/// <summary>获取详细信息</summary> /// <param name="doc">Xml 文档对象</param> /// <returns>返回操作结果</returns> public string GetAccessToken(XmlDocument doc) { // http://local.passport.x3platform.com/api/connect.auth.token.aspx?code=28f35bf4743030ae string code = XmlHelper.Fetch("code", doc); ConnectAuthorizationCodeInfo authorizationCodeInfo = ConnectContext.Instance.ConnectAuthorizationCodeService[code]; if (authorizationCodeInfo == null) { return("{\"message\":{\"returnCode\":1,\"value\":\"authorization code not find\"}}"); } ConnectAccessTokenInfo accessTokenInfo = ConnectContext.Instance.ConnectAccessTokenService.FindOneByAccountId(authorizationCodeInfo.AppKey, authorizationCodeInfo.AccountId); if (accessTokenInfo == null) { return("{\"message\":{\"returnCode\":1,\"value\":\"access token not find\"}}"); } StringBuilder outString = new StringBuilder(); outString.Append("{\"data\":{"); outString.Append("accessToken:\"" + accessTokenInfo.Id + "\","); outString.Append("expiresIn:\"" + accessTokenInfo.ExpiresIn + "\","); outString.Append("refreshToken:\"" + accessTokenInfo.RefreshToken + "\" "); outString.Append("},\"message\":{\"returnCode\":0,\"value\":\"query success\"}}"); return(outString.ToString()); }
// ------------------------------------------------------- // 接口地址:/api/connect.oauth2.refresh.aspx // ------------------------------------------------------- #region 函数:RefreshAccessToken(XmlDocument doc) /// <summary>获取详细信息</summary> /// <param name="doc">Xml 文档对象</param> /// <returns>返回操作结果</returns> public string RefreshAccessToken(XmlDocument doc) { // http://x10.x3platform.com/api/connect.oauth2.refresh.aspx?refresh_token=28f35bf4743030ae string clientId = XmlHelper.Fetch("client_id", doc); string refreshToken = XmlHelper.Fetch("refresh_token", doc); DateTime expireDate = DateTime.Now.AddSeconds(ConnectConfigurationView.Instance.SessionTimeLimit); ConnectAccessTokenInfo accessTokenInfo = ConnectContext.Instance.ConnectAccessTokenService.FindOneByRefreshToken(clientId, refreshToken); if (accessTokenInfo == null) { return("{\"message\":{\"returnCode\":1,\"value\":\"access token not find\"}}"); } ConnectContext.Instance.ConnectAccessTokenService.Refesh(clientId, refreshToken, expireDate); accessTokenInfo = ConnectContext.Instance.ConnectAccessTokenService.FindOne(accessTokenInfo.Id); StringBuilder outString = new StringBuilder(); outString.Append("{\"data\":{"); outString.Append("\"accessToken\":\"" + accessTokenInfo.Id + "\","); outString.Append("\"tokenType\":\"bearer\","); outString.Append("\"expiresIn\":\"" + accessTokenInfo.ExpiresIn + "\","); outString.Append("\"refreshToken\":\"" + accessTokenInfo.RefreshToken + "\" "); outString.Append("},\"message\":{\"returnCode\":0,\"value\":\"refresh success\"}}"); return(outString.ToString()); }
// ------------------------------------------------------- // 接口地址:/api/connect.oauth2.token.aspx // ------------------------------------------------------- #region 函数:GetAccessToken(XmlDocument doc) /// <summary>获取详细信息</summary> /// <param name="doc">Xml 文档对象</param> /// <returns>返回操作结果</returns> public string GetAccessToken(XmlDocument doc) { // http://x10.x3platform.com/api/connect.oauth2.token.aspx?code=28f35bf4743030ae string code = XmlHelper.Fetch("code", doc); ConnectAuthorizationCodeInfo authorizationCodeInfo = ConnectContext.Instance.ConnectAuthorizationCodeService[code]; if (authorizationCodeInfo == null) { return("{error:1,descriptiopn:\"not find\"}"); } ConnectAccessTokenInfo accessTokenInfo = ConnectContext.Instance.ConnectAccessTokenService.FindOneByAccountId(authorizationCodeInfo.AppKey, authorizationCodeInfo.AccountId); if (accessTokenInfo == null) { return("{error:1,descriptiopn:\"not find\"}"); } StringBuilder outString = new StringBuilder(); outString.Append("{"); outString.Append("\"access_token\":\"" + accessTokenInfo.Id + "\","); outString.Append("\"token_type\":\"bearer\","); outString.Append("\"expires_in\":\"" + accessTokenInfo.ExpiresIn + "\","); outString.Append("\"refresh_token\":\"" + accessTokenInfo.RefreshToken + "\" "); outString.Append("}"); return(outString.ToString()); }
// ------------------------------------------------------- // 保存 删除 // ------------------------------------------------------- #region 函数:Save(ConnectAccessTokenInfo param) /// <summary>保存记录</summary> /// <param name="param"><see cref="ConnectAccessTokenInfo"/>实例详细信息</param> /// <param name="message">数据库操作返回的相关信息</param> /// <returns><see cref="ConnectAccessTokenInfo"/>实例详细信息</returns> public ConnectAccessTokenInfo Save(ConnectAccessTokenInfo param) { if (string.IsNullOrEmpty(param.Id)) { throw new NullReferenceException("实例标识不能为空。"); } // 过滤 Cross Site Script param = StringHelper.ToSafeXSS <ConnectAccessTokenInfo>(param); return(this.provider.Save(param)); }
// ------------------------------------------------------- // 保存 添加 修改 删除 // ------------------------------------------------------- #region 函数:Save(ConnectAccessTokenInfo param) /// <summary>保存记录</summary> /// <param name="param"><see cref="ConnectAccessTokenInfo"/>实例详细信息</param> /// <returns><see cref="ConnectAccessTokenInfo"/>实例详细信息</returns> public ConnectAccessTokenInfo Save(ConnectAccessTokenInfo param) { if (!IsExist(param.Id)) { this.Insert(param); } else { this.Update(param); } return(param); }
/// <summary>获取详细信息</summary> /// <param name="doc">Xml 文档对象</param> /// <returns>返回操作结果</returns> public string Me(XmlDocument doc) { string accessToken = XmlHelper.Fetch("accessToken", doc); StringBuilder outString = new StringBuilder(); ConnectAccessTokenInfo accessTokenInfo = ConnectContext.Instance.ConnectAccessTokenService[accessToken]; IMemberInfo member = MembershipManagement.Instance.MemberService[accessTokenInfo.AccountId]; if (member == null) { return("{\"message\":{\"returnCode\":1,\"value\":\"people not find\"}}"); } return("{\"data\":" + ToPeopleJson(member) + ",\"message\":{\"returnCode\":0,\"value\":\"query success\"}}"); }
/// <summary>获取认证的用户信息</summary> public override IAccountInfo GetAuthUser() { string accessToken = this.GetAccessToken(); string accountIdentity = this.GetIdentityValue(); if (string.IsNullOrEmpty(accountIdentity) && !string.IsNullOrEmpty(accessToken)) { // accessToken => accountIdentity ConnectAccessTokenInfo token = ConnectContext.Instance.ConnectAccessTokenService[accessToken]; accountIdentity = token.AccountId + "-" + token.Id; } // Http方式的验证, accountIdentity 不允许为空. if (string.IsNullOrEmpty(accountIdentity)) { return(null); } // 获取帐号信息 IAccountInfo account = this.GetSessionAccount(accountIdentity); if (account == null) { return(null); } // 写入临时存储 if (!this.cacheStorage.ContainsKey(accountIdentity)) { lock (this.cacheSyncRoot) { if (!this.cacheStorage.ContainsKey(accountIdentity)) { this.AddSession(accountIdentity, account); } } } return(account); }
/// <summary>合并Url地址和访问令牌</summary> private string CombineUrlAndAccessToken(string redirectUri, ConnectAccessTokenInfo token) { if (redirectUri == null) { redirectUri = string.Empty; } if (redirectUri.IndexOf("?") == -1 && redirectUri.IndexOf("&") == -1) { return(redirectUri + "?token=" + token.Id + "&expiresIn=" + token.ExpiresIn + "&refreshToken=" + token.RefreshToken); } else if (redirectUri.IndexOf("?") > -1 && redirectUri.IndexOf("&") == -1) { return(redirectUri + "&token=" + token.Id + "&expiresIn=" + token.ExpiresIn); } else { return(redirectUri + "&token=" + token.Id + "&expiresIn=" + token.ExpiresIn); } }
/// <summary>写入的帐号的访问令牌信息</summary> /// <param name="appKey">应用标识</param> /// <param name="accountId">帐号标识</param> /// <returns></returns> public int Write(string appKey, string accountId) { ConnectAccessTokenInfo param = this.FindOneByAccountId(appKey, accountId); if (param == null) { param = new ConnectAccessTokenInfo(); param.Id = DigitalNumberContext.Generate("Key_32DigitGuid"); param.AppKey = appKey; param.AccountId = accountId; param.ExpireDate = DateTime.Now.AddSeconds(ConnectConfigurationView.Instance.SessionTimeLimit); param.RefreshToken = DigitalNumberContext.Generate("Key_32DigitGuid"); this.Save(param); } else { this.Refesh(appKey, param.RefreshToken, DateTime.Now.AddSeconds(ConnectConfigurationView.Instance.SessionTimeLimit)); } return(0); }
/// <summary>修改记录</summary> /// <param name="param">实例<see cref="ConnectAccessTokenInfo"/>详细信息</param> public void Update(ConnectAccessTokenInfo param) { this.ibatisMapper.Update(StringHelper.ToProcedurePrefix(string.Format("{0}_Update", this.tableName)), param); }
/// <summary>添加记录</summary> /// <param name="param">实例<see cref="ConnectAccessTokenInfo"/>详细信息</param> public void Insert(ConnectAccessTokenInfo param) { this.ibatisMapper.Insert(StringHelper.ToProcedurePrefix(string.Format("{0}_Insert", this.tableName)), param); }
// ------------------------------------------------------- // 接口地址:/api/connect.auth.authorize.aspx // ------------------------------------------------------- #region 函数:GetAuthorizeCode(XmlDocument doc) /// <summary>获取详细信息</summary> /// <param name="doc">Xml 文档对象</param> /// <returns>返回操作结果</returns> public string GetAuthorizeCode(XmlDocument doc) { StringBuilder outString = new StringBuilder(); string clientId = XmlHelper.Fetch("clientId", doc); string redirectUri = XmlHelper.Fetch("redirectUri", doc); string responseType = XmlHelper.Fetch("responseType", doc); string scope = XmlHelper.Fetch("scope", doc); string style = XmlHelper.Fetch("style", doc); string loginName = XmlHelper.Fetch("loginName", doc); string password = XmlHelper.Fetch("password", doc); if (string.IsNullOrEmpty(loginName) || string.IsNullOrEmpty(password)) { HttpContentTypeHelper.SetValue("html"); return(CreateLoginPage(clientId, redirectUri, responseType, scope)); } else { // 当前用户信息 IAccountInfo account = MembershipManagement.Instance.AccountService.LoginCheck(loginName, password); if (account == null) { if (string.IsNullOrEmpty(responseType)) { outString.Append("{\"message\":{\"returnCode\":1,\"value\":\"帐号或者密码错误。\"}}"); return(outString.ToString()); } else { // 输出登录页面 // 设置输出的内容类型,默认为 html 格式。 HttpContentTypeHelper.SetValue("html"); return(CreateLoginPage(clientId, redirectUri, responseType, scope)); } } else { // 检验是否有授权码 if (!ConnectContext.Instance.ConnectAuthorizationCodeService.IsExist(clientId, account.Id)) { ConnectAuthorizationCodeInfo authorizationCode = new ConnectAuthorizationCodeInfo(); authorizationCode.Id = DigitalNumberContext.Generate("Key_32DigitGuid"); authorizationCode.AppKey = clientId; authorizationCode.AccountId = account.Id; authorizationCode.AuthorizationScope = string.IsNullOrEmpty(scope) ? "public" : scope; ConnectContext.Instance.ConnectAuthorizationCodeService.Save(authorizationCode); } // 设置访问令牌 ConnectContext.Instance.ConnectAccessTokenService.Write(clientId, account.Id); // 设置会话信息 ConnectAccessTokenInfo token = ConnectContext.Instance.ConnectAccessTokenService.FindOneByAccountId(clientId, account.Id); // 记录日志 string ip = IPQueryContext.GetClientIP(); MembershipManagement.Instance.AccountService.SetIPAndLoginDate(account.Id, ip, DateTime.Now); MembershipManagement.Instance.AccountLogService.Log(account.Id, "connect.auth.authorize", string.Format("【{0}】在 {1} 登录了系统。【IP:{2}】", account.Name, DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"), ip)); string sessionId = token.AccountId + "-" + token.Id; KernelContext.Current.AuthenticationManagement.AddSession(clientId, sessionId, account); HttpAuthenticationCookieSetter.SetUserCookies(sessionId); string code = ConnectContext.Instance.ConnectAuthorizationCodeService.GetAuthorizationCode(clientId, account); // responseType == null 则输出令牌信息 if (string.IsNullOrEmpty(responseType)) { outString.Append("{\"data\":" + AjaxUtil.Parse <ConnectAccessTokenInfo>(token) + ","); outString.Append("\"message\":{\"returnCode\":0,\"value\":\"验证成功。\"}}"); string callback = XmlHelper.Fetch("callback", doc); return(string.IsNullOrEmpty(callback) ? outString.ToString() : callback + "(" + outString.ToString() + ")"); } else if (responseType == "code") { HttpContext.Current.Response.Redirect(CombineUrlAndAuthorizationCode(redirectUri, code)); } else if (responseType == "token") { HttpContext.Current.Response.Redirect(CombineUrlAndAccessToken(redirectUri, token)); } else { HttpContext.Current.Response.Redirect(CombineUrlAndAuthorizationCode(redirectUri, code)); } } } outString.Append("{\"message\":{\"returnCode\":0,\"value\":\"执行成功。\"}}"); return(outString.ToString()); }