public void When_creating_a_student_should_not_leave_any_tracked_components()
{
using (var startup = new OwinStartup(DatabaseName, _localEducationAgencyIds))
{
var trackedComponents = startup.GetTrackedComponents();
int trackedComponentCount = trackedComponents.Count();
trackedComponentCount.ShouldBe(0);
using (var server = TestServer.Create(startup.Configuration))
{
using (var client = new HttpClient(server.Handler))
{
client.Timeout = DefaultHttpClientTimeout;
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"Bearer",
Guid.NewGuid()
.ToString());
var createResponse = StudentHelper.CreateStudent(client, DataSeedHelper.RandomName, DataSeedHelper.RandomName);
createResponse.ResponseMessage.EnsureSuccessStatusCode();
createResponse.ResponseMessage.StatusCode.ShouldBe(HttpStatusCode.Created);
}
trackedComponents = startup.GetTrackedComponents();
trackedComponentCount = trackedComponents.Count();
trackedComponentCount.ShouldBe(
0,
"Tracked Components: " + string.Join(", ", trackedComponents.Select(tc => tc.Key.ToString())));
}
}
}
public async Task <IActionResult> Accept(CancellationToken cancellationToken)
{
var response = HttpContext.GetOpenIdConnectResponse();
if (response != null)
{
return(View("Error", response));
}
var request = HttpContext.GetOpenIdConnectRequest();
if (request == null)
{
return(View("Error", new OpenIdConnectMessage
{
Error = OpenIdConnectConstants.Errors.ServerError,
ErrorDescription = "An internal error has occurred"
}));
}
// Create a new ClaimsIdentity containing the claims that
// will be used to create an id_token, a token or a code.
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
// Copy the claims retrieved from the external identity provider
// (e.g Google, Facebook, a WS-Fed provider or another OIDC server).
foreach (var claim in HttpContext.User.Claims)
{
// Allow ClaimTypes.Name to be added in the id_token.
// ClaimTypes.NameIdentifier is automatically added, even if its
// destination is not defined or doesn't include "id_token".
// The other claims won't be visible for the client application.
if (claim.Type == ClaimTypes.Name)
{
claim.SetDestinations(OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
}
// Include the GivenName claim
else if (claim.Type == ClaimTypes.GivenName)
{
claim.SetDestinations(OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
}
// Include the GivenName claim
else if (claim.Type == ClaimTypes.Surname)
{
claim.SetDestinations(OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
}
identity.AddClaim(claim);
}
var application = await GetApplicationAsync(request.ClientId, cancellationToken);
if (application == null)
{
return(View("Error", new OpenIdConnectMessage
{
Error = OpenIdConnectConstants.Errors.InvalidClient,
ErrorDescription = "Details concerning the calling client application cannot be found in the database"
}));
}
// Create a new ClaimsIdentity containing the claims associated with the application.
// Note: setting identity.Actor is not mandatory but can be useful to access
// the whole delegation chain from the resource server (see ResourceController.cs).
identity.Actor = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.Actor.AddClaim(ClaimTypes.NameIdentifier, application.ApplicationID);
identity.Actor.AddClaim(ClaimTypes.Name, application.DisplayName,
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
// Create a new authentication ticket holding the user identity.
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
// Set the list of scopes granted to the client application.
// Note: this sample always grants the "openid", "email" and "profile" scopes
// when they are requested by the client application: a real world application
// would probably display a form allowing to select the scopes to grant.
ticket.SetScopes(new[] {
/* openid: */ OpenIdConnectConstants.Scopes.OpenId,
/* email: */ OpenIdConnectConstants.Scopes.Email,
/* profile: */ OpenIdConnectConstants.Scopes.Profile,
/* offline_access: */ OpenIdConnectConstants.Scopes.OfflineAccess
}.Intersect(request.GetScopes()));
// Set the resources servers the access token should be issued for.
ticket.SetResources("resource_server");
//add the user to the database if he doesn't exist yet
var firstName = GetGivenName(ticket);
var lastname = GetSurname(ticket);
if (!_studentsRepo.DoesStudentExist(firstName, lastname))
{
var newStudent = StudentHelper.CreateStudent(firstName, lastname);
_studentsRepo.Add(newStudent);
}
// Returning a SignInResult will ask ASOS to serialize the specified identity to build appropriate tokens.
// Note: you should always make sure the identities you return contain ClaimTypes.NameIdentifier claim.
// In this sample, the identity always contains the name identifier returned by the external provider.
return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme));
}