public async Task <ThirdPartySystemTokenResult> GetSystemAttributes(AuthorizationEndpoint endpoint, SystemLoginEndpoint loginEndpoint, HttpRequest request)
{
ThirdPartySystemTokenResult result = new ThirdPartySystemTokenResult();
var service = await GetService(endpoint);
var postExecuteService = await GetPostExecuteService(endpoint);
var thirdPartyResult = await service.GetSystemToken(endpoint.ThirdPartyConfiguration, request);
result.Attributes = thirdPartyResult.Attributes;
if (postExecuteService != null)
{
var postExecuteResult = await postExecuteService.Execute(thirdPartyResult.Attributes, endpoint.ThirdPartyPostConfiguration);
result.Attributes.Merge(postExecuteResult.UserInfoAttributes);
result.AdditionalRedirectUrlQueryAttributes = postExecuteResult.AdditionalRedirectUrlQueryAttributes;
}
await SaveTokenRecord(thirdPartyResult.Attributes, thirdPartyResult.Token, endpoint, loginEndpoint);
return(result);
}
private string GenerateSystemLoginUrl(SystemLoginEndpoint sysEndpoint, AuthorizationEndpoint authEndpoint)
{
var serviceReturnUrl = QueryHelpers.AddQueryString(sysEndpoint.BaseUrl, new Dictionary <string, string>()
{
{ "sysname", sysEndpoint.Name }, { "authname", authEndpoint.Name }
});
return(serviceReturnUrl);
}
public async Task <string> RefreshToken(AuthorizationEndpoint endpoint, SystemLoginEndpoint loginEndpoint, string userKey, string systemToken)
{
var service = await GetService(endpoint);
var newToken = await service.RefreshToken(endpoint.ThirdPartyConfiguration, systemToken);
if (endpoint.KeepThirdPartyToken)
{
var record = await _thirdPartySystemTokenRecordStore.QueryByUserKey(userKey, loginEndpoint.ID, endpoint.ID);
if (record != null)
{
await _thirdPartySystemTokenRecordStore.UpdateToken(userKey, record.ID, newToken);
}
}
return(newToken);
}
private async Task <IThirdPartySystemService> GetService(AuthorizationEndpoint endpoint)
{
if (!_thirdPartySystemServices.TryGetValue(endpoint.ThirdPartyType, out IThirdPartySystemService service))
{
var fragment = new TextFragment()
{
Code = TextCodes.NotFoundThirdPartySystemServiceByType,
DefaultFormatting = "找不到类型为{0}的第三方系统服务,发生位置:{1}",
ReplaceParameters = new List <object>()
{
endpoint.ThirdPartyType, $"{typeof(AuthorizationEndpointIMP).FullName}.ThirdPartySystemServices"
}
};
throw new UtilityException((int)Errors.NotFoundThirdPartySystemServiceByType, fragment);
}
return(await Task.FromResult(service));
}
public async Task <GetSystemTokenResult> GetSystemToken(AuthorizationEndpoint endpoint, SystemLoginEndpoint loginEndpoint, string systemLoginRedirectUrl, string clientRedirectUrl)
{
GetSystemTokenResult result = new GetSystemTokenResult();
var service = await GetService(endpoint);
var postExecuteService = await GetPostExecuteService(endpoint);
//获取第三方系统的令牌结果
var getSystemTokenResult = await service.GetSystemToken(endpoint.ThirdPartyConfiguration, systemLoginRedirectUrl, clientRedirectUrl);
result.Direct = getSystemTokenResult.Direct;
//如果不是结果是直接,则需要进行后续处理
if (getSystemTokenResult.Direct)
{
result.TokenResult = new ThirdPartySystemTokenResult()
{
Attributes = getSystemTokenResult.Token.Attributes
};
if (postExecuteService != null)
{
var postExecuteResult = await postExecuteService.Execute(getSystemTokenResult.Token.Attributes, endpoint.ThirdPartyPostConfiguration);
result.TokenResult.Attributes.Merge(postExecuteResult.UserInfoAttributes);
result.TokenResult.AdditionalRedirectUrlQueryAttributes = postExecuteResult.AdditionalRedirectUrlQueryAttributes;
}
await SaveTokenRecord(getSystemTokenResult.Token.Attributes, getSystemTokenResult.Token.Token, endpoint, loginEndpoint);
}
else
{
result.RedirectUrl = getSystemTokenResult.RedirectUrl;
}
return(result);
}
private async Task <string> GetUserKey(Dictionary <string, string> attributes, AuthorizationEndpoint endpoint, SystemLoginEndpoint loginEndpoint)
{
if (!attributes.TryGetValue(loginEndpoint.UserInfoKey, out string userKey))
{
var fragment = new TextFragment()
{
Code = TextCodes.NotFoundUserInfoKeyInThirdPartyTokenAttributes,
DefaultFormatting = "在登录终结点{0}、验证终结点{1}的第三方及后续处理中获取的令牌键值对中,找不到键为{2}的值",
ReplaceParameters = new List <object>()
{
loginEndpoint.Name, endpoint.Name, loginEndpoint.UserInfoKey
}
};
throw new UtilityException((int)Errors.NotFoundUserInfoKeyInThirdPartyTokenAttributes, fragment);
}
return(await Task.FromResult(userKey));
}
private async Task SaveTokenRecord(Dictionary <string, string> attributes, string token, AuthorizationEndpoint endpoint, SystemLoginEndpoint loginEndpoint)
{
if (!endpoint.KeepThirdPartyToken)
{
return;
}
var userKey = await GetUserKey(attributes, endpoint, loginEndpoint);
var service = await GetService(endpoint);
var record = await _thirdPartySystemTokenRecordStore.QueryByUserKey(userKey, loginEndpoint.ID, endpoint.ID);
bool needUpdate = false;
if (record == null)
{
record = new ThirdPartySystemTokenRecord()
{
ID = Guid.NewGuid(),
AuthorizationEndpointID = endpoint.ID,
SystemLoginEndpointID = loginEndpoint.ID,
LastRefeshTime = DateTime.UtcNow,
Timeout = await service.GetTimeout(endpoint.ThirdPartyConfiguration),
Token = token,
UserKey = userKey
};
try
{
await _thirdPartySystemTokenRecordStore.Add(record);
}
catch (UtilityException ex)
{
if (ex.Code == (int)Errors.ExistSameThirdPartySystemTokenRecord)
{
record = await _thirdPartySystemTokenRecordStore.QueryByUserKey(userKey, loginEndpoint.ID, endpoint.ID);
needUpdate = true;
}
else
{
throw ex;
}
}
}
else
{
needUpdate = true;
}
if (needUpdate)
{
record.Timeout = await service.GetTimeout(endpoint.ThirdPartyConfiguration);
record.LastRefeshTime = DateTime.UtcNow;
record.Token = token;
await _thirdPartySystemTokenRecordStore.Update(record);
}
}
public async Task <string> GetRealRedirectUrl(AuthorizationEndpoint endpoint, HttpRequest request)
{
var service = await GetService(endpoint);
return(await service.GetRealRedirectUrl(endpoint.ThirdPartyConfiguration, request));
}
public async Task <bool> VerifyToken(AuthorizationEndpoint endpoint, string systemToken)
{
var service = await GetService(endpoint);
return(await service.VerifyToken(endpoint.ThirdPartyConfiguration, systemToken));
}
public async Task Update(AuthorizationEndpoint endpoint)
{
await _authorizationEndpointStore.Update(endpoint);
}
public async Task Add(AuthorizationEndpoint endpoint)
{
await _authorizationEndpointStore.Add(endpoint);
}
public async Task Logout(AuthorizationEndpoint endpoint, string systemToken)
{
var service = await GetService(endpoint);
await service.Logout(endpoint.ThirdPartyConfiguration, systemToken);
}
public async Task <string> GetKeepLoginUrl(AuthorizationEndpoint endpoint, string systemToken)
{
var service = await GetService(endpoint);
return(await service.GetKeepLoginUrl(endpoint.ThirdPartyConfiguration, systemToken));
}
public async Task <string> GetLoginUrl(AuthorizationEndpoint endpoint, string systemLoginRedirectUrl, string clientRedirectUrl)
{
var service = await GetService(endpoint);
return(await service.GetLoginUrl(endpoint.ThirdPartyConfiguration, systemLoginRedirectUrl, clientRedirectUrl));
}
public async Task Delete(AuthorizationEndpoint endpoint)
{
await _authorizationEndpointStore.Delete(endpoint.ID);
}
public async Task <string> GetCommonToken(SystemLoginEndpoint endpoint, HttpRequest request)
{
//从request的query中获取authname
if (!request.Query.TryGetValue("authname", out StringValues strAuthName))
{
var fragment = new TextFragment()
{
Code = TextCodes.NotFoundAuthNameQuerystringInAuthRedirectUrl,
DefaultFormatting = "名称为{0}的系统登录终结点的第三方认证系统回调请求处理中,回调请求的Url中不包含authname参数,回调请求的Url为{1}",
ReplaceParameters = new List <object>()
{
endpoint.Name, request.Path.Value
}
};
throw new UtilityException((int)Errors.NotFoundAuthNameQuerystringInAuthRedirectUrl, fragment);
}
//根据authname获取登录终结点下面关联的验证终结点
AuthorizationEndpoint authorizationEndpoint = await GetAuthorizationEndpoint(endpoint, strAuthName[0]);
if (authorizationEndpoint == null)
{
var fragment = new TextFragment()
{
Code = TextCodes.NotFoundAuthorizationEndpointInSystemLoginEndpointCanExecuteCallback,
DefaultFormatting = "名称为{0}的系统登录终结点中,找不到可以处理从第三方认证系统回调请求的关联认证终结点,请求url为{1}",
ReplaceParameters = new List <object>()
{
endpoint.Name, request.Path.Value
}
};
throw new UtilityException((int)Errors.NotFoundAuthorizationEndpointInSystemLoginEndpointCanExecuteCallback, fragment);
}
//调用验证终结点的方法,获取实际的重定向地址
string redirectUrl = await authorizationEndpoint.GetRealRedirectUrl(request);
//验证客户端重定向地址
await validateClientRedirectUrl(endpoint, redirectUrl);
//调用验证终结点的方法,获取第三方登陆系统处理后产生的键值对
var authResult = await authorizationEndpoint.GetSystemAttributes(endpoint, request);
//生成最终要重定向回接入方的Url
var commonToken = new CommonToken()
{
SystemName = endpoint.Name,
AuthorizationName = authorizationEndpoint.Name,
UserInfoAttributes = authResult.Attributes
};
//生成通用令牌的JWT字符串
var strCommonToken = _securityService.GenerateJWT(endpoint.SecretKey, new Dictionary <string, string>()
{
{ "SystemName", commonToken.SystemName }, { "AuthorizationName", commonToken.AuthorizationName }, { "UserInfoAttributes", JsonSerializerHelper.Serializer <Dictionary <string, string> >(commonToken.UserInfoAttributes) }
}, endpoint.ExpireSecond);
//生成重定向回接入方系统的地址
var strReturnUrl = QueryHelpers.AddQueryString(redirectUrl, authResult.AdditionalRedirectUrlQueryAttributes);
strReturnUrl = QueryHelpers.AddQueryString(strReturnUrl, "commontoken", strCommonToken);
return(strReturnUrl);
}
/// <summary>
/// 删除
/// </summary>
/// <returns></returns>
public async Task Delete(AuthorizationEndpoint endpoint)
{
await _imp.Delete(this);
}