Ejemplo n.º 1
0
        public async Task <ClientCorsOrigin> AddOrigin(ClientCorsOrigin origin, string clientId)
        {
            var client = await _context.Clients.SingleAsync(c => c.ClientId == clientId);

            origin.Client = client;
            _context.ClientCorsOrigins.Add(origin);
            await _context.SaveChangesAsync();

            return(origin);
        }
Ejemplo n.º 2
0
        public async Task <bool> IsOriginAllowedAsync(string origin)
        {
            using var connection = new SqlConnection(connectionString);

            ClientCorsOrigin clientCorsOrigin = await connection.QueryFirstOrDefaultAsync <ClientCorsOrigin>("SELECT [Origin] FROM [dbo].[ClientCorsOrigins] WHERE [Origin] = @origin GROUP BY [Origin]", new {
                origin
            });

            return(clientCorsOrigin != null);
        }
Ejemplo n.º 3
0
        public async Task OnPostAsync()
        {
            // Arrange
            const string corsOrigin1OriginalOrigin = "Original Origin";
            const string corsOrigin1EditedOrigin   = "Edited Origin";
            const string newCorsOriginOrigin       = "New Origin";
            var          databaseName = $"{DatabaseNamePrefix}.{nameof(OnPostAsync)}";
            var          options      = new DbContextOptionsBuilder <OidcDbContext>()
                                        .UseInMemoryDatabase(databaseName)
                                        .Options;
            CorsOriginsModel corsOrigins;
            IActionResult    post;
            var corsOrigin1 = new ClientCorsOrigin
            {
                Id     = Random.Next(),
                Origin = corsOrigin1OriginalOrigin
            };
            var corsOrigin2 = new ClientCorsOrigin {
                Id = Random.Next()
            };
            var client = new Client
            {
                Id = Random.Next(),
                AllowedCorsOrigins = new List <ClientCorsOrigin>
                {
                    corsOrigin1,
                    corsOrigin2
                }
            };

            using (var context = new OidcDbContext(options))
            {
                context.Add(client);
                await context.SaveChangesAsync().ConfigureAwait(false);
            }

            // Act
            using (var context = new OidcDbContext(options))
            {
                corsOrigins = new CorsOriginsModel(context)
                {
                    Client = new Client
                    {
                        Id = client.Id,
                        AllowedCorsOrigins = new List <ClientCorsOrigin>
                        {
                            new ClientCorsOrigin
                            {
                                Id     = corsOrigin1.Id,
                                Origin = corsOrigin1EditedOrigin
                            },
                            new ClientCorsOrigin {
                                Origin = newCorsOriginOrigin
                            }
                        }
                    }
                };
                post = await corsOrigins.OnPostAsync().ConfigureAwait(false);
            }

            // Assert
            using (var context = new OidcDbContext(options))
            {
                client = await context.Clients
                         .Include(x => x.AllowedCorsOrigins)
                         .SingleOrDefaultAsync(x => x.Id.Equals(client.Id))
                         .ConfigureAwait(false);

                corsOrigin1 = client.AllowedCorsOrigins.SingleOrDefault(x => x.Id.Equals(corsOrigin1.Id));
                corsOrigin2 = client.AllowedCorsOrigins.SingleOrDefault(x => x.Id.Equals(corsOrigin2.Id));
                var newCorsOrigin = client.AllowedCorsOrigins.SingleOrDefault(x => x.Origin.Equals(newCorsOriginOrigin));

                Assert.NotNull(corsOrigin1);
                Assert.Equal(corsOrigin1EditedOrigin, corsOrigin1.Origin);
                Assert.Null(corsOrigin2);
                Assert.NotNull(newCorsOrigin);
            }

            var result = Assert.IsType <RedirectToPageResult>(post);

            Assert.Equal("../Details/CorsOrigins", result.PageName);
            Assert.Collection(result.RouteValues, routeValue =>
            {
                var(key, value) = routeValue;
                Assert.Equal(nameof(Client.Id), key);
                Assert.Equal(corsOrigins.Client.Id, value);
            });
        }
Ejemplo n.º 4
0
        private void AddClients(Client ct)
        {
            var client = new Client <Guid>()
            {
                AbsoluteRefreshTokenLifetime = ct.AbsoluteRefreshTokenLifetime,
                AccessTokenLifetime          = ct.AccessTokenLifetime,
                AccessTokenType            = ct.AccessTokenType,
                AllowAccessToAllGrantTypes = ct.AllowAccessToAllCustomGrantTypes,
                AllowAccessToAllScopes     = ct.AllowAccessToAllScopes,
                AllowClientCredentialsOnly = ct.AllowClientCredentialsOnly,
                AllowPromptNone            = ct.AllowPromptNone,
                AllowRememberConsent       = ct.AllowRememberConsent,
                AlwaysSendClientClaims     = ct.AlwaysSendClientClaims,
                AuthorizationCodeLifetime  = ct.AuthorizationCodeLifetime,
                ClientId                    = ct.ClientId,
                ClientName                  = ct.ClientName,
                ClientUri                   = ct.ClientUri,
                EnableLocalLogin            = ct.EnableLocalLogin,
                Enabled                     = ct.Enabled,
                Flow                        = ct.Flow,
                IdentityTokenLifetime       = ct.IdentityTokenLifetime,
                IncludeJwtId                = ct.IncludeJwtId,
                LogoUri                     = ct.LogoUri,
                LogoutSessionRequired       = ct.LogoutSessionRequired,
                LogoutUri                   = ct.LogoutUri,
                PrefixClientClaims          = ct.PrefixClientClaims,
                RefreshTokenExpiration      = ct.RefreshTokenExpiration,
                RefreshTokenUsage           = ct.RefreshTokenUsage,
                RequireConsent              = ct.RequireConsent, //设置为true会有问题?
                SlidingRefreshTokenLifetime = ct.SlidingRefreshTokenLifetime,
                UpdateAccessTokenOnRefresh  = ct.UpdateAccessTokenClaimsOnRefresh
            };

            client.ClientSecrets = new List <ClientSecret <Guid> >();
            client.AllowedScopes = new List <ClientScope <Guid> >();
            client.RedirectUris  = new List <ClientRedirectUri <Guid> >();
            client.IdentityProviderRestrictions = new List <ClientProviderRestriction <Guid> >();
            client.PostLogoutRedirectUris       = new List <ClientPostLogoutRedirectUri <Guid> >();
            client.AllowedCustomGrantTypes      = new List <ClientCustomGrantType <Guid> >();
            client.Claims             = new List <ClientClaim <Guid> >();
            client.AllowedCorsOrigins = new List <ClientCorsOrigin <Guid> >();

            //Add Secrets
            foreach (var secret in ct.ClientSecrets)
            {
                var clientSecret = new ClientSecret <Guid>()
                {
                    Description = secret.Description,
                    Expiration  = secret.Expiration.HasValue ? (DateTime?)secret.Expiration.Value.DateTime : null,
                    Type        = secret.Type,
                    Value       = secret.Value
                };
                client.ClientSecrets.Add(clientSecret);
            }
            //Add Scopes
            foreach (var scope in ct.AllowedScopes)
            {
                var allowedScope = new ClientScope <Guid>()
                {
                    Scope = scope
                };
                client.AllowedScopes.Add(allowedScope);
            }

            //Add RedirectUris
            foreach (var redirectUri in ct.RedirectUris)
            {
                var clientRedirectUri = new ClientRedirectUri <Guid>()
                {
                    Uri = redirectUri
                };
                client.RedirectUris.Add(clientRedirectUri);
            }
            //Add ProviderRestrictions
            foreach (var provider in ct.IdentityProviderRestrictions)
            {
                var clientProviderRestriction = new ClientProviderRestriction <Guid>()
                {
                    Provider = provider
                };
                client.IdentityProviderRestrictions.Add(clientProviderRestriction);
            }
            //Add ClientPostLogoutRedirectUri
            foreach (var postLogoutRedirectUri in ct.PostLogoutRedirectUris)
            {
                var clientPostLogoutRedirectUri = new ClientPostLogoutRedirectUri <Guid>()
                {
                    Uri = postLogoutRedirectUri
                };
                client.PostLogoutRedirectUris.Add(clientPostLogoutRedirectUri);
            }
            //Add ClientCustomGrantTypes
            foreach (var customGrantType in ct.AllowedCustomGrantTypes)
            {
                var clientCustomerGrantType = new ClientCustomGrantType <Guid>()
                {
                    GrantType = customGrantType
                };
                client.AllowedCustomGrantTypes.Add(clientCustomerGrantType);
            }
            //Add ClientClaims
            foreach (var claim in ct.Claims)
            {
                var clientClaim = new ClientClaim <Guid>()
                {
                    Type  = claim.Type,
                    Value = claim.Value
                };
                client.Claims.Add(clientClaim);
            }
            //Add ClientCorsOrigins
            foreach (var corsOrigin in ct.AllowedCorsOrigins)
            {
                var clientCorsOrigin = new ClientCorsOrigin <Guid>()
                {
                    Origin = corsOrigin
                };
                client.AllowedCorsOrigins.Add(clientCorsOrigin);
            }
            _clientContext.Clients.Add(client);
            _clientContext.SaveChanges();
        }
Ejemplo n.º 5
0
        public Result <int> Update(ClientModel model, int id)
        {
            try
            {
                var result         = new Result <int>();
                var existingClient = clientContext.Clients
                                     .Where(x => x.Id == id)
                                     .Include(x => x.AllowedScopes)
                                     .Include(x => x.ClientSecrets)
                                     .Include(x => x.RedirectUris)
                                     .Include(x => x.PostLogoutRedirectUris)
                                     .Include(x => x.AllowedCorsOrigins)
                                     .Include(x => x.IdentityProviderRestrictions)
                                     .Include(x => x.Claims)
                                     .Include(x => x.AllowedCustomGrantTypes)
                                     .SingleOrDefault();


                if (existingClient == null)
                {
                    result.Exists = false;
                    return(result);
                }

                var duplicateClientId = clientContext.Clients
                                        .Where(x => x.ClientId == model.ClientId)
                                        .FirstOrDefault();

                if (duplicateClientId != null && duplicateClientId.Id != id)
                {
                    throw new Exception("pre-existing clientid");
                }

                clientContext.Entry(existingClient).CurrentValues.SetValues(model); // copy all values from object

                #region Update related properties


                var exRedirectUris = existingClient.RedirectUris.ToList();
                //delete redirect uri's that have been removed
                foreach (var item in exRedirectUris)
                {
                    if (!model.RedirectUris.Any(x => x.Id == item.Id))
                    {
                        existingClient.RedirectUris.Remove(item);
                    }
                }
                if (model.RedirectUris != null && model.RedirectUris.Any())
                {
                    //update and add new uris
                    foreach (var item in model.RedirectUris)
                    {
                        var exRedirectUri = existingClient.RedirectUris.FirstOrDefault(x => x.Id == item.Id);
                        if (exRedirectUri != null)
                        {
                            clientContext.Entry(exRedirectUri).CurrentValues.SetValues(item);
                        }
                        else
                        {
                            var redirectUri = new ClientRedirectUri
                            {
                                Uri = item.Uri,
                            };
                            existingClient.RedirectUris.Add(redirectUri);
                        }
                    }
                }


                //delete post redirect uri's that have been removed

                var exPostRedirectUris = existingClient.PostLogoutRedirectUris.ToList();
                foreach (var item in exPostRedirectUris)
                {
                    if (!model.PostLogoutRedirectUris.Any(x => x.Id == item.Id))
                    {
                        existingClient.PostLogoutRedirectUris.Remove(item);
                    }
                }

                if (model.PostLogoutRedirectUris != null && model.PostLogoutRedirectUris.Any())
                {
                    foreach (var item in model.PostLogoutRedirectUris)
                    {
                        var exPostRedirectUri = existingClient.PostLogoutRedirectUris.FirstOrDefault(x => x.Id == item.Id);
                        if (exPostRedirectUri != null)
                        {
                            clientContext.Entry(exPostRedirectUri).CurrentValues.SetValues(item);
                        }
                        else
                        {
                            var postRedirectUri = new ClientPostLogoutRedirectUri
                            {
                                Uri = item.Uri,
                            };
                            existingClient.PostLogoutRedirectUris.Add(postRedirectUri);
                        }
                    }
                }
                //update and add new post redirect uris



                var exIdProvRestrictions = existingClient.IdentityProviderRestrictions.ToList();
                foreach (var item in exIdProvRestrictions)
                {
                    if (!model.IdentityProviderRestrictions.Any(x => x.Id == item.Id))
                    {
                        existingClient.IdentityProviderRestrictions.Remove(item);
                    }
                }

                if (model.IdentityProviderRestrictions != null && model.IdentityProviderRestrictions.Any())
                {
                    foreach (var item in model.IdentityProviderRestrictions)
                    {
                        var exIdProvRestriction = existingClient.IdentityProviderRestrictions.FirstOrDefault(x => x.Id == item.Id);
                        if (exIdProvRestriction != null)
                        {
                            clientContext.Entry(exIdProvRestriction).CurrentValues.SetValues(item);
                        }
                        else
                        {
                            var IdentityProvRestriction = new ClientIdPRestriction
                            {
                                Provider = item.Provider,
                            };
                            existingClient.IdentityProviderRestrictions.Add(exIdProvRestriction);
                        }
                    }
                }
                //update and add new post redirect uris



                //delete post redirect uri's that have been removed


                //delete allowed scopes that have been removed

                var exScopes = existingClient.AllowedScopes.ToList();
                foreach (var item in exScopes)
                {
                    if (!model.AllowedScopes.Any(x => x.Id == item.Id))
                    {
                        existingClient.AllowedScopes.Remove(item);
                    }
                }

                if (model.AllowedScopes != null && model.AllowedScopes.Any())
                {
                    foreach (var item in model.AllowedScopes)
                    {
                        var exScope = existingClient.AllowedScopes.FirstOrDefault(x => x.Id == item.Id);
                        if (exScope != null)
                        {
                            clientContext.Entry(exScope).CurrentValues.SetValues(item);
                        }
                        else
                        {
                            var newScope = new ClientScope
                            {
                                Scope = item.Scope,
                            };
                            existingClient.AllowedScopes.Add(newScope);
                        }
                    }
                }



                //delete client claims that have been removed
                var exClaims = existingClient.Claims.ToList();
                foreach (var item in exClaims)
                {
                    if (!model.Claims.Any(x => x.Id == item.Id))
                    {
                        existingClient.Claims.Remove(item);
                    }
                }

                if (model.Claims != null && model.Claims.Any())
                {
                    //update and add new post redirect uris
                    foreach (var item in model.Claims)
                    {
                        var exClaim = existingClient.Claims.FirstOrDefault(x => x.Id == item.Id);
                        if (exClaim != null)
                        {
                            clientContext.Entry(exClaim).CurrentValues.SetValues(item);
                        }
                        else
                        {
                            var newClaim = new ClientClaim
                            {
                                Type  = item.Type,
                                Value = item.Value
                            };
                            existingClient.Claims.Add(newClaim);
                        }
                    }
                }

                //delete client claims that have been removed

                var exAllowedCors = existingClient.AllowedCorsOrigins.ToList();
                foreach (var item in exAllowedCors)
                {
                    if (!model.AllowedCorsOrigins.Any(x => x.Id == item.Id))
                    {
                        existingClient.AllowedCorsOrigins.Remove(item);
                    }
                }

                if (model.AllowedCorsOrigins != null && model.AllowedCorsOrigins.Any())
                {
                    //update and add new post redirect uris
                    foreach (var item in model.AllowedCorsOrigins)
                    {
                        var exAllowedCor = existingClient.AllowedCorsOrigins.FirstOrDefault(x => x.Id == item.Id);
                        if (exAllowedCor != null)
                        {
                            clientContext.Entry(exAllowedCor).CurrentValues.SetValues(item);
                        }
                        else
                        {
                            var newClientCor = new ClientCorsOrigin
                            {
                                Origin = item.Origin
                            };
                            existingClient.AllowedCorsOrigins.Add(newClientCor);
                        }
                    }
                }



                //delete custom grant types that have been removed

                var exCustomGrants = existingClient.AllowedCustomGrantTypes.ToList();
                foreach (var item in exCustomGrants)
                {
                    if (!model.AllowedCustomGrantTypes.Any(x => x.Id == item.Id))
                    {
                        existingClient.AllowedCustomGrantTypes.Remove(item);
                    }
                }

                if (model.AllowedCustomGrantTypes != null && model.AllowedCustomGrantTypes.Any())
                {
                    //update and add new post redirect uris
                    foreach (var item in model.AllowedCustomGrantTypes)
                    {
                        var exCustomGrant = existingClient.AllowedCustomGrantTypes.FirstOrDefault(x => x.Id == item.Id);
                        if (exCustomGrant != null)
                        {
                            clientContext.Entry(exCustomGrant).CurrentValues.SetValues(item);
                        }
                        else
                        {
                            var newCustomGrant = new ClientCustomGrantType
                            {
                                GrantType = item.GrantType
                            };
                            existingClient.AllowedCustomGrantTypes.Add(newCustomGrant);
                        }
                    }
                }



                //delete custom grant types that have been removed

                var exSecrets = existingClient.ClientSecrets.ToList();
                foreach (var item in exSecrets)
                {
                    if (!model.ClientSecrets.Any(x => x.Id == item.Id))
                    {
                        existingClient.ClientSecrets.Remove(item);
                    }
                }

                if (model.ClientSecrets != null && model.ClientSecrets.Any())
                {
                    //update and add new post redirect uris
                    foreach (var item in model.ClientSecrets)
                    {
                        var exSecret = existingClient.ClientSecrets.FirstOrDefault(x => x.Id == item.Id);
                        if (exSecret != null)
                        {
                            exSecret.Value = exSecret.Value;
                            clientContext.Entry(exSecret).CurrentValues.SetValues(item);
                        }
                        else
                        {
                            var newSecret = new ClientSecret
                            {
                                Type        = item.Type,
                                Value       = item.Value.Sha256(),
                                Expiration  = item.Expiration,
                                Description = item.Description,
                            };
                            existingClient.ClientSecrets.Add(newSecret);
                        }
                    }
                }


                #endregion


                clientContext.SaveChanges();
                result.Exists      = true;
                result.Response    = existingClient.Id;
                result.CustomValue = existingClient.ClientName;
                return(result);
            }
            catch (Exception ex)
            {
                ErrorLogger.Log(ex);
                throw;
            }
        }
Ejemplo n.º 6
0
 //Cors origins uri
 public static CorsOriginUrisModel ToModel(this ClientCorsOrigin entity)
 {
     return(entity.MapTo <ClientCorsOrigin, CorsOriginUrisModel>());
 }
Ejemplo n.º 7
0
        public IActionResult EditClient(EditClientModel model, [FromServices] ConfigurationDbContext configContext)
        {
            // Validate it's an actual client
            var foundClient = configContext.Clients.Where(c => c.ClientId == model.ClientId).FirstOrDefault();

            if (foundClient != null)
            {
                foundClient.ClientName = model.Name;
                foundClient.ClientUri  = model.HomepageUrl;
                foundClient.LogoUri    = model.LogoUrl;
                foundClient.Updated    = DateTime.Now;
                configContext.Entry(foundClient).State = EntityState.Modified;

                // Update the redirect URL for this client
                var results = configContext.Set <ClientRedirectUri>().Where(c => c.ClientId == foundClient.Id).ToList();
                if (results != null)
                {
                    configContext.RemoveRange(results);
                }
                var newUri = new ClientRedirectUri();
                newUri.Client      = foundClient;
                newUri.ClientId    = foundClient.Id;
                newUri.RedirectUri = model.CallbackUrl;
                configContext.Add(newUri);

                // Generate the origin for the callback
                Uri    redirect = new Uri(model.CallbackUrl);
                string origin   = redirect.Scheme + "://" + redirect.Host;

                // Update the allowed origin for this client
                var corsOrigins = configContext.Set <ClientCorsOrigin>().Where(c => c.ClientId == foundClient.Id).ToList();
                if (corsOrigins != null)
                {
                    configContext.RemoveRange(corsOrigins);
                }
                var newOrigin = new ClientCorsOrigin();
                newOrigin.Client   = foundClient;
                newOrigin.ClientId = foundClient.Id;
                newOrigin.Origin   = origin;
                configContext.Add(newUri);

                // Update their allowed grants
                var curGrants = configContext.Set <ClientGrantType>().Where(c => c.ClientId == foundClient.Id).ToList();
                if (curGrants != null)
                {
                    configContext.RemoveRange(curGrants);
                }
                foreach (var grantType in model.AllowedGrants)
                {
                    var newGrant = new ClientGrantType();
                    newGrant.Client    = foundClient;
                    newGrant.ClientId  = foundClient.Id;
                    newGrant.GrantType = grantType;
                    configContext.Add(newGrant);
                }

                // Update their allowed scopes
                var curScopes = configContext.Set <ClientScope>().Where(c => c.ClientId == foundClient.Id).ToList();
                if (curScopes != null)
                {
                    configContext.RemoveRange(curScopes);
                }
                foreach (var scope in model.AllowedScopes)
                {
                    var newScope = new ClientScope();
                    newScope.Client   = foundClient;
                    newScope.ClientId = foundClient.Id;
                    newScope.Scope    = scope;
                    configContext.Add(newScope);
                }

                // Save all the changed
                configContext.SaveChanges();

                // Clear the client cache
                RemoveCachedClient(model.ClientId);

                return(new JsonResult(new { success = true }));
            }

            return(new JsonResult(new { success = false, message = "Client does not exist." }));
        }
Ejemplo n.º 8
0
        public void UpdateClientToken(int id, ClientDto clientDto)
        {
            Client client = this.Session.Get <Client>(id);

            if (client == null)
            {
                throw new FluentValidationException($"客户端{id}不存在。");
            }
            client.IdentityTokenLifetime            = clientDto.IdentityTokenLifetime;
            client.AccessTokenLifetime              = clientDto.AccessTokenLifetime;
            client.AccessTokenType                  = clientDto.AccessTokenType;
            client.AuthorizationCodeLifetime        = clientDto.AuthorizationCodeLifetime;
            client.AbsoluteRefreshTokenLifetime     = clientDto.AbsoluteRefreshTokenLifetime;
            client.SlidingRefreshTokenLifetime      = clientDto.SlidingRefreshTokenLifetime;
            client.RefreshTokenUsage                = clientDto.RefreshTokenUsage;
            client.RefreshTokenExpiration           = clientDto.RefreshTokenExpiration;
            client.UpdateAccessTokenClaimsOnRefresh = clientDto.UpdateAccessTokenClaimsOnRefresh;
            client.IncludeJwtId                     = clientDto.IncludeJwtId;
            client.AlwaysSendClientClaims           = clientDto.AlwaysSendClientClaims;
            client.AlwaysIncludeUserClaimsInIdToken = clientDto.AlwaysIncludeUserClaimsInIdToken;
            client.ClientClaimsPrefix               = clientDto.ClientClaimsPrefix;
            client.PairWiseSubjectSalt              = clientDto.PairWiseSubjectSalt;

            var transaction = this.Session.BeginTransaction();

            try
            {
                this.Session.Update(client);

                this.Session.CreateQuery("delete from ClientCorsOrigin where ClientId=:ClientId")
                .SetInt32("ClientId", id)
                .ExecuteUpdate();

                clientDto.AllowedCorsOrigins.ForEach(origin =>
                {
                    ClientCorsOrigin clientCorsOrigin = new ClientCorsOrigin();
                    clientCorsOrigin.ClientId         = client.Id;
                    clientCorsOrigin.Origin           = origin;
                    this.Session.Save(clientCorsOrigin);
                });

                this.Session.CreateQuery("delete from ClientClaim where ClientId=:ClientId")
                .SetInt32("ClientId", id)
                .ExecuteUpdate();

                clientDto.Claims.ForEach(claim =>
                {
                    ClientClaim clientClaim = new ClientClaim();
                    clientClaim.ClientId    = client.Id;
                    clientClaim.Type        = claim.Type;
                    clientClaim.Value       = claim.Value;
                    this.Session.Save(clientClaim);
                });

                transaction.Commit();
            }
            catch (Exception ex)
            {
                transaction.Rollback();
                throw ex;
            }
        }