private static string MapGrantType(ClientGrantType grantType)
{
switch (grantType)
{
case ClientGrantType.ClientCredentials:
return(GrantType.ClientCredentials);
case ClientGrantType.ResourceOwnerPassword:
return(GrantType.ResourceOwnerPassword);
case ClientGrantType.AuthorizationCode:
return(GrantType.AuthorizationCode);
case ClientGrantType.DeviceFlow:
return(GrantType.DeviceFlow);
case ClientGrantType.Hybrid:
return(GrantType.Hybrid);
case ClientGrantType.Implicit:
return(GrantType.Implicit);
default:
return(string.Empty);
}
}
public async Task <string> AddGrantType(ClientGrantType grant)
{
string result = "";
int grantId = 0;
await Task.Run(() => {
using (/*var*/ ctx /*= new ResourceConfigDbContext()*/)
{
ctx.ClientGrantTypes.Add(grant);
ctx.SaveChanges();
grantId = grant.Id;
result = "Grant " + grantId + "added successfully";
}
});
return(result);
}
public void RemoveAllowedGrantType(ClientGrantType grantType)
{
if (!_allowedGrantTypes.Contains(grantType))
{
throw new EntityValidationException("This grant type is not currently allowed.");
}
var e = new RemovedAllowedGrantTypeEvent()
{
GrantType = grantType,
ClientId = Id,
OccurredOn = DateTime.UtcNow
};
_changes.Add(e);
EventHandler.AllowedGrantTypeRemoved(this, e);
}
public async Task<IActionResult> AddClientGrantType([FromRoute]string clientId, [FromRoute]string grantType) {
var client = await _configurationDbContext.Clients.SingleOrDefaultAsync(x => x.ClientId == clientId);
if (client == null) {
return NotFound();
}
var grantTypeToAdd = new ClientGrantType {
GrantType = grantType,
ClientId = client.Id
};
client.AllowedGrantTypes = new List<ClientGrantType> {
grantTypeToAdd
};
await _configurationDbContext.SaveChangesAsync();
return Ok(new GrantTypeInfo {
Id = grantTypeToAdd.Id,
Name = grantTypeToAdd.GrantType
});
}
public Client ToEntity(Client client)
{
if (client.AllowedGrantTypes == null)
{
client.AllowedGrantTypes = new List <ClientGrantType>();
}
client.Id = this.Id;
client.ClientName = this.ClientName;
client.ClientId = this.ClientId;
client.Description = this.Description;
foreach (var allowedGrantType in this.AllowedGrantTypes)
{
var grantType = client.AllowedGrantTypes.FirstOrDefault(a => a.Id == allowedGrantType.Id);
if (grantType == null)
{
grantType = new ClientGrantType
{
Id = allowedGrantType.Id,
ClientId = this.Id
};
client.AllowedGrantTypes.Add(grantType);
}
else
{
grantType.GrantType = allowedGrantType.GrantType;
}
switch (allowedGrantType.GrantType.ToLower())
{
case "clientcredentials":
grantType.GrantType = "client_credentials";
break;
case "resourceownerpassword":
grantType.GrantType = "password";
break;
case "hybrid":
grantType.GrantType = "hybrid";
break;
case "code":
grantType.GrantType = "authorization_code";
break;
case "implicit":
grantType.GrantType = "implicit";
break;
default:
grantType.GrantType = allowedGrantType.GrantType;
break;
}
}
client.RequirePkce = this.RequirePkce;
client.RequireClientSecret = this.RequireClientSecret;
client.Enabled = this.Enabled;
client.Created = this.Created;
client.Updated = this.Updated;
client.LastAccessed = this.LastAccessed;
client.AllowOfflineAccess = this.AllowOfflineAccess;
client.IdentityTokenLifetime = this.IdentityTokenLifetime;
client.RequireConsent = this.RequireConsent;
client.AllowAccessTokensViaBrowser = this.AllowAccessTokensViaBrowser;
return(client);
}
public async Task OnPostAsync()
{
// Arrange
const string grantType1OriginalGrantType = "Original GrantType";
const string grantType1EditedGrantType = "Edited GrantType";
const string newGrantTypeGrantType = "New GrantType";
var databaseName = $"{DatabaseNamePrefix}.{nameof(OnPostAsync)}";
var options = new DbContextOptionsBuilder <IdentityServerDbContext>()
.UseInMemoryDatabase(databaseName)
.Options;
GrantTypesModel grantTypes;
IActionResult post;
var grantType1 = new ClientGrantType
{
Id = Random.Next(),
GrantType = grantType1OriginalGrantType
};
var grantType2 = new ClientGrantType {
Id = Random.Next()
};
var clientId = Random.Next();
var client = new Client
{
Id = clientId,
AllowedGrantTypes = new List <ClientGrantType>
{
grantType1,
grantType2
}
};
using (var context = new IdentityServerDbContext(options, _configurationStoreOptions.Object, _operationalStoreOptions.Object))
{
context.Add(client);
await context.SaveChangesAsync().ConfigureAwait(false);
}
// Act
using (var context = new IdentityServerDbContext(options, _configurationStoreOptions.Object, _operationalStoreOptions.Object))
{
grantTypes = new GrantTypesModel(context)
{
Client = new Client
{
Id = clientId,
AllowedGrantTypes = new List <ClientGrantType>
{
new ClientGrantType
{
Id = grantType1.Id,
GrantType = grantType1EditedGrantType
},
new ClientGrantType {
GrantType = newGrantTypeGrantType
}
}
}
};
post = await grantTypes.OnPostAsync().ConfigureAwait(false);
}
// Assert
using (var context = new IdentityServerDbContext(options, _configurationStoreOptions.Object, _operationalStoreOptions.Object))
{
client = await context.Clients
.Include(x => x.AllowedGrantTypes)
.SingleOrDefaultAsync(x => x.Id.Equals(clientId))
.ConfigureAwait(false);
grantType1 = client.AllowedGrantTypes.SingleOrDefault(x => x.Id.Equals(grantType1.Id));
grantType2 = client.AllowedGrantTypes.SingleOrDefault(x => x.Id.Equals(grantType2.Id));
var newGrantType = client.AllowedGrantTypes.SingleOrDefault(x => x.GrantType.Equals(newGrantTypeGrantType));
Assert.NotNull(grantType1);
Assert.Equal(grantType1EditedGrantType, grantType1.GrantType);
Assert.Null(grantType2);
Assert.NotNull(newGrantType);
}
var result = Assert.IsType <RedirectToPageResult>(post);
Assert.Equal("../Details/GrantTypes", result.PageName);
Assert.Collection(result.RouteValues, routeValue =>
{
var(key, value) = routeValue;
Assert.Equal(nameof(Client.Id), key);
Assert.Equal(grantTypes.Client.Id, value);
});
}
public IActionResult EditClient(EditClientModel model, [FromServices] ConfigurationDbContext configContext)
{
// Validate it's an actual client
var foundClient = configContext.Clients.Where(c => c.ClientId == model.ClientId).FirstOrDefault();
if (foundClient != null)
{
foundClient.ClientName = model.Name;
foundClient.ClientUri = model.HomepageUrl;
foundClient.LogoUri = model.LogoUrl;
foundClient.Updated = DateTime.Now;
configContext.Entry(foundClient).State = EntityState.Modified;
// Update the redirect URL for this client
var results = configContext.Set <ClientRedirectUri>().Where(c => c.ClientId == foundClient.Id).ToList();
if (results != null)
{
configContext.RemoveRange(results);
}
var newUri = new ClientRedirectUri();
newUri.Client = foundClient;
newUri.ClientId = foundClient.Id;
newUri.RedirectUri = model.CallbackUrl;
configContext.Add(newUri);
// Generate the origin for the callback
Uri redirect = new Uri(model.CallbackUrl);
string origin = redirect.Scheme + "://" + redirect.Host;
// Update the allowed origin for this client
var corsOrigins = configContext.Set <ClientCorsOrigin>().Where(c => c.ClientId == foundClient.Id).ToList();
if (corsOrigins != null)
{
configContext.RemoveRange(corsOrigins);
}
var newOrigin = new ClientCorsOrigin();
newOrigin.Client = foundClient;
newOrigin.ClientId = foundClient.Id;
newOrigin.Origin = origin;
configContext.Add(newUri);
// Update their allowed grants
var curGrants = configContext.Set <ClientGrantType>().Where(c => c.ClientId == foundClient.Id).ToList();
if (curGrants != null)
{
configContext.RemoveRange(curGrants);
}
foreach (var grantType in model.AllowedGrants)
{
var newGrant = new ClientGrantType();
newGrant.Client = foundClient;
newGrant.ClientId = foundClient.Id;
newGrant.GrantType = grantType;
configContext.Add(newGrant);
}
// Update their allowed scopes
var curScopes = configContext.Set <ClientScope>().Where(c => c.ClientId == foundClient.Id).ToList();
if (curScopes != null)
{
configContext.RemoveRange(curScopes);
}
foreach (var scope in model.AllowedScopes)
{
var newScope = new ClientScope();
newScope.Client = foundClient;
newScope.ClientId = foundClient.Id;
newScope.Scope = scope;
configContext.Add(newScope);
}
// Save all the changed
configContext.SaveChanges();
// Clear the client cache
RemoveCachedClient(model.ClientId);
return(new JsonResult(new { success = true }));
}
return(new JsonResult(new { success = false, message = "Client does not exist." }));
}
public static void ConfigurationDbContextSeed(this ModelBuilder modelBuilder)
{
var clientGrantTypeEntity = new ClientGrantType
{
Id = -1,
GrantType = GrantType.ResourceOwnerPassword,
ClientId = -1,
};
var clientScopes = new[]
{
new ClientScope
{
ClientId = -1,
Id = -1,
Scope = "record-keep-api"
},
new ClientScope
{
ClientId = -1,
Id = -2,
Scope = IdentityServerConstants.StandardScopes.OpenId
},
new ClientScope
{
ClientId = -1,
Id = -3,
Scope = IdentityServerConstants.StandardScopes.Profile
}
};
var client = new Client
{
ClientId = "record-keep",
AccessTokenType = AccessTokenType.Jwt,
RequireClientSecret = false,
AllowOfflineAccess = false,
AllowAccessTokensViaBrowser = true
};
var clientEntity = client.ToEntity();
clientEntity.Id = -1;
var apiResourceClaimEntity = new ApiResourceClaim
{
Id = -1,
ApiResourceId = -1,
Type = JwtClaimTypes.Name
};
var apiResourceScopesEntity = new ApiScope
{
Name = "record-keep-api",
Id = -1,
DisplayName = "Record Keep API",
ApiResourceId = -1,
};
var apiResource = new ApiResource
{
Name = "record-keep-api",
DisplayName = "Record Keep API"
};
var apiResourceEntity = apiResource.ToEntity();
apiResourceEntity.Id = -1;
var openIdIdentity = new IdentityResources.OpenId().ToEntity();
var profileIdentity = new IdentityResources.Profile().ToEntity();
openIdIdentity.Id = -1;
profileIdentity.Id = -2;
var identityClaimOpenId = new IdentityClaim
{
Id = -1,
Type = JwtClaimTypes.Subject,
IdentityResourceId = -1
};
var identityClaims = new List <IdentityClaim>
{
identityClaimOpenId
};
var index = -2;
foreach (var claims in profileIdentity.UserClaims)
{
identityClaims.Add(new IdentityClaim
{
Id = index,
Type = claims.Type,
IdentityResourceId = -2,
});
index--;
}
openIdIdentity.UserClaims = new List <IdentityClaim>();
profileIdentity.UserClaims = new List <IdentityClaim>();
modelBuilder.Entity <ClientGrantType>().HasData(clientGrantTypeEntity);
modelBuilder.Entity <ClientScope>().HasData(clientScopes);
modelBuilder.Entity <IdentityServer4.EntityFramework.Entities.Client>().HasData(clientEntity);
modelBuilder.Entity <ApiResourceClaim>().HasData(apiResourceClaimEntity);
modelBuilder.Entity <ApiScope>().HasData(apiResourceScopesEntity);
modelBuilder.Entity <IdentityServer4.EntityFramework.Entities.ApiResource>().HasData(apiResourceEntity);
modelBuilder.Entity <IdentityResource>().HasData(openIdIdentity, profileIdentity);
modelBuilder.Entity <IdentityClaim>().HasData(identityClaims);
}
public Task <string> UpdateGrantType(ClientGrantType dto)
{
throw new NotImplementedException();
}
public IActionResult Delete(Guid clientId, ClientGrantType grantType)
{
_clientService.RemoveAllowedGrantType(clientId, grantType);
return(NoContent());
}
public IActionResult Create(Guid clientId, ClientGrantType grantType)
{
_clientService.AddAllowedGrantType(clientId, grantType);
return(NoContent());
}
public void UpdateClientBasic(int id, ClientDto clientDto)
{
Client client = this.Session.Get <Client>(id);
if (client == null)
{
throw new FluentValidationException($"客户端{id}不存在。");
}
client.Description = clientDto.Description;
client.ProtocolType = clientDto.ProtocolType;
client.RequireClientSecret = clientDto.RequireClientSecret;
client.RequirePkce = clientDto.RequirePkce;
client.AllowPlainTextPkce = clientDto.AllowPlainTextPkce;
client.AllowOfflineAccess = clientDto.AllowOfflineAccess;
client.AllowAccessTokensViaBrowser = clientDto.AllowAccessTokensViaBrowser;
client.Enabled = clientDto.Enabled;
var transaction = this.Session.BeginTransaction();
try
{
this.Session.Update(client);
this.Session.CreateQuery("delete from ClientScope where ClientId=:ClientId")
.SetInt32("ClientId", id)
.ExecuteUpdate();
clientDto.AllowedScopes.ForEach(scope =>
{
ClientScope clientScope = new ClientScope();
clientScope.ClientId = client.Id;
clientScope.Scope = scope;
this.Session.Save(clientScope);
});
this.Session.CreateQuery("delete from ClientRedirectUri where ClientId=:ClientId")
.SetInt32("ClientId", id)
.ExecuteUpdate();
clientDto.RedirectUris.ForEach(redirectUri =>
{
ClientRedirectUri clientRedirectUri = new ClientRedirectUri();
clientRedirectUri.ClientId = client.Id;
clientRedirectUri.RedirectUri = redirectUri;
this.Session.Save(clientRedirectUri);
});
this.Session.CreateQuery("delete from ClientGrantType where ClientId=:ClientId")
.SetInt32("ClientId", id)
.ExecuteUpdate();
clientDto.AllowedGrantTypes.ForEach(grantType =>
{
ClientGrantType clientGrantType = new ClientGrantType();
clientGrantType.ClientId = client.Id;
clientGrantType.GrantType = grantType;
this.Session.Save(clientGrantType);
});
transaction.Commit();
}
catch (Exception)
{
transaction.Rollback();
throw;
}
}
public void RemoveAllowedGrantType(Guid id, ClientGrantType grantType)
{
PerformActionOnClient(id, c => c.RemoveAllowedGrantType(grantType));
}
