private async Task <ExternalAuthUserInfo> GetExternalUserInfo(ExternalAuthenticateModel model)
{
var userInfo = await _externalAuthManager.GetUserInfo(model.AuthProvider, model.ProviderAccessCode);
if (userInfo.ProviderKey != model.ProviderKey)
{
throw new UserFriendlyException(L("CouldNotValidateExternalUser"));
}
return(userInfo);
}
private bool ProviderKeysAreEqual(ExternalAuthenticateModel model, ExternalAuthUserInfo userInfo)
{
if (userInfo.ProviderKey == model.ProviderKey)
{
return(true);
}
;
return(userInfo.ProviderKey == model.ProviderKey.Replace("-", "").TrimStart('0'));
}
private async Task <ExternalAuthUserInfo> GetExternalUserInfo(ExternalAuthenticateModel model)
{
var userInfo = await _externalAuthManager.GetUserInfo(model.AuthProvider, model.ProviderAccessCode);
// Del by liumingyuan 2019-12-11 begin
//因为默认的ProviderKey要求同一个登陆器下的同一用唯一,但是微信小程序里只有OpenId能做到用户唯一,OpenId又不能放到网络里传输,因此就需要修改一下默认的方式
//if (userInfo.ProviderKey != model.ProviderKey)
//{
// throw new UserFriendlyException(L("CouldNotValidateExternalUser"));
//}
// Del by liumingyuan 2019-12-11 end
return(userInfo);
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var code = context.Request.Raw.Get("code");
var auth = context.Request.Raw.Get("auth");
ExternalAuthenticateModel model = new ExternalAuthenticateModel()
{
AuthProvider = auth,
ProviderAccessCode = code
};
var externalUser = await GetUserInfo(model);//await GetExternalUserInfo(model);
//var loginResult = await _logInManager.LoginAsync(
// new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider),
// GetTenancyNameOrNull());
var loginResult = await _logInManager.LoginAsync(
new UserLoginInfo(externalUser.Provider, externalUser.ProviderKey, externalUser.Provider),
GetTenancyNameOrNull());
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
context.Result = new GrantValidationResult(
subject: loginResult.Identity.Claims.First(c => c.Type == JwtRegisteredClaimNames.Sub).Value,
authenticationMethod: "passwrod",
claims: await CreateJwtClaims(loginResult)
);
break;
}
case AbpLoginResultType.UnknownExternalLogin:
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "未绑定");
break;
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
externalUser.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
public async Task <ExternalAuthenticateResultModel> ExternalAuthenticate([FromBody] ExternalAuthenticateModel model)
{
var externalUser = await GetExternalUserInfo(model);
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
var returnUrl = model.ReturnUrl;
if (model.SingleSignIn.HasValue && model.SingleSignIn.Value && loginResult.Result == AbpLoginResultType.Success)
{
loginResult.User.SetSignInToken();
returnUrl = AddSingleSignInParametersToReturnUrl(model.ReturnUrl, loginResult.User.SignInToken, loginResult.User.Id, loginResult.User.TenantId);
}
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds,
ReturnUrl = returnUrl
});
}
case AbpLoginResultType.UnknownExternalLogin:
{
var newUser = await RegisterExternalUserAsync(externalUser);
if (!newUser.IsActive)
{
return(new ExternalAuthenticateResultModel
{
WaitingForActivation = true
});
}
//Try to login again with newly registered user!
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
public async Task <ExternalAuthenticateResultModel> WeChatAuthenticate([FromBody] ExternalAuthenticateModel model)
{
var externalUser = await GetExternalUserInfo(model);
//Logger.Info($"用户模型:{Newtonsoft.Json.JsonConvert.SerializeObject(externalUser)}");
//Logger.Debug(Newtonsoft.Json.JsonConvert.SerializeObject(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider) ) + GetTenancyNameOrNull());
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
//Logger.Debug(loginResult.Result.ToString());
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncryptedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
case AbpLoginResultType.UnknownExternalLogin:
{
var newUser = await RegisterExternalUserAsync(externalUser);
if (!newUser.IsActive)
{
return(new ExternalAuthenticateResultModel
{
WaitingForActivation = true
});
}
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncryptedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
public async Task <ExternalAuthenticateResultModel> ExternalAuthenticate([FromBody] ExternalAuthenticateModel model)
{
Logger.Debug($"ExternalAuthenticate:{model.ToJsonString()}");
if (model.AuthProvider == "WechatH5")
{
var decryptText = SimpleStringCipher.Instance.Decrypt(model.ProviderAccessCode, AppConsts.DefaultPassPhrase);
var arr = decryptText.Split('|');
var expiredCode = DateTime.Now.AddMinutes(-1);
if (arr.Length > 1)
{
DateTime.TryParse(arr[1], out expiredCode);
}
if (expiredCode < DateTime.Now)
{
throw new AbpProjectNameBusinessException(ErrorCode.Forbidden);
}
model.ProviderAccessCode = arr[0];
}
var externalUser = await GetExternalUserInfo(model);
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
//登陆成功时更新sessionkey
if (externalUser is WechatMiniAuthUserInfo)
{
var userInfo = externalUser as WechatMiniAuthUserInfo;
EventBus.Trigger(new WechatLoginSuccessEventData
{
SessionKey = userInfo.SessionKey,
UserId = loginResult.User.Id
});
}
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
case AbpLoginResultType.UnknownExternalLogin:
{
var newUser = await RegisterExternalUserAsync(externalUser);
if (!newUser.IsActive)
{
return(new ExternalAuthenticateResultModel
{
WaitingForActivation = true
});
}
// Try to login again with newly registered user!
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
externalUser.ProviderKey,
GetTenancyNameOrNull()
);
}
return(new ExternalAuthenticateResultModel
{
AccessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity)),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
externalUser.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
public async Task <ExternalAuthenticateResultModel> ExternalAuthenticate([FromBody] ExternalAuthenticateModel model)
{
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Identity != null)
{
await _signInManager.SignInAsync(loginResult.Identity, true);
}
await UnitOfWorkManager.Current.SaveChangesAsync();
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
case AbpLoginResultType.UnknownExternalLogin:
{
var externalUser = new ExternalAuthUserInfo()
{
EmailAddress = model.EmailAddress,
Name = model.Name,
Provider = model.AuthProvider,
ProviderKey = model.ProviderKey,
Surname = model.Surname
};
var newUser = await RegisterExternalUserAsync(externalUser);
if (!newUser.IsActive)
{
return(new ExternalAuthenticateResultModel
{
WaitingForActivation = true
});
}
// Try to login again with newly registered user!
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
return(new ExternalAuthenticateResultModel
{
AccessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity)),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
public async Task <ExternalAuthenticateResultModel> ExternalAuthenticate([FromBody] ExternalAuthenticateModel model)
{
var externalUser = await GetExternalUserInfo(model);
// 判断是否有这个Key
var tenancyName = GetTenancyNameOrNull();
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), tenancyName);
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(await CreateJwtClaims(loginResult.Identity, loginResult.User));
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds,
UserId = loginResult.User.Id
});
}
case AbpLoginResultType.UnknownExternalLogin:
case AbpLoginResultType.UserIsNotActive:
if (loginResult.User == null)
{
// 该第三方key未绑定用户表信息
return(new ExternalAuthenticateResultModel
{
ProviderKey = model.ProviderKey,
WaitingForActivation = false,
UserId = 0
});
}
else
{
// 找到该用户,但是处于锁定状态
return(new ExternalAuthenticateResultModel
{
ProviderKey = model.ProviderKey,
WaitingForActivation = true,
UserId = (await _userManager.GetUserByEmail(externalUser.EmailAddress)).Id
});
}
default:
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
#region 旧版本
//switch (loginResult.Result)
//{
// case AbpLoginResultType.Success:
// {
// string accessToken = CreateAccessToken(await CreateJwtClaims(loginResult.Identity, loginResult.User));
// return new ExternalAuthenticateResultModel
// {
// AccessToken = accessToken,
// EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
// ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds,
// UserId = loginResult.User.Id
// };
// }
// case AbpLoginResultType.UnknownExternalLogin:
// {
// //注册新用户到数据库中
// User newUser = await RegisterExternalUserAsync(externalUser);
// if (!newUser.IsActive)
// {
// return new ExternalAuthenticateResultModel
// {
// WaitingForActivation = true,
// UserId = newUser.Id,
// ProviderKey = externalUser.ProviderKey,
// };
// }
// // Try to login again with newly registered user!
// loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
// if (loginResult.Result != AbpLoginResultType.Success)
// {
// throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
// loginResult.Result,
// model.ProviderKey,
// GetTenancyNameOrNull()
// );
// }
// return new ExternalAuthenticateResultModel
// {
// AccessToken = CreateAccessToken(await CreateJwtClaims(loginResult.Identity, loginResult.User)),
// ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
// };
// }
// case AbpLoginResultType.UserIsNotActive:
// {
// // 需要进行账号绑定激活
// return new ExternalAuthenticateResultModel
// {
// WaitingForActivation = true,
// UserId = (await _userManager.GetUserByEmail(externalUser.EmailAddress)).Id
// };
// }
// default:
// {
// throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
// loginResult.Result,
// model.ProviderKey,
// GetTenancyNameOrNull()
// );
// }
// }
#endregion
}
public async Task <ExternalAuthenticateResultModel> ExternalAuthenticate(ExternalAuthenticateModel model)
{
//var externalUser = await GetExternalUserInfo(model);
var loginResult = await _loginManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider));
switch (loginResult.Result)
{
case LoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
var permissions = await UserManager.GetGrantedPermissionsAsync(loginResult.User);
var result = new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds,
GrantedPermissions = permissions.Select(o => o.Name)
};
//如果是电脑浏览器登录,则需要记录当前token,用于限制同一时间单账号登录
if (model.ClientInfo == "Browser")
{
loginResult.User.SetData("currentToken", result.EncryptedAccessToken);
}
await UserManager.UpdateAsync(loginResult.User);
//HttpContext.Session.Set("LoginInfo", loginResult.User.Id);
return(result);
}
//case LoginResultType.UnknownExternalLogin:
// {
// var newUser = await RegisterExternalUserAsync(externalUser);
// if (!newUser.IsActive)
// {
// return new ExternalAuthenticateResultModel
// {
// WaitingForActivation = true
// };
// }
// //Try to login again with newly registered user!
// loginResult = await _loginManager.LoginAsync(new UserLoginInfo(model.AuthProvider, model.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
// if (loginResult.Result != LoginResultType.Success)
// {
// throw _loginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
// loginResult.Result,
// model.ProviderKey,
// GetTenancyNameOrNull()
// );
// }
// var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
// return new ExternalAuthenticateResultModel
// {
// AccessToken = accessToken,
// EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
// ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
// };
// }
default:
{
throw _loginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
model.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
public async Task <ExternalAuthenticateResultModel> ExternalAuthenticate([FromBody] ExternalAuthenticateModel model)
{
var externalUser = await GetExternalUserInfo(model);
var loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
{
var accessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity));
//登陆成功时更新sessionkey
if (externalUser is WechatAuthUserInfo)
{
var userInfo = externalUser as WechatAuthUserInfo;
EventBus.Trigger(new WechatLoginSuccessEventData
{
SessionKey = userInfo.SessionKey,
UserId = loginResult.User.Id
});
}
return(new ExternalAuthenticateResultModel
{
AccessToken = accessToken,
EncryptedAccessToken = GetEncrpyedAccessToken(accessToken),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
case AbpLoginResultType.UnknownExternalLogin:
{
var newUser = await RegisterExternalUserAsync(externalUser);
if (!newUser.IsActive)
{
return(new ExternalAuthenticateResultModel
{
WaitingForActivation = true
});
}
// Try to login again with newly registered user!
loginResult = await _logInManager.LoginAsync(new UserLoginInfo(model.AuthProvider, externalUser.ProviderKey, model.AuthProvider), GetTenancyNameOrNull());
if (loginResult.Result != AbpLoginResultType.Success)
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
externalUser.ProviderKey,
GetTenancyNameOrNull()
);
}
return(new ExternalAuthenticateResultModel
{
AccessToken = CreateAccessToken(CreateJwtClaims(loginResult.Identity)),
ExpireInSeconds = (int)_configuration.Expiration.TotalSeconds
});
}
default:
{
throw _abpLoginResultTypeHelper.CreateExceptionForFailedLoginAttempt(
loginResult.Result,
externalUser.ProviderKey,
GetTenancyNameOrNull()
);
}
}
}
private async Task <AuthUserInfo> GetUserInfo(ExternalAuthenticateModel model)
{
var userInfo = await _serviceAuthManager.GetUserInfo(model.AuthProvider, model.ProviderAccessCode);
return(userInfo);
}
