private async Task <OpenIdClientSettings> GetClientSettingsAsync()
{
var settings = await _clientService.GetSettingsAsync();
if ((await _clientService.ValidateSettingsAsync(settings)).Any(result => result != ValidationResult.Success))
{
_logger.LogWarning("The OpenID Connect module is not correctly configured.");
return(null);
}
return(settings);
}
public override async Task <IDisplayResult> UpdateAsync(OpenIdClientSettings settings, BuildEditorContext context)
{
var user = _httpContextAccessor.HttpContext?.User;
if (user == null || !await _authorizationService.AuthorizeAsync(user, Permissions.ManageClientSettings))
{
return(null);
}
if (context.GroupId == SettingsGroupId)
{
var previousClientSecret = settings.ClientSecret;
var model = new OpenIdClientSettingsViewModel();
await context.Updater.TryUpdateModelAsync(model, Prefix);
model.Scopes = model.Scopes ?? string.Empty;
settings.DisplayName = model.DisplayName;
settings.Scopes = model.Scopes.Split(new char[] { ' ', ',' }, StringSplitOptions.RemoveEmptyEntries);
settings.Authority = !string.IsNullOrEmpty(model.Authority) ? new Uri(model.Authority, UriKind.Absolute) : null;
settings.CallbackPath = model.CallbackPath;
settings.ClientId = model.ClientId;
settings.SignedOutCallbackPath = model.SignedOutCallbackPath;
settings.SignedOutRedirectUri = model.SignedOutRedirectUri;
settings.ResponseMode = model.ResponseMode;
settings.StoreExternalTokens = model.StoreExternalTokens;
bool useClientSecret = true;
if (model.UseCodeFlow)
{
settings.ResponseType = OpenIdConnectResponseType.Code;
}
else if (model.UseCodeIdTokenFlow)
{
settings.ResponseType = OpenIdConnectResponseType.CodeIdToken;
}
else if (model.UseCodeIdTokenTokenFlow)
{
settings.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken;
}
else if (model.UseCodeTokenFlow)
{
settings.ResponseType = OpenIdConnectResponseType.CodeToken;
}
else if (model.UseIdTokenFlow)
{
settings.ResponseType = OpenIdConnectResponseType.IdToken;
useClientSecret = false;
}
else if (model.UseIdTokenTokenFlow)
{
settings.ResponseType = OpenIdConnectResponseType.IdTokenToken;
useClientSecret = false;
}
else
{
settings.ResponseType = OpenIdConnectResponseType.None;
useClientSecret = false;
}
if (!useClientSecret)
{
model.ClientSecret = previousClientSecret = null;
}
// Restore the client secret if the input is empty (i.e if it hasn't been reset).
if (string.IsNullOrEmpty(model.ClientSecret))
{
settings.ClientSecret = previousClientSecret;
}
else
{
var protector = _dataProtectionProvider.CreateProtector(nameof(OpenIdClientConfiguration));
settings.ClientSecret = protector.Protect(model.ClientSecret);
}
foreach (var result in await _clientService.ValidateSettingsAsync(settings))
{
if (result != ValidationResult.Success)
{
var key = result.MemberNames.FirstOrDefault() ?? string.Empty;
context.Updater.ModelState.AddModelError(key, result.ErrorMessage);
}
}
// If the settings are valid, release the current tenant.
if (context.Updater.ModelState.IsValid)
{
await _shellHost.ReleaseShellContextAsync(_shellSettings);
}
}
return(await EditAsync(settings, context));
}
