protected async Task <bool> PermissionCheckAsync(NotificationDefinition notificationDefinition, Guid userId) { if (!notificationDefinition.PermissionName.IsNullOrEmpty()) { AuthorizationResult result; if (CurrentUser.Id == userId) { result = await AuthorizationService.AuthorizeAsync(notificationDefinition.PermissionName); } else { var userRoles = await NotificationStore.GetUserRoles(userId); var rolesClaims = userRoles.Select(ur => new Claim(AbpClaimTypes.Role, ur)).ToArray(); var claimsIdentity = new ClaimsIdentity(new Claim[] { new Claim(AbpClaimTypes.UserId, userId.ToString()), new Claim(AbpClaimTypes.TenantId, CurrentTenant.Id?.ToString()) }); claimsIdentity.AddClaims(rolesClaims); //Switch current user identity using (CurrentPrincipalAccessor.Change(new ClaimsPrincipal(claimsIdentity))) { result = await AuthorizationService.AuthorizeAsync(notificationDefinition.PermissionName); } } if (!result.Succeeded) { return(false); } } return(true); }
public async Task Global_PermissionState_Test() { var myPermission2 = PermissionDefinitionManager.Get("MyPermission2"); (await PermissionStateManager.IsEnabledAsync(myPermission2)).ShouldBeFalse(); using (CurrentPrincipalAccessor.Change(new Claim(AbpClaimTypes.Role, "admin"))) { (await PermissionStateManager.IsEnabledAsync(myPermission2)).ShouldBeTrue(); } }
public async Task PermissionState_Test() { var myPermission1 = PermissionDefinitionManager.Get("MyPermission1"); myPermission1.StateProviders.ShouldContain(x => x.GetType() == typeof(TestRequireEditionPermissionStateProvider)); (await PermissionStateManager.IsEnabledAsync(myPermission1)).ShouldBeFalse(); using (CurrentPrincipalAccessor.Change(new Claim(AbpClaimTypes.EditionId, Guid.NewGuid().ToString()))) { (await PermissionStateManager.IsEnabledAsync(myPermission1)).ShouldBeTrue(); } }
public async Task SaveAsync(IdentitySecurityLogContext context) { Action <SecurityLogInfo> securityLogAction = securityLog => { securityLog.Identity = context.Identity; securityLog.Action = context.Action; if (!context.UserName.IsNullOrWhiteSpace()) { securityLog.UserName = context.UserName; } if (!context.ClientId.IsNullOrWhiteSpace()) { securityLog.ClientId = context.ClientId; } foreach (var property in context.ExtraProperties) { securityLog.ExtraProperties[property.Key] = property.Value; } }; if (CurrentUser.IsAuthenticated) { await SecurityLogManager.SaveAsync(securityLogAction); } else { if (context.UserName.IsNullOrWhiteSpace()) { await SecurityLogManager.SaveAsync(securityLogAction); } else { var user = await UserManager.FindByNameAsync(context.UserName); if (user != null) { using (CurrentPrincipalAccessor.Change(await UserClaimsPrincipalFactory.CreateAsync(user))) { await SecurityLogManager.SaveAsync(securityLogAction); } } else { await SecurityLogManager.SaveAsync(securityLogAction); } } } }
public override async Task <ClaimsPrincipal> CreateAsync(IdentityUser user) { var principal = await base.CreateAsync(user); var identity = principal.Identities.First(); if (user.TenantId.HasValue) { identity.AddIfNotContains(new Claim(AbpClaimTypes.TenantId, user.TenantId.ToString())); } if (!user.Name.IsNullOrWhiteSpace()) { identity.AddIfNotContains(new Claim(AbpClaimTypes.Name, user.Name)); } if (!user.Surname.IsNullOrWhiteSpace()) { identity.AddIfNotContains(new Claim(AbpClaimTypes.SurName, user.Surname)); } if (!user.PhoneNumber.IsNullOrWhiteSpace()) { identity.AddIfNotContains(new Claim(AbpClaimTypes.PhoneNumber, user.PhoneNumber)); } identity.AddIfNotContains( new Claim(AbpClaimTypes.PhoneNumberVerified, user.PhoneNumberConfirmed.ToString())); if (!user.Email.IsNullOrWhiteSpace()) { identity.AddIfNotContains(new Claim(AbpClaimTypes.Email, user.Email)); } identity.AddIfNotContains(new Claim(AbpClaimTypes.EmailVerified, user.EmailConfirmed.ToString())); using (CurrentPrincipalAccessor.Change(identity)) { var abpClaimsPrincipal = await AbpClaimsPrincipalFactory.CreateAsync(); foreach (var claim in abpClaimsPrincipal.Claims) { identity.AddIfNotContains(claim); } } return(principal); }
public virtual async Task ValidateAsync(ExtensionGrantValidationContext context) { var accessToken = context.Request.Raw["access_token"]; if (accessToken.IsNullOrWhiteSpace()) { context.Result = new GrantValidationResult { IsError = true, Error = "invalid_access_token" }; return; } var result = await TokenValidator.ValidateAccessTokenAsync(accessToken); if (result.IsError) { context.Result = new GrantValidationResult { IsError = true, Error = result.Error, ErrorDescription = result.ErrorDescription }; return; } using (CurrentPrincipalAccessor.Change(result.Claims)) { if (!Guid.TryParse(context.Request.Raw["LinkUserId"], out var linkUserId)) { context.Result = new GrantValidationResult { IsError = true, Error = "invalid_link_user_id" }; return; } Guid?linkTenantId = null; if (!context.Request.Raw["LinkTenantId"].IsNullOrWhiteSpace()) { if (!Guid.TryParse(context.Request.Raw["LinkTenantId"], out var parsedGuid)) { context.Result = new GrantValidationResult { IsError = true, Error = "invalid_link_tenant_id" }; return; } linkTenantId = parsedGuid; } var isLinked = await IdentityLinkUserManager.IsLinkedAsync( new IdentityLinkUserInfo(CurrentUser.GetId(), CurrentTenant.Id), new IdentityLinkUserInfo(linkUserId, linkTenantId), true); if (isLinked) { using (CurrentTenant.Change(linkTenantId)) { var user = await UserManager.GetByIdAsync(linkUserId); var sub = await UserManager.GetUserIdAsync(user); var additionalClaims = new List <Claim>(); await AddCustomClaimsAsync(additionalClaims, user, context); context.Result = new GrantValidationResult( sub, GrantType, additionalClaims.ToArray() ); } } else { context.Result = new GrantValidationResult { IsError = true, Error = Localizer["TheTargetUserIsNotLinkedToYou"] }; } } }