protected async Task <bool> PermissionCheckAsync(NotificationDefinition notificationDefinition, Guid userId)
{
if (!notificationDefinition.PermissionName.IsNullOrEmpty())
{
AuthorizationResult result;
if (CurrentUser.Id == userId)
{
result = await AuthorizationService.AuthorizeAsync(notificationDefinition.PermissionName);
}
else
{
var userRoles = await NotificationStore.GetUserRoles(userId);
var rolesClaims = userRoles.Select(ur => new Claim(AbpClaimTypes.Role, ur)).ToArray();
var claimsIdentity = new ClaimsIdentity(new Claim[] {
new Claim(AbpClaimTypes.UserId, userId.ToString()),
new Claim(AbpClaimTypes.TenantId, CurrentTenant.Id?.ToString())
});
claimsIdentity.AddClaims(rolesClaims);
//Switch current user identity
using (CurrentPrincipalAccessor.Change(new ClaimsPrincipal(claimsIdentity)))
{
result = await AuthorizationService.AuthorizeAsync(notificationDefinition.PermissionName);
}
}
if (!result.Succeeded)
{
return(false);
}
}
return(true);
}
public async Task Global_PermissionState_Test()
{
var myPermission2 = PermissionDefinitionManager.Get("MyPermission2");
(await PermissionStateManager.IsEnabledAsync(myPermission2)).ShouldBeFalse();
using (CurrentPrincipalAccessor.Change(new Claim(AbpClaimTypes.Role, "admin")))
{
(await PermissionStateManager.IsEnabledAsync(myPermission2)).ShouldBeTrue();
}
}
public async Task PermissionState_Test()
{
var myPermission1 = PermissionDefinitionManager.Get("MyPermission1");
myPermission1.StateProviders.ShouldContain(x => x.GetType() == typeof(TestRequireEditionPermissionStateProvider));
(await PermissionStateManager.IsEnabledAsync(myPermission1)).ShouldBeFalse();
using (CurrentPrincipalAccessor.Change(new Claim(AbpClaimTypes.EditionId, Guid.NewGuid().ToString())))
{
(await PermissionStateManager.IsEnabledAsync(myPermission1)).ShouldBeTrue();
}
}
public async Task SaveAsync(IdentitySecurityLogContext context)
{
Action <SecurityLogInfo> securityLogAction = securityLog =>
{
securityLog.Identity = context.Identity;
securityLog.Action = context.Action;
if (!context.UserName.IsNullOrWhiteSpace())
{
securityLog.UserName = context.UserName;
}
if (!context.ClientId.IsNullOrWhiteSpace())
{
securityLog.ClientId = context.ClientId;
}
foreach (var property in context.ExtraProperties)
{
securityLog.ExtraProperties[property.Key] = property.Value;
}
};
if (CurrentUser.IsAuthenticated)
{
await SecurityLogManager.SaveAsync(securityLogAction);
}
else
{
if (context.UserName.IsNullOrWhiteSpace())
{
await SecurityLogManager.SaveAsync(securityLogAction);
}
else
{
var user = await UserManager.FindByNameAsync(context.UserName);
if (user != null)
{
using (CurrentPrincipalAccessor.Change(await UserClaimsPrincipalFactory.CreateAsync(user)))
{
await SecurityLogManager.SaveAsync(securityLogAction);
}
}
else
{
await SecurityLogManager.SaveAsync(securityLogAction);
}
}
}
}
public override async Task <ClaimsPrincipal> CreateAsync(IdentityUser user)
{
var principal = await base.CreateAsync(user);
var identity = principal.Identities.First();
if (user.TenantId.HasValue)
{
identity.AddIfNotContains(new Claim(AbpClaimTypes.TenantId, user.TenantId.ToString()));
}
if (!user.Name.IsNullOrWhiteSpace())
{
identity.AddIfNotContains(new Claim(AbpClaimTypes.Name, user.Name));
}
if (!user.Surname.IsNullOrWhiteSpace())
{
identity.AddIfNotContains(new Claim(AbpClaimTypes.SurName, user.Surname));
}
if (!user.PhoneNumber.IsNullOrWhiteSpace())
{
identity.AddIfNotContains(new Claim(AbpClaimTypes.PhoneNumber, user.PhoneNumber));
}
identity.AddIfNotContains(
new Claim(AbpClaimTypes.PhoneNumberVerified, user.PhoneNumberConfirmed.ToString()));
if (!user.Email.IsNullOrWhiteSpace())
{
identity.AddIfNotContains(new Claim(AbpClaimTypes.Email, user.Email));
}
identity.AddIfNotContains(new Claim(AbpClaimTypes.EmailVerified, user.EmailConfirmed.ToString()));
using (CurrentPrincipalAccessor.Change(identity))
{
var abpClaimsPrincipal = await AbpClaimsPrincipalFactory.CreateAsync();
foreach (var claim in abpClaimsPrincipal.Claims)
{
identity.AddIfNotContains(claim);
}
}
return(principal);
}
public virtual async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var accessToken = context.Request.Raw["access_token"];
if (accessToken.IsNullOrWhiteSpace())
{
context.Result = new GrantValidationResult
{
IsError = true,
Error = "invalid_access_token"
};
return;
}
var result = await TokenValidator.ValidateAccessTokenAsync(accessToken);
if (result.IsError)
{
context.Result = new GrantValidationResult
{
IsError = true,
Error = result.Error,
ErrorDescription = result.ErrorDescription
};
return;
}
using (CurrentPrincipalAccessor.Change(result.Claims))
{
if (!Guid.TryParse(context.Request.Raw["LinkUserId"], out var linkUserId))
{
context.Result = new GrantValidationResult
{
IsError = true,
Error = "invalid_link_user_id"
};
return;
}
Guid?linkTenantId = null;
if (!context.Request.Raw["LinkTenantId"].IsNullOrWhiteSpace())
{
if (!Guid.TryParse(context.Request.Raw["LinkTenantId"], out var parsedGuid))
{
context.Result = new GrantValidationResult
{
IsError = true,
Error = "invalid_link_tenant_id"
};
return;
}
linkTenantId = parsedGuid;
}
var isLinked = await IdentityLinkUserManager.IsLinkedAsync(
new IdentityLinkUserInfo(CurrentUser.GetId(), CurrentTenant.Id),
new IdentityLinkUserInfo(linkUserId, linkTenantId),
true);
if (isLinked)
{
using (CurrentTenant.Change(linkTenantId))
{
var user = await UserManager.GetByIdAsync(linkUserId);
var sub = await UserManager.GetUserIdAsync(user);
var additionalClaims = new List <Claim>();
await AddCustomClaimsAsync(additionalClaims, user, context);
context.Result = new GrantValidationResult(
sub,
GrantType,
additionalClaims.ToArray()
);
}
}
else
{
context.Result = new GrantValidationResult
{
IsError = true,
Error = Localizer["TheTargetUserIsNotLinkedToYou"]
};
}
}
}