private ConsentViewModel CreateConsentViewModel( ConsentInputViewModel model, string returnUrl, AuthorizationRequest request, Client client, Resources resources) { var vm = new ConsentViewModel(); vm.RememberConsent = model?.RememberConsent ?? true; vm.ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>(); vm.ReturnUrl = returnUrl; vm.ClientName = client.ClientName ?? client.ClientId; vm.ClientUrl = client.ClientUri; vm.ClientLogoUrl = client.LogoUri; vm.AllowRememberConsent = client.AllowRememberConsent; vm.IdentityScopes = resources.IdentityResources.Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray(); vm.ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes).Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray(); if (ConsentOptionsViewModel.EnableOfflineAccess && resources.OfflineAccess) { vm.ResourceScopes = vm.ResourceScopes.Union(new ScopeViewModel[] { GetOfflineAccessScope(vm.ScopesConsented.Contains(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess) || model == null) }); } return(vm); }
private async Task <ConsentViewModel> BuildViewModelAsync(string returnUrl, ConsentInputViewModel model = null) { var request = await _interaction.GetAuthorizationContextAsync(returnUrl); if (request != null) { var client = await _clientStore.FindEnabledClientByIdAsync(request.ClientId); if (client != null) { var resources = await _resourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested); if (resources != null && (resources.IdentityResources.Any() || resources.ApiResources.Any())) { return(CreateConsentViewModel(model, returnUrl, request, client, resources)); } else { _logger.LogError("No scopes matching: {0}", request.ScopesRequested.Aggregate((x, y) => x + ", " + y)); } } else { _logger.LogError("Invalid client id: {0}", request.ClientId); } } else { _logger.LogError("No consent request matching request: {0}", returnUrl); } return(null); }
public async Task <IActionResult> OnPostAsync(ConsentInputViewModel ViewModel) { if (ViewModel is null) { throw new ArgumentNullException(nameof(ViewModel)); } if (!TryValidateModel(ViewModel)) { return(BadRequest(ModelState)); } var ctx = await identityServer.GetAuthorizationContextAsync(ViewModel.ReturnUrl).ConfigureAwait(false); if (ctx == null) { return(Forbid()); } ConsentResponse response = new ConsentResponse(); if (ViewModel.OkOrCancelButton?.Equals("²»ÔÊÐí", StringComparison.Ordinal) == true) { response.Error = AuthorizationError.AccessDenied; } else { //if (ctx.Client.AllowOfflineAccess) //{ // ViewModel.Scopes.Add(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess); //} response.RememberConsent = ViewModel.RememberConsent; response.ScopesValuesConsented = ViewModel.Scopes; } var userId = User.Claims.FirstOrDefault(e => e.Type == "sub")?.Value; //дÈëcookie await identityServer.GrantConsentAsync(ctx, response, userId).ConfigureAwait(false); return(Redirect(ViewModel.ReturnUrl)); }
public async Task <IActionResult> Index(ConsentInputViewModel model) { var result = await ProcessConsent(model); if (result.IsRedirect) { return(Redirect(result.RedirectUri)); } if (result.HasValidationError) { ModelState.AddModelError("", result.ValidationError); } if (result.ShowView) { return(View("Index", result.ViewModel)); } return(View("Error")); }
public async Task <IActionResult> OnGetAsync(string returnUrl) { AuthorizationRequest = await identityServer.GetAuthorizationContextAsync(returnUrl).ConfigureAwait(false); if (AuthorizationRequest == null) { return(Forbid()); } ViewModel = new ConsentInputViewModel { ReturnUrl = returnUrl, RememberConsent = true }; var scopes = AuthorizationRequest.ValidatedResources.ParsedScopes.Select(e => e.ParsedName); Resources = await resourceStore.FindEnabledResourcesByScopeAsync(scopes) .ConfigureAwait(false); return(Page()); }
/*****************************************/ /* helper APIs for the ConsentController */ /*****************************************/ private async Task <ProcessConsentResultViewModel> ProcessConsent(ConsentInputViewModel model) { var result = new ProcessConsentResultViewModel(); ConsentResponse grantedConsent = null; // user clicked 'no' - send back the standard 'access_denied' response if (model.Button == "no") { grantedConsent = ConsentResponse.Denied; } // user clicked 'yes' - validate the data else if (model.Button == "yes" && model != null) { // if the user consented to some scope, build the response model if (model.ScopesConsented != null && model.ScopesConsented.Any()) { var scopes = model.ScopesConsented; if (ConsentOptionsViewModel.EnableOfflineAccess == false) { scopes = scopes.Where(x => x != IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess); } grantedConsent = new ConsentResponse { RememberConsent = model.RememberConsent, ScopesConsented = scopes.ToArray() }; } else { result.ValidationError = ConsentOptionsViewModel.MustChooseOneErrorMessage; } } else { result.ValidationError = ConsentOptionsViewModel.InvalidSelectionErrorMessage; } if (grantedConsent != null) { // validate return url is still valid var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (request == null) { return(result); } // communicate outcome of consent back to identityserver await _interaction.GrantConsentAsync(request, grantedConsent); // indicate that's it ok to redirect back to authorization endpoint result.RedirectUri = model.ReturnUrl; } else { // we need to redisplay the consent UI result.ViewModel = await BuildViewModelAsync(model.ReturnUrl, model); } return(result); }
public async Task <IActionResult> Index([FromBody] ConsentInputViewModel model) { // parse the return URL back to an AuthorizeRequest object var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); ConsentResponse response = null; // user clicked 'no' - send back the standard 'access_denied' response if (model.YesButtonClicked == false) { response = ConsentResponse.Denied; } // user clicked 'yes' - validate the data else if (model.YesButtonClicked == true) { // if the user consented to some scope, build the response model if (model.ScopesConsented != null && model.ScopesConsented.Any()) { response = new ConsentResponse { RememberConsent = model.RememberConsent, ScopesConsented = model.ScopesConsented }; } else { ModelState.AddModelError("", "You must pick at least one permission."); } } else { ModelState.AddModelError("", "Invalid Selection"); } if (response != null) { // communicate outcome of consent back to identityserver await _interaction.GrantConsentAsync(request, response); // redirect back to authorization endpoint return(Ok(model.ReturnUrl)); } var vm = await BuildViewModelAsync(model.ReturnUrl, model); if (vm != null) { var serializedVm = JsonConvert.SerializeObject(vm); return(View("Index", serializedVm)); } var errorsJson = new JsonErrorResponse { Messages = ModelState.Values .SelectMany(x => x.Errors) .Select(x => x.ErrorMessage) .ToArray() }; var errors = new BadRequestObjectResult(errorsJson); return(BadRequest(errors)); }