public async ValueTask <HttpResponseMessage> AuthCode_AskV2(AuthCodeAskV2 model)
{
string content = "?issuer=" + HttpUtility.UrlEncode(model.issuer)
+ "&client=" + HttpUtility.UrlEncode(model.client)
+ "&user="******"&redirect_uri=" + HttpUtility.UrlEncode(model.redirect_uri)
+ "&response_type=" + model.response_type
+ "&scope=" + HttpUtility.UrlEncode(model.scope);
return(await _http.GetAsync("oauth2/v2/acg-ask" + content));
}
public async ValueTask <AuthCodeV2> AuthCode_AskV2(AuthCodeAskV2 model)
{
var response = await Endpoints.AuthCode_AskV2(model);
if (response.IsSuccessStatusCode)
{
return(await response.Content.ReadAsAsync <AuthCodeV2>().ConfigureAwait(false));
}
throw new HttpRequestException(response.RequestMessage.ToString(),
new Exception(response.ToString()));
}
public IActionResult AuthCodeV2_Ask([FromQuery] AuthCodeAskV2 input)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
//clean out cruft from encoding...
input.issuer = HttpUtility.UrlDecode(input.issuer);
input.client = HttpUtility.UrlDecode(input.client);
input.user = HttpUtility.UrlDecode(input.user);
input.redirect_uri = HttpUtility.UrlDecode(input.redirect_uri);
input.scope = HttpUtility.UrlDecode(input.scope);
Guid issuerID;
tbl_Issuer issuer;
//check if identifier is guid. resolve to guid if not.
if (Guid.TryParse(input.issuer, out issuerID))
{
issuer = uow.Issuers.Get(x => x.Id == issuerID).SingleOrDefault();
}
else
{
issuer = uow.Issuers.Get(x => x.Name == input.issuer).SingleOrDefault();
}
if (issuer == null)
{
ModelState.AddModelError(MessageType.IssuerNotFound.ToString(), $"Issuer:{input.issuer}");
return(NotFound(ModelState));
}
Guid audienceID;
tbl_Audience audience;
//check if identifier is guid. resolve to guid if not.
if (Guid.TryParse(input.client, out audienceID))
{
audience = uow.Audiences.Get(x => x.Id == audienceID, x => x.Include(u => u.tbl_Urls)).SingleOrDefault();
}
else
{
audience = uow.Audiences.Get(x => x.Name == input.client, x => x.Include(u => u.tbl_Urls)).SingleOrDefault();
}
if (audience == null)
{
ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:{input.client}");
return(NotFound(ModelState));
}
Guid userID;
tbl_User user;
//check if identifier is guid. resolve to guid if not.
if (Guid.TryParse(input.user, out userID))
{
user = uow.Users.Get(x => x.Id == userID).SingleOrDefault();
}
else
{
user = uow.Users.Get(x => x.UserName == input.user).SingleOrDefault();
}
if (user == null)
{
ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{input.user}");
return(NotFound(ModelState));
}
//check that user is confirmed...
//check that user is not locked...
else if (uow.Users.IsLockedOut(user) ||
!user.EmailConfirmed ||
!user.PasswordConfirmed)
{
ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}");
return(BadRequest(ModelState));
}
var authorize = new Uri(string.Format("{0}/{1}/{2}", conf["IdentityMeUrls:BaseUiUrl"], conf["IdentityMeUrls:BaseUiPath"], "authorize"));
var redirect = new Uri(input.redirect_uri);
//check if there is redirect url defined for client. if not then use base url for identity ui.
if (audience.tbl_Urls.Any(x => x.UrlHost == null && x.UrlPath == redirect.AbsolutePath))
{
redirect = new Uri(string.Format("{0}/{1}/{2}", conf["IdentityMeUrls:BaseUiUrl"], conf["IdentityMeUrls:BaseUiPath"], "authorize-callback"));
}
else if (audience.tbl_Urls.Any(x => new Uri(x.UrlHost + x.UrlPath).AbsoluteUri == redirect.AbsoluteUri))
{
}
else
{
ModelState.AddModelError(MessageType.UriInvalid.ToString(), $"Uri:{input.redirect_uri}");
return(BadRequest(ModelState));
}
var expire = uow.Settings.Get(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null &&
x.ConfigKey == SettingsConstants.TotpExpire).Single();
var state = uow.States.Create(
map.Map <tbl_State>(new StateV1()
{
IssuerId = issuer.Id,
AudienceId = audience.Id,
UserId = user.Id,
StateValue = AlphaNumeric.CreateString(32),
StateType = ConsumerType.User.ToString(),
StateConsume = false,
ValidFromUtc = DateTime.UtcNow,
ValidToUtc = DateTime.UtcNow.AddSeconds(uint.Parse(expire.ConfigValue)),
}));
uow.Commit();
return(RedirectPermanent(
UrlFactory.GenerateAuthCodeV2(authorize, redirect, issuer.Id.ToString(), audience.Id.ToString(), user.Id.ToString(), state.StateValue).AbsoluteUri));
}
