public async Task <IActionResult> CodeToOpenId(CodeToOpenIdAddressModel model) { var appId = _tokenManager.ValidateAccessToken(model.AccessToken); var targetPack = await _dbContext .OAuthPack .SingleOrDefaultAsync(t => t.Code == model.Code); if (targetPack == null) { return(this.Protocol(ErrorType.WrongKey, "The code doesn't exists in our database.")); } // Use time is more than 10 seconds from now. if (targetPack.UseTime != DateTime.MinValue && targetPack.UseTime + TimeSpan.FromSeconds(10) < DateTime.UtcNow) { return(this.Protocol(ErrorType.HasDoneAlready, "Code is used already!")); } if (targetPack.ApplyAppId != appId) { return(this.Protocol(ErrorType.Unauthorized, "The app granted code is not the app granting access token!")); } var capp = (await _apiService.AppInfoAsync(targetPack.ApplyAppId)).App; if (!capp.ViewOpenId) { return(this.Protocol(ErrorType.Unauthorized, "The app doesn't have view open id permission.")); } targetPack.UseTime = DateTime.UtcNow; await _dbContext.SaveChangesAsync(); var viewModel = new CodeToOpenIdViewModel { OpenId = targetPack.UserId, Scope = "scope", Message = "Successfully get user openid", Code = ErrorType.Success }; return(Json(viewModel)); }
public async Task <IActionResult> Authorize(AuthorizeAddressModel model) { App app; try { app = (await _apiService.AppInfoAsync(model.appid)).App; } catch (AiurUnexceptedResponse) { return(NotFound()); } if (!ModelState.IsValid) { return(View("AuthError")); } var url = new Uri(model.redirect_uri); var user = await GetCurrentUserAsync(); // Wrong domain if (url.Host != app.AppDomain && app.DebugMode == false) { ModelState.AddModelError(string.Empty, "Redirect uri did not work in the valid domain!"); _logger.LogInformation($"A request with appId {model.appid} is access wrong domian."); return(View("AuthError")); } // Signed in. App is not in force input password mode. User did not specify force input. else if (user != null && app.ForceInputPassword != true && model.forceConfirm != true) { return(await FinishAuth(model.Convert(user.Email), app.ForceConfirmation)); } // Not signed in but we don't want his info else if (model.tryAutho == true) { return(Redirect($"{url.Scheme}://{url.Host}:{url.Port}/?{Values.DirectShowString.Key}={Values.DirectShowString.Value}")); } var viewModel = new AuthorizeViewModel(model.redirect_uri, model.state, model.appid, model.scope, model.response_type, app.AppName, app.AppIconAddress); return(View(viewModel)); }