Exemple #1
0
        /*****************************************/
        /* helper APIs for the ConsentController */
        /*****************************************/
        private async Task <ProcessConsentResult> ProcessConsent(ConsentInputModel model)
        {
            var result = new ProcessConsentResult();

            // validate return url is still valid
            var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);

            if (request == null)
            {
                return(result);
            }

            ConsentResponse grantedConsent = null;

            // user clicked 'no' - send back the standard 'access_denied' response
            if (model?.Button == "no")
            {
                grantedConsent = ConsentResponse.Denied;

                // emit event
                await _events.RaiseAsync(new ConsentDeniedEvent (User.GetSubjectId(), request.ClientId, request.ScopesRequested));
            }
            // user clicked 'yes' - validate the data
            else if (model?.Button == "yes")
            {
                // if the user consented to some scope, build the response model
                if (model.ScopesConsented != null && model.ScopesConsented.Any())
                {
                    var scopes = model.ScopesConsented;
                    if (ConsentOptions.EnableOfflineAccess == false)
                    {
                        scopes = scopes.Where(x => x != IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess);
                    }

                    grantedConsent = new ConsentResponse {
                        RememberConsent = model.RememberConsent,
                        ScopesConsented = scopes.ToArray()
                    };

                    // emit event
                    await _events.RaiseAsync(new ConsentGrantedEvent (User.GetSubjectId(), request.ClientId, request.ScopesRequested, grantedConsent.ScopesConsented, grantedConsent.RememberConsent));
                }
                else
                {
                    result.ValidationError = ConsentOptions.MustChooseOneErrorMessage;
                }
            }
            else
            {
                result.ValidationError = ConsentOptions.InvalidSelectionErrorMessage;
            }

            if (grantedConsent != null)
            {
                // communicate outcome of consent back to identityserver
                await _interaction.GrantConsentAsync(request, grantedConsent);

                // indicate that's it ok to redirect back to authorization endpoint
                result.RedirectUri = model.ReturnUrl;
                result.ClientId    = request.ClientId;
            }
            else
            {
                // we need to redisplay the consent UI
                result.ViewModel = await BuildViewModelAsync(model.ReturnUrl, model);
            }

            return(result);
        }
Exemple #2
0
        private async Task <ProcessConsentResult> ProcessConsent(ConsentInputModel model)
        {
            var result = new ProcessConsentResult();

            // 验证URL是否有效
            var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);

            if (request == null)
            {
                return(result);
            }
            ConsentResponse grantedConsent = null;

            if (model.Button == "no")
            {
                grantedConsent = ConsentResponse.Denied;
            }
            else if (model.Button == "yes")
            {
                if (model.ScopesConsented != null && model.ScopesConsented.Any())
                {
                    var scopes = model.ScopesConsented.ToList();

                    //获取所有
                    var identitResource = await _resourceStore.FindIdentityResourcesByScopeAsync(request.ScopesRequested);

                    //if (identitResource != null && identitResource.Any())
                    //{
                    //    //获取不显示在界面,但是必须项Required的
                    //    identitResource.Where(i => !i.ShowInDiscoveryDocument && i.Required).ToList()
                    //        .ForEach(f => { scopes.Add(f.Name); });
                    //}

                    //if (ConsentOptions.EnableOfflineAccess == false)
                    //{
                    //    scopes = scopes.Where(x => x != IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess);
                    //}

                    grantedConsent = new ConsentResponse
                    {
                        RememberConsent = model.RememberConsent,
                        ScopesConsented = scopes.ToArray()
                    };
                }
                else
                {
                    result.ValidationError = ConsentOptions.MustChooseOneErrorMessage;
                }
            }
            else
            {
                result.ValidationError = ConsentOptions.InvalidSelectionErrorMessage;
            }
            if (grantedConsent != null)
            {
                // 把同意的结果发送给 identityserver
                await _interaction.GrantConsentAsync(request, grantedConsent);

                // indicate that's it ok to redirect back to authorization endpoint
                result.RedirectUri = model.ReturnUrl;
                //var ck = new Uri(model.ReturnUrl);
                //result.RedirectUri = "http://localhost:5006/";
                result.ClientId = request.ClientId;

                var id     = _configurationDbContext.Clients.ToList().Find(f => f.ClientId == request.ClientId).Id;
                var entity = _applicationDbContext.applicationUseAuthorizations.FirstOrDefault(_ => _.ClientId == id);
                ////判断是否授权过
                //if (entity != null && !entity.Enabled)
                //{
                //    entity.Enabled = true;
                //    _applicationDbContext.Update(entity);
                //    _applicationDbContext.SaveChanges();
                //}
                //else
                //{
                //    //给用户添加第三方授权信息
                //    await _applicationDbContext.AddAsync(new ApplicationUseAuthorization
                //    {
                //        ClientId = id,
                //        Enabled = true
                //    });
                //    ////给用户添加第三方授权信息
                //    //_applicationDbContext.applicationUseAuthorizations.Add(new ApplicationUseAuthorization
                //    //{
                //    //    ClientId = id,
                //    //    Enabled = true
                //    //});
                //    //_applicationDbContext.SaveChanges();
                //}
            }
            else
            {
                // we need to redisplay the consent UI
                result.ViewModel = await BuildViewModelAsync(model.ReturnUrl, model);
            }
            return(result);
        }