public void IsAuthorizationCodeFlow_ReturnsExpectedResult(string type, bool result)
{
// Arrange
var request = new OpenIdConnectRequest();
request.ResponseType = type;
// Act and assert
Assert.Equal(result, request.IsAuthorizationCodeFlow());
}
public async Task <IActionResult> Exchange(OpenIdConnectRequest request)
{
//TODO: replace with
/*var authTicket = aipServer.TryLogin(request);
* if(authTicket != null)
* {
* //connect to MyX SPA via auth token (that requested from AIP)
* var resultSign = SignIn(authTicket.Principal, authTicket.Properties, authTicket.AuthenticationScheme);
* return resultSign;
* }*/
if (request.IsAuthorizationCodeFlow())
{
//TODO:
}
if (request.IsPasswordGrantType())
{
var user = await _userManager.FindByEmailAsync(request.Username) ?? await _userManager.FindByNameAsync(request.Username);
if (user == null)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "Please check that your email and password is correct"
}));
}
// Ensure the user is enabled.
if (!user.IsEnabled)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The specified user account is disabled"
}));
}
// Validate the username/password parameters and ensure the account is not locked out.
var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, true);
// Ensure the user is not already locked out.
if (result.IsLockedOut)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The specified user account has been suspended"
}));
}
// Reject the token request if two-factor authentication has been enabled by the user.
if (result.RequiresTwoFactor)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "Invalid login procedure"
}));
}
// Ensure the user is allowed to sign in.
if (result.IsNotAllowed)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The specified user is not allowed to sign in"
}));
}
if (!result.Succeeded)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "Please check that your email and password is correct"
}));
}
// Create a new authentication ticket.
var ticket = await CreateTicketAsync(request, user); //TODO: ticket = aipService.TryLogin(request, user)
var resultCreateAndSign = SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
return(resultCreateAndSign);
}
else if (request.IsRefreshTokenGrantType())
{
// Retrieve the claims principal stored in the refresh token.
var info = await HttpContext.AuthenticateAsync(OpenIddictServerDefaults.AuthenticationScheme);
// Retrieve the user profile corresponding to the refresh token.
// Note: if you want to automatically invalidate the refresh token
// when the user password/roles change, use the following line instead:
// var user = _signInManager.ValidateSecurityStampAsync(info.Principal);
var user = await _userManager.GetUserAsync(info.Principal);
if (user == null)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The refresh token is no longer valid"
}));
}
// Ensure the user is still allowed to sign in.
if (!await _signInManager.CanSignInAsync(user))
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The user is no longer allowed to sign in"
}));
}
// Create a new authentication ticket, but reuse the properties stored
// in the refresh token, including the scopes originally granted.
var ticket = await CreateTicketAsync(request, user);
var result = SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
return(result);
}
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.UnsupportedGrantType,
ErrorDescription = "The specified grant type is not supported"
}));
}