private ConsentViewModel CreateConsentViewModel(
ConsentInputViewModel model, string returnUrl,
AuthorizationRequest request,
Client client, Resources resources)
{
var vm = new ConsentViewModel();
vm.RememberConsent = model?.RememberConsent ?? true;
vm.ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>();
vm.ReturnUrl = returnUrl;
vm.ClientName = client.ClientName ?? client.ClientId;
vm.ClientUrl = client.ClientUri;
vm.ClientLogoUrl = client.LogoUri;
vm.AllowRememberConsent = client.AllowRememberConsent;
vm.IdentityScopes = resources.IdentityResources.Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
vm.ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes).Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
if (ConsentOptionsViewModel.EnableOfflineAccess && resources.OfflineAccess)
{
vm.ResourceScopes = vm.ResourceScopes.Union(new ScopeViewModel[] {
GetOfflineAccessScope(vm.ScopesConsented.Contains(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess) || model == null)
});
}
return(vm);
}
private async Task <ConsentViewModel> BuildViewModelAsync(string returnUrl, ConsentInputViewModel model = null)
{
var request = await _interaction.GetAuthorizationContextAsync(returnUrl);
if (request != null)
{
var client = await _clientStore.FindEnabledClientByIdAsync(request.ClientId);
if (client != null)
{
var resources = await _resourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested);
if (resources != null && (resources.IdentityResources.Any() || resources.ApiResources.Any()))
{
return(CreateConsentViewModel(model, returnUrl, request, client, resources));
}
else
{
_logger.LogError("No scopes matching: {0}", request.ScopesRequested.Aggregate((x, y) => x + ", " + y));
}
}
else
{
_logger.LogError("Invalid client id: {0}", request.ClientId);
}
}
else
{
_logger.LogError("No consent request matching request: {0}", returnUrl);
}
return(null);
}
public async Task <IActionResult> OnPostAsync(ConsentInputViewModel ViewModel)
{
if (ViewModel is null)
{
throw new ArgumentNullException(nameof(ViewModel));
}
if (!TryValidateModel(ViewModel))
{
return(BadRequest(ModelState));
}
var ctx = await identityServer.GetAuthorizationContextAsync(ViewModel.ReturnUrl).ConfigureAwait(false);
if (ctx == null)
{
return(Forbid());
}
ConsentResponse response = new ConsentResponse();
if (ViewModel.OkOrCancelButton?.Equals("²»ÔÊÐí", StringComparison.Ordinal) == true)
{
response.Error = AuthorizationError.AccessDenied;
}
else
{
//if (ctx.Client.AllowOfflineAccess)
//{
// ViewModel.Scopes.Add(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess);
//}
response.RememberConsent = ViewModel.RememberConsent;
response.ScopesValuesConsented = ViewModel.Scopes;
}
var userId = User.Claims.FirstOrDefault(e => e.Type == "sub")?.Value;
//дÈëcookie
await identityServer.GrantConsentAsync(ctx, response, userId).ConfigureAwait(false);
return(Redirect(ViewModel.ReturnUrl));
}
public async Task <IActionResult> Index(ConsentInputViewModel model)
{
var result = await ProcessConsent(model);
if (result.IsRedirect)
{
return(Redirect(result.RedirectUri));
}
if (result.HasValidationError)
{
ModelState.AddModelError("", result.ValidationError);
}
if (result.ShowView)
{
return(View("Index", result.ViewModel));
}
return(View("Error"));
}
public async Task <IActionResult> OnGetAsync(string returnUrl)
{
AuthorizationRequest = await identityServer.GetAuthorizationContextAsync(returnUrl).ConfigureAwait(false);
if (AuthorizationRequest == null)
{
return(Forbid());
}
ViewModel = new ConsentInputViewModel
{
ReturnUrl = returnUrl,
RememberConsent = true
};
var scopes = AuthorizationRequest.ValidatedResources.ParsedScopes.Select(e => e.ParsedName);
Resources = await resourceStore.FindEnabledResourcesByScopeAsync(scopes)
.ConfigureAwait(false);
return(Page());
}
/*****************************************/
/* helper APIs for the ConsentController */
/*****************************************/
private async Task <ProcessConsentResultViewModel> ProcessConsent(ConsentInputViewModel model)
{
var result = new ProcessConsentResultViewModel();
ConsentResponse grantedConsent = null;
// user clicked 'no' - send back the standard 'access_denied' response
if (model.Button == "no")
{
grantedConsent = ConsentResponse.Denied;
}
// user clicked 'yes' - validate the data
else if (model.Button == "yes" && model != null)
{
// if the user consented to some scope, build the response model
if (model.ScopesConsented != null && model.ScopesConsented.Any())
{
var scopes = model.ScopesConsented;
if (ConsentOptionsViewModel.EnableOfflineAccess == false)
{
scopes = scopes.Where(x => x != IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess);
}
grantedConsent = new ConsentResponse
{
RememberConsent = model.RememberConsent,
ScopesConsented = scopes.ToArray()
};
}
else
{
result.ValidationError = ConsentOptionsViewModel.MustChooseOneErrorMessage;
}
}
else
{
result.ValidationError = ConsentOptionsViewModel.InvalidSelectionErrorMessage;
}
if (grantedConsent != null)
{
// validate return url is still valid
var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
if (request == null)
{
return(result);
}
// communicate outcome of consent back to identityserver
await _interaction.GrantConsentAsync(request, grantedConsent);
// indicate that's it ok to redirect back to authorization endpoint
result.RedirectUri = model.ReturnUrl;
}
else
{
// we need to redisplay the consent UI
result.ViewModel = await BuildViewModelAsync(model.ReturnUrl, model);
}
return(result);
}
public async Task <IActionResult> Index([FromBody] ConsentInputViewModel model)
{
// parse the return URL back to an AuthorizeRequest object
var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
ConsentResponse response = null;
// user clicked 'no' - send back the standard 'access_denied' response
if (model.YesButtonClicked == false)
{
response = ConsentResponse.Denied;
}
// user clicked 'yes' - validate the data
else if (model.YesButtonClicked == true)
{
// if the user consented to some scope, build the response model
if (model.ScopesConsented != null && model.ScopesConsented.Any())
{
response = new ConsentResponse
{
RememberConsent = model.RememberConsent,
ScopesConsented = model.ScopesConsented
};
}
else
{
ModelState.AddModelError("", "You must pick at least one permission.");
}
}
else
{
ModelState.AddModelError("", "Invalid Selection");
}
if (response != null)
{
// communicate outcome of consent back to identityserver
await _interaction.GrantConsentAsync(request, response);
// redirect back to authorization endpoint
return(Ok(model.ReturnUrl));
}
var vm = await BuildViewModelAsync(model.ReturnUrl, model);
if (vm != null)
{
var serializedVm = JsonConvert.SerializeObject(vm);
return(View("Index", serializedVm));
}
var errorsJson = new JsonErrorResponse
{
Messages = ModelState.Values
.SelectMany(x => x.Errors)
.Select(x => x.ErrorMessage)
.ToArray()
};
var errors = new BadRequestObjectResult(errorsJson);
return(BadRequest(errors));
}
