/// <summary>获取用户信息</summary>
/// <param name="sso"></param>
/// <param name="token"></param>
/// <param name="user"></param>
/// <returns></returns>
public virtual Object GetUserInfo(OAuthServer sso, String token, IManageUser user)
{
if (user is User user2)
{
return new
{
userid = user.ID,
username = user.Name,
nickname = user.NickName,
sex = user2.Sex,
mail = user2.Mail,
mobile = user2.Mobile,
code = user2.Code,
roleid = user2.RoleID,
rolename = user2.RoleName,
roleids = user2.RoleIds,
rolenames = user2.Roles.Skip(1).Join(",", e => e + ""),
departmentCode = user2.Department?.Code,
departmentName = user2.Department?.Name,
avatar = user2.Avatar,
detail = user2.Remark,
}
}
;
else
{
return new
{
userid = user.ID,
username = user.Name,
nickname = user.NickName,
}
};
}
///// <summary>存储最近用过的code,避免用户刷新页面</summary>
//private static DictionaryCache<String, String> _codeCache = new DictionaryCache<string, string>()
//{
// Expire = 600,
// Period = 60
//};
static SsoController()
{
Provider = new SsoProvider();
OAuth = new OAuthServer
{
Log = LogProvider.Provider.AsLog("OAuth")
};
}
/// <summary>获取访问令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id"></param>
/// <param name="client_secret"></param>
/// <param name="code"></param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessToken(OAuthServer sso, String client_id, String client_secret, String code, String ip)
{
sso.Auth(client_id, client_secret);
var token = sso.GetToken(code);
token.Scope = "basic,UserInfo";
return(token);
}
/// <summary>密码式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="username">用户名</param>
/// <param name="password">密码</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessTokenByPassword(OAuthServer sso, String client_id, String username, String password, String ip)
{
var log = new AppLog
{
Action = "Password",
Success = true,
ClientId = client_id,
ResponseType = "password",
CreateIP = ip,
};
try
{
var app = sso.Auth(client_id, null);
log.AppId = app.ID;
// 不能使用 ManagerProvider,它会写cookie
//var user = Provider.Login(username, password, false);
var user = XCode.Membership.User.Login(username, password, false);
if (user == null)
{
throw new XException("用户{0}验证失败", username);
}
var token = sso.CreateToken(app, user.Name, null, $"{client_id}#{user.Name}");
//var token = sso.CreateToken(app, user.Name, new
//{
// userid = user.ID,
// usercode = user.Code,
// nickname = user.DisplayName,
//});
//var token = sso.CreateToken(app, user.Name, GetUserInfo(null, null, user));
//token.Scope = "basic,UserInfo";
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = user.Name;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}
/// <summary>凭证式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="client_secret">密钥</param>
/// <param name="refresh_token">刷新令牌</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo RefreshToken(OAuthServer sso, String client_id, String client_secret, String refresh_token, String ip)
{
var log = new AppLog
{
Action = "RefreshToken",
Success = true,
ClientId = client_id,
ResponseType = "refresh_token",
CreateIP = ip,
};
try
{
var app = App.FindByName(client_id);
if (app != null)
{
log.AppId = app.ID;
}
app = sso.Auth(client_id, client_secret);
log.AppId = app.ID;
var name = sso.Decode(refresh_token);
var ss = name.Split("#");
if (ss.Length != 2 || ss[0] != client_id)
{
throw new Exception("非法令牌");
}
// 使用者标识保持不变
var code = ss[1];
var token = sso.CreateToken(app, code, null, $"{client_id}#{code}");
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = code;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}
/// <summary>获取访问令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id"></param>
/// <param name="client_secret"></param>
/// <param name="code"></param>
/// <returns></returns>
public virtual Object GetAccessToken(OAuthServer sso, String client_id, String client_secret, String code)
{
var token = sso.GetToken(client_id, client_secret, code);
return(new
{
access_token = token,
expires_in = sso.Expire,
scope = "basic,UserInfo",
});
}
/// <summary>凭证式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="client_secret">密钥</param>
/// <param name="username">用户名。可以是设备编码等唯一使用者标识</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessTokenByClientCredentials(OAuthServer sso, String client_id, String client_secret, String username, String ip)
{
var log = new AppLog
{
Action = "ClientCredentials",
Success = true,
ClientId = client_id,
ResponseType = "client_credentials",
CreateIP = ip,
};
try
{
var app = App.FindByName(client_id);
if (app != null)
{
log.AppId = app.ID;
}
app = sso.Auth(client_id, client_secret, ip);
log.AppId = app.ID;
// 验证应用能力
var scopes = app.Scopes?.Split(",");
if (scopes == null || !"client_credentials".EqualIgnoreCase(scopes))
{
throw new InvalidOperationException($"应用[{app}]没有使用client_credentials客户端凭证的能力!");
}
var code = !username.IsNullOrEmpty() ? username : ("_" + Rand.NextString(7));
var token = sso.CreateToken(app, code, null, $"{client_id}#{code}");
//token.Scope = "basic,UserInfo";
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = code;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}
/// <summary>获取用户信息</summary>
/// <param name="sso"></param>
/// <param name="username"></param>
/// <returns></returns>
public virtual IManageUser GetUser(OAuthServer sso, String username)
{
var user = Provider?.FindByName(username);
// 两级单点登录可能因缓存造成查不到用户
if (user == null)
{
user = User.Find(User._.Name == username);
}
return(user);
}
static SsoController()
{
// 注册单点登录
var oc = ObjectContainer.Current;
oc.AutoRegister <SsoProvider, SsoProvider>();
oc.AutoRegister <OAuthServer, OAuthServer2>();
Provider = ObjectContainer.Current.ResolveInstance <SsoProvider>();
OAuth = ObjectContainer.Current.ResolveInstance <OAuthServer>();
//OAuthServer.Instance.Log = XTrace.Log;
OAuth.Log = LogProvider.Provider.AsLog("OAuth");
}
/// <summary>获取用户信息</summary>
/// <param name="sso"></param>
/// <param name="token"></param>
/// <param name="user"></param>
/// <returns></returns>
public virtual Object GetUserInfo(OAuthServer sso, String token, IManageUser user)
{
// 返回用户资源,可作为子系统数据权限
var res = Parameter.FindAllByUserID(user.ID, "Resources");
var dic = new Dictionary <String, String>(StringComparer.OrdinalIgnoreCase);
foreach (var item in res.Where(e => e.Enable))
{
dic[item.Name] = item.Value;
}
if (user is User user2)
{
return new
{
userid = user.ID,
username = user.Name,
nickname = user.NickName,
sex = user2.Sex,
mail = user2.Mail,
mobile = user2.Mobile,
code = user2.Code,
roleid = user2.RoleID,
rolename = user2.RoleName,
roleids = user2.RoleIds,
rolenames = user2.Roles.Skip(1).Join(",", e => e + ""),
departmentCode = user2.Department?.Code,
departmentName = user2.Department?.Name,
avatar = user2.Avatar,
detail = user2.Remark,
resources = dic,
}
}
;
else
{
return new
{
userid = user.ID,
username = user.Name,
nickname = user.NickName,
resources = dic,
}
};
}
/// <summary>凭证式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="client_secret">密钥</param>
/// <param name="username">用户名。可以是设备编码等唯一使用者标识</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessTokenByClientCredentials(OAuthServer sso, String client_id, String client_secret, String username, String ip)
{
var log = new AppLog
{
Action = "ClientCredentials",
Success = true,
ClientId = client_id,
ResponseType = "client_credentials",
CreateIP = ip,
};
try
{
var app = sso.Auth(client_id, client_secret);
log.AppId = app.ID;
var code = !username.IsNullOrEmpty() ? username : ("_" + Rand.NextString(7));
var token = sso.CreateToken(app, code, $"{client_id}#{code}");
//token.Scope = "basic,UserInfo";
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = code;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}
/// <summary>获取用户信息</summary>
/// <param name="sso"></param>
/// <param name="username"></param>
/// <returns></returns>
public virtual IManageUser GetUser(OAuthServer sso, String username)
{
var user = Provider?.FindByName(username);
// 两级单点登录可能因缓存造成查不到用户
if (user == null)
{
user = User.Find(User._.Name == username);
}
if (user == null && username.Contains("@"))
{
user = User.FindByMail(username);
}
if (user == null && username.ToLong() > 0)
{
user = User.FindByMobile(username);
}
if (user == null)
{
user = User.FindByCode(username);
}
return(user);
}
/// <summary>密码式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="username">用户名</param>
/// <param name="password">密码。支持md5密码,以md5#开头</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessTokenByPassword(OAuthServer sso, String client_id, String username, String password, String ip)
{
var log = new AppLog
{
Action = "Password",
Success = true,
ClientId = client_id,
ResponseType = "password",
CreateIP = ip,
};
try
{
var app = sso.Auth(client_id, null, ip);
log.AppId = app.ID;
// 验证应用能力
var scopes = app.Scopes?.Split(",");
if (scopes == null || !"password".EqualIgnoreCase(scopes))
{
throw new InvalidOperationException($"应用[{app}]没有使用password密码凭证的能力!");
}
IManageUser user = null;
if (password.StartsWithIgnoreCase("md5#"))
{
var pass = password.Substring("md5#".Length);
user = User.Login(username, u =>
{
if (!u.Password.IsNullOrEmpty() && !u.Password.EqualIgnoreCase(pass))
{
throw new InvalidOperationException($"密码不正确!");
}
});
}
else if (password.StartsWithIgnoreCase("$rsa$"))
{
var ss = password.Split('$');
var key = GetKey(ss[2]);
var pass = ss[ss.Length - 1];
pass = RSAHelper.Decrypt(pass.ToBase64(), key).ToStr();
if (Provider is ManageProvider prv)
{
user = prv.LoginCore(username, pass);
}
else
{
user = User.Login(username, pass, false);
}
}
else
{
// 不能使用 ManagerProvider,它会写cookie
//var user = Provider.Login(username, password, false);
if (Provider is ManageProvider prv)
{
user = prv.LoginCore(username, password);
}
else
{
user = User.Login(username, password, false);
}
}
if (user == null)
{
throw new XException("用户{0}验证失败", username);
}
var token = sso.CreateToken(app, user.Name, null, $"{client_id}#{user.Name}");
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = user.Name;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}
/// <summary>密码式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="username">用户名</param>
/// <param name="password">密码。支持md5密码,以md5#开头</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessTokenByPassword(OAuthServer sso, String client_id, String username, String password, String ip)
{
var log = new AppLog
{
Action = "Password",
Success = true,
ClientId = client_id,
ResponseType = "password",
CreateIP = ip,
};
try
{
var app = sso.Auth(client_id, null);
log.AppId = app.ID;
IManageUser user = null;
if (password.StartsWithIgnoreCase("md5#"))
{
var pass = password.Substring("md5#".Length);
user = XCode.Membership.User.Login(username, u =>
{
if (!u.Password.IsNullOrEmpty() && !u.Password.EqualIgnoreCase(pass))
{
throw new InvalidOperationException($"密码不正确!");
}
});
}
else
{
// 不能使用 ManagerProvider,它会写cookie
//var user = Provider.Login(username, password, false);
user = XCode.Membership.User.Login(username, password, false);
}
if (user == null)
{
throw new XException("用户{0}验证失败", username);
}
var token = sso.CreateToken(app, user.Name, null, $"{client_id}#{user.Name}");
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = user.Name;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}
