuthenticateOptions.ClaimsIncludedInUserCreation.Any())
{
var lstIndexesToRemove = openidClaims.Where(oc => !_basicAuthenticateOptions.ClaimsIncludedInUserCreation.Contains(oc.Type))
.Select(oc => openidClaims.IndexOf(oc))
.OrderByDescending(oc => oc);
foreach (var index in lstIndexesToRemove)
{
openidClaims.RemoveAt(index);
}
}
var record = new AddUserParameter(openidClaims)
{
ExternalLogin = authenticatedUser.Claims.First(c => c.Type == ClaimTypes.NameIdentifier).Value
};
return(await _userActions.AddUser(record, authenticatedUser.Identity.AuthenticationType).ConfigureAwait(false));
}
public async Task <string> Execute(AddUserParameter addUserParameter, string issuer = null)
{
if (addUserParameter == null)
{
throw new ArgumentNullException(nameof(addUserParameter));
}
var subject = await _subjectBuilder.BuildSubject().ConfigureAwait(false);
// 1. Check the resource owner already exists.
if (await _resourceOwnerRepository.GetAsync(subject) != null)
{
throw new IdentityServerException(Errors.ErrorCodes.UnhandledExceptionCode, Errors.ErrorDescriptions.TheRoWithCredentialsAlreadyExists);
}
var newClaims = new List <Claim>
{
new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt, DateTime.UtcNow.ToString()),
new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject)
};
// 2. Populate the claims.
var existedClaims = await _claimRepository.GetAllAsync().ConfigureAwait(false);
if (addUserParameter.Claims != null)
{
foreach (var claim in addUserParameter.Claims)
{
if (!newClaims.Any(nc => nc.Type == claim.Type) && existedClaims.Any(c => c.Code == claim.Type))
{
newClaims.Add(claim);
}
}
}
var isFilterValid = true;
var userFilterResult = await _accountFilter.Check(newClaims).ConfigureAwait(false);
if (!userFilterResult.IsValid)
{
isFilterValid = false;
foreach (var ruleResult in userFilterResult.AccountFilterRules)
{
if (!ruleResult.IsValid)
{
_openidEventSource.Failure($"the filter rule '{ruleResult.RuleName}' failed");
foreach (var errorMessage in ruleResult.ErrorMessages)
{
_openidEventSource.Failure(errorMessage);
}
}
}
}
if (!isFilterValid)
{
throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheUserIsNotAuthorized);
}
// 3. Add the scim resource.
if (_userClaimsEnricherLst != null)
{
foreach (var userClaimsEnricher in _userClaimsEnricherLst)
{
await userClaimsEnricher.Enrich(newClaims).ConfigureAwait(false);
}
}
// 4. Add the resource owner.
var newResourceOwner = new ResourceOwner
{
Id = subject,
Claims = newClaims,
CreateDateTime = DateTime.UtcNow,
UpdateDateTime = DateTime.UtcNow,
IsBlocked = false
};
if (!await _resourceOwnerRepository.InsertAsync(newResourceOwner).ConfigureAwait(false))
{
throw new IdentityServerException(Errors.ErrorCodes.UnhandledExceptionCode, Errors.ErrorDescriptions.TheResourceOwnerCannotBeAdded);
}
// 5. Add credentials.
if (addUserParameter.Credentials != null)
{
foreach (var c in addUserParameter.Credentials)
{
c.UserId = subject;
}
await _addUserCredentialsOperation.Execute(addUserParameter.Credentials).ConfigureAwait(false);
}
// 6. Link to a profile.
if (!string.IsNullOrWhiteSpace(issuer))
{
await _linkProfileAction.Execute(subject, addUserParameter.ExternalLogin, issuer).ConfigureAwait(false);
}
_openidEventSource.AddResourceOwner(newResourceOwner.Id);
return(subject);
}
public async Task AddResourceOwner(AddUserParameter addUserParameter)
{
await _addResourceOwnerAction.Execute(addUserParameter);
}
public Task <string> AddUser(AddUserParameter addUserParameter, string issuer = null)
{
return(_addUserOperation.Execute(addUserParameter, issuer));
}
public Task <bool> AddUser(AddUserParameter claimsPrincipal)
{
return(_addUserOperation.Execute(claimsPrincipal));
}
public Task Add(AddUserParameter parameter)
{
return(_addResourceOwnerAction.Execute(parameter));
}
public BaseResponse <bool> AddUser(AddUserParameter parameter)
{
return(userManager.AddUser(parameter));
}
