/// <summary>登录成功</summary>
/// <param name="client">OAuth客户端</param>
/// <param name="service">服务提供者。可用于获取HttpContext成员</param>
/// <returns></returns>
public virtual String OnLogin(OAuthClient client, IServiceProvider service)
{
var openid = client.OpenID;
if (openid.IsNullOrEmpty())
{
openid = client.UserName;
}
// 根据OpenID找到用户绑定信息
var uc = UserConnect.FindByProviderAndOpenID(client.Name, openid);
if (uc == null)
{
uc = new UserConnect {
Provider = client.Name, OpenID = openid
}
}
;
uc.Fill(client);
// 强行绑定,把第三方账号强行绑定到当前已登录账号
var forceBind = false;
var req = service.GetService <HttpRequest>();
if (req != null)
{
forceBind = req["sso_action"].EqualIgnoreCase("bind");
}
// 检查绑定
var user = Provider.FindByID(uc.UserID);
if (forceBind || user == null || !uc.Enable)
{
user = OnBind(uc, client);
}
// 填充昵称等数据
Fill(client, user);
if (user is IAuthUser user3)
{
user3.Save();
}
uc.Save();
if (!user.Enable)
{
throw new InvalidOperationException("用户已禁用!");
}
// 登录成功,保存当前用户
Provider.Current = user;
return(SuccessUrl);
}
private async Task SaveToken(string content)
{
var jwtTokenResult = JsonConvert.DeserializeObject <ApiResult <JwtToken> >(content);
if (jwtTokenResult.Status != 0)
{
throw ApiException.Common(jwtTokenResult.Msg);
}
var jwtToken = jwtTokenResult.Data;
var idp = "IdentityServer4";
var userInfo = jwtToken.UserInfo;
if (userInfo == null)
{
throw ApiException.Common("登录返回的UserInfo不能为空", 500);
}
var u = await UpdateUserAsync(userInfo);
var uc = UserConnect.FindByProviderAndOpenID(idp, userInfo.Name) ?? new UserConnect
{
Provider = idp,
UserID = u.ID,
OpenID = userInfo.Name,
LinkID = userInfo.ID.ToInt(),
Enable = true
};
uc.AccessToken = jwtToken.Token;
uc.Avatar = userInfo.Avatar;
uc.NickName = userInfo.DisplayName;
uc.Expire = jwtToken.Expires ?? GetExpire(jwtToken.Token);
// 下面这两个防止uc没有删除导致再次注册时,id换了但还是以前的记录
uc.UserID = u.ID;
uc.LinkID = userInfo.ID.ToInt();
uc.Save();
}
/// <summary>
/// 创建登录记录
/// </summary>
/// <param name="userInfo"></param>
/// <param name="token"></param>
/// <returns></returns>
private async Task <AuthenticateResult> LocalSignIn(ResponseUserInfo userInfo, string token)
{
var u = await UpdateUserAsync(userInfo);
var uc = UserConnect.FindByProviderAndOpenID(Idp, userInfo.Name) ?? new UserConnect
{
Provider = Idp,
UserID = u.ID,
OpenID = userInfo.Name,
LinkID = userInfo.ID.ToInt(),
Enable = true
};
uc.AccessToken = token;
uc.Avatar = userInfo.Avatar;
uc.NickName = userInfo.DisplayName;
uc.Expire = GetExpire(token);
uc.Save();
return(GetAuthenticateResult(uc));
}
/// <summary>获取连接信息</summary>
/// <param name="client"></param>
/// <returns></returns>
public virtual UserConnect GetConnect(OAuthClient client)
{
var openid = client.OpenID;
if (openid.IsNullOrEmpty())
{
openid = client.UserName;
}
// 根据OpenID找到用户绑定信息
var uc = UserConnect.FindByProviderAndOpenID(client.Name, openid);
if (uc == null)
{
uc = new UserConnect {
Provider = client.Name, OpenID = openid
}
}
;
return(uc);
}
/// <summary>登录成功</summary>
/// <param name="client">OAuth客户端</param>
/// <param name="context">服务提供者。可用于获取HttpContext成员</param>
/// <returns></returns>
public virtual String OnLogin(OAuthClient client, IServiceProvider context)
{
var openid = client.OpenID;
if (openid.IsNullOrEmpty())
{
openid = client.UserName;
}
// 根据OpenID找到用户绑定信息
var uc = UserConnect.FindByProviderAndOpenID(client.Name, openid);
if (uc == null)
{
uc = new UserConnect {
Provider = client.Name, OpenID = openid
}
}
;
uc.Fill(client);
// 强行绑定,把第三方账号强行绑定到当前已登录账号
var forceBind = false;
var req = context.GetService <HttpRequest>();
if (req != null)
{
forceBind = req.GetRequestValue("sso_action").EqualIgnoreCase("bind");
}
// 检查绑定,新用户的uc.UserID为0
var prv = Provider;
var user = prv.FindByID(uc.UserID);
if (forceBind || user == null || !uc.Enable)
{
user = OnBind(uc, client);
}
// 填充昵称等数据
Fill(client, user);
if (user is IAuthUser user3)
{
user3.Logins++;
user3.LastLogin = DateTime.Now;
user3.LastLoginIP = WebHelper.UserHost;
user3.Save();
}
try
{
uc.Save();
}
catch (Exception ex)
{
//为了防止某些特殊数据导致的无法正常登录,把所有异常记录到日志当中。忽略错误
XTrace.WriteException(ex);
}
if (!user.Enable)
{
throw new InvalidOperationException("用户已禁用!");
}
// 登录成功,保存当前用户
//prv.Current = user;
prv.SetCurrent(user, context);
// 单点登录不要保存Cookie,让它在Session过期时请求认证中心
//prv.SaveCookie(user);
var set = Setting.Current;
if (set.SessionTimeout > 0)
{
prv.SaveCookie(user, TimeSpan.FromSeconds(set.SessionTimeout), context);
}
LogProvider.Provider.WriteLog(user.GetType(), client.Name, "单点登录", user.ID, user + "", req.GetDisplayUrl());//.UserHostAddress);
return(SuccessUrl);
}
/// <summary>
/// 获取或创建用户
/// </summary>
/// <returns></returns>
private async Task <IManageUser> GetOrCreateUserAsync(ClaimsPrincipal user, AuthenticationProperties properties)
{
var options = Options;
var provider = properties.Items["scheme"];
var openid = user.FindFirstValue(OAuthSignInAuthenticationDefaults.Sub);
var uc = UserConnect.FindByProviderAndOpenID(provider, openid);
IManageUser appUser;
if (uc == null)
{
if (!options.CreateUserOnOAuthLogin)
{
throw ApiException.Common("用户不存在,请联系管理员");
}
uc = new UserConnect()
{
Provider = provider, OpenID = openid, Enable = true
};
uc.Fill(user);
appUser = new ApplicationUser {
Name = Guid.NewGuid().ToString().Substring(0, 8), Enable = true, RoleID = 4
}; // 角色id 4 为游客
// 此处可改用本系统服务替换,去除ApplicationUser依赖
var result = await _userManager.CreateAsync(appUser as ApplicationUser, "123456");
if (!result.Succeeded)
{
throw ApiException.Common($"创建用户失败:{result.Errors.First().Description}");
}
uc.UserID = appUser.ID;
}
else
{
appUser = await _userManager.FindByIdAsync(uc.UserID.ToString());
}
if (!appUser.Enable)
{
throw ApiException.Common($"用户已被禁用");
}
// 填充用户信息
Fill(appUser, user);
if (appUser is IAuthUser user3)
{
user3.Logins++;
user3.LastLogin = DateTime.Now;
user3.LastLoginIP = Request.Host.Host;
user3.Save();
}
try
{
uc.Save();
}
catch (Exception ex)
{
//为了防止某些特殊数据导致的无法正常登录,把所有异常记录到日志当中。忽略错误
XTrace.WriteException(ex);
}
return(appUser);
}
/// <summary>登录成功</summary>
/// <param name="client">OAuth客户端</param>
/// <param name="context">服务提供者。可用于获取HttpContext成员</param>
/// <returns></returns>
public virtual String OnLogin(OAuthClient client, IServiceProvider context)
{
var openid = client.OpenID;
if (openid.IsNullOrEmpty())
{
openid = client.UserName;
}
// 根据OpenID找到用户绑定信息
var uc = UserConnect.FindByProviderAndOpenID(client.Name, openid);
if (uc == null)
{
uc = new UserConnect {
Provider = client.Name, OpenID = openid
}
}
;
uc.Fill(client);
// 强行绑定,把第三方账号强行绑定到当前已登录账号
var forceBind = false;
#if __CORE__
var httpContext = context.GetService <IHttpContextAccessor>().HttpContext;
var req = httpContext.Request;
var ip = httpContext.GetUserHost();
#else
var req = context.GetService <HttpRequest>();
var ip = req.RequestContext.HttpContext.GetUserHost();
#endif
//if (req != null) forceBind = req.Get("sso_action").EqualIgnoreCase("bind");
if (req != null)
{
forceBind = req.Get("state").EndsWithIgnoreCase("_bind");
}
// 可能因为初始化顺序的问题,导致前面没能给Provider赋值
var prv = Provider;
if (prv == null)
{
prv = Provider = ManageProvider.Provider;
}
// 检查绑定,新用户的uc.UserID为0
var user = prv.FindByID(uc.UserID);
if (forceBind || user == null || !uc.Enable)
{
user = OnBind(uc, client);
}
// 填充昵称等数据
Fill(client, user);
if (user is IAuthUser user3)
{
user3.Logins++;
user3.LastLogin = DateTime.Now;
user3.LastLoginIP = ip;
//user3.Save();
(user3 as IEntity).Update();
}
try
{
uc.Save();
}
catch (Exception ex)
{
//为了防止某些特殊数据导致的无法正常登录,把所有异常记录到日志当中。忽略错误
XTrace.WriteException(ex);
}
// 写日志
var log = LogProvider.Provider;
log?.WriteLog(typeof(UserX), "SSO登录", $"[{user}]从[{client.Name}]的[{client.UserName}]登录", user.ID, user + "");
if (!user.Enable)
{
throw new InvalidOperationException("用户已禁用!");
}
// 登录成功,保存当前用户
//prv.Current = user;
prv.SetCurrent(user, context);
// 单点登录不要保存Cookie,让它在Session过期时请求认证中心
//prv.SaveCookie(user);
var set = Setting.Current;
if (set.SessionTimeout > 0)
#if __CORE__
{ ManagerProviderHelper.SaveCookie(prv, user, TimeSpan.FromSeconds(set.SessionTimeout), httpContext); }
#else
{ prv.SaveCookie(user, TimeSpan.FromSeconds(set.SessionTimeout), context); }
#endif
return(SuccessUrl);
}
/// <summary>
/// 获取或创建用户
/// </summary>
/// <returns></returns>
public virtual async Task <IManageUser> GetOrCreateUserAsync(ClaimsPrincipal user, AuthenticationProperties properties, bool createUserOnOAuthLogin)
{
var provider = properties.Items["scheme"];
var openid = user.FindFirstValue(OAuthSignInAuthenticationDefaults.Sub);
var uc = UserConnect.FindByProviderAndOpenID(provider, openid);
IManageUser appUser;
if (uc == null)
{
if (!createUserOnOAuthLogin)
{
throw ApiException.Common(_requestLocalizer["The user does not exist, please contact the administrator"]);
}
uc = new UserConnect()
{
Provider = provider, OpenID = openid, Enable = true
};
uc.Fill(user);
appUser = new TUser
{
Name = Guid.NewGuid().ToString().Substring(0, 8),
Enable = true,
RoleID = 4
}; // 角色id 4 为游客
// 通过第三方登录创建的用户设置随机密码
var result = await _userManager.CreateAsync((TUser)appUser, Guid.NewGuid().ToString().Substring(0, 8));
if (!result.Succeeded)
{
throw ApiException.Common($"{_requestLocalizer["Failed to create user"]}:{_requestLocalizer[result.Errors.First().Description]}");
}
uc.UserID = appUser.ID;
}
else
{
appUser = await _userManager.FindByIdAsync(uc.UserID.ToString()) as IManageUser;
}
if (appUser == null)
{
throw ApiException.Common(_requestLocalizer["The user was not found"]);
}
if (!appUser.Enable)
{
throw ApiException.Common(_requestLocalizer["The user has been disabled"]);
}
// 填充用户信息
Fill(appUser, user);
if (appUser is IAuthUser user3)
{
user3.Logins++;
user3.LastLogin = DateTime.Now;
//user3.LastLoginIP = Request.Host.Host;
user3.Save();
}
try
{
uc.Save();
}
catch (Exception ex)
{
//为了防止某些特殊数据导致的无法正常登录,把所有异常记录到日志当中。忽略错误
XTrace.WriteException(ex);
}
return(appUser);
}