public async Task <DiscoveryInformation> Execute() { var result = new DiscoveryInformation(); // Returns only the exposed scopes var scopes = await _scopeRepository.GetAllAsync(); var scopeSupportedNames = new string[0]; if (scopes != null || scopes.Any()) { scopeSupportedNames = scopes.Where(s => s.IsExposed).Select(s => s.Name).ToArray(); } var responseTypesSupported = GetSupportedResponseTypes(Constants.Supported.SupportedAuthorizationFlows); var grantTypesSupported = GetSupportedGrantTypes(); var tokenAuthMethodSupported = GetSupportedTokenEndPointAuthMethods(); result.ClaimsParameterSupported = true; result.RequestParameterSupported = true; result.RequestUriParameterSupported = true; result.RequireRequestUriRegistration = true; result.ClaimsSupported = (await _claimRepository.GetAllAsync()).Select(c => c.Code).ToArray(); result.ScopesSupported = scopeSupportedNames; result.ResponseTypesSupported = responseTypesSupported; result.ResponseModesSupported = Constants.Supported.SupportedResponseModes.ToArray(); result.GrantTypesSupported = grantTypesSupported; result.SubjectTypesSupported = Constants.Supported.SupportedSubjectTypes.ToArray(); result.TokenEndpointAuthMethodSupported = tokenAuthMethodSupported; result.IdTokenSigningAlgValuesSupported = Constants.Supported.SupportedJwsAlgs.ToArray(); return(result); }
public async Task <ExternalOpenIdAuthenticationResult> Execute( List <Claim> claims, AuthorizationParameter authorizationParameter, string code) { // 1. Check parameters. if (claims == null || !claims.Any()) { throw new ArgumentNullException(nameof(claims)); } if (authorizationParameter == null) { throw new ArgumentNullException(nameof(authorizationParameter)); } if (string.IsNullOrWhiteSpace(code)) { throw new ArgumentNullException(nameof(code)); } // 2. Subject cannot be extracted. var subject = claims.GetSubject(); if (string.IsNullOrWhiteSpace(subject)) { throw new IdentityServerException(ErrorCodes.UnhandledExceptionCode, ErrorDescriptions.NoSubjectCanBeExtracted); } // 3. Create the resource owner if needed. var resourceOwner = await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(subject); if (resourceOwner == null) { var standardClaims = await _claimRepository.GetAllAsync(); resourceOwner = new ResourceOwner { Id = subject, IsLocalAccount = false, TwoFactorAuthentication = TwoFactorAuthentications.NONE, Claims = claims.Where(c => standardClaims.Any(sc => sc == c.Type)).ToList() }; if (!resourceOwner.Claims.Any(c => c.Type == Jwt.Constants.StandardResourceOwnerClaimNames.Subject)) { resourceOwner.Claims.Add(new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject)); } await _resourceOwnerRepository.InsertAsync(resourceOwner); } return(new ExternalOpenIdAuthenticationResult { ActionResult = await _authenticateHelper.ProcessRedirection(authorizationParameter, code, "subject", claims), Claims = resourceOwner.Claims }); }
public async Task <bool> Execute(AddUserParameter addUserParameter) { if (addUserParameter == null) { throw new ArgumentNullException(nameof(addUserParameter)); } if (string.IsNullOrEmpty(addUserParameter.Login)) { throw new ArgumentNullException(nameof(addUserParameter.Login)); } if (string.IsNullOrWhiteSpace(addUserParameter.Password)) { throw new ArgumentNullException(nameof(addUserParameter.Password)); } if (await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(addUserParameter.Login, addUserParameter.Password) != null) { throw new IdentityServerException( Errors.ErrorCodes.UnhandledExceptionCode, Errors.ErrorDescriptions.TheRoWithCredentialsAlreadyExists); } var newClaims = new List <Claim> { new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt, DateTime.UtcNow.ToString()), new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, addUserParameter.Login) }; var newResourceOwner = new ResourceOwner { Id = addUserParameter.Login, Claims = newClaims, TwoFactorAuthentication = TwoFactorAuthentications.NONE, IsLocalAccount = true, Password = _authenticateResourceOwnerService.GetHashedPassword(addUserParameter.Password) }; var claims = (await _claimRepository.GetAllAsync()).Select(c => c.Code); if (addUserParameter.Claims != null) { foreach (var claim in addUserParameter.Claims.Where(c => claims.Contains(c.Type))) { newResourceOwner.Claims.Add(claim); } } if (!newResourceOwner.Claims.Any(c => c.Type == Jwt.Constants.StandardResourceOwnerClaimNames.Subject)) { newResourceOwner.Claims.Add(new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, addUserParameter.Login)); } await _resourceOwnerRepository.InsertAsync(newResourceOwner); return(true); }
public async Task <bool> Execute(UpdateResourceOwnerClaimsParameter request) { if (request == null) { throw new ArgumentNullException(nameof(request)); } var resourceOwner = await _resourceOwnerRepository.GetAsync(request.Login); if (resourceOwner == null) { throw new IdentityServerManagerException(ErrorCodes.InvalidParameterCode, string.Format(ErrorDescriptions.TheResourceOwnerDoesntExist, request.Login)); } resourceOwner.UpdateDateTime = DateTime.UtcNow; var claims = new List <Claim>(); var existingClaims = await _claimRepository.GetAllAsync(); if (existingClaims != null && existingClaims.Any() && request.Claims != null && request.Claims.Any()) { foreach (var claim in request.Claims) { var cl = existingClaims.FirstOrDefault(c => c.Code == claim.Key); if (cl == null) { continue; } claims.Add(new Claim(claim.Key, claim.Value)); } } resourceOwner.Claims = claims; Claim updatedClaim, subjectClaim; if (((updatedClaim = resourceOwner.Claims.FirstOrDefault(c => c.Type == SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt)) != null)) { resourceOwner.Claims.Remove(updatedClaim); } if (((subjectClaim = resourceOwner.Claims.FirstOrDefault(c => c.Type == SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject)) != null)) { resourceOwner.Claims.Remove(subjectClaim); } resourceOwner.Claims.Add(new Claim(SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject, request.Login)); resourceOwner.Claims.Add(new Claim(SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt, DateTime.UtcNow.ToString())); var result = await _resourceOwnerRepository.UpdateAsync(resourceOwner); if (!result) { throw new IdentityServerManagerException(ErrorCodes.InternalErrorCode, ErrorDescriptions.TheClaimsCannotBeUpdated); } return(true); }
public async Task <bool> Execute(string subject, IEnumerable <ClaimAggregate> claims) { if (string.IsNullOrWhiteSpace(subject)) { throw new ArgumentNullException(nameof(subject)); } if (claims == null) { throw new ArgumentNullException(nameof(claims)); } var resourceOwner = await _resourceOwnerRepository.GetAsync(subject); if (resourceOwner == null) { throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheRoDoesntExist); } var supportedClaims = await _claimRepository.GetAllAsync(); claims = claims.Where(c => supportedClaims.Any(sp => sp.Code == c.Code && !Jwt.Constants.NotEditableResourceOwnerClaimNames.Contains(c.Code))); var claimsToBeRemoved = resourceOwner.Claims .Where(cl => claims.Any(c => c.Code == cl.Type)) .Select(cl => resourceOwner.Claims.IndexOf(cl)) .OrderByDescending(p => p) .ToList(); foreach (var index in claimsToBeRemoved) { resourceOwner.Claims.RemoveAt(index); } foreach (var claim in claims) { if (string.IsNullOrWhiteSpace(claim.Value)) { continue; } resourceOwner.Claims.Add(new Claim(claim.Code, claim.Value)); } Claim updatedClaim; if (((updatedClaim = resourceOwner.Claims.FirstOrDefault(c => c.Type == Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt)) != null)) { resourceOwner.Claims.Remove(updatedClaim); } resourceOwner.Claims.Add(new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt, DateTime.UtcNow.ToString())); return(await _resourceOwnerRepository.UpdateAsync(resourceOwner)); }
public async Task <IEnumerable <ClaimDTO> > Handle(GetAllClaimsQuery command, CancellationToken cancellationToken) { var claims = await _claimRepository.GetAllAsync(); return(claims.Select(claim => new ClaimDTO { ClaimId = claim.ClaimId, Date = claim.Date, UserId = claim.UserId, Description = claim.Description, Incidence = claim.Incidence, DamagedItem = claim.DamagedItem, Status = nameof(claim.Status), Street = claim.Street, City = claim.City, Country = claim.Country })); }
public async Task <IEnumerable <Claim> > Execute(ClaimsPrincipal claimsPrincipal) { // 1. Check parameters. if (claimsPrincipal == null) { throw new ArgumentNullException(nameof(claimsPrincipal)); } // 2. Check the user is authenticated. if (claimsPrincipal.Identity == null || !claimsPrincipal.Identity.IsAuthenticated || !(claimsPrincipal.Identity is ClaimsIdentity)) { throw new IdentityServerException( Errors.ErrorCodes.UnhandledExceptionCode, Errors.ErrorDescriptions.TheUserNeedsToBeAuthenticated); } // 3. Check the subject exists. var subject = claimsPrincipal.GetSubject(); if (string.IsNullOrWhiteSpace(subject)) { throw new IdentityServerException( Errors.ErrorCodes.UnhandledExceptionCode, Errors.ErrorDescriptions.TheRoCannotBeCreated); } // 4. If a user already exists with the same subject then ignore. var resourceOwner = await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(subject); if (resourceOwner != null) { return(resourceOwner.Claims); } // 5. Insert the resource owner. var clearPassword = Guid.NewGuid().ToString(); resourceOwner = new ResourceOwner { Id = subject, IsLocalAccount = false, TwoFactorAuthentication = TwoFactorAuthentications.NONE, Claims = new List <Claim>(), Password = _authenticateResourceOwnerService.GetHashedPassword(clearPassword) }; var claims = await _claimRepository.GetAllAsync(); foreach (var claim in claimsPrincipal.Claims.Where(c => claims.Contains(c.Type))) { resourceOwner.Claims.Add(claim); } if (!resourceOwner.Claims.Any(c => c.Type == Jwt.Constants.StandardResourceOwnerClaimNames.Subject)) { resourceOwner.Claims.Add(new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject)); } await _resourceOwnerRepository.InsertAsync(resourceOwner); return(resourceOwner.Claims); }
public async Task <string> Execute(AddUserParameter addUserParameter, string issuer = null) { if (addUserParameter == null) { throw new ArgumentNullException(nameof(addUserParameter)); } var subject = await _subjectBuilder.BuildSubject().ConfigureAwait(false); // 1. Check the resource owner already exists. if (await _resourceOwnerRepository.GetAsync(subject) != null) { throw new IdentityServerException(Errors.ErrorCodes.UnhandledExceptionCode, Errors.ErrorDescriptions.TheRoWithCredentialsAlreadyExists); } var newClaims = new List <Claim> { new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.UpdatedAt, DateTime.UtcNow.ToString()), new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject) }; // 2. Populate the claims. var existedClaims = await _claimRepository.GetAllAsync().ConfigureAwait(false); if (addUserParameter.Claims != null) { foreach (var claim in addUserParameter.Claims) { if (!newClaims.Any(nc => nc.Type == claim.Type) && existedClaims.Any(c => c.Code == claim.Type)) { newClaims.Add(claim); } } } var isFilterValid = true; var userFilterResult = await _accountFilter.Check(newClaims).ConfigureAwait(false); if (!userFilterResult.IsValid) { isFilterValid = false; foreach (var ruleResult in userFilterResult.AccountFilterRules) { if (!ruleResult.IsValid) { _openidEventSource.Failure($"the filter rule '{ruleResult.RuleName}' failed"); foreach (var errorMessage in ruleResult.ErrorMessages) { _openidEventSource.Failure(errorMessage); } } } } if (!isFilterValid) { throw new IdentityServerException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheUserIsNotAuthorized); } // 3. Add the scim resource. if (_userClaimsEnricherLst != null) { foreach (var userClaimsEnricher in _userClaimsEnricherLst) { await userClaimsEnricher.Enrich(newClaims).ConfigureAwait(false); } } // 4. Add the resource owner. var newResourceOwner = new ResourceOwner { Id = subject, Claims = newClaims, CreateDateTime = DateTime.UtcNow, UpdateDateTime = DateTime.UtcNow, IsBlocked = false }; if (!await _resourceOwnerRepository.InsertAsync(newResourceOwner).ConfigureAwait(false)) { throw new IdentityServerException(Errors.ErrorCodes.UnhandledExceptionCode, Errors.ErrorDescriptions.TheResourceOwnerCannotBeAdded); } // 5. Add credentials. if (addUserParameter.Credentials != null) { foreach (var c in addUserParameter.Credentials) { c.UserId = subject; } await _addUserCredentialsOperation.Execute(addUserParameter.Credentials).ConfigureAwait(false); } // 6. Link to a profile. if (!string.IsNullOrWhiteSpace(issuer)) { await _linkProfileAction.Execute(subject, addUserParameter.ExternalLogin, issuer).ConfigureAwait(false); } _openidEventSource.AddResourceOwner(newResourceOwner.Id); return(subject); }
public Task <IEnumerable <ClaimAggregate> > Execute() { return(_claimRepository.GetAllAsync()); }