[HttpGet(Constants.RouteNames.UserClaims)] // User Authentication enabled.
public async Task <IActionResult> GetClaims()
{
// 1. Get the subject.
var subjectResult = await GetSubject();
if (!subjectResult.IsValid)
{
return(subjectResult.Error);
}
// 2. Get the user.
var user = await _resourceOwnerRepository.GetAsync(subjectResult.Subject);
if (user == null)
{
return(this.BuildError(ErrorCodes.InvalidRequestCode, ErrorDescriptions.TheRoDoesntExist, HttpStatusCode.NotFound));
}
var jObj = new JObject();
foreach (var claim in user.Claims)
{
jObj.Add(claim.Type, claim.Value);
}
return(new OkObjectResult(jObj));
}
public async Task <ResourceOwner> AuthenticateResourceOwnerAsync(string login)
{
if (string.IsNullOrWhiteSpace(login))
{
throw new ArgumentNullException(nameof(login));
}
return(await _resourceOwnerRepository.GetAsync(login));
}
public Task <ResourceOwner> Execute(ClaimsPrincipal claimsPrincipal)
{
if (claimsPrincipal == null)
{
throw new ArgumentNullException(nameof(claimsPrincipal));
}
if (claimsPrincipal.Identity == null ||
!claimsPrincipal.Identity.IsAuthenticated ||
!(claimsPrincipal.Identity is ClaimsIdentity))
{
throw new IdentityServerException(
Errors.ErrorCodes.UnhandledExceptionCode,
Errors.ErrorDescriptions.TheUserNeedsToBeAuthenticated);
}
var subject = claimsPrincipal.GetSubject();
if (string.IsNullOrWhiteSpace(subject))
{
throw new IdentityServerException(
Errors.ErrorCodes.UnhandledExceptionCode,
Errors.ErrorDescriptions.TheSubjectCannotBeRetrieved);
}
return(_resourceOwnerRepository.GetAsync(subject));
}
public async Task <bool> Execute(string localSubject, string externalSubject)
{
if (string.IsNullOrWhiteSpace(localSubject))
{
throw new ArgumentNullException(nameof(localSubject));
}
if (string.IsNullOrWhiteSpace(externalSubject))
{
throw new ArgumentNullException(nameof(externalSubject));
}
var resourceOwner = await _resourceOwnerRepository.GetAsync(localSubject);
if (resourceOwner == null)
{
throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheResourceOwnerDoesntExist);
}
var profile = await _profileRepository.Get(externalSubject);
if (profile == null || profile.ResourceOwnerId != localSubject)
{
throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.NotAuthorizedToRemoveTheProfile);
}
if (profile.Subject == localSubject)
{
throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheExternalAccountAccountCannotBeUnlinked);
}
return(await _profileRepository.Remove(new[] { externalSubject }));
}
public async Task <bool> Execute(string subject)
{
_managerEventSource.StartToRemoveResourceOwner(subject);
if (string.IsNullOrWhiteSpace(subject))
{
throw new ArgumentNullException(nameof(subject));
}
var resourceOwner = await _resourceOwnerRepository.GetAsync(subject);
if (resourceOwner == null)
{
throw new IdentityServerManagerException(ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheResourceOwnerDoesntExist, subject));
}
var res = await _resourceOwnerRepository.DeleteAsync(subject);
if (res)
{
_managerEventSource.FinishToRemoveResourceOwner(subject);
}
return(res);
}
public async Task <bool> Execute(ResourceOwner parameter)
{
if (parameter == null)
{
throw new ArgumentNullException(nameof(parameter));
}
if (string.IsNullOrWhiteSpace(parameter.Id))
{
throw new ArgumentNullException(nameof(parameter.Id));
}
if (await _resourceOwnerRepository.GetAsync(parameter.Id) == null)
{
throw new IdentityServerManagerException(
ErrorCodes.InvalidParameterCode,
string.Format(ErrorDescriptions.TheResourceOwnerDoesntExist, parameter.Id));
}
if (parameter.Claims != null)
{
Claim updatedClaim;
if (((updatedClaim = parameter.Claims.FirstOrDefault(c => c.Type == SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt)) != null))
{
parameter.Claims.Remove(updatedClaim);
}
parameter.Claims.Add(new Claim(SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt, DateTime.UtcNow.ToString()));
}
return(await _resourceOwnerRepository.UpdateAsync(parameter));
}
public async Task <ResourceOwner> Execute(LocalAuthenticateParameter parameter, string imagePath, string hostUrl)
{
if (parameter == null)
{
throw new ArgumentNullException(nameof(parameter));
}
if (string.IsNullOrWhiteSpace(parameter.Xml))
{
throw new ArgumentNullException(nameof(parameter.Xml));
}
var xmlDocument = new XmlDocument();
xmlDocument.LoadXml(parameter.Xml);
CheckXmlWellFormed(xmlDocument);
var resourceOwner = ExtractResourceOwner(xmlDocument, imagePath, hostUrl);
var existingResourceowner = await _resourceOwnerRepository.GetAsync(resourceOwner.Id);
if (existingResourceowner == null)
{
await _resourceOwnerRepository.InsertAsync(resourceOwner);
}
return(resourceOwner);
}
public async Task <bool> Execute(UpdateResourceOwnerClaimsParameter request)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
var resourceOwner = await _resourceOwnerRepository.GetAsync(request.Login);
if (resourceOwner == null)
{
throw new IdentityServerManagerException(ErrorCodes.InvalidParameterCode, string.Format(ErrorDescriptions.TheResourceOwnerDoesntExist, request.Login));
}
resourceOwner.UpdateDateTime = DateTime.UtcNow;
var claims = new List <Claim>();
var existingClaims = await _claimRepository.GetAllAsync();
if (existingClaims != null && existingClaims.Any() && request.Claims != null && request.Claims.Any())
{
foreach (var claim in request.Claims)
{
var cl = existingClaims.FirstOrDefault(c => c.Code == claim.Key);
if (cl == null)
{
continue;
}
claims.Add(new Claim(claim.Key, claim.Value));
}
}
resourceOwner.Claims = claims;
Claim updatedClaim, subjectClaim;
if (((updatedClaim = resourceOwner.Claims.FirstOrDefault(c => c.Type == SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt)) != null))
{
resourceOwner.Claims.Remove(updatedClaim);
}
if (((subjectClaim = resourceOwner.Claims.FirstOrDefault(c => c.Type == SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject)) != null))
{
resourceOwner.Claims.Remove(subjectClaim);
}
resourceOwner.Claims.Add(new Claim(SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject, request.Login));
resourceOwner.Claims.Add(new Claim(SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt, DateTime.UtcNow.ToString()));
var result = await _resourceOwnerRepository.UpdateAsync(resourceOwner);
if (!result)
{
throw new IdentityServerManagerException(ErrorCodes.InternalErrorCode, ErrorDescriptions.TheClaimsCannotBeUpdated);
}
return(true);
}
public Task <ResourceOwner> Execute(string subject)
{
if (string.IsNullOrWhiteSpace(subject))
{
throw new ArgumentNullException(nameof(subject));
}
return(_resourceOwnerRepository.GetAsync(subject));
}
public async Task <bool> Execute(string subject, IEnumerable <ClaimAggregate> claims)
{
if (string.IsNullOrWhiteSpace(subject))
{
throw new ArgumentNullException(nameof(subject));
}
if (claims == null)
{
throw new ArgumentNullException(nameof(claims));
}
var resourceOwner = await _resourceOwnerRepository.GetAsync(subject);
if (resourceOwner == null)
{
throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheRoDoesntExist);
}
var supportedClaims = await _claimRepository.GetAllAsync();
claims = claims.Where(c => supportedClaims.Any(sp => sp.Code == c.Code && !Jwt.Constants.NotEditableResourceOwnerClaimNames.Contains(c.Code)));
var claimsToBeRemoved = resourceOwner.Claims
.Where(cl => claims.Any(c => c.Code == cl.Type))
.Select(cl => resourceOwner.Claims.IndexOf(cl))
.OrderByDescending(p => p)
.ToList();
foreach (var index in claimsToBeRemoved)
{
resourceOwner.Claims.RemoveAt(index);
}
foreach (var claim in claims)
{
if (string.IsNullOrWhiteSpace(claim.Value))
{
continue;
}
resourceOwner.Claims.Add(new Claim(claim.Code, claim.Value));
}
Claim updatedClaim;
if (((updatedClaim = resourceOwner.Claims.FirstOrDefault(c => c.Type == Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt)) != null))
{
resourceOwner.Claims.Remove(updatedClaim);
}
resourceOwner.Claims.Add(new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt, DateTime.UtcNow.ToString()));
return(await _resourceOwnerRepository.UpdateAsync(resourceOwner));
}
public Task <ResourceOwner> AuthenticateResourceOwnerAsync(string login, string password)
{
if (string.IsNullOrWhiteSpace(login))
{
throw new ArgumentNullException(nameof(login));
}
if (string.IsNullOrWhiteSpace(password))
{
throw new ArgumentNullException(nameof(password));
}
return(_resourceOwnerRepository.GetAsync(login, PasswordHelper.ComputeHash(password)));
}
public async Task <ResourceOwner> Execute(string externalSubject)
{
if (string.IsNullOrWhiteSpace(externalSubject))
{
throw new ArgumentNullException(nameof(externalSubject));
}
var profile = await _profileRepository.Get(externalSubject);
if (profile == null)
{
return(null);
}
return(await _resourceOwnerRepository.GetAsync(profile.ResourceOwnerId));
}
public async Task <bool> Execute(string subject, string twoFactorAuth)
{
if (string.IsNullOrWhiteSpace(subject))
{
throw new ArgumentNullException(nameof(subject));
}
var resourceOwner = await _resourceOwnerRepository.GetAsync(subject);
if (resourceOwner == null)
{
throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheRoDoesntExist);
}
resourceOwner.TwoFactorAuthentication = twoFactorAuth;
return(await _resourceOwnerRepository.UpdateAsync(resourceOwner));
}
public async Task <string> ExecuteAsync(string subject)
{
if (string.IsNullOrWhiteSpace(subject))
{
throw new ArgumentNullException(nameof(subject));
}
var resourceOwner = await _resourceOwnerRepository.GetAsync(subject);
if (resourceOwner == null)
{
throw new IdentityServerException(ErrorCodes.UnhandledExceptionCode, ErrorDescriptions.TheRoDoesntExist);
}
if (string.IsNullOrWhiteSpace(resourceOwner.TwoFactorAuthentication))
{
throw new IdentityServerException(
ErrorCodes.UnhandledExceptionCode,
ErrorDescriptions.TwoFactorAuthenticationIsNotEnabled);
}
var confirmationCode = new ConfirmationCode
{
Value = await GetCode(),
IssueAt = DateTime.UtcNow,
ExpiresIn = 300
};
var service = _twoFactorAuthenticationHandler.Get(resourceOwner.TwoFactorAuthentication);
if (!resourceOwner.Claims.Any(c => c.Type == service.RequiredClaim))
{
throw new ClaimRequiredException(service.RequiredClaim);
}
if (!await _confirmationCodeStore.Add(confirmationCode))
{
throw new IdentityServerException(ErrorCodes.UnhandledExceptionCode, ErrorDescriptions.TheConfirmationCodeCannotBeSaved);
}
await _twoFactorAuthenticationHandler.SendCode(confirmationCode.Value, resourceOwner.TwoFactorAuthentication, resourceOwner);
return(confirmationCode.Value);
}
/// <summary>
/// Get the profiles linked to the user account.
/// </summary>
/// <param name="subject"></param>
/// <returns></returns>
public async Task <IEnumerable <ResourceOwnerProfile> > Execute(string subject)
{
if (string.IsNullOrWhiteSpace(subject))
{
throw new ArgumentNullException(nameof(subject));
}
var resourceOwner = await _resourceOwnerRepository.GetAsync(subject);
if (resourceOwner == null)
{
throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheResourceOwnerDoesntExist);
}
return(await _profileRepository.Search(new SearchProfileParameter
{
ResourceOwnerIds = new[] { subject }
}));
}
public async Task <ResourceOwner> Execute(string credentialType, string value)
{
if (string.IsNullOrWhiteSpace(credentialType))
{
throw new ArgumentNullException(nameof(credentialType));
}
if (string.IsNullOrWhiteSpace(value))
{
throw new ArgumentNullException(nameof(value));
}
var userCredential = await _resourceOwnerCredentialRepository.Get(credentialType, value).ConfigureAwait(false);
if (userCredential == null)
{
return(null);
}
return(await _resourceOwnerRepository.GetAsync(userCredential.UserId).ConfigureAwait(false));
}
public async Task <bool> Execute(string subject, string newPassword)
{
if (string.IsNullOrWhiteSpace(subject))
{
throw new ArgumentNullException(nameof(subject));
}
if (string.IsNullOrWhiteSpace(newPassword))
{
throw new ArgumentNullException(nameof(newPassword));
}
var resourceOwner = await _resourceOwnerRepository.GetAsync(subject);
if (resourceOwner == null)
{
throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheRoDoesntExist);
}
resourceOwner.Password = PasswordHelper.ComputeHash(newPassword);
return(await _resourceOwnerRepository.UpdateAsync(resourceOwner));
}
public async Task <bool> Execute(UpdateResourceOwnerPasswordParameter request)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
var resourceOwner = await _resourceOwnerRepository.GetAsync(request.Login);
if (resourceOwner == null)
{
throw new IdentityServerManagerException(ErrorCodes.InvalidParameterCode, string.Format(ErrorDescriptions.TheResourceOwnerDoesntExist, request.Login));
}
resourceOwner.Password = PasswordHelper.ComputeHash(request.Password);
var result = await _resourceOwnerRepository.UpdateAsync(resourceOwner);
if (!result)
{
throw new IdentityServerManagerException(ErrorCodes.InternalErrorCode, ErrorDescriptions.ThePasswordCannotBeUpdated);
}
return(true);
}
/// <summary>
/// This method is executed when the user confirm the consent
/// 1). If there's already consent confirmed in the past by the resource owner
/// 1).* then we generate an authorization code and redirects to the callback.
/// 2). If there's no consent then we insert it and the authorization code is returned
/// 2°.* to the callback url.
/// </summary>
/// <param name="authorizationParameter">Authorization code grant-type</param>
/// <param name="claimsPrincipal">Resource owner's claims</param>
/// <returns>Redirects the authorization code to the callback.</returns>
public async Task <ActionResult> Execute(
AuthorizationParameter authorizationParameter,
ClaimsPrincipal claimsPrincipal, string issuerName)
{
if (authorizationParameter == null)
{
throw new ArgumentNullException(nameof(authorizationParameter));
}
if (claimsPrincipal == null ||
claimsPrincipal.Identity == null)
{
throw new ArgumentNullException(nameof(claimsPrincipal));
}
var client = await _clientRepository.GetClientByIdAsync(authorizationParameter.ClientId);
if (client == null)
{
throw new InvalidOperationException(string.Format("the client id {0} doesn't exist",
authorizationParameter.ClientId));
}
var subject = claimsPrincipal.GetSubject();
Common.Models.Consent assignedConsent = await _consentHelper.GetConfirmedConsentsAsync(subject, authorizationParameter);
// Insert a new consent.
if (assignedConsent == null)
{
var claimsParameter = authorizationParameter.Claims;
if (claimsParameter.IsAnyIdentityTokenClaimParameter() ||
claimsParameter.IsAnyUserInfoClaimParameter())
{
// A consent can be given to a set of claims
assignedConsent = new Common.Models.Consent
{
Id = Guid.NewGuid().ToString(),
Client = client,
ResourceOwner = await _resourceOwnerRepository.GetAsync(subject),
Claims = claimsParameter.GetClaimNames()
};
}
else
{
// A consent can be given to a set of scopes
assignedConsent = new Common.Models.Consent
{
Id = Guid.NewGuid().ToString(),
Client = client,
GrantedScopes = (await GetScopes(authorizationParameter.Scope)).ToList(),
ResourceOwner = await _resourceOwnerRepository.GetAsync(subject),
};
}
// A consent can be given to a set of claims
await _consentRepository.InsertAsync(assignedConsent);
_openidEventSource.GiveConsent(subject,
authorizationParameter.ClientId,
assignedConsent.Id);
}
var result = _actionResultFactory.CreateAnEmptyActionResultWithRedirectionToCallBackUrl();
await _generateAuthorizationResponse.ExecuteAsync(result, authorizationParameter, claimsPrincipal, client, issuerName);
// If redirect to the callback and the responde mode has not been set.
if (result.Type == TypeActionResult.RedirectToCallBackUrl)
{
var responseMode = authorizationParameter.ResponseMode;
if (responseMode == ResponseMode.None)
{
var responseTypes = _parameterParserHelper.ParseResponseTypes(authorizationParameter.ResponseType);
var authorizationFlow = GetAuthorizationFlow(responseTypes, authorizationParameter.State);
responseMode = GetResponseMode(authorizationFlow);
}
result.RedirectInstruction.ResponseMode = responseMode;
}
return(result);
}
public async Task <bool> Execute(string localSubject, string externalSubject, string issuer, bool force = false)
{
if (string.IsNullOrWhiteSpace(localSubject))
{
throw new ArgumentNullException(nameof(localSubject));
}
if (string.IsNullOrWhiteSpace(externalSubject))
{
throw new ArgumentNullException(nameof(externalSubject));
}
if (string.IsNullOrWhiteSpace(issuer))
{
throw new ArgumentNullException(nameof(issuer));
}
var resourceOwner = await _resourceOwnerRepository.GetAsync(localSubject);
if (resourceOwner == null)
{
throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheResourceOwnerDoesntExist);
}
var profile = await _profileRepository.Get(externalSubject);
if (profile != null && profile.ResourceOwnerId != localSubject)
{
if (!force)
{
throw new ProfileAssignedAnotherAccountException();
}
else
{
await _profileRepository.Remove(new[] { externalSubject });
if (profile.ResourceOwnerId == profile.Subject)
{
await _resourceOwnerRepository.DeleteAsync(profile.ResourceOwnerId);
}
profile = null;
}
}
if (profile != null)
{
throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheProfileAlreadyLinked);
}
return(await _profileRepository.Add(new[]
{
new ResourceOwnerProfile
{
ResourceOwnerId = localSubject,
Subject = externalSubject,
Issuer = issuer,
CreateDateTime = DateTime.UtcNow,
UpdateTime = DateTime.UtcNow
}
}));
}
public async Task ExecuteAsync(ActionResult actionResult, AuthorizationParameter authorizationParameter, Client client, string issuerName, string authenticatedSubject)
{
if (actionResult == null || actionResult.RedirectInstruction == null)
{
throw new ArgumentNullException(nameof(actionResult));
}
;
if (authorizationParameter == null)
{
throw new ArgumentNullException(nameof(authorizationParameter));
}
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
if (string.IsNullOrWhiteSpace(authenticatedSubject))
{
throw new ArgumentNullException(nameof(authenticatedSubject));
}
var newAccessTokenGranted = false;
var allowedTokenScopes = string.Empty;
GrantedToken grantedToken = null;
var newAuthorizationCodeGranted = false;
AuthorizationCode authorizationCode = null;
_oauthEventSource.StartGeneratingAuthorizationResponseToClient(authorizationParameter.ClientId,
authorizationParameter.ResponseType);
var responses = _parameterParserHelper.ParseResponseTypes(authorizationParameter.ResponseType);
var user = await _resourceOwnerRepository.GetAsync(authenticatedSubject).ConfigureAwait(false);
var claims = user.Claims;
var idTokenPayload = await GenerateIdTokenPayload(claims, authorizationParameter, issuerName).ConfigureAwait(false);
var userInformationPayload = await GenerateUserInformationPayload(claims, authorizationParameter).ConfigureAwait(false);
if (responses.Contains(ResponseType.token)) // 1. Generate an access token.
{
if (!string.IsNullOrWhiteSpace(authorizationParameter.Scope))
{
allowedTokenScopes = string.Join(" ", _parameterParserHelper.ParseScopes(authorizationParameter.Scope));
}
grantedToken = await _grantedTokenHelper.GetValidGrantedTokenAsync(allowedTokenScopes, client.ClientId,
userInformationPayload, idTokenPayload);
if (grantedToken == null)
{
grantedToken = await _grantedTokenGeneratorHelper.GenerateTokenAsync(client, allowedTokenScopes,
issuerName, userInformationPayload, idTokenPayload);
newAccessTokenGranted = true;
}
actionResult.RedirectInstruction.AddParameter(Constants.StandardAuthorizationResponseNames.AccessTokenName,
grantedToken.AccessToken);
}
if (responses.Contains(ResponseType.code)) // 2. Generate an authorization code.
{
var assignedConsent = await _consentHelper.GetConfirmedConsentsAsync(authenticatedSubject, authorizationParameter).ConfigureAwait(false);
if (assignedConsent != null)
{
// Insert a temporary authorization code
// It will be used later to retrieve tha id_token or an access token.
authorizationCode = new AuthorizationCode
{
Code = Guid.NewGuid().ToString(),
RedirectUri = authorizationParameter.RedirectUrl,
CreateDateTime = DateTime.UtcNow,
ClientId = authorizationParameter.ClientId,
Scopes = authorizationParameter.Scope,
IdTokenPayload = idTokenPayload,
UserInfoPayLoad = userInformationPayload
};
newAuthorizationCodeGranted = true;
actionResult.RedirectInstruction.AddParameter(Constants.StandardAuthorizationResponseNames.AuthorizationCodeName,
authorizationCode.Code);
}
}
_jwtGenerator.FillInOtherClaimsIdentityTokenPayload(idTokenPayload,
authorizationCode == null ? string.Empty : authorizationCode.Code,
grantedToken == null ? string.Empty : grantedToken.AccessToken,
authorizationParameter, client);
if (newAccessTokenGranted) // 3. Insert the stateful access token into the DB OR insert the access token into the caching.
{
await _tokenStore.AddToken(grantedToken);
_oauthEventSource.GrantAccessToClient(authorizationParameter.ClientId,
grantedToken.AccessToken,
allowedTokenScopes);
}
if (newAuthorizationCodeGranted) // 4. Insert the authorization code into the caching.
{
if (client.RequirePkce)
{
authorizationCode.CodeChallenge = authorizationParameter.CodeChallenge;
authorizationCode.CodeChallengeMethod = authorizationParameter.CodeChallengeMethod;
}
await _authorizationCodeStore.AddAuthorizationCode(authorizationCode);
_oauthEventSource.GrantAuthorizationCodeToClient(authorizationParameter.ClientId,
authorizationCode.Code,
authorizationParameter.Scope);
}
if (responses.Contains(ResponseType.id_token))
{
var idToken = await GenerateIdToken(idTokenPayload, authorizationParameter);
actionResult.RedirectInstruction.AddParameter(Constants.StandardAuthorizationResponseNames.IdTokenName, idToken);
}
if (!string.IsNullOrWhiteSpace(authorizationParameter.State))
{
actionResult.RedirectInstruction.AddParameter(Constants.StandardAuthorizationResponseNames.StateName, authorizationParameter.State);
}
var sessionState = GetSessionState(authorizationParameter.ClientId, authorizationParameter.OriginUrl, authorizationParameter.SessionId);
if (sessionState != null)
{
actionResult.RedirectInstruction.AddParameter(Constants.StandardAuthorizationResponseNames.SessionState, sessionState);
}
if (authorizationParameter.ResponseMode == ResponseMode.form_post)
{
actionResult.Type = TypeActionResult.RedirectToAction;
actionResult.RedirectInstruction.Action = IdentityServerEndPoints.FormIndex;
actionResult.RedirectInstruction.AddParameter("redirect_uri", authorizationParameter.RedirectUrl);
}
// Set the response mode
if (actionResult.Type == TypeActionResult.RedirectToCallBackUrl)
{
var responseMode = authorizationParameter.ResponseMode;
if (responseMode == ResponseMode.None)
{
var responseTypes = _parameterParserHelper.ParseResponseTypes(authorizationParameter.ResponseType);
var authorizationFlow = _authorizationFlowHelper.GetAuthorizationFlow(responseTypes,
authorizationParameter.State);
responseMode = GetResponseMode(authorizationFlow);
}
actionResult.RedirectInstruction.ResponseMode = responseMode;
}
_oauthEventSource.EndGeneratingAuthorizationResponseToClient(authorizationParameter.ClientId,
JsonConvert.SerializeObject(actionResult.RedirectInstruction.Parameters));
}
public async Task <string> Execute(AddUserParameter addUserParameter, string issuer = null)
{
if (addUserParameter == null)
{
throw new ArgumentNullException(nameof(addUserParameter));
}
var subject = await _subjectBuilder.BuildSubject().ConfigureAwait(false);
// 1. Check the resource owner already exists.
if (await _resourceOwnerRepository.GetAsync(subject) != null)
{
throw new IdentityServerException(Errors.ErrorCodes.UnhandledExceptionCode, Errors.ErrorDescriptions.TheRoWithCredentialsAlreadyExists);
}
var newClaims = new List <Claim>
{
new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt, DateTime.UtcNow.ToString()),
new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject)
};
// 2. Populate the claims.
var existedClaims = await _claimRepository.GetAllAsync().ConfigureAwait(false);
if (addUserParameter.Claims != null)
{
foreach (var claim in addUserParameter.Claims)
{
if (!newClaims.Any(nc => nc.Type == claim.Type) && existedClaims.Any(c => c.Code == claim.Type))
{
newClaims.Add(claim);
}
}
}
var isFilterValid = true;
var userFilterResult = await _accountFilter.Check(newClaims).ConfigureAwait(false);
if (!userFilterResult.IsValid)
{
isFilterValid = false;
foreach (var ruleResult in userFilterResult.AccountFilterRules)
{
if (!ruleResult.IsValid)
{
_openidEventSource.Failure($"the filter rule '{ruleResult.RuleName}' failed");
foreach (var errorMessage in ruleResult.ErrorMessages)
{
_openidEventSource.Failure(errorMessage);
}
}
}
}
if (!isFilterValid)
{
throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheUserIsNotAuthorized);
}
// 3. Add the scim resource.
if (_userClaimsEnricherLst != null)
{
foreach (var userClaimsEnricher in _userClaimsEnricherLst)
{
await userClaimsEnricher.Enrich(newClaims).ConfigureAwait(false);
}
}
// 4. Add the resource owner.
var newResourceOwner = new ResourceOwner
{
Id = subject,
Claims = newClaims,
CreateDateTime = DateTime.UtcNow,
UpdateDateTime = DateTime.UtcNow,
IsBlocked = false
};
if (!await _resourceOwnerRepository.InsertAsync(newResourceOwner).ConfigureAwait(false))
{
throw new IdentityServerException(Errors.ErrorCodes.UnhandledExceptionCode, Errors.ErrorDescriptions.TheResourceOwnerCannotBeAdded);
}
// 5. Add credentials.
if (addUserParameter.Credentials != null)
{
foreach (var c in addUserParameter.Credentials)
{
c.UserId = subject;
}
await _addUserCredentialsOperation.Execute(addUserParameter.Credentials).ConfigureAwait(false);
}
// 6. Link to a profile.
if (!string.IsNullOrWhiteSpace(issuer))
{
await _linkProfileAction.Execute(subject, addUserParameter.ExternalLogin, issuer).ConfigureAwait(false);
}
_openidEventSource.AddResourceOwner(newResourceOwner.Id);
return(subject);
}
public override Task <ResourceOwner> GetResourceOwner(string login)
{
return(_resourceOwnerRepository.GetAsync(login));
}