private void AddOrUpdateClientRedirectUrl(Client currentClient, string modelRedirectUrl)
{
// Ensure the client redirect url collection is not null
if (currentClient.RedirectUris == null)
{
currentClient.RedirectUris = new List <ClientRedirectUri>();
}
// Currently, the api works with only one client redirect uri.
ClientRedirectUri currentClientRedirectUri = currentClient.RedirectUris.FirstOrDefault();
// Add new redirectUri
if ((currentClientRedirectUri != null && currentClientRedirectUri.RedirectUri != modelRedirectUrl) ||
currentClientRedirectUri == null)
{
// Remove all redirect uris as we may have only one.
currentClient.RedirectUris.Clear();
currentClient.RedirectUris.Add(new ClientRedirectUri()
{
Client = currentClient,
RedirectUri = modelRedirectUrl
});
}
}
public HttpResponseMessage Post(string id, ClientRedirectModel model)
{
if (!ModelState.IsValid)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.GetErrors()));
}
var client = this.config.Clients.All.SingleOrDefault(x => x.ClientId == id);
if (client == null)
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
var item = new ClientRedirectUri {
Uri = model.Uri, Description = model.Description
};
client.RedirectUris.Add(item);
this.config.SaveChanges();
var response = Request.CreateResponse(HttpStatusCode.OK, item);
return(response);
}
public async Task <ClientRedirectUri> AddRedirectUri(ClientRedirectUri redirectUri, string clientId)
{
var client = await _context.Clients.SingleAsync(c => c.ClientId == clientId);
redirectUri.Client = client;
_context.ClientRedirectUris.Add(redirectUri);
await _context.SaveChangesAsync();
return(redirectUri);
}
public async Task AddRedirectUri(string uri, int clientDbId)
{
var client = await _dbContext.Clients.FirstOrDefaultAsync(c => c.Id == clientDbId);
if (client == null)
{
throw new ArgumentException($"No Client with id: {clientDbId}");
}
var clientRedirectUri = new ClientRedirectUri
{
Uri = uri.ToLower(),
Client = client
};
_dbContext.ClientRedirectUri.Add(clientRedirectUri);
await _dbContext.SaveChangesAsync();
}
public async Task OnPostAsync()
{
// Arrange
const string redirectUri1OriginalRedirectUri = "Original RedirectUri";
const string redirectUri1EditedRedirectUri = "Edited RedirectUri";
const string newRedirectUriRedirectUri = "New RedirectUri";
var databaseName = $"{DatabaseNamePrefix}.{nameof(OnPostAsync)}";
var options = new DbContextOptionsBuilder <IdentityServerDbContext>()
.UseInMemoryDatabase(databaseName)
.Options;
RedirectUrisModel redirectUris;
IActionResult post;
var redirectUri1 = new ClientRedirectUri
{
Id = Random.Next(),
RedirectUri = redirectUri1OriginalRedirectUri
};
var redirectUri2 = new ClientRedirectUri {
Id = Random.Next()
};
var clientId = Random.Next();
var client = new Client
{
Id = clientId,
RedirectUris = new List <ClientRedirectUri>
{
redirectUri1,
redirectUri2
}
};
using (var context = new IdentityServerDbContext(options, _configurationStoreOptions.Object, _operationalStoreOptions.Object))
{
context.Add(client);
await context.SaveChangesAsync().ConfigureAwait(false);
}
// Act
using (var context = new IdentityServerDbContext(options, _configurationStoreOptions.Object, _operationalStoreOptions.Object))
{
redirectUris = new RedirectUrisModel(context)
{
Client = new Client
{
Id = clientId,
RedirectUris = new List <ClientRedirectUri>
{
new ClientRedirectUri
{
Id = redirectUri1.Id,
RedirectUri = redirectUri1EditedRedirectUri
},
new ClientRedirectUri {
RedirectUri = newRedirectUriRedirectUri
}
}
}
};
post = await redirectUris.OnPostAsync().ConfigureAwait(false);
}
// Assert
using (var context = new IdentityServerDbContext(options, _configurationStoreOptions.Object, _operationalStoreOptions.Object))
{
client = await context.Clients
.Include(x => x.RedirectUris)
.SingleOrDefaultAsync(x => x.Id.Equals(clientId))
.ConfigureAwait(false);
redirectUri1 = client.RedirectUris.SingleOrDefault(x => x.Id.Equals(redirectUri1.Id));
redirectUri2 = client.RedirectUris.SingleOrDefault(x => x.Id.Equals(redirectUri2.Id));
var newRedirectUri = client.RedirectUris.SingleOrDefault(x => x.RedirectUri.Equals(newRedirectUriRedirectUri));
Assert.NotNull(redirectUri1);
Assert.Equal(redirectUri1EditedRedirectUri, redirectUri1.RedirectUri);
Assert.Null(redirectUri2);
Assert.NotNull(newRedirectUri);
}
var result = Assert.IsType <RedirectToPageResult>(post);
Assert.Equal("../Details/RedirectUris", result.PageName);
Assert.Collection(result.RouteValues, routeValue =>
{
var(key, value) = routeValue;
Assert.Equal(nameof(Client.Id), key);
Assert.Equal(redirectUris.Client.Id, value);
});
}
private void AddClients(Client ct)
{
var client = new Client <Guid>()
{
AbsoluteRefreshTokenLifetime = ct.AbsoluteRefreshTokenLifetime,
AccessTokenLifetime = ct.AccessTokenLifetime,
AccessTokenType = ct.AccessTokenType,
AllowAccessToAllGrantTypes = ct.AllowAccessToAllCustomGrantTypes,
AllowAccessToAllScopes = ct.AllowAccessToAllScopes,
AllowClientCredentialsOnly = ct.AllowClientCredentialsOnly,
AllowPromptNone = ct.AllowPromptNone,
AllowRememberConsent = ct.AllowRememberConsent,
AlwaysSendClientClaims = ct.AlwaysSendClientClaims,
AuthorizationCodeLifetime = ct.AuthorizationCodeLifetime,
ClientId = ct.ClientId,
ClientName = ct.ClientName,
ClientUri = ct.ClientUri,
EnableLocalLogin = ct.EnableLocalLogin,
Enabled = ct.Enabled,
Flow = ct.Flow,
IdentityTokenLifetime = ct.IdentityTokenLifetime,
IncludeJwtId = ct.IncludeJwtId,
LogoUri = ct.LogoUri,
LogoutSessionRequired = ct.LogoutSessionRequired,
LogoutUri = ct.LogoutUri,
PrefixClientClaims = ct.PrefixClientClaims,
RefreshTokenExpiration = ct.RefreshTokenExpiration,
RefreshTokenUsage = ct.RefreshTokenUsage,
RequireConsent = ct.RequireConsent, //设置为true会有问题?
SlidingRefreshTokenLifetime = ct.SlidingRefreshTokenLifetime,
UpdateAccessTokenOnRefresh = ct.UpdateAccessTokenClaimsOnRefresh
};
client.ClientSecrets = new List <ClientSecret <Guid> >();
client.AllowedScopes = new List <ClientScope <Guid> >();
client.RedirectUris = new List <ClientRedirectUri <Guid> >();
client.IdentityProviderRestrictions = new List <ClientProviderRestriction <Guid> >();
client.PostLogoutRedirectUris = new List <ClientPostLogoutRedirectUri <Guid> >();
client.AllowedCustomGrantTypes = new List <ClientCustomGrantType <Guid> >();
client.Claims = new List <ClientClaim <Guid> >();
client.AllowedCorsOrigins = new List <ClientCorsOrigin <Guid> >();
//Add Secrets
foreach (var secret in ct.ClientSecrets)
{
var clientSecret = new ClientSecret <Guid>()
{
Description = secret.Description,
Expiration = secret.Expiration.HasValue ? (DateTime?)secret.Expiration.Value.DateTime : null,
Type = secret.Type,
Value = secret.Value
};
client.ClientSecrets.Add(clientSecret);
}
//Add Scopes
foreach (var scope in ct.AllowedScopes)
{
var allowedScope = new ClientScope <Guid>()
{
Scope = scope
};
client.AllowedScopes.Add(allowedScope);
}
//Add RedirectUris
foreach (var redirectUri in ct.RedirectUris)
{
var clientRedirectUri = new ClientRedirectUri <Guid>()
{
Uri = redirectUri
};
client.RedirectUris.Add(clientRedirectUri);
}
//Add ProviderRestrictions
foreach (var provider in ct.IdentityProviderRestrictions)
{
var clientProviderRestriction = new ClientProviderRestriction <Guid>()
{
Provider = provider
};
client.IdentityProviderRestrictions.Add(clientProviderRestriction);
}
//Add ClientPostLogoutRedirectUri
foreach (var postLogoutRedirectUri in ct.PostLogoutRedirectUris)
{
var clientPostLogoutRedirectUri = new ClientPostLogoutRedirectUri <Guid>()
{
Uri = postLogoutRedirectUri
};
client.PostLogoutRedirectUris.Add(clientPostLogoutRedirectUri);
}
//Add ClientCustomGrantTypes
foreach (var customGrantType in ct.AllowedCustomGrantTypes)
{
var clientCustomerGrantType = new ClientCustomGrantType <Guid>()
{
GrantType = customGrantType
};
client.AllowedCustomGrantTypes.Add(clientCustomerGrantType);
}
//Add ClientClaims
foreach (var claim in ct.Claims)
{
var clientClaim = new ClientClaim <Guid>()
{
Type = claim.Type,
Value = claim.Value
};
client.Claims.Add(clientClaim);
}
//Add ClientCorsOrigins
foreach (var corsOrigin in ct.AllowedCorsOrigins)
{
var clientCorsOrigin = new ClientCorsOrigin <Guid>()
{
Origin = corsOrigin
};
client.AllowedCorsOrigins.Add(clientCorsOrigin);
}
_clientContext.Clients.Add(client);
_clientContext.SaveChanges();
}
public Result <int> Update(ClientModel model, int id)
{
try
{
var result = new Result <int>();
var existingClient = clientContext.Clients
.Where(x => x.Id == id)
.Include(x => x.AllowedScopes)
.Include(x => x.ClientSecrets)
.Include(x => x.RedirectUris)
.Include(x => x.PostLogoutRedirectUris)
.Include(x => x.AllowedCorsOrigins)
.Include(x => x.IdentityProviderRestrictions)
.Include(x => x.Claims)
.Include(x => x.AllowedCustomGrantTypes)
.SingleOrDefault();
if (existingClient == null)
{
result.Exists = false;
return(result);
}
var duplicateClientId = clientContext.Clients
.Where(x => x.ClientId == model.ClientId)
.FirstOrDefault();
if (duplicateClientId != null && duplicateClientId.Id != id)
{
throw new Exception("pre-existing clientid");
}
clientContext.Entry(existingClient).CurrentValues.SetValues(model); // copy all values from object
#region Update related properties
var exRedirectUris = existingClient.RedirectUris.ToList();
//delete redirect uri's that have been removed
foreach (var item in exRedirectUris)
{
if (!model.RedirectUris.Any(x => x.Id == item.Id))
{
existingClient.RedirectUris.Remove(item);
}
}
if (model.RedirectUris != null && model.RedirectUris.Any())
{
//update and add new uris
foreach (var item in model.RedirectUris)
{
var exRedirectUri = existingClient.RedirectUris.FirstOrDefault(x => x.Id == item.Id);
if (exRedirectUri != null)
{
clientContext.Entry(exRedirectUri).CurrentValues.SetValues(item);
}
else
{
var redirectUri = new ClientRedirectUri
{
Uri = item.Uri,
};
existingClient.RedirectUris.Add(redirectUri);
}
}
}
//delete post redirect uri's that have been removed
var exPostRedirectUris = existingClient.PostLogoutRedirectUris.ToList();
foreach (var item in exPostRedirectUris)
{
if (!model.PostLogoutRedirectUris.Any(x => x.Id == item.Id))
{
existingClient.PostLogoutRedirectUris.Remove(item);
}
}
if (model.PostLogoutRedirectUris != null && model.PostLogoutRedirectUris.Any())
{
foreach (var item in model.PostLogoutRedirectUris)
{
var exPostRedirectUri = existingClient.PostLogoutRedirectUris.FirstOrDefault(x => x.Id == item.Id);
if (exPostRedirectUri != null)
{
clientContext.Entry(exPostRedirectUri).CurrentValues.SetValues(item);
}
else
{
var postRedirectUri = new ClientPostLogoutRedirectUri
{
Uri = item.Uri,
};
existingClient.PostLogoutRedirectUris.Add(postRedirectUri);
}
}
}
//update and add new post redirect uris
var exIdProvRestrictions = existingClient.IdentityProviderRestrictions.ToList();
foreach (var item in exIdProvRestrictions)
{
if (!model.IdentityProviderRestrictions.Any(x => x.Id == item.Id))
{
existingClient.IdentityProviderRestrictions.Remove(item);
}
}
if (model.IdentityProviderRestrictions != null && model.IdentityProviderRestrictions.Any())
{
foreach (var item in model.IdentityProviderRestrictions)
{
var exIdProvRestriction = existingClient.IdentityProviderRestrictions.FirstOrDefault(x => x.Id == item.Id);
if (exIdProvRestriction != null)
{
clientContext.Entry(exIdProvRestriction).CurrentValues.SetValues(item);
}
else
{
var IdentityProvRestriction = new ClientIdPRestriction
{
Provider = item.Provider,
};
existingClient.IdentityProviderRestrictions.Add(exIdProvRestriction);
}
}
}
//update and add new post redirect uris
//delete post redirect uri's that have been removed
//delete allowed scopes that have been removed
var exScopes = existingClient.AllowedScopes.ToList();
foreach (var item in exScopes)
{
if (!model.AllowedScopes.Any(x => x.Id == item.Id))
{
existingClient.AllowedScopes.Remove(item);
}
}
if (model.AllowedScopes != null && model.AllowedScopes.Any())
{
foreach (var item in model.AllowedScopes)
{
var exScope = existingClient.AllowedScopes.FirstOrDefault(x => x.Id == item.Id);
if (exScope != null)
{
clientContext.Entry(exScope).CurrentValues.SetValues(item);
}
else
{
var newScope = new ClientScope
{
Scope = item.Scope,
};
existingClient.AllowedScopes.Add(newScope);
}
}
}
//delete client claims that have been removed
var exClaims = existingClient.Claims.ToList();
foreach (var item in exClaims)
{
if (!model.Claims.Any(x => x.Id == item.Id))
{
existingClient.Claims.Remove(item);
}
}
if (model.Claims != null && model.Claims.Any())
{
//update and add new post redirect uris
foreach (var item in model.Claims)
{
var exClaim = existingClient.Claims.FirstOrDefault(x => x.Id == item.Id);
if (exClaim != null)
{
clientContext.Entry(exClaim).CurrentValues.SetValues(item);
}
else
{
var newClaim = new ClientClaim
{
Type = item.Type,
Value = item.Value
};
existingClient.Claims.Add(newClaim);
}
}
}
//delete client claims that have been removed
var exAllowedCors = existingClient.AllowedCorsOrigins.ToList();
foreach (var item in exAllowedCors)
{
if (!model.AllowedCorsOrigins.Any(x => x.Id == item.Id))
{
existingClient.AllowedCorsOrigins.Remove(item);
}
}
if (model.AllowedCorsOrigins != null && model.AllowedCorsOrigins.Any())
{
//update and add new post redirect uris
foreach (var item in model.AllowedCorsOrigins)
{
var exAllowedCor = existingClient.AllowedCorsOrigins.FirstOrDefault(x => x.Id == item.Id);
if (exAllowedCor != null)
{
clientContext.Entry(exAllowedCor).CurrentValues.SetValues(item);
}
else
{
var newClientCor = new ClientCorsOrigin
{
Origin = item.Origin
};
existingClient.AllowedCorsOrigins.Add(newClientCor);
}
}
}
//delete custom grant types that have been removed
var exCustomGrants = existingClient.AllowedCustomGrantTypes.ToList();
foreach (var item in exCustomGrants)
{
if (!model.AllowedCustomGrantTypes.Any(x => x.Id == item.Id))
{
existingClient.AllowedCustomGrantTypes.Remove(item);
}
}
if (model.AllowedCustomGrantTypes != null && model.AllowedCustomGrantTypes.Any())
{
//update and add new post redirect uris
foreach (var item in model.AllowedCustomGrantTypes)
{
var exCustomGrant = existingClient.AllowedCustomGrantTypes.FirstOrDefault(x => x.Id == item.Id);
if (exCustomGrant != null)
{
clientContext.Entry(exCustomGrant).CurrentValues.SetValues(item);
}
else
{
var newCustomGrant = new ClientCustomGrantType
{
GrantType = item.GrantType
};
existingClient.AllowedCustomGrantTypes.Add(newCustomGrant);
}
}
}
//delete custom grant types that have been removed
var exSecrets = existingClient.ClientSecrets.ToList();
foreach (var item in exSecrets)
{
if (!model.ClientSecrets.Any(x => x.Id == item.Id))
{
existingClient.ClientSecrets.Remove(item);
}
}
if (model.ClientSecrets != null && model.ClientSecrets.Any())
{
//update and add new post redirect uris
foreach (var item in model.ClientSecrets)
{
var exSecret = existingClient.ClientSecrets.FirstOrDefault(x => x.Id == item.Id);
if (exSecret != null)
{
exSecret.Value = exSecret.Value;
clientContext.Entry(exSecret).CurrentValues.SetValues(item);
}
else
{
var newSecret = new ClientSecret
{
Type = item.Type,
Value = item.Value.Sha256(),
Expiration = item.Expiration,
Description = item.Description,
};
existingClient.ClientSecrets.Add(newSecret);
}
}
}
#endregion
clientContext.SaveChanges();
result.Exists = true;
result.Response = existingClient.Id;
result.CustomValue = existingClient.ClientName;
return(result);
}
catch (Exception ex)
{
ErrorLogger.Log(ex);
throw;
}
}
//Redirect uri
public static RedirectUrisModel ToModel(this ClientRedirectUri entity)
{
return(entity.MapTo <ClientRedirectUri, RedirectUrisModel>());
}
public IActionResult EditClient(EditClientModel model, [FromServices] ConfigurationDbContext configContext)
{
// Validate it's an actual client
var foundClient = configContext.Clients.Where(c => c.ClientId == model.ClientId).FirstOrDefault();
if (foundClient != null)
{
foundClient.ClientName = model.Name;
foundClient.ClientUri = model.HomepageUrl;
foundClient.LogoUri = model.LogoUrl;
foundClient.Updated = DateTime.Now;
configContext.Entry(foundClient).State = EntityState.Modified;
// Update the redirect URL for this client
var results = configContext.Set <ClientRedirectUri>().Where(c => c.ClientId == foundClient.Id).ToList();
if (results != null)
{
configContext.RemoveRange(results);
}
var newUri = new ClientRedirectUri();
newUri.Client = foundClient;
newUri.ClientId = foundClient.Id;
newUri.RedirectUri = model.CallbackUrl;
configContext.Add(newUri);
// Generate the origin for the callback
Uri redirect = new Uri(model.CallbackUrl);
string origin = redirect.Scheme + "://" + redirect.Host;
// Update the allowed origin for this client
var corsOrigins = configContext.Set <ClientCorsOrigin>().Where(c => c.ClientId == foundClient.Id).ToList();
if (corsOrigins != null)
{
configContext.RemoveRange(corsOrigins);
}
var newOrigin = new ClientCorsOrigin();
newOrigin.Client = foundClient;
newOrigin.ClientId = foundClient.Id;
newOrigin.Origin = origin;
configContext.Add(newUri);
// Update their allowed grants
var curGrants = configContext.Set <ClientGrantType>().Where(c => c.ClientId == foundClient.Id).ToList();
if (curGrants != null)
{
configContext.RemoveRange(curGrants);
}
foreach (var grantType in model.AllowedGrants)
{
var newGrant = new ClientGrantType();
newGrant.Client = foundClient;
newGrant.ClientId = foundClient.Id;
newGrant.GrantType = grantType;
configContext.Add(newGrant);
}
// Update their allowed scopes
var curScopes = configContext.Set <ClientScope>().Where(c => c.ClientId == foundClient.Id).ToList();
if (curScopes != null)
{
configContext.RemoveRange(curScopes);
}
foreach (var scope in model.AllowedScopes)
{
var newScope = new ClientScope();
newScope.Client = foundClient;
newScope.ClientId = foundClient.Id;
newScope.Scope = scope;
configContext.Add(newScope);
}
// Save all the changed
configContext.SaveChanges();
// Clear the client cache
RemoveCachedClient(model.ClientId);
return(new JsonResult(new { success = true }));
}
return(new JsonResult(new { success = false, message = "Client does not exist." }));
}
public void UpdateClientBasic(int id, ClientDto clientDto)
{
Client client = this.Session.Get <Client>(id);
if (client == null)
{
throw new FluentValidationException($"客户端{id}不存在。");
}
client.Description = clientDto.Description;
client.ProtocolType = clientDto.ProtocolType;
client.RequireClientSecret = clientDto.RequireClientSecret;
client.RequirePkce = clientDto.RequirePkce;
client.AllowPlainTextPkce = clientDto.AllowPlainTextPkce;
client.AllowOfflineAccess = clientDto.AllowOfflineAccess;
client.AllowAccessTokensViaBrowser = clientDto.AllowAccessTokensViaBrowser;
client.Enabled = clientDto.Enabled;
var transaction = this.Session.BeginTransaction();
try
{
this.Session.Update(client);
this.Session.CreateQuery("delete from ClientScope where ClientId=:ClientId")
.SetInt32("ClientId", id)
.ExecuteUpdate();
clientDto.AllowedScopes.ForEach(scope =>
{
ClientScope clientScope = new ClientScope();
clientScope.ClientId = client.Id;
clientScope.Scope = scope;
this.Session.Save(clientScope);
});
this.Session.CreateQuery("delete from ClientRedirectUri where ClientId=:ClientId")
.SetInt32("ClientId", id)
.ExecuteUpdate();
clientDto.RedirectUris.ForEach(redirectUri =>
{
ClientRedirectUri clientRedirectUri = new ClientRedirectUri();
clientRedirectUri.ClientId = client.Id;
clientRedirectUri.RedirectUri = redirectUri;
this.Session.Save(clientRedirectUri);
});
this.Session.CreateQuery("delete from ClientGrantType where ClientId=:ClientId")
.SetInt32("ClientId", id)
.ExecuteUpdate();
clientDto.AllowedGrantTypes.ForEach(grantType =>
{
ClientGrantType clientGrantType = new ClientGrantType();
clientGrantType.ClientId = client.Id;
clientGrantType.GrantType = grantType;
this.Session.Save(clientGrantType);
});
transaction.Commit();
}
catch (Exception)
{
transaction.Rollback();
throw;
}
}
