public async Task <IActionResult> PostPermission([FromBody] EditApplicationPermissionViewModel req,
[FromRoute] string aid)
{
var permValueMustUnique = fun((OpenIddictEntityFrameworkCoreApplication app, string permValue) =>
{
var listPermissions =
JsonConvert.DeserializeObject <System.Collections.Generic.HashSet <string> >(app.Permissions);
if (listPermissions.Any(x => x == permValue))
{
return(Fail <Error, (OpenIddictEntityFrameworkCoreApplication application, string availListP)>(
$"Permission {permValue} does exist in application"));
}
listPermissions.Add(permValue);
return(Success <Error, (OpenIddictEntityFrameworkCoreApplication application, string availListP)>((app,
JsonConvert.SerializeObject(listPermissions))));
});
return(await(await GetExistApplicationById(aid), ShouldNotNullOrEmpty(req.Name),
Functions.GetPermissionPrefix(req.Prefix))
.Apply((application, permName, permPrefix) => (app: application, permValue: $"{permPrefix}{permName}"))
.Bind(x => permValueMustUnique(x.app, x.permValue))
.MatchAsync(async res =>
{
res.application.Permissions = res.availListP;
await _oidApplicationManager.UpdateAsync(res.application);
return Success <Error, string>(
$"Did modify new value {res.availListP} to permission field of application {res.application.DisplayName}");
}, errors => Fail <Error, string>(errors.Join()))
.ToActionResultAsync());
}
public async Task <ActionResult <OpenIddictApplicationDescriptor> > SaveAsync(OpenIddictApplicationDescriptor descriptor)
{
descriptor.Permissions.Clear();
descriptor.Permissions.AddRange(_defaultPermissions);
var app = await _manager.FindByClientIdAsync(descriptor.ClientId);
if (app == null)
{// create
app = await _manager.CreateAsync(descriptor);
await _manager.PopulateAsync(descriptor, app);
}
else
{// update
//prevent changing client secret
descriptor.ClientSecret = app.ClientSecret;
await _manager.PopulateAsync(app, descriptor);
await _manager.UpdateAsync(app);
}
descriptor.ClientSecret = app.ClientSecret;
return(descriptor);
}
public async Task UpdateAsync(ApplicationClient update, CancellationToken cancellationToken)
{
var entity = await _applicationManager.FindByIdAsync(update.ClientId ?? update.Id.ToString(), cancellationToken);
if (entity != null)
{
UpdateProperties(update, entity);
await _applicationManager.UpdateAsync(entity, update.ClientSecret ?? "", cancellationToken);
}
}
public async Task UpdateAsync(ApplicationParam model)
{
if (string.IsNullOrWhiteSpace(model.Id))
{
throw new InvalidOperationException(nameof(model.Id));
}
var entity = await _manager.FindByIdAsync(model.Id);
SimpleMapper.Map(model, entity);
HandleCustomProperties(model, entity);
await _manager.UpdateAsync(entity, model.ClientSecret);
}
public async Task UpdateAsync(ApplicationParam model)
{
if (string.IsNullOrWhiteSpace(model.Id))
{
throw new ArgumentNullException(nameof(model.Id));
}
var entity = await _manager.FindByIdAsync(model.Id);
SimpleMapper.Map <ApplicationParam, OpenIddictEntityFrameworkCoreApplication>(model, entity);
HandleCustomProperties(model, entity);
await _manager.UpdateAsync(entity, entity.ClientSecret);
}
public async Task <IActionResult> Edit(EditOpenIdApplicationViewModel model, string returnUrl = null)
{
if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageOpenIdApplications))
{
return(Unauthorized());
}
if (model.Type == ClientType.Public && !string.IsNullOrEmpty(model.ClientSecret))
{
ModelState.AddModelError(nameof(model.ClientSecret), T["No client secret can be set for public applications."]);
}
else if (model.UpdateClientSecret)
{
var user = await _userManager.FindByNameAsync(User.Identity.Name);
await ValidateClientSecretAsync(user, model.ClientSecret, (key, message) => ModelState.AddModelError(key, message));
}
OpenIdApplication application = null;
if (ModelState.IsValid)
{
application = await _applicationManager.FindByIdAsync(model.Id, HttpContext.RequestAborted);
if (application == null)
{
return(NotFound());
}
if (application.Type == ClientType.Public && model.Type == ClientType.Confidential && !model.UpdateClientSecret)
{
ModelState.AddModelError(nameof(model.UpdateClientSecret), T["Setting a new client secret is required"]);
}
}
if (!ModelState.IsValid)
{
var openIdSettings = await _openIdService.GetOpenIdSettingsAsync();
if (!_openIdService.IsValidOpenIdSettings(openIdSettings))
{
_notifier.Warning(H["OpenID Connect settings are not properly configured."]);
}
ViewData["OpenIdSettings"] = openIdSettings;
ViewData["ReturnUrl"] = returnUrl;
return(View(model));
}
// If the application was confidential and is now public, the client secret must be reset.
if (application.Type == ClientType.Confidential && model.Type == ClientType.Public)
{
model.UpdateClientSecret = true;
model.ClientSecret = null;
}
application.DisplayName = model.DisplayName;
application.RedirectUri = model.RedirectUri;
application.LogoutRedirectUri = model.LogoutRedirectUri;
application.ClientId = model.ClientId;
application.Type = model.Type;
application.SkipConsent = model.SkipConsent;
application.AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow;
application.AllowClientCredentialsFlow = model.AllowClientCredentialsFlow;
application.AllowImplicitFlow = model.AllowImplicitFlow;
application.AllowPasswordFlow = model.AllowPasswordFlow;
application.AllowRefreshTokenFlow = model.AllowRefreshTokenFlow;
application.AllowHybridFlow = model.AllowHybridFlow;
application.RoleNames = new List <string>();
if (application.Type == ClientType.Confidential && application.AllowClientCredentialsFlow)
{
application.RoleNames = model.RoleEntries.Where(r => r.Selected).Select(r => r.Name).ToList();
}
if (model.UpdateClientSecret)
{
await _applicationManager.UpdateAsync(application, model.ClientSecret, HttpContext.RequestAborted);
}
else
{
await _applicationManager.UpdateAsync(application, HttpContext.RequestAborted);
}
if (string.IsNullOrEmpty(returnUrl))
{
return(RedirectToAction("Index"));
}
return(LocalRedirect(returnUrl));
}
public async Task InitializeAsync()
{
//if (await manager.FindByClientIdAsync("react") == null)
//{
// var descriptor = new OpenIddictApplicationDescriptor
// {
// ClientId = "react",
// ClientSecret = "react_secret",
// DisplayName = "SPA client application",
// PostLogoutRedirectUris = { new Uri("http://localhost:3000/signout-callback-oidc") },
// RedirectUris = { new Uri("http://localhost:3000/signin-oidc") },
// Permissions =
// {
// OpenIddictConstants.Permissions.Endpoints.Authorization,
// OpenIddictConstants.Permissions.Endpoints.Logout,
// OpenIddictConstants.Permissions.GrantTypes.Implicit
// }
// };
// await manager.CreateAsync(descriptor);
//}
var resourceServer = await manager.FindByClientIdAsync("resource_server");
if (resourceServer == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "resource_server",
ClientSecret = "resource_server_secret",
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.ClientCredentials
}
};
await manager.CreateAsync(descriptor);
}
var mvcClient = await manager.FindByClientIdAsync("mvc_client");
if (mvcClient == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "mvc_client",
ClientSecret = "mvc_client_secret",
DisplayName = "MVC Client application",
PostLogoutRedirectUris = { new Uri($"{configuration["Client:BaseUrl"]}external/logout") },
RedirectUris = { new Uri($"{configuration["Client:BaseUrl"]}external/login") },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken
}
};
foreach (var scope in scopes.GetScopes())
{
descriptor.Permissions.Add($"scp:{scope}");
}
await manager.CreateAsync(descriptor);
}
else
{
var permissions = new JArray(
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.Endpoints.Logout,
OpenIddictConstants.Permissions.Endpoints.Token,
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
foreach (var scope in scopes.GetScopes())
{
permissions.Add($"scp:{scope}");
}
mvcClient.Permissions = JsonConvert.SerializeObject(permissions);
await manager.UpdateAsync(mvcClient);
}
var swagger = await manager.FindByClientIdAsync("swagger");
if (swagger == null)
{
var descriptor = new OpenIddictApplicationDescriptor
{
ClientId = "swagger",
DisplayName = "Swagger",
RedirectUris = { new Uri(Combine(addressResolver.Resolve(), "/swagger/oauth2-redirect.html")) },
Permissions =
{
OpenIddictConstants.Permissions.Endpoints.Authorization,
OpenIddictConstants.Permissions.GrantTypes.Implicit
}
};
foreach (var scope in scopes.GetScopes())
{
descriptor.Permissions.Add($"scp:{scope}");
}
await manager.CreateAsync(descriptor);
}
else
{
var permissions = new JArray(OpenIddictConstants.Permissions.Endpoints.Authorization, OpenIddictConstants.Permissions.GrantTypes.Implicit);
foreach (var scope in scopes.GetScopes())
{
permissions.Add($"scp:{scope}");
}
swagger.Permissions = JsonConvert.SerializeObject(permissions);
await manager.UpdateAsync(swagger);
}
}
