public LinkedInOAuth(OAuthConfig config) : base(config)
{
}
public AdalTokenProvider(OAuthConfig oAuthConfig, ILogger logger, IContainerResolve container)
{
Logger = logger;
Container = container;
this.oAuthConfig = oAuthConfig;
}
public async Task <IActionResult> Login(LoginInputModel model)
{
// check if we are in the context of an authorization request
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
if (ModelState.IsValid)
{
AuthenticationProperties props = null;
IdentityServerUser isuser = null;
UserLoginSuccessEvent successEvent = null;
bool isValid = false;
string errMsg = null;
// 测试用户
var testUser = OAuthConfig.GetTestUsers().Find(t => t.Username == model.Username && t.Password == model.Password);
if (testUser != null)
{
successEvent = new UserLoginSuccessEvent(testUser.Username, testUser.SubjectId, testUser.Username, clientId: context?.Client.ClientId);
// issue authentication cookie with subject ID and username
isuser = new IdentityServerUser(testUser.SubjectId)
{
DisplayName = testUser.Username,
AdditionalClaims =
{
new Claim(UserClaimEnum.UserId.ToString(), testUser.SubjectId),
new Claim(UserClaimEnum.UserName.ToString(), testUser.Username)
}
};
isValid = true;
}
else
{
//E登账号
var edUser = _edApiService.GetEdUser(model.Username, model.Password, out string msg);
errMsg = msg;
if (edUser != null)
{
successEvent = new UserLoginSuccessEvent(edUser.LoginName, edUser.ID.ToString(), edUser.EmployeeName, clientId: context?.Client.ClientId);
// issue authentication cookie with subject ID and username
isuser = new IdentityServerUser(edUser.ID.ToString())
{
DisplayName = edUser.EmployeeName,
AdditionalClaims =
{
new Claim(UserClaimEnum.UserId.ToString(), edUser.ID.ToString()),
new Claim(UserClaimEnum.UserName.ToString(), edUser.EmployeeName.ToString())
}
};
isValid = true;
}
}
if (isValid)
{
//身份认证通过
await _events.RaiseAsync(successEvent);
// only set explicit expiration here if user chooses "remember me".
// otherwise we rely upon expiration configured in cookie middleware.
if (AccountOptions.AllowRememberLogin && model.RememberLogin)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration)
};
}
;
await HttpContext.SignInAsync(isuser, props);
if (context != null)
{
if (context.IsNativeClient())
{
// The client is native, so this change in how to
// return the response is for better UX for the end user.
return(this.LoadingPage("Redirect", model.ReturnUrl));
}
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
return(Redirect(model.ReturnUrl));
}
// request for a local page
if (Url.IsLocalUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
else if (string.IsNullOrEmpty(model.ReturnUrl))
{
return(Redirect("~/"));
}
else
{
// user might have clicked on a malicious link - should be logged
throw new Exception("无效的返回URL");
}
}
await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "无效的证书", clientId : context?.Client.ClientId));
ModelState.AddModelError(string.Empty, errMsg ?? AccountOptions.InvalidCredentialsErrorMessage);
}
// something went wrong, show form with error
var vm = await BuildLoginViewModelAsync(model);
return(View(vm));
}
public FacebookOAuth(OAuthConfig oauthConfig) : base(oauthConfig)
{
}
/// <summary>绑定用户,用户未有效绑定或需要强制绑定时</summary>
/// <param name="uc"></param>
/// <param name="client"></param>
public virtual IManageUser OnBind(UserConnect uc, OAuthClient client)
{
var log = LogProvider.Provider;
var prv = Provider;
var mode = "";
// 如果未登录,需要注册一个
var user = prv.Current;
if (user == null)
{
// 匹配UnionId
if (user == null && !client.UnionID.IsNullOrEmpty())
{
var list = UserConnect.FindAllByUnionId(client.UnionID);
//// 排除当前项,选择登录次数最多的用户
//list = list.Where(e => e.ID != uc.ID && e.UserID > 0).ToList();
// 选择登录次数最多的用户
var ids = list.Where(e => e.Enable && e.UserID > 0).Select(e => e.UserID).Distinct().ToArray();
var users = ids.Select(e => User.FindByID(e)).Where(e => e != null).ToList();
if (users.Count > 0)
{
mode = "UnionID";
user = users.OrderByDescending(e => e.Logins).FirstOrDefault();
}
}
var set = Setting.Current;
var cfg = OAuthConfig.FindByName(client.Name);
//if (!cfg.AutoRegister) throw new InvalidOperationException($"绑定[{cfg}]要求本地已登录!");
if (user == null && !set.AutoRegister && !cfg.AutoRegister)
{
log?.WriteLog(typeof(User), "SSO登录", false, $"无法找到[{client.Name}]的[{client.NickName}]在本地的绑定,且没有打开自动注册,准备进入登录页面,利用其它登录方式后再绑定", 0, user + "");
return(null);
}
// 先找用户名,如果存在,就加上提供者前缀,直接覆盖
var name = client.UserName;
if (name.IsNullOrEmpty())
{
name = client.NickName;
}
if (user == null && !name.IsNullOrEmpty())
{
// 强制绑定本地用户时,没有前缀
if (set.ForceBindUser)
{
mode = "UserName";
user = prv.FindByName(name);
}
else
{
mode = "Provider-UserName";
name = client.Name + "_" + name;
user = prv.FindByName(name);
}
}
// 匹配Code
if (user == null && set.ForceBindUserCode)
{
mode = "UserCode";
if (!client.UserCode.IsNullOrEmpty())
{
user = User.FindByCode(client.UserCode);
}
}
// 匹配Mobile
if (user == null && set.ForceBindUserMobile)
{
mode = "UserMobile";
if (!client.Mobile.IsNullOrEmpty())
{
user = User.FindByMobile(client.Mobile);
}
}
// 匹配Mail
if (user == null && set.ForceBindUserMail)
{
mode = "UserMail";
if (!client.Mail.IsNullOrEmpty())
{
user = User.FindByMail(client.Mail);
}
}
// QQ、微信 等不返回用户名
if (user == null && name.IsNullOrEmpty())
{
// OpenID和AccessToken不可能同时为空
var openid = client.OpenID;
if (openid.IsNullOrEmpty())
{
openid = client.AccessToken;
}
// 过长,需要随机一个较短的
var num = openid.GetBytes().Crc();
mode = "OpenID-Crc";
name = client.Name + "_" + num.ToString("X8");
user = prv.FindByName(name);
}
if (user == null)
{
mode = "Register";
// 新注册用户采用魔方默认角色
var rid = Role.GetOrAdd(set.DefaultRole).ID;
//if (rid == 0 && client.Items.TryGetValue("roleid", out var roleid)) rid = roleid.ToInt();
//if (rid <= 0) rid = GetRole(client.Items, rid < -1);
// 注册用户,随机密码
user = prv.Register(name, Rand.NextString(16), rid, true);
//if (user is User user2) user2.RoleIDs = GetRoles(client.Items, rid < -2).Join();
}
}
uc.UserID = user.ID;
uc.Enable = true;
// 写日志
log?.WriteLog(typeof(User), "绑定", true, $"[{user}]依据[{mode}]绑定到[{client.Name}]的[{client.NickName}]", user.ID, user + "");
return(user);
}
public TwitterServiceBase(OAuthConfig oauthConfig)
{
_oauthConfig = oauthConfig;
}
private void BindData()
{
this.Repeater1.DataSource = OAuthConfig.LoadAll();
this.Repeater1.DataBind();
}
/// <summary>填充用户,登录成功并获取用户信息之后</summary>
/// <param name="client"></param>
/// <param name="user"></param>
protected virtual void Fill(OAuthClient client, IManageUser user)
{
client.Fill(user);
var dic = client.Items;
// 用户信息
if (dic != null && user is User user2)
{
if (user2.Code.IsNullOrEmpty())
{
user2.Code = client.UserCode;
}
if (user2.Mobile.IsNullOrEmpty())
{
user2.Mobile = client.Mobile;
}
if (user2.Mail.IsNullOrEmpty())
{
user2.Mail = client.Mail;
}
if (user2.Sex == SexKinds.未知 && client.Sex != 0)
{
user2.Sex = (SexKinds)client.Sex;
}
if (user2.Remark.IsNullOrEmpty())
{
user2.Remark = client.Detail;
}
var set = Setting.Current;
var roleId = 0;
List <Int32> roleIds = null;
// 使用认证中心的角色
if (set.UseSsoRole)
{
// 跟本地系统角色合并
var sys = user2.Roles.Where(e => e.IsSystem).Select(e => e.ID).ToList();
if (sys.Count > 0)
{
roleId = user2.RoleID;
if (roleIds == null)
{
roleIds = new List <Int32>();
}
roleIds.AddRange(sys);
}
roleId = GetRole(dic, true);
if (roleId > 0)
{
user2.RoleID = roleId;
var ids = GetRoles(client.Items, true).ToList();
if (roleIds == null)
{
roleIds = new List <Int32>();
}
roleIds.AddRange(ids);
}
}
// 使用本地角色
if (user2.RoleID <= 0 && !set.DefaultRole.IsNullOrEmpty())
{
user2.RoleID = roleId = Role.GetOrAdd(set.DefaultRole).ID;
}
// OAuth提供者的自动角色
var cfg = OAuthConfig.FindAllWithCache().FirstOrDefault(e => e.Name.EqualIgnoreCase(client.Name));
if (cfg != null && !cfg.AutoRole.IsNullOrEmpty())
{
var ids = GetRoles(cfg.AutoRole, true).ToList();
if (roleIds == null)
{
roleIds = new List <Int32>();
}
roleIds.AddRange(ids);
}
if (roleIds != null)
{
roleIds = roleIds.Distinct().ToList();
if (roleIds.Contains(roleId))
{
roleIds.Remove(roleId);
}
if (roleIds.Count == 0)
{
user2.RoleIds = null;
}
else
{
user2.RoleIds = "," + roleIds.OrderBy(e => e).Join() + ",";
}
}
// 部门
if (set.UseSsoDepartment && !client.DepartmentCode.IsNullOrEmpty() && !client.DepartmentName.IsNullOrEmpty())
{
var dep = Department.FindByCode(client.DepartmentCode);
if (dep == null)
{
dep = new Department
{
Code = client.DepartmentCode,
Name = client.DepartmentName,
Enable = true
};
dep.Insert();
}
user2.DepartmentID = dep.ID;
}
// 头像。有可能是相对路径,需要转为绝对路径
var av = client.Avatar;
if (av != null && av.StartsWith("/") && client.Server.StartsWithIgnoreCase("http"))
{
av = new Uri(new Uri(client.Server), av) + "";
}
if (user2.Avatar.IsNullOrEmpty())
{
user2.Avatar = av;
}
// 本地头像,如果不存在,也要更新
else if (user2.Avatar.StartsWithIgnoreCase("/Sso/Avatar/", "/Sso/Avatar?"))
{
var av2 = Setting.Current.AvatarPath.CombinePath(user2.ID + ".png").GetBasePath();
if (!File.Exists(av2))
{
LogProvider.Provider?.WriteLog(user.GetType(), "更新头像", true, $"{user2.Avatar} => {av}", user.ID, user + "");
user2.Avatar = av;
}
}
// 下载远程头像到本地,Avatar还是保存远程头像地址
if (user2.Avatar.StartsWithIgnoreCase("http") && !set.AvatarPath.IsNullOrEmpty())
{
Task.Run(() => FetchAvatar(user, av));
}
}
}
public OSChinaOAuth(OAuthConfig oauthConfig) : base(oauthConfig)
{
}
public GithubOAuth(OAuthConfig oauthConfig) : base(oauthConfig)
{
}
public GiteeOAuth(OAuthConfig oauthConfig) : base(oauthConfig)
{
}
public TwitterServiceMonoTouch(OAuthConfig oauthConfig, Func <UIViewController> getViewController) : base(oauthConfig)
{
_getViewController = getViewController;
LoadCredentials();
}
/// <summary>应用参数</summary>
/// <param name="mi"></param>
public override void Apply(OAuthConfig mi)
{
base.Apply(mi);
SetMode(Scope);
}
public OAuthAuthorizerMonoTouch(OAuthConfig config, Func <UIViewController> getViewController) : base(config)
{
_getViewController = getViewController;
//_parent = getViewController();
}
public OAuthAuthorizerMonoTouch(OAuthConfig config) : base(config)
{
}
