public async Task <ClientPostLogoutRedirectUri> AddPostLogoutRedirectUri(ClientPostLogoutRedirectUri postLogoutRedirectUri, string clientId)
{
var client = await _context.Clients.SingleAsync(c => c.ClientId == clientId);
postLogoutRedirectUri.Client = client;
_context.ClientPostLogoutRedirectUris.Add(postLogoutRedirectUri);
await _context.SaveChangesAsync();
return(postLogoutRedirectUri);
}
public void UpdateClientAuthorization(int id, ClientDto clientDto)
{
Client client = this.Session.Get <Client>(id);
if (client == null)
{
throw new FluentValidationException($"客户端{id}不存在。");
}
client.FrontChannelLogoutUri = clientDto.FrontChannelLogoutUri;
client.FrontChannelLogoutSessionRequired = clientDto.FrontChannelLogoutSessionRequired;
client.BackChannelLogoutUri = clientDto.BackChannelLogoutUri;
client.BackChannelLogoutSessionRequired = clientDto.BackChannelLogoutSessionRequired;
client.EnableLocalLogin = clientDto.EnableLocalLogin;
client.UserSsoLifetime = clientDto.UserSsoLifetime;
var transaction = this.Session.BeginTransaction();
try
{
this.Session.Update(client);
this.Session.CreateQuery("delete from ClientPostLogoutRedirectUri where ClientId=:ClientId")
.SetInt32("ClientId", id)
.ExecuteUpdate();
clientDto.PostLogoutRedirectUris.ForEach(postLogoutRedirectUri =>
{
ClientPostLogoutRedirectUri clientPostLogoutRedirectUri = new ClientPostLogoutRedirectUri();
clientPostLogoutRedirectUri.ClientId = client.Id;
clientPostLogoutRedirectUri.PostLogoutRedirectUri = postLogoutRedirectUri;
this.Session.Save(clientPostLogoutRedirectUri);
});
this.Session.CreateQuery("delete from ClientIdPRestriction where ClientId=:ClientId")
.SetInt32("ClientId", id)
.ExecuteUpdate();
clientDto.IdentityProviderRestrictions.ForEach(provider =>
{
ClientIdPRestriction clientIdPRestriction = new ClientIdPRestriction();
clientIdPRestriction.ClientId = client.Id;
clientIdPRestriction.Provider = provider;
this.Session.Save(clientIdPRestriction);
});
transaction.Commit();
}
catch (Exception ex)
{
transaction.Rollback();
throw ex;
}
}
public async Task AddPostLogoutRedirectUri(string uri, int clientDbId)
{
var client = await _dbContext.Clients.FirstOrDefaultAsync(c => c.Id == clientDbId);
if (client == null)
{
throw new ArgumentException($"No Client with id: {clientDbId}");
}
var clientPostLogoutRedirectUri = new ClientPostLogoutRedirectUri
{
Uri = uri.ToLower(),
Client = client
};
_dbContext.ClientPostLogoutRedirectUris.Add(clientPostLogoutRedirectUri);
await _dbContext.SaveChangesAsync();
}
private void AddClients(Client ct)
{
var client = new Client <Guid>()
{
AbsoluteRefreshTokenLifetime = ct.AbsoluteRefreshTokenLifetime,
AccessTokenLifetime = ct.AccessTokenLifetime,
AccessTokenType = ct.AccessTokenType,
AllowAccessToAllGrantTypes = ct.AllowAccessToAllCustomGrantTypes,
AllowAccessToAllScopes = ct.AllowAccessToAllScopes,
AllowClientCredentialsOnly = ct.AllowClientCredentialsOnly,
AllowPromptNone = ct.AllowPromptNone,
AllowRememberConsent = ct.AllowRememberConsent,
AlwaysSendClientClaims = ct.AlwaysSendClientClaims,
AuthorizationCodeLifetime = ct.AuthorizationCodeLifetime,
ClientId = ct.ClientId,
ClientName = ct.ClientName,
ClientUri = ct.ClientUri,
EnableLocalLogin = ct.EnableLocalLogin,
Enabled = ct.Enabled,
Flow = ct.Flow,
IdentityTokenLifetime = ct.IdentityTokenLifetime,
IncludeJwtId = ct.IncludeJwtId,
LogoUri = ct.LogoUri,
LogoutSessionRequired = ct.LogoutSessionRequired,
LogoutUri = ct.LogoutUri,
PrefixClientClaims = ct.PrefixClientClaims,
RefreshTokenExpiration = ct.RefreshTokenExpiration,
RefreshTokenUsage = ct.RefreshTokenUsage,
RequireConsent = ct.RequireConsent, //设置为true会有问题?
SlidingRefreshTokenLifetime = ct.SlidingRefreshTokenLifetime,
UpdateAccessTokenOnRefresh = ct.UpdateAccessTokenClaimsOnRefresh
};
client.ClientSecrets = new List <ClientSecret <Guid> >();
client.AllowedScopes = new List <ClientScope <Guid> >();
client.RedirectUris = new List <ClientRedirectUri <Guid> >();
client.IdentityProviderRestrictions = new List <ClientProviderRestriction <Guid> >();
client.PostLogoutRedirectUris = new List <ClientPostLogoutRedirectUri <Guid> >();
client.AllowedCustomGrantTypes = new List <ClientCustomGrantType <Guid> >();
client.Claims = new List <ClientClaim <Guid> >();
client.AllowedCorsOrigins = new List <ClientCorsOrigin <Guid> >();
//Add Secrets
foreach (var secret in ct.ClientSecrets)
{
var clientSecret = new ClientSecret <Guid>()
{
Description = secret.Description,
Expiration = secret.Expiration.HasValue ? (DateTime?)secret.Expiration.Value.DateTime : null,
Type = secret.Type,
Value = secret.Value
};
client.ClientSecrets.Add(clientSecret);
}
//Add Scopes
foreach (var scope in ct.AllowedScopes)
{
var allowedScope = new ClientScope <Guid>()
{
Scope = scope
};
client.AllowedScopes.Add(allowedScope);
}
//Add RedirectUris
foreach (var redirectUri in ct.RedirectUris)
{
var clientRedirectUri = new ClientRedirectUri <Guid>()
{
Uri = redirectUri
};
client.RedirectUris.Add(clientRedirectUri);
}
//Add ProviderRestrictions
foreach (var provider in ct.IdentityProviderRestrictions)
{
var clientProviderRestriction = new ClientProviderRestriction <Guid>()
{
Provider = provider
};
client.IdentityProviderRestrictions.Add(clientProviderRestriction);
}
//Add ClientPostLogoutRedirectUri
foreach (var postLogoutRedirectUri in ct.PostLogoutRedirectUris)
{
var clientPostLogoutRedirectUri = new ClientPostLogoutRedirectUri <Guid>()
{
Uri = postLogoutRedirectUri
};
client.PostLogoutRedirectUris.Add(clientPostLogoutRedirectUri);
}
//Add ClientCustomGrantTypes
foreach (var customGrantType in ct.AllowedCustomGrantTypes)
{
var clientCustomerGrantType = new ClientCustomGrantType <Guid>()
{
GrantType = customGrantType
};
client.AllowedCustomGrantTypes.Add(clientCustomerGrantType);
}
//Add ClientClaims
foreach (var claim in ct.Claims)
{
var clientClaim = new ClientClaim <Guid>()
{
Type = claim.Type,
Value = claim.Value
};
client.Claims.Add(clientClaim);
}
//Add ClientCorsOrigins
foreach (var corsOrigin in ct.AllowedCorsOrigins)
{
var clientCorsOrigin = new ClientCorsOrigin <Guid>()
{
Origin = corsOrigin
};
client.AllowedCorsOrigins.Add(clientCorsOrigin);
}
_clientContext.Clients.Add(client);
_clientContext.SaveChanges();
}
public Result <int> Update(ClientModel model, int id)
{
try
{
var result = new Result <int>();
var existingClient = clientContext.Clients
.Where(x => x.Id == id)
.Include(x => x.AllowedScopes)
.Include(x => x.ClientSecrets)
.Include(x => x.RedirectUris)
.Include(x => x.PostLogoutRedirectUris)
.Include(x => x.AllowedCorsOrigins)
.Include(x => x.IdentityProviderRestrictions)
.Include(x => x.Claims)
.Include(x => x.AllowedCustomGrantTypes)
.SingleOrDefault();
if (existingClient == null)
{
result.Exists = false;
return(result);
}
var duplicateClientId = clientContext.Clients
.Where(x => x.ClientId == model.ClientId)
.FirstOrDefault();
if (duplicateClientId != null && duplicateClientId.Id != id)
{
throw new Exception("pre-existing clientid");
}
clientContext.Entry(existingClient).CurrentValues.SetValues(model); // copy all values from object
#region Update related properties
var exRedirectUris = existingClient.RedirectUris.ToList();
//delete redirect uri's that have been removed
foreach (var item in exRedirectUris)
{
if (!model.RedirectUris.Any(x => x.Id == item.Id))
{
existingClient.RedirectUris.Remove(item);
}
}
if (model.RedirectUris != null && model.RedirectUris.Any())
{
//update and add new uris
foreach (var item in model.RedirectUris)
{
var exRedirectUri = existingClient.RedirectUris.FirstOrDefault(x => x.Id == item.Id);
if (exRedirectUri != null)
{
clientContext.Entry(exRedirectUri).CurrentValues.SetValues(item);
}
else
{
var redirectUri = new ClientRedirectUri
{
Uri = item.Uri,
};
existingClient.RedirectUris.Add(redirectUri);
}
}
}
//delete post redirect uri's that have been removed
var exPostRedirectUris = existingClient.PostLogoutRedirectUris.ToList();
foreach (var item in exPostRedirectUris)
{
if (!model.PostLogoutRedirectUris.Any(x => x.Id == item.Id))
{
existingClient.PostLogoutRedirectUris.Remove(item);
}
}
if (model.PostLogoutRedirectUris != null && model.PostLogoutRedirectUris.Any())
{
foreach (var item in model.PostLogoutRedirectUris)
{
var exPostRedirectUri = existingClient.PostLogoutRedirectUris.FirstOrDefault(x => x.Id == item.Id);
if (exPostRedirectUri != null)
{
clientContext.Entry(exPostRedirectUri).CurrentValues.SetValues(item);
}
else
{
var postRedirectUri = new ClientPostLogoutRedirectUri
{
Uri = item.Uri,
};
existingClient.PostLogoutRedirectUris.Add(postRedirectUri);
}
}
}
//update and add new post redirect uris
var exIdProvRestrictions = existingClient.IdentityProviderRestrictions.ToList();
foreach (var item in exIdProvRestrictions)
{
if (!model.IdentityProviderRestrictions.Any(x => x.Id == item.Id))
{
existingClient.IdentityProviderRestrictions.Remove(item);
}
}
if (model.IdentityProviderRestrictions != null && model.IdentityProviderRestrictions.Any())
{
foreach (var item in model.IdentityProviderRestrictions)
{
var exIdProvRestriction = existingClient.IdentityProviderRestrictions.FirstOrDefault(x => x.Id == item.Id);
if (exIdProvRestriction != null)
{
clientContext.Entry(exIdProvRestriction).CurrentValues.SetValues(item);
}
else
{
var IdentityProvRestriction = new ClientIdPRestriction
{
Provider = item.Provider,
};
existingClient.IdentityProviderRestrictions.Add(exIdProvRestriction);
}
}
}
//update and add new post redirect uris
//delete post redirect uri's that have been removed
//delete allowed scopes that have been removed
var exScopes = existingClient.AllowedScopes.ToList();
foreach (var item in exScopes)
{
if (!model.AllowedScopes.Any(x => x.Id == item.Id))
{
existingClient.AllowedScopes.Remove(item);
}
}
if (model.AllowedScopes != null && model.AllowedScopes.Any())
{
foreach (var item in model.AllowedScopes)
{
var exScope = existingClient.AllowedScopes.FirstOrDefault(x => x.Id == item.Id);
if (exScope != null)
{
clientContext.Entry(exScope).CurrentValues.SetValues(item);
}
else
{
var newScope = new ClientScope
{
Scope = item.Scope,
};
existingClient.AllowedScopes.Add(newScope);
}
}
}
//delete client claims that have been removed
var exClaims = existingClient.Claims.ToList();
foreach (var item in exClaims)
{
if (!model.Claims.Any(x => x.Id == item.Id))
{
existingClient.Claims.Remove(item);
}
}
if (model.Claims != null && model.Claims.Any())
{
//update and add new post redirect uris
foreach (var item in model.Claims)
{
var exClaim = existingClient.Claims.FirstOrDefault(x => x.Id == item.Id);
if (exClaim != null)
{
clientContext.Entry(exClaim).CurrentValues.SetValues(item);
}
else
{
var newClaim = new ClientClaim
{
Type = item.Type,
Value = item.Value
};
existingClient.Claims.Add(newClaim);
}
}
}
//delete client claims that have been removed
var exAllowedCors = existingClient.AllowedCorsOrigins.ToList();
foreach (var item in exAllowedCors)
{
if (!model.AllowedCorsOrigins.Any(x => x.Id == item.Id))
{
existingClient.AllowedCorsOrigins.Remove(item);
}
}
if (model.AllowedCorsOrigins != null && model.AllowedCorsOrigins.Any())
{
//update and add new post redirect uris
foreach (var item in model.AllowedCorsOrigins)
{
var exAllowedCor = existingClient.AllowedCorsOrigins.FirstOrDefault(x => x.Id == item.Id);
if (exAllowedCor != null)
{
clientContext.Entry(exAllowedCor).CurrentValues.SetValues(item);
}
else
{
var newClientCor = new ClientCorsOrigin
{
Origin = item.Origin
};
existingClient.AllowedCorsOrigins.Add(newClientCor);
}
}
}
//delete custom grant types that have been removed
var exCustomGrants = existingClient.AllowedCustomGrantTypes.ToList();
foreach (var item in exCustomGrants)
{
if (!model.AllowedCustomGrantTypes.Any(x => x.Id == item.Id))
{
existingClient.AllowedCustomGrantTypes.Remove(item);
}
}
if (model.AllowedCustomGrantTypes != null && model.AllowedCustomGrantTypes.Any())
{
//update and add new post redirect uris
foreach (var item in model.AllowedCustomGrantTypes)
{
var exCustomGrant = existingClient.AllowedCustomGrantTypes.FirstOrDefault(x => x.Id == item.Id);
if (exCustomGrant != null)
{
clientContext.Entry(exCustomGrant).CurrentValues.SetValues(item);
}
else
{
var newCustomGrant = new ClientCustomGrantType
{
GrantType = item.GrantType
};
existingClient.AllowedCustomGrantTypes.Add(newCustomGrant);
}
}
}
//delete custom grant types that have been removed
var exSecrets = existingClient.ClientSecrets.ToList();
foreach (var item in exSecrets)
{
if (!model.ClientSecrets.Any(x => x.Id == item.Id))
{
existingClient.ClientSecrets.Remove(item);
}
}
if (model.ClientSecrets != null && model.ClientSecrets.Any())
{
//update and add new post redirect uris
foreach (var item in model.ClientSecrets)
{
var exSecret = existingClient.ClientSecrets.FirstOrDefault(x => x.Id == item.Id);
if (exSecret != null)
{
exSecret.Value = exSecret.Value;
clientContext.Entry(exSecret).CurrentValues.SetValues(item);
}
else
{
var newSecret = new ClientSecret
{
Type = item.Type,
Value = item.Value.Sha256(),
Expiration = item.Expiration,
Description = item.Description,
};
existingClient.ClientSecrets.Add(newSecret);
}
}
}
#endregion
clientContext.SaveChanges();
result.Exists = true;
result.Response = existingClient.Id;
result.CustomValue = existingClient.ClientName;
return(result);
}
catch (Exception ex)
{
ErrorLogger.Log(ex);
throw;
}
}
public async Task OnPostAsync()
{
// Arrange
const string postLogoutRedirectUri1OriginalRedirectUri = "Original PostLogoutRedirectUri";
const string postLogoutRedirectUri1EditedRedirectUri = "Edited PostLogoutRedirectUri";
const string newPostLogoutRedirectUriRedirectUri = "New PostLogoutRedirectUri";
var databaseName = $"{DatabaseNamePrefix}.{nameof(OnPostAsync)}";
var options = new DbContextOptionsBuilder <IdentityServerDbContext>()
.UseInMemoryDatabase(databaseName)
.Options;
PostLogoutRedirectUrisModel postLogoutRedirectUris;
IActionResult post;
var postLogoutRedirectUri1 = new ClientPostLogoutRedirectUri
{
Id = Random.Next(),
PostLogoutRedirectUri = postLogoutRedirectUri1OriginalRedirectUri
};
var postLogoutRedirectUri2 = new ClientPostLogoutRedirectUri {
Id = Random.Next()
};
var clientId = Random.Next();
var client = new Client
{
Id = clientId,
PostLogoutRedirectUris = new List <ClientPostLogoutRedirectUri>
{
postLogoutRedirectUri1,
postLogoutRedirectUri2
}
};
using (var context = new IdentityServerDbContext(options, _configurationStoreOptions.Object, _operationalStoreOptions.Object))
{
context.Add(client);
await context.SaveChangesAsync().ConfigureAwait(false);
}
// Act
using (var context = new IdentityServerDbContext(options, _configurationStoreOptions.Object, _operationalStoreOptions.Object))
{
postLogoutRedirectUris = new PostLogoutRedirectUrisModel(context)
{
Client = new Client
{
Id = clientId,
PostLogoutRedirectUris = new List <ClientPostLogoutRedirectUri>
{
new ClientPostLogoutRedirectUri
{
Id = postLogoutRedirectUri1.Id,
PostLogoutRedirectUri = postLogoutRedirectUri1EditedRedirectUri
},
new ClientPostLogoutRedirectUri {
PostLogoutRedirectUri = newPostLogoutRedirectUriRedirectUri
}
}
}
};
post = await postLogoutRedirectUris.OnPostAsync().ConfigureAwait(false);
}
// Assert
using (var context = new IdentityServerDbContext(options, _configurationStoreOptions.Object, _operationalStoreOptions.Object))
{
client = await context.Clients
.Include(x => x.PostLogoutRedirectUris)
.SingleOrDefaultAsync(x => x.Id.Equals(clientId))
.ConfigureAwait(false);
postLogoutRedirectUri1 = client.PostLogoutRedirectUris.SingleOrDefault(x => x.Id.Equals(postLogoutRedirectUri1.Id));
postLogoutRedirectUri2 = client.PostLogoutRedirectUris.SingleOrDefault(x => x.Id.Equals(postLogoutRedirectUri2.Id));
var newPostLogoutRedirectUri = client.PostLogoutRedirectUris.SingleOrDefault(x => x.PostLogoutRedirectUri.Equals(newPostLogoutRedirectUriRedirectUri));
Assert.NotNull(postLogoutRedirectUri1);
Assert.Equal(postLogoutRedirectUri1EditedRedirectUri, postLogoutRedirectUri1.PostLogoutRedirectUri);
Assert.Null(postLogoutRedirectUri2);
Assert.NotNull(newPostLogoutRedirectUri);
}
var result = Assert.IsType <RedirectToPageResult>(post);
Assert.Equal("../Details/PostLogoutRedirectUris", result.PageName);
Assert.Collection(result.RouteValues, routeValue =>
{
var(key, value) = routeValue;
Assert.Equal(nameof(Client.Id), key);
Assert.Equal(postLogoutRedirectUris.Client.Id, value);
});
}
//Post-logout uri
public static PostLogoutUrisModel ToModel(this ClientPostLogoutRedirectUri entity)
{
return(entity.MapTo <ClientPostLogoutRedirectUri, PostLogoutUrisModel>());
}
