public async override Task GrantResourceOwnerCredentials(
GrantResourceOwnerCredentialsContext context)
{
_authService = (IAuthService)context.HttpContext.RequestServices.GetService(typeof(IAuthService));
Client client = _authService.FindClient(context.ClientId);
string allowedOrigin = string.Empty;
allowedOrigin = client.AllowedOrigin == null ? "*" : client.AllowedOrigin;
//comentado pois está dando conflito com cors adicionado anteriormente
//context.HttpContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
var user = await _authService.GetUsuarioEmail(context.UserName);
var valid = await _authService.CheckPasswordAsync(user, context.Password);
if (valid)
{
int casaId = await _authService.GetCasaSelecionada(user);
//verifica se usuario esta bloqueado para aquela casa
if (_authService.AcessoUsuarioBloqueado(user.Id, casaId))
{
//tenta obter acesso em outra casa
int novaCasaSelec = _authService.TentaSelecOutraCasa(user.Id, casaId);
if (novaCasaSelec == 0)
{
context.Reject("O seu acesso foi bloqueado");
return;
}
casaId = novaCasaSelec;
}
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
foreach (var claim in _authService.GetClaims(user, casaId))
{
identity.AddClaim(claim.Type, claim.Value, "access_token", "id_token");
}
identity.AddClaim("casa", casaId.ToString(), "access_token", "id_token");
identity.AddClaim(ClaimTypes.NameIdentifier, user.Id, "access_token", "id_token");
identity.AddClaim(ClaimTypes.Name, user.UserName, "access_token", "id_token");
var principal = new ClaimsPrincipal(identity);
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"client_id", (context.ClientId == null) ? string.Empty : context.ClientId
},
{
"userName", context.UserName
}
});
var ticket = new AuthenticationTicket(principal, props, OpenIdConnectServerDefaults.AuthenticationScheme);
List <string> scopes = new List <string>();
if (context.Request.HasScope("offline_access"))
{
scopes.Add("offline_access");
}
ticket.SetScopes(scopes);
context.Validate(ticket);
}
}
public override async Task GrantRefreshToken(GrantRefreshTokenContext context)
{
//_authService = (IAuthService)context.HttpContext.ApplicationServices.GetService(typeof(IAuthService));
_authService = (IAuthService)context.HttpContext.RequestServices.GetService(typeof(IAuthService));
string originalClient = string.Empty;
context.Ticket.Properties.Items.TryGetValue("client_id", out originalClient);
var currentClient = context.ClientId;
if (originalClient != currentClient)
{
context.Reject("O Refresh token foi criado para outro client_id");
}
string username = string.Empty;
context.Ticket.Properties.Items.TryGetValue("userName", out username);
var user = await _authService.GetUsuarioEmail(username);
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
int casaId = await _authService.GetCasaSelecionada(user);
//verifica se usuario esta bloqueado para aquela casa
if (_authService.AcessoUsuarioBloqueado(user.Id, casaId))
{
//tenta obter acesso em outra casa
int novaCasaSelec = _authService.TentaSelecOutraCasa(user.Id, casaId);
if (novaCasaSelec == 0)
{
context.Reject("O seu acesso foi bloqueado");
return;
}
casaId = novaCasaSelec;
}
foreach (var claim in _authService.GetClaims(user, casaId))
{
identity.AddClaim(claim.Type, claim.Value, "access_token", "id_token");
}
identity.AddClaim("casa", casaId.ToString(), "access_token", "id_token");
identity.AddClaim(ClaimTypes.NameIdentifier, user.Id, "access_token", "id_token");
identity.AddClaim(ClaimTypes.Name, user.UserName, "access_token", "id_token");
var principal = new ClaimsPrincipal(identity);
var newTicket = new AuthenticationTicket(principal,
context.Ticket.Properties,
OpenIdConnectServerDefaults.AuthenticationScheme);
context.Validate(newTicket);
}
