public async Task GetProfileDataAsync(ProfileDataRequestContext context) { var sub = context.Subject.GetSubjectId(); var user = await _userManager.FindByIdAsync(sub); var principal = await _claimsFactory.CreateAsync(user); var claims = principal.Claims.ToList(); claims = claims.Where(claim => context.RequestedClaimTypes.Contains(claim.Type)).ToList(); claims.Add(new Claim(JwtClaimTypes.GivenName, user.UserName)); if (user.IsAdmin) { claims.Add(new Claim(JwtClaimTypes.Role, "admin")); } else { claims.Add(new Claim(JwtClaimTypes.Role, "user")); } if (user.DataEventRecordsRole == "dataEventRecords.admin") { claims.Add(new Claim(JwtClaimTypes.Role, "dataEventRecords.admin")); claims.Add(new Claim(JwtClaimTypes.Role, "dataEventRecords.user")); claims.Add(new Claim(JwtClaimTypes.Role, "dataEventRecords")); claims.Add(new Claim(JwtClaimTypes.Scope, "dataEventRecords")); } else { claims.Add(new Claim(JwtClaimTypes.Role, "dataEventRecords.user")); claims.Add(new Claim(JwtClaimTypes.Role, "dataEventRecords")); claims.Add(new Claim(JwtClaimTypes.Scope, "dataEventRecords")); } if (user.SecuredFilesRole == "securedFiles.admin") { claims.Add(new Claim(JwtClaimTypes.Role, "securedFiles.admin")); claims.Add(new Claim(JwtClaimTypes.Role, "securedFiles.user")); claims.Add(new Claim(JwtClaimTypes.Role, "securedFiles")); claims.Add(new Claim(JwtClaimTypes.Scope, "securedFiles")); } else { claims.Add(new Claim(JwtClaimTypes.Role, "securedFiles.user")); claims.Add(new Claim(JwtClaimTypes.Role, "securedFiles")); claims.Add(new Claim(JwtClaimTypes.Scope, "securedFiles")); } claims.Add(new Claim(IdentityServerConstants.StandardScopes.Email, user.Email)); context.IssuedClaims = claims; }
async public Task GetProfileDataAsync(ProfileDataRequestContext context) { var subject = context.Subject; if (subject == null) throw new ArgumentNullException(nameof(context.Subject)); var subjectId = subject.GetSubjectId(); var user = await _userManager.FindByIdAsync(subjectId); if (user == null) throw new ArgumentException("Invalid subject identifier"); var claims = await GetClaimsFromUser(user); if (!context.AllClaimsRequested) { var requestedClaimTypes = context.RequestedClaimTypes; if (requestedClaimTypes != null) claims = claims.Where(c => requestedClaimTypes.Contains(c.Type)); else claims = claims.Take(0); } context.IssuedClaims = claims; }
public Task GetProfileDataAsync(ProfileDataRequestContext context) { context.IssuedClaims.Add(new Claim("special", "martin")); return(Task.CompletedTask); }
public Task GetProfileDataAsync(ProfileDataRequestContext context) { return(Task.FromResult(0)); }
public async Task GetProfileDataAsync(ProfileDataRequestContext context) { var sub = context.Subject.GetSubjectId(); var user = await _userManager.FindByIdAsync(sub); var principal = await _claimsFactory.CreateAsync(user); var claims = principal.Claims.ToList(); if (!context.AllClaimsRequested) { claims = claims.Where(claim => context.RequestedClaimTypes.Contains(claim.Type)).ToList(); } claims.Add(new Claim(JwtClaimTypes.GivenName, user.UserName)); //new Claim(JwtClaimTypes.Role, "admin"), //new Claim(JwtClaimTypes.Role, "dataEventRecords.admin"), //new Claim(JwtClaimTypes.Role, "dataEventRecords.user"), //new Claim(JwtClaimTypes.Role, "dataEventRecords"), //new Claim(JwtClaimTypes.Role, "securedFiles.user"), //new Claim(JwtClaimTypes.Role, "securedFiles.admin"), //new Claim(JwtClaimTypes.Role, "securedFiles") if (user.IsAdmin) { claims.Add(new Claim(JwtClaimTypes.Role, "admin")); } else { claims.Add(new Claim(JwtClaimTypes.Role, "user")); } if (user.DataEventRecordsRole == "dataEventRecords.admin") { claims.Add(new Claim(JwtClaimTypes.Role, "dataEventRecords.admin")); claims.Add(new Claim(JwtClaimTypes.Role, "dataEventRecords.user")); claims.Add(new Claim(JwtClaimTypes.Role, "dataEventRecords")); } else { claims.Add(new Claim(JwtClaimTypes.Role, "dataEventRecords.user")); claims.Add(new Claim(JwtClaimTypes.Role, "dataEventRecords")); } if (user.SecuredFilesRole == "securedFiles.admin") { claims.Add(new Claim(JwtClaimTypes.Role, "securedFiles.admin")); claims.Add(new Claim(JwtClaimTypes.Role, "securedFiles.user")); claims.Add(new Claim(JwtClaimTypes.Role, "securedFiles")); } else { claims.Add(new Claim(JwtClaimTypes.Role, "securedFiles.user")); claims.Add(new Claim(JwtClaimTypes.Role, "securedFiles")); } claims.Add(new System.Security.Claims.Claim(StandardScopes.Email.Name, user.Email)); context.IssuedClaims = claims; }
public async Task GetProfileDataAsync(ProfileDataRequestContext context) { var sub = context.Subject.GetSubjectId(); var user = await _userManager.FindByIdAsync(sub); var principal = await _claimsFactory.CreateAsync(user); var issued = context.IssuedClaims; context.AddRequestedClaims(principal.Claims); var requestedClaims = context.RequestedClaimTypes.ToList(); var allClaims = principal.Claims.ToList(); var foundClaims = principal.Claims.Where(x => context.RequestedClaimTypes.Contains(x.Type)).Select(x => x.Type).ToList(); var neededClaims = requestedClaims.Except(foundClaims); var claimsToAdd = new List <Claim>(); //try to add needed claims if we know what they are foreach (var c in neededClaims) { if (c == JwtClaimTypes.Name) { claimsToAdd.Add(new Claim(JwtClaimTypes.Name, user.DisplayName)); } if (c == JwtClaimTypes.Email) { claimsToAdd.Add(new Claim(JwtClaimTypes.Email, user.Email)); } if (c == JwtClaimTypes.BirthDate && user.DateOfBirth.HasValue) { claimsToAdd.Add(new Claim(JwtClaimTypes.BirthDate, user.DateOfBirth.Value.ToString("YYYY-MM-DD"))); } if (c == JwtClaimTypes.EmailVerified) { claimsToAdd.Add(new Claim(JwtClaimTypes.EmailVerified, user.EmailConfirmed.ToString().ToLowerInvariant())); } if (c == JwtClaimTypes.FamilyName && !string.IsNullOrWhiteSpace(user.LastName)) { claimsToAdd.Add(new Claim(JwtClaimTypes.FamilyName, user.LastName)); } if (c == JwtClaimTypes.GivenName && !string.IsNullOrWhiteSpace(user.FirstName)) { claimsToAdd.Add(new Claim(JwtClaimTypes.GivenName, user.FirstName)); } if (c == JwtClaimTypes.PhoneNumber && !string.IsNullOrWhiteSpace(user.PhoneNumber)) { claimsToAdd.Add(new Claim(JwtClaimTypes.PhoneNumber, user.PhoneNumber)); } if (c == JwtClaimTypes.PhoneNumberVerified) { claimsToAdd.Add(new Claim(JwtClaimTypes.PhoneNumberVerified, user.PhoneNumberConfirmed.ToString().ToLowerInvariant())); } if (c == JwtClaimTypes.WebSite && !string.IsNullOrWhiteSpace(user.WebSiteUrl)) { claimsToAdd.Add(new Claim(JwtClaimTypes.WebSite, user.WebSiteUrl)); } if (c == JwtClaimTypes.ZoneInfo && !string.IsNullOrWhiteSpace(user.TimeZoneId)) { claimsToAdd.Add(new Claim(JwtClaimTypes.ZoneInfo, user.TimeZoneId)); } if (c == JwtClaimTypes.Gender && !string.IsNullOrWhiteSpace(user.Gender)) { claimsToAdd.Add(new Claim(JwtClaimTypes.Gender, user.Gender)); } } if (claimsToAdd.Count > 0) { context.IssuedClaims.AddRange(claimsToAdd); } }
public override Task GetProfileDataAsync(ProfileDataRequestContext context) { return(base.GetProfileDataAsync(context)); }
public Task GetProfileDataAsync(ProfileDataRequestContext context) { context.IssuedClaims.AddRange(context.Subject.Claims); return(Task.FromResult(0)); }
public Task GetProfileDataAsync(ProfileDataRequestContext context) { context.IssuedClaims.AddRange(context.Subject.Claims.Where(x => x.Type == CustomClaimTypes.Roles).ToList()); return(Task.CompletedTask); }
public async Task GetProfileDataAsync(ProfileDataRequestContext context) { var claims = context.Subject.Claims.ToList(); context.IssuedClaims = claims.ToList(); }
protected async Task <ClaimsIdentity> CreateSubjectAsync(SignInValidationResult result) { var requestedClaimTypes = new List <string>(); var resources = await this.resources.FindEnabledIdentityResourcesByScopeAsync(result.Client.AllowedScopes); foreach (var resource in resources) { foreach (var claim in resource.UserClaims) { requestedClaimTypes.Add(claim); } } var ctx = new ProfileDataRequestContext { Subject = result.User, RequestedClaimTypes = requestedClaimTypes, Client = result.Client, Caller = "WS-Federation" }; await profile.GetProfileDataAsync(ctx); // map outbound claims var nameid = new Claim(ClaimTypes.NameIdentifier, result.User.GetSubjectId()); nameid.Properties[ClaimProperties.SamlNameIdentifierFormat] = result.RelyingParty.SamlNameIdentifierFormat; var outboundClaims = new List <Claim> { nameid }; foreach (var claim in ctx.IssuedClaims) { if (result.RelyingParty.ClaimMapping.ContainsKey(claim.Type)) { var outboundClaim = new Claim(result.RelyingParty.ClaimMapping[claim.Type], claim.Value); if (outboundClaim.Type == ClaimTypes.NameIdentifier) { outboundClaim.Properties[ClaimProperties.SamlNameIdentifierFormat] = result.RelyingParty.SamlNameIdentifierFormat; } outboundClaims.Add(outboundClaim); } else if (result.RelyingParty.TokenType != WsFederationConstants.TokenTypes.Saml11TokenProfile11) { outboundClaims.Add(claim); } else { logger.LogInformation("No explicit claim type mapping for {claimType} configured. Saml11 requires a URI claim type. Skipping.", claim.Type); } } // The AuthnStatement statement generated from the following 2 // claims is manditory for some service providers (i.e. Shibboleth-Sp). // The value of the AuthenticationMethod claim must be one of the constants in // System.IdentityModel.Tokens.AuthenticationMethods. // Password is the only one that can be directly matched, everything // else defaults to Unspecified. if (result.User.GetAuthenticationMethod() == OidcConstants.AuthenticationMethods.Password) { outboundClaims.Add(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Password)); } else { outboundClaims.Add(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Unspecified)); } // authentication instant claim is required outboundClaims.Add(new Claim(ClaimTypes.AuthenticationInstant, XmlConvert.ToString(DateTime.UtcNow, "yyyy-MM-ddTHH:mm:ss.fffZ"), ClaimValueTypes.DateTime)); return(new ClaimsIdentity(outboundClaims, "idsrv")); }
/// <summary> /// Returns claims for an identity token /// </summary> /// <param name="subject">The subject</param> /// <param name="client">The client</param> /// <param name="scopes">The requested scopes</param> /// <param name="includeAllIdentityClaims">Specifies if all claims should be included in the token, or if the userinfo endpoint can be used to retrieve them</param> /// <param name="request">The raw request</param> /// <returns> /// Claims for the identity token /// </returns> public virtual async Task <IEnumerable <Claim> > GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, Client client, IEnumerable <Scope> scopes, bool includeAllIdentityClaims, ValidatedRequest request) { Logger.Info("Getting claims for identity token for subject: " + subject.GetSubjectId()); var outputClaims = new List <Claim>(GetStandardSubjectClaims(subject)); outputClaims.AddRange(GetOptionalClaims(subject)); var additionalClaims = new List <string>(); // if a include all claims rule exists, call the user service without a claims filter if (scopes.IncludesAllClaimsForUserRule(ScopeType.Identity)) { Logger.Info("All claims rule found - emitting all claims for user."); var context = new ProfileDataRequestContext( subject, client, Constants.ProfileDataCallers.ClaimsProviderIdentityToken); await _users.GetProfileDataAsync(context); var claims = FilterProtocolClaims(context.IssuedClaims); if (claims != null) { outputClaims.AddRange(claims); } return(outputClaims); } // fetch all identity claims that need to go into the id token foreach (var scope in scopes) { if (scope.Type == ScopeType.Identity) { foreach (var scopeClaim in scope.Claims) { if (includeAllIdentityClaims || scopeClaim.AlwaysIncludeInIdToken) { additionalClaims.Add(scopeClaim.Name); } } } } if (additionalClaims.Count > 0) { var context = new ProfileDataRequestContext( subject, client, Constants.ProfileDataCallers.ClaimsProviderIdentityToken, additionalClaims); await _users.GetProfileDataAsync(context); var claims = FilterProtocolClaims(context.IssuedClaims); if (claims != null) { outputClaims.AddRange(claims); } } return(outputClaims); }
/// <summary> /// Returns claims for an identity token. /// </summary> /// <param name="subject">The subject.</param> /// <param name="client">The client.</param> /// <param name="scopes">The requested scopes.</param> /// <param name="request">The raw request.</param> /// <returns> /// Claims for the access token /// </returns> public virtual async Task <IEnumerable <Claim> > GetAccessTokenClaimsAsync(ClaimsPrincipal subject, Client client, IEnumerable <Scope> scopes, ValidatedRequest request) { // add client_id var outputClaims = new List <Claim> { new Claim(Constants.ClaimTypes.ClientId, client.ClientId), }; // check for client claims if (client.Claims != null && client.Claims.Any()) { if (subject == null || client.AlwaysSendClientClaims) { foreach (var claim in client.Claims) { var claimType = claim.Type; if (client.PrefixClientClaims) { claimType = "client_" + claimType; } outputClaims.Add(new Claim(claimType, claim.Value, claim.ValueType)); } } } // add scopes foreach (var scope in scopes) { outputClaims.Add(new Claim(Constants.ClaimTypes.Scope, scope.Name)); } // a user is involved if (subject != null) { outputClaims.AddRange(GetStandardSubjectClaims(subject)); outputClaims.AddRange(GetOptionalClaims(subject)); // if a include all claims rule exists, call the user service without a claims filter if (scopes.IncludesAllClaimsForUserRule(ScopeType.Resource)) { var context = new ProfileDataRequestContext( subject, client, Constants.ProfileDataCallers.ClaimsProviderAccessToken); await _users.GetProfileDataAsync(context); var claims = FilterProtocolClaims(context.IssuedClaims); if (claims != null) { outputClaims.AddRange(claims); } return(outputClaims); } // fetch all resource claims that need to go into the access token var additionalClaims = new List <string>(); foreach (var scope in scopes) { if (scope.Type == ScopeType.Resource) { if (scope.Claims != null) { foreach (var scopeClaim in scope.Claims) { additionalClaims.Add(scopeClaim.Name); } } } } if (additionalClaims.Count > 0) { var context = new ProfileDataRequestContext( subject, client, Constants.ProfileDataCallers.ClaimsProviderAccessToken, additionalClaims.Distinct()); await _users.GetProfileDataAsync(context); var claims = FilterProtocolClaims(context.IssuedClaims); if (claims != null) { outputClaims.AddRange(claims); } } } return(outputClaims); }
public async Task GetProfileDataAsync(ProfileDataRequestContext context) { var existingClaims = context.Subject.Claims; var newClaims = new List <Claim>(); var user = await _userService.GetUserByPrincipalAsync(context.Subject); if (user != null) { var isPremium = await _licensingService.ValidateUserPremiumAsync(user); newClaims.AddRange(new List <Claim> { new Claim("premium", isPremium ? "true" : "false", ClaimValueTypes.Boolean), new Claim(JwtClaimTypes.Email, user.Email), new Claim(JwtClaimTypes.EmailVerified, user.EmailVerified ? "true" : "false", ClaimValueTypes.Boolean), new Claim("sstamp", user.SecurityStamp) }); if (!string.IsNullOrWhiteSpace(user.Name)) { newClaims.Add(new Claim(JwtClaimTypes.Name, user.Name)); } // Orgs that this user belongs to var orgs = await _organizationUserRepository.GetManyByUserAsync(user.Id); if (orgs.Any()) { var groupedOrgs = orgs.Where(o => o.Status == Enums.OrganizationUserStatusType.Confirmed) .GroupBy(o => o.Type); foreach (var group in groupedOrgs) { switch (group.Key) { case Enums.OrganizationUserType.Owner: foreach (var org in group) { newClaims.Add(new Claim("orgowner", org.OrganizationId.ToString())); } break; case Enums.OrganizationUserType.Admin: foreach (var org in group) { newClaims.Add(new Claim("orgadmin", org.OrganizationId.ToString())); } break; case Enums.OrganizationUserType.User: foreach (var org in group) { newClaims.Add(new Claim("orguser", org.OrganizationId.ToString())); } break; default: break; } } } } // filter out any of the new claims var existingClaimsToKeep = existingClaims .Where(c => !c.Type.StartsWith("org") && (newClaims.Count == 0 || !newClaims.Any(nc => nc.Type == c.Type))) .ToList(); newClaims.AddRange(existingClaimsToKeep); if (newClaims.Any()) { context.AddRequestedClaims(newClaims); } }
/// <summary> /// Returns claims for an identity token. /// </summary> /// <param name="subject">The subject.</param> /// <param name="client">The client.</param> /// <param name="scopes">The requested scopes.</param> /// <param name="request">The raw request.</param> /// <returns> /// Claims for the access token /// </returns> public virtual async Task <IEnumerable <Claim> > GetAccessTokenClaimsAsync(ClaimsPrincipal subject, Client client, Resources resources, ValidatedRequest request) { _logger.LogDebug("Getting claims for access token for client: {clientId}", client.ClientId); // add client_id var outputClaims = new List <Claim> { new Claim(JwtClaimTypes.ClientId, client.ClientId), }; // check for client claims if (client.Claims != null && client.Claims.Any()) { if (subject == null || client.AlwaysSendClientClaims) { foreach (var claim in client.Claims) { var claimType = claim.Type; if (client.PrefixClientClaims) { claimType = "client_" + claimType; } outputClaims.Add(new Claim(claimType, claim.Value, claim.ValueType)); } } } // add scopes foreach (var scope in resources.IdentityResources) { outputClaims.Add(new Claim(JwtClaimTypes.Scope, scope.Name)); } foreach (var scope in resources.ApiResources.SelectMany(x => x.Scopes)) { outputClaims.Add(new Claim(JwtClaimTypes.Scope, scope.Name)); } // a user is involved if (subject != null) { if (resources.OfflineAccess) { outputClaims.Add(new Claim(JwtClaimTypes.Scope, IdentityServerConstants.StandardScopes.OfflineAccess)); } _logger.LogDebug("Getting claims for access token for subject: {subject}", subject.GetSubjectId()); outputClaims.AddRange(GetStandardSubjectClaims(subject)); outputClaims.AddRange(GetOptionalClaims(subject)); // fetch all resource claims that need to go into the access token var additionalClaims = new List <string>(); foreach (var api in resources.ApiResources) { // add claims configured on api resource if (api.UserClaims != null) { foreach (var claim in api.UserClaims) { additionalClaims.Add(claim.Type); } } // add claims configured on scope // TODO: need unit test foreach (var scope in api.Scopes) { if (scope.UserClaims != null) { foreach (var claim in scope.UserClaims) { additionalClaims.Add(claim.Type); } } } } if (additionalClaims.Count > 0) { var context = new ProfileDataRequestContext( subject, client, IdentityServerConstants.ProfileDataCallers.ClaimsProviderAccessToken, additionalClaims.Distinct()); await _profile.GetProfileDataAsync(context); var claims = FilterProtocolClaims(context.IssuedClaims); if (claims != null) { outputClaims.AddRange(claims); } } } return(outputClaims); }
public async Task <Dictionary <string, object> > ProcessAsync(ClaimsPrincipal subject, IEnumerable <string> scopes, Client client) { _logger.LogTrace("Creating userinfo response"); var profileData = new Dictionary <string, object>(); var requestedClaimTypes = await GetRequestedClaimTypesAsync(scopes); IEnumerable <Claim> profileClaims; if (requestedClaimTypes.IncludeAllClaims) { _logger.LogDebug("Requested claim types: all"); var context = new ProfileDataRequestContext( subject, client, IdentityServerConstants.ProfileDataCallers.UserInfoEndpoint); await _profile.GetProfileDataAsync(context); profileClaims = context.IssuedClaims; } else { _logger.LogDebug("Requested claim types: {claimTypes}", requestedClaimTypes.ClaimTypes.ToSpaceSeparatedString()); var context = new ProfileDataRequestContext( subject, client, IdentityServerConstants.ProfileDataCallers.UserInfoEndpoint, requestedClaimTypes.ClaimTypes); await _profile.GetProfileDataAsync(context); profileClaims = context.IssuedClaims; } List <Claim> results = new List <Claim>(); if (profileClaims == null) { _logger.LogInformation("Profile service returned no claims (null)"); } else { results.AddRange(profileClaims); _logger.LogInformation("Profile service returned to the following claim types: {types}", profileClaims.Select(c => c.Type).ToSpaceSeparatedString()); } // TODO: unit tests var subClaim = results.SingleOrDefault(x => x.Type == JwtClaimTypes.Subject); if (subClaim == null) { results.Add(new Claim(JwtClaimTypes.Subject, subject.GetSubjectId())); } else if (subClaim.Value != subject.GetSubjectId()) { _logger.LogError("Profile service returned incorrect subject value: {sub}", subClaim); throw new InvalidOperationException("Profile service returned incorrect subject value"); } return(results.ToClaimsDictionary()); }
public virtual async Task GetProfileDataAsync(ProfileDataRequestContext context) { var user = await GetUser(context.Subject); context.IssuedClaims = (await GetClaims(user)).ToList(); }
/// <summary> /// Returns claims for an identity token. /// </summary> /// <param name="subject">The subject.</param> /// <param name="resources">The requested resources</param> /// <param name="request">The raw request.</param> /// <returns> /// Claims for the access token /// </returns> public virtual async Task <IEnumerable <Claim> > GetAccessTokenClaimsAsync(ClaimsPrincipal subject, Resources resources, ValidatedRequest request) { Logger.LogDebug("Getting claims for access token for client: {clientId}", request.Client.ClientId); var outputClaims = new List <Claim>() { new Claim(JwtClaimTypes.ClientId, request.ClientId) }; // log if client ID is overwritten if (!string.Equals(request.ClientId, request.Client.ClientId)) { Logger.LogDebug("Client {clientId} is impersonating {impersonatedClientId}", request.Client.ClientId, request.ClientId); } // add cnf if present if (request.Confirmation.IsPresent()) { outputClaims.Add(new Claim(JwtClaimTypes.Confirmation, request.Confirmation, IdentityServerConstants.ClaimValueTypes.Json)); } // check for client claims if (request.ClientClaims != null && request.ClientClaims.Any()) { if (subject == null || request.Client.AlwaysSendClientClaims) { foreach (var claim in request.ClientClaims) { var claimType = claim.Type; if (request.Client.ClientClaimsPrefix.IsPresent()) { claimType = request.Client.ClientClaimsPrefix + claimType; } outputClaims.Add(new Claim(claimType, claim.Value, claim.ValueType)); } } } // add scopes foreach (var scope in resources.IdentityResources) { outputClaims.Add(new Claim(JwtClaimTypes.Scope, scope.Name)); } foreach (var scope in resources.ApiResources.SelectMany(x => x.Scopes)) { outputClaims.Add(new Claim(JwtClaimTypes.Scope, scope.Name)); } // a user is involved if (subject != null) { if (resources.OfflineAccess) { outputClaims.Add(new Claim(JwtClaimTypes.Scope, IdentityServerConstants.StandardScopes.OfflineAccess)); } Logger.LogDebug("Getting claims for access token for subject: {subject}", subject.GetSubjectId()); outputClaims.AddRange(GetStandardSubjectClaims(subject)); outputClaims.AddRange(GetOptionalClaims(subject)); // fetch all resource claims that need to go into the access token var additionalClaimTypes = new List <string>(); foreach (var api in resources.ApiResources) { // add claims configured on api resource if (api.UserClaims != null) { foreach (var claim in api.UserClaims) { additionalClaimTypes.Add(claim); } } // add claims configured on scope foreach (var scope in api.Scopes) { if (scope.UserClaims != null) { foreach (var claim in scope.UserClaims) { additionalClaimTypes.Add(claim); } } } } // filter so we don't ask for claim types that we will eventually filter out additionalClaimTypes = FilterRequestedClaimTypes(additionalClaimTypes).ToList(); var context = new ProfileDataRequestContext( subject, request.Client, IdentityServerConstants.ProfileDataCallers.ClaimsProviderAccessToken, additionalClaimTypes.Distinct()) { RequestedResources = resources, ValidatedRequest = request }; await Profile.GetProfileDataAsync(context); var claims = FilterProtocolClaims(context.IssuedClaims); if (claims != null) { outputClaims.AddRange(claims); } } return(outputClaims); }
public async Task GetProfileDataAsync(ProfileDataRequestContext context) { var nameClaim = context.Subject.FindAll(JwtClaimTypes.Name); context.IssuedClaims.AddRange(nameClaim); var roleClaims = context.Subject.FindAll(JwtClaimTypes.Role); context.IssuedClaims.AddRange(roleClaims); bool isReadonly = false; var user = await _userManager.FindByNameAsync(context.Subject.Identity.Name); if (user != null) { var notifications = await _notificationService.GetNotifications(user.Id, NotificationTypeEnum.DailyReminder); if (notifications.Any(n => n.CreatedDate.Date.Equals(DateTime.UtcNow.Date)) == false) { await _notificationService.Create(user.Id, "daily-reminder", "subscription-pack", "reminder", "reminder", "reminder", Shared.ViewModels.NotificationTypeEnum.DailyReminder); } if (user.IsUnlimited == false && user.IsAdmin == false) { var subscription = await _functionalUnitOfWork.SubscriptionRepository.GetLatestSubscriptionForUser(user.Id); if (subscription != null && subscription.SubscriptionPackId != Guid.Empty) { var pack = await _functionalUnitOfWork.SubscriptionPackRepository.FirstOrDefault(s => s.Id == subscription.SubscriptionPackId); if (subscription != null) { AddClaim(context, ClaimNames.Subscription, pack.Label.ToLower()); } if (pack.Price > 0) { AddClaim(context, ClaimNames.IsPayable, "true"); } else { AddClaim(context, ClaimNames.IsFree, "true"); } } if (user.SubscriptionEndDate.HasValue && user.SubscriptionEndDate < DateTime.UtcNow) { notifications = await _notificationService.GetNotifications(user.Id, NotificationTypeEnum.ExpiredProfile); if (notifications.Any(n => n.CreatedDate.Date.Equals(DateTime.UtcNow.Date)) == false) { await _notificationService.Create(user.Id, "expiredprofile", "subscription-pack", "reminder", "reminder", "reminder", Shared.ViewModels.NotificationTypeEnum.ExpiredProfile); isReadonly = true; await SendEmailTemplate(user, EmailTemplateEnum.ExpiredProfile, "expiredprofile"); } } else if (user.SubscriptionEndDate.HasValue && user.SubscriptionEndDate.Value.Subtract(DateTime.UtcNow).Days <= 5) { notifications = await _notificationService.GetNotifications(user.Id, NotificationTypeEnum.SoonExpireProfile); if (notifications.Any(n => n.CreatedDate.Date.Equals(DateTime.UtcNow.Date)) == false) { await _notificationService.Create(user.Id, "soonexpireprofile", "subscription-pack", "reminder", "reminder", "reminder", Shared.ViewModels.NotificationTypeEnum.SoonExpireProfile); await SendEmailTemplate(user, EmailTemplateEnum.SoonExpiredProfile, "soonexpireprofile"); } } } if (!user.IsOnline) { user.IsOnline = true; user.LastLogin = DateTime.UtcNow; await _userManager.UpdateAsync(user); } AddClaim(context, ClaimNames.Title, user.Title); AddClaim(context, ClaimNames.Address, user.Address); AddClaim(context, ClaimNames.City, user.City); AddClaim(context, ClaimNames.Country, user.Country); AddClaim(context, ClaimNames.DisplayDescription, user.DisplayDescription); AddClaim(context, ClaimNames.DescriptionVideo, user.DescriptionVideo); AddClaim(context, ClaimNames.DescriptionVideoCover, user.DescriptionVideoCover); AddClaim(context, ClaimNames.VideoProfileUrl, user.VideoProfileUrl); AddClaim(context, ClaimNames.VideProfileCoverUrl, user.VideProfileCoverUrl); AddClaim(context, ClaimNames.Description, user.Description); AddClaim(context, ClaimNames.DigitCode, user.PinCode); AddClaim(context, ClaimNames.DisplayName, GetDisplayName(user)); AddClaim(context, ClaimNames.Email, user.Email); AddClaim(context, ClaimNames.FirstName, user.FirstName); AddClaim(context, ClaimNames.Id, user.Id); AddClaim(context, ClaimNames.PhoneNumber, user.PhoneNumber); AddRole(context, ClaimNames.IsAdmin, user.IsAdmin); AddRole(context, ClaimNames.IsManager, user.IsManager); AddRole(context, ClaimNames.IsOperator, user.IsOperator); AddRole(context, ClaimNames.IsOnline, user.IsOnline); AddClaim(context, ClaimNames.LastLogin, user.LastLogin); AddClaim(context, ClaimNames.LastName, user.LastName); AddClaim(context, ClaimNames.NumberOfView, user.NubmerOfView); AddClaim(context, ClaimNames.PhotoUrl, user.PhotoUrl); AddClaim(context, ClaimNames.PinCode, user.PinCode); AddClaim(context, ClaimNames.SubscriptionStart, user.SubscriptionStartDate); AddClaim(context, ClaimNames.SubscriptionEnd, user.SubscriptionEndDate); AddClaim(context, ClaimNames.IsReadOnly, user.SubscriptionEndDate.HasValue && user.SubscriptionEndDate.Value <= DateTime.UtcNow); } }