/// <summary>获取访问令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id"></param>
/// <param name="client_secret"></param>
/// <param name="code"></param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessToken(OAuthServer sso, String client_id, String client_secret, String code, String ip)
{
sso.Auth(client_id, client_secret);
var token = sso.GetToken(code);
token.Scope = "basic,UserInfo";
return(token);
}
/// <summary>密码式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="username">用户名</param>
/// <param name="password">密码</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessTokenByPassword(OAuthServer sso, String client_id, String username, String password, String ip)
{
var log = new AppLog
{
Action = "Password",
Success = true,
ClientId = client_id,
ResponseType = "password",
CreateIP = ip,
};
try
{
var app = sso.Auth(client_id, null);
log.AppId = app.ID;
// 不能使用 ManagerProvider,它会写cookie
//var user = Provider.Login(username, password, false);
var user = XCode.Membership.User.Login(username, password, false);
if (user == null)
{
throw new XException("用户{0}验证失败", username);
}
var token = sso.CreateToken(app, user.Name, null, $"{client_id}#{user.Name}");
//var token = sso.CreateToken(app, user.Name, new
//{
// userid = user.ID,
// usercode = user.Code,
// nickname = user.DisplayName,
//});
//var token = sso.CreateToken(app, user.Name, GetUserInfo(null, null, user));
//token.Scope = "basic,UserInfo";
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = user.Name;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}
/// <summary>凭证式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="client_secret">密钥</param>
/// <param name="refresh_token">刷新令牌</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo RefreshToken(OAuthServer sso, String client_id, String client_secret, String refresh_token, String ip)
{
var log = new AppLog
{
Action = "RefreshToken",
Success = true,
ClientId = client_id,
ResponseType = "refresh_token",
CreateIP = ip,
};
try
{
var app = App.FindByName(client_id);
if (app != null)
{
log.AppId = app.ID;
}
app = sso.Auth(client_id, client_secret);
log.AppId = app.ID;
var name = sso.Decode(refresh_token);
var ss = name.Split("#");
if (ss.Length != 2 || ss[0] != client_id)
{
throw new Exception("非法令牌");
}
// 使用者标识保持不变
var code = ss[1];
var token = sso.CreateToken(app, code, null, $"{client_id}#{code}");
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = code;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}
/// <summary>凭证式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="client_secret">密钥</param>
/// <param name="username">用户名。可以是设备编码等唯一使用者标识</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessTokenByClientCredentials(OAuthServer sso, String client_id, String client_secret, String username, String ip)
{
var log = new AppLog
{
Action = "ClientCredentials",
Success = true,
ClientId = client_id,
ResponseType = "client_credentials",
CreateIP = ip,
};
try
{
var app = App.FindByName(client_id);
if (app != null)
{
log.AppId = app.ID;
}
app = sso.Auth(client_id, client_secret, ip);
log.AppId = app.ID;
// 验证应用能力
var scopes = app.Scopes?.Split(",");
if (scopes == null || !"client_credentials".EqualIgnoreCase(scopes))
{
throw new InvalidOperationException($"应用[{app}]没有使用client_credentials客户端凭证的能力!");
}
var code = !username.IsNullOrEmpty() ? username : ("_" + Rand.NextString(7));
var token = sso.CreateToken(app, code, null, $"{client_id}#{code}");
//token.Scope = "basic,UserInfo";
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = code;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}
/// <summary>凭证式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="client_secret">密钥</param>
/// <param name="username">用户名。可以是设备编码等唯一使用者标识</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessTokenByClientCredentials(OAuthServer sso, String client_id, String client_secret, String username, String ip)
{
var log = new AppLog
{
Action = "ClientCredentials",
Success = true,
ClientId = client_id,
ResponseType = "client_credentials",
CreateIP = ip,
};
try
{
var app = sso.Auth(client_id, client_secret);
log.AppId = app.ID;
var code = !username.IsNullOrEmpty() ? username : ("_" + Rand.NextString(7));
var token = sso.CreateToken(app, code, $"{client_id}#{code}");
//token.Scope = "basic,UserInfo";
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = code;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}
/// <summary>密码式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="username">用户名</param>
/// <param name="password">密码。支持md5密码,以md5#开头</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessTokenByPassword(OAuthServer sso, String client_id, String username, String password, String ip)
{
var log = new AppLog
{
Action = "Password",
Success = true,
ClientId = client_id,
ResponseType = "password",
CreateIP = ip,
};
try
{
var app = sso.Auth(client_id, null, ip);
log.AppId = app.ID;
// 验证应用能力
var scopes = app.Scopes?.Split(",");
if (scopes == null || !"password".EqualIgnoreCase(scopes))
{
throw new InvalidOperationException($"应用[{app}]没有使用password密码凭证的能力!");
}
IManageUser user = null;
if (password.StartsWithIgnoreCase("md5#"))
{
var pass = password.Substring("md5#".Length);
user = User.Login(username, u =>
{
if (!u.Password.IsNullOrEmpty() && !u.Password.EqualIgnoreCase(pass))
{
throw new InvalidOperationException($"密码不正确!");
}
});
}
else if (password.StartsWithIgnoreCase("$rsa$"))
{
var ss = password.Split('$');
var key = GetKey(ss[2]);
var pass = ss[ss.Length - 1];
pass = RSAHelper.Decrypt(pass.ToBase64(), key).ToStr();
if (Provider is ManageProvider prv)
{
user = prv.LoginCore(username, pass);
}
else
{
user = User.Login(username, pass, false);
}
}
else
{
// 不能使用 ManagerProvider,它会写cookie
//var user = Provider.Login(username, password, false);
if (Provider is ManageProvider prv)
{
user = prv.LoginCore(username, password);
}
else
{
user = User.Login(username, password, false);
}
}
if (user == null)
{
throw new XException("用户{0}验证失败", username);
}
var token = sso.CreateToken(app, user.Name, null, $"{client_id}#{user.Name}");
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = user.Name;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}
/// <summary>密码式获取令牌</summary>
/// <param name="sso"></param>
/// <param name="client_id">应用标识</param>
/// <param name="username">用户名</param>
/// <param name="password">密码。支持md5密码,以md5#开头</param>
/// <param name="ip"></param>
/// <returns></returns>
public virtual TokenInfo GetAccessTokenByPassword(OAuthServer sso, String client_id, String username, String password, String ip)
{
var log = new AppLog
{
Action = "Password",
Success = true,
ClientId = client_id,
ResponseType = "password",
CreateIP = ip,
};
try
{
var app = sso.Auth(client_id, null);
log.AppId = app.ID;
IManageUser user = null;
if (password.StartsWithIgnoreCase("md5#"))
{
var pass = password.Substring("md5#".Length);
user = XCode.Membership.User.Login(username, u =>
{
if (!u.Password.IsNullOrEmpty() && !u.Password.EqualIgnoreCase(pass))
{
throw new InvalidOperationException($"密码不正确!");
}
});
}
else
{
// 不能使用 ManagerProvider,它会写cookie
//var user = Provider.Login(username, password, false);
user = XCode.Membership.User.Login(username, password, false);
}
if (user == null)
{
throw new XException("用户{0}验证失败", username);
}
var token = sso.CreateToken(app, user.Name, null, $"{client_id}#{user.Name}");
log.AccessToken = token.AccessToken;
log.RefreshToken = token.RefreshToken;
log.CreateUser = user.Name;
log.Scope = token.Scope;
return(token);
}
catch (Exception ex)
{
log.Success = false;
log.Remark = ex.GetTrue()?.Message;
throw;
}
finally
{
log.Insert();
}
}