private async Task <OpenIdClientSettings> GetClientSettingsAsync() { var settings = await _clientService.GetSettingsAsync(); if ((await _clientService.ValidateSettingsAsync(settings)).Any(result => result != ValidationResult.Success)) { _logger.LogWarning("The OpenID Connect module is not correctly configured."); return(null); } return(settings); }
public override async Task <IDisplayResult> UpdateAsync(OpenIdClientSettings settings, BuildEditorContext context) { var user = _httpContextAccessor.HttpContext?.User; if (user == null || !await _authorizationService.AuthorizeAsync(user, Permissions.ManageClientSettings)) { return(null); } if (context.GroupId == SettingsGroupId) { var previousClientSecret = settings.ClientSecret; var model = new OpenIdClientSettingsViewModel(); await context.Updater.TryUpdateModelAsync(model, Prefix); model.Scopes = model.Scopes ?? string.Empty; settings.DisplayName = model.DisplayName; settings.Scopes = model.Scopes.Split(new char[] { ' ', ',' }, StringSplitOptions.RemoveEmptyEntries); settings.Authority = !string.IsNullOrEmpty(model.Authority) ? new Uri(model.Authority, UriKind.Absolute) : null; settings.CallbackPath = model.CallbackPath; settings.ClientId = model.ClientId; settings.SignedOutCallbackPath = model.SignedOutCallbackPath; settings.SignedOutRedirectUri = model.SignedOutRedirectUri; settings.ResponseMode = model.ResponseMode; settings.StoreExternalTokens = model.StoreExternalTokens; bool useClientSecret = true; if (model.UseCodeFlow) { settings.ResponseType = OpenIdConnectResponseType.Code; } else if (model.UseCodeIdTokenFlow) { settings.ResponseType = OpenIdConnectResponseType.CodeIdToken; } else if (model.UseCodeIdTokenTokenFlow) { settings.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken; } else if (model.UseCodeTokenFlow) { settings.ResponseType = OpenIdConnectResponseType.CodeToken; } else if (model.UseIdTokenFlow) { settings.ResponseType = OpenIdConnectResponseType.IdToken; useClientSecret = false; } else if (model.UseIdTokenTokenFlow) { settings.ResponseType = OpenIdConnectResponseType.IdTokenToken; useClientSecret = false; } else { settings.ResponseType = OpenIdConnectResponseType.None; useClientSecret = false; } if (!useClientSecret) { model.ClientSecret = previousClientSecret = null; } // Restore the client secret if the input is empty (i.e if it hasn't been reset). if (string.IsNullOrEmpty(model.ClientSecret)) { settings.ClientSecret = previousClientSecret; } else { var protector = _dataProtectionProvider.CreateProtector(nameof(OpenIdClientConfiguration)); settings.ClientSecret = protector.Protect(model.ClientSecret); } foreach (var result in await _clientService.ValidateSettingsAsync(settings)) { if (result != ValidationResult.Success) { var key = result.MemberNames.FirstOrDefault() ?? string.Empty; context.Updater.ModelState.AddModelError(key, result.ErrorMessage); } } // If the settings are valid, release the current tenant. if (context.Updater.ModelState.IsValid) { await _shellHost.ReleaseShellContextAsync(_shellSettings); } } return(await EditAsync(settings, context)); }