public GetProfileDataAsync ( ProfileDataRequestContext, context ) : Task, | ||
context | ProfileDataRequestContext, | |
return | Task, |
public async Task GetProfileDataAsync(ProfileDataRequestContext context) { await _delegate.GetProfileDataAsync(context); foreach (var plugin in _profileServiceDelegates) { await plugin.GetProfileDataAsync(context); } }
public async Task GetProfileDataAsync_should_get_add_act_claim() { var services = new ServiceCollection() .AddLogging() .AddDbContext <IdentityDbContext>(options => options.UseInMemoryDatabase(Guid.NewGuid().ToString())); services.AddIdentity <IdentityUser, IdentityRole>() .AddEntityFrameworkStores <IdentityDbContext>(); var provider = services.BuildServiceProvider(); var manager = provider.GetRequiredService <UserManager <IdentityUser> >(); var user = new IdentityUser { UserName = "******" }; await manager.CreateAsync(user); var context = new ProfileDataRequestContext(new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim(JwtClaimTypes.Subject, "not_found"), new Claim("amr", OidcConstants.GrantTypes.TokenExchange), new Claim(JwtClaimTypes.Actor, "api1") })), new Client(), "test", new string[] { "test" }) { RequestedResources = new ResourceValidationResult { Resources = new Resources { ApiResources = new List <ApiResource> { new ApiResource { Properties = new Dictionary <string, string> { [ProfileServiceProperties.ClaimProviderTypeKey] = typeof(ClaimsProvider).FullName, [ProfileServiceProperties.ClaimProviderAssemblyPathKey] = $"{typeof(ClaimsProvider).Assembly.GetName().Name}.dll" } } } } } }; var sut = new ProfileService <IdentityUser>(provider.GetRequiredService <UserManager <IdentityUser> >(), provider.GetRequiredService <IUserClaimsPrincipalFactory <IdentityUser> >(), provider.GetService <IEnumerable <IProvideClaims> >(), provider.GetRequiredService <ILogger <ProfileService <IdentityUser> > >()); await sut.GetProfileDataAsync(context); Assert.Contains(context.IssuedClaims, c => c.Type == JwtClaimTypes.Actor); }
public async Task GetProfileDataAsync_should_resolve_provider_type_from_di() { var services = new ServiceCollection() .AddLogging() .AddTransient <IProvideClaims, ClaimsProvider>() .AddDbContext <IdentityDbContext>(options => options.UseInMemoryDatabase(Guid.NewGuid().ToString())); services.AddIdentity <IdentityUser, IdentityRole>() .AddEntityFrameworkStores <IdentityDbContext>(); var provider = services.BuildServiceProvider(); var manager = provider.GetRequiredService <UserManager <IdentityUser> >(); var user = new IdentityUser { UserName = "******" }; await manager.CreateAsync(user); var context = new ProfileDataRequestContext(new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim(JwtClaimTypes.Subject, user.Id) })), new Client(), "test", new string[] { "test" }) { RequestedResources = new ResourceValidationResult { Resources = new Resources { IdentityResources = new List <IdentityResource> { new IdentityResource { Properties = new Dictionary <string, string> { [ProfileServiceProperties.ClaimProviderTypeKey] = typeof(ClaimsProvider).FullName } } } } } }; var sut = new ProfileService <IdentityUser>(provider.GetRequiredService <UserManager <IdentityUser> >(), provider.GetRequiredService <IUserClaimsPrincipalFactory <IdentityUser> >(), provider.GetService <IEnumerable <IProvideClaims> >(), provider.GetRequiredService <ILogger <ProfileService <IdentityUser> > >()); await sut.GetProfileDataAsync(context); Assert.Contains(context.IssuedClaims, c => c.Type == "test"); }
public async Task GetProfileDataAsync_withGivenArgument_ReturnExpectedResult_TestSuite(string jobTitle, string fullName, string configuration, int expectedValue) { // Arrange _user = new ApplicationUser() { JobTitle = jobTitle, FullName = fullName, Configuration = configuration }; _userManagerMock.Setup(x => x.FindByIdAsync(It.IsAny <string>())).ReturnsAsync(_user); var identity = new List <ClaimsIdentity>() { new ClaimsIdentity(new List <Claim>() { new Claim("sub", "1") }) }; var claimsPrincipal = new ClaimsPrincipal(identity); _userClaimFactoryMock.Setup(x => x.CreateAsync(It.IsAny <ApplicationUser>())).ReturnsAsync(claimsPrincipal); var context = new ProfileDataRequestContext(); context.Subject = claimsPrincipal; context.RequestedClaimTypes = new List <string>() { "sub" }; var profileService = new ProfileService(_userManagerMock.Object, _userClaimFactoryMock.Object); // Act await profileService.GetProfileDataAsync(context); // Assert Assert.AreEqual(expectedValue, context.IssuedClaims.Count); }
public async Task <IEndpointResult> ProcessAsync(HttpContext httpContext) { Logger.LogInformation($"[{nameof(InitRegistrationEndpoint)}] Started processing trusted device registration initiation endpoint."); var isPostRequest = HttpMethods.IsPost(httpContext.Request.Method); var isApplicationFormContentType = httpContext.Request.HasApplicationFormContentType(); // Validate HTTP request type and method. if (!isPostRequest || !isApplicationFormContentType) { return(Error(OidcConstants.TokenErrors.InvalidRequest, "Request must be of type 'POST' and have a Content-Type equal to 'application/x-www-form-urlencoded'.")); } // Ensure that a valid 'Authorization' header exists. var tokenUsageResult = await Token.Validate(httpContext); if (!tokenUsageResult.TokenFound) { return(Error(OidcConstants.ProtectedResourceErrors.InvalidToken, "No access token is present in the request.")); } // Validate request data and access token. var parameters = (await httpContext.Request.ReadFormAsync()).AsNameValueCollection(); var requestValidationResult = await Request.Validate(parameters, tokenUsageResult.Token); if (requestValidationResult.IsError) { return(Error(requestValidationResult.Error, requestValidationResult.ErrorDescription)); } // Ensure device is not already registered or belongs to any other user. var existingDevice = await UserDeviceStore.GetByDeviceId(requestValidationResult.DeviceId); var isNewDeviceOrOwnedByUser = existingDevice == null || existingDevice.UserId.Equals(requestValidationResult.UserId, StringComparison.OrdinalIgnoreCase); if (!isNewDeviceOrOwnedByUser) { return(Error(OidcConstants.ProtectedResourceErrors.InvalidToken, "Device does not belong to the this user.")); } // Ensure that the principal has declared a phone number which is also confirmed. // We will get these 2 claims by retrieving the identity resources from the store (using the requested scopes existing in the access token) and then calling the profile service. // This will help us make sure that the 'phone' scope was requested and finally allowed in the token endpoint. var identityResources = await ResourceStore.FindEnabledIdentityResourcesByScopeAsync(requestValidationResult.RequestedScopes); var resources = new Resources(identityResources, Enumerable.Empty <ApiResource>(), Enumerable.Empty <ApiScope>()); var validatedResources = new ResourceValidationResult(resources); if (!validatedResources.Succeeded) { return(Error(OidcConstants.ProtectedResourceErrors.InvalidToken, "Identity resources could be validated.")); } var requestedClaimTypes = resources.IdentityResources.SelectMany(x => x.UserClaims).Distinct(); var profileDataRequestContext = new ProfileDataRequestContext(requestValidationResult.Principal, requestValidationResult.Client, IdentityServerConstants.ProfileDataCallers.UserInfoEndpoint, requestedClaimTypes) { RequestedResources = validatedResources }; await ProfileService.GetProfileDataAsync(profileDataRequestContext); var profileClaims = profileDataRequestContext.IssuedClaims; var phoneNumberClaim = profileClaims.FirstOrDefault(x => x.Type == JwtClaimTypes.PhoneNumber); var phoneNumberVerifiedClaim = profileClaims.FirstOrDefault(x => x.Type == JwtClaimTypes.PhoneNumberVerified); if (string.IsNullOrWhiteSpace(phoneNumberClaim?.Value) || phoneNumberVerifiedClaim == null || (bool.TryParse(phoneNumberVerifiedClaim.Value, out var phoneNumberVerified) && !phoneNumberVerified)) { return(Error(OidcConstants.ProtectedResourceErrors.InvalidToken, "User does not have a phone number or the phone number is not verified.")); } var otpAuthenticatedValue = profileClaims.FirstOrDefault(x => x.Type == BasicClaimTypes.OtpAuthenticated)?.Value; var otpAuthenticated = !string.IsNullOrWhiteSpace(otpAuthenticatedValue) && bool.Parse(otpAuthenticatedValue); if (!otpAuthenticated) { // Send OTP code. void messageBuilder(TotpMessageBuilder message) { var builder = message.UsePrincipal(requestValidationResult.Principal).WithMessage(IdentityMessageDescriber.DeviceRegistrationCodeMessage(existingDevice?.Name, requestValidationResult.InteractionMode)); if (requestValidationResult.DeliveryChannel == TotpDeliveryChannel.Sms) { builder.UsingSms(); } else { builder.UsingViber(); } builder.WithPurpose(Constants.TrustedDeviceOtpPurpose(requestValidationResult.UserId, requestValidationResult.DeviceId)); } var totpResult = await TotpService.Send(messageBuilder); if (!totpResult.Success) { return(Error(totpResult.Error)); } } // Create endpoint response. var response = await Response.Generate(requestValidationResult); Logger.LogInformation($"[{nameof(InitRegistrationEndpoint)}] Trusted device registration initiation endpoint success."); return(new InitRegistrationResult(response)); }