public async Task <ResponseMessage <BDFaceVerifyResponse> > FaceVerify(ClaimsUserInfo ClaimsUserInfo, [FromBody] BDFaceVerifyRequest request)
{
ResponseMessage <BDFaceVerifyResponse> r = new ResponseMessage <BDFaceVerifyResponse>();
try
{
request.uid = ClaimsUserInfo.UserName;
request.topNum = 1;
r = await restClient.Post <ResponseMessage <BDFaceVerifyResponse> >("/baidu/face/verify", request);
}
catch (Exception e)
{
r.Code = "500";
r.Message = e.Message;
Logger.Error("更新用户人脸失败:\r\n{0}", e.ToString());
}
return(r);
}
public async Task <IActionResult> Exchange(OpenIdConnectRequest request)
{
Debug.Assert(request.IsTokenRequest(),
"The OpenIddict binder for ASP.NET Core MVC is not registered. " +
"Make sure services.AddOpenIddict().AddMvcBinders() is correctly called.");
if (request.IsPasswordGrantType())
{
var user = await _userManager.FindByNameAsync(request.Username);
if (user == null)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "用户名或密码错误"
}));
}
if (user.IsDeleted)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "用户名或密码错误"
}));
}
// Validate the username/password parameters and ensure the account is not locked out.
var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, lockoutOnFailure : true);
if (!result.Succeeded)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "用户名或密码错误"
}));
}
// Create a new authentication ticket.
var ticket = await CreateTicketAsync(request, user);
await _userLoginLogManager.CreateAsync(new UserLoginLog
{
LoginTime = DateTime.Now,
TrueName = user.TrueName,
UserId = user.Id,
UserName = user.UserName,
OrganizationId = user.OrganizationId,
LoginApplication = request.ClientId,
LoginIp = HttpContext.Connection.RemoteIpAddress.ToString(),
}, CancellationToken.None);
return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme));
}
else if (request.IsAuthorizationCodeGrantType() || request.IsRefreshTokenGrantType())
{
// Retrieve the claims principal stored in the authorization code/refresh token.
var info = await HttpContext.AuthenticateAsync(OpenIdConnectServerDefaults.AuthenticationScheme);
// Retrieve the user profile corresponding to the authorization code/refresh token.
// Note: if you want to automatically invalidate the authorization code/refresh token
// when the user password/roles change, use the following line instead:
// var user = _signInManager.ValidateSecurityStampAsync(info.Principal);
var user = await _userManager.GetUserAsync(info.Principal);
if (user == null)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The token is no longer valid."
}));
}
if (user.IsDeleted)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The token is no longer valid."
}));
}
// Ensure the user is still allowed to sign in.
if (!await _signInManager.CanSignInAsync(user))
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The user is no longer allowed to sign in."
}));
}
// Create a new authentication ticket, but reuse the properties stored in the
// authorization code/refresh token, including the scopes originally granted.
var ticket = await CreateTicketAsync(request, user, info.Properties);
await _userLoginLogManager.CreateAsync(new UserLoginLog
{
LoginTime = DateTime.Now,
TrueName = user.TrueName,
UserId = user.Id,
UserName = user.UserName,
OrganizationId = user.OrganizationId,
LoginApplication = request.ClientId,
LoginIp = HttpContext.Connection.RemoteIpAddress.ToString(),
}, CancellationToken.None);
return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme));
}
else if (request.GrantType == "openid")
{
var oid = request["openid"];
if (oid.HasValue)
{
string openId = oid.Value.Value.ToString();
string hasOpenid = _cache.GetString(openId);
if (hasOpenid == "1")
{
_cache.Remove(oid.Value.Value.ToString());
}
else
{
return(BadRequest(new OpenIdConnectResponse
{
Error = "illegal_request",
ErrorDescription = "非法请求"
}));
}
var user = _dbContext.Users.Where(x => x.WXOpenId == openId).FirstOrDefault();
if (user == null)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = "login_error",
ErrorDescription = "用户不存在"
}));
}
if (user.IsDeleted)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = "login_error",
ErrorDescription = "用户不存在"
}));
}
var ticket = await CreateTicketAsync(request, user);
await _userLoginLogManager.CreateAsync(new UserLoginLog
{
LoginTime = DateTime.Now,
TrueName = user.TrueName,
UserId = user.Id,
UserName = user.UserName,
OrganizationId = user.OrganizationId,
LoginApplication = request.ClientId,
LoginIp = HttpContext.Connection.RemoteIpAddress.ToString(),
}, CancellationToken.None);
return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme));
}
}
else if (request.IsClientCredentialsGrantType())
{
var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted);
if (application == null)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidClient,
ErrorDescription = "The client application was not found in the database."
}));
}
// Create a new authentication ticket.
var ticket = CreateApplicationTicket(request, application);
return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme));
}
else if (request.GrantType == "face")
{
var faceImage = request["image"];
var username = request["username"];
if (faceImage.HasValue && username.HasValue)
{
string image = faceImage.Value.Value.ToString();
string uid = username.Value.Value.ToString();
BDFaceVerifyRequest faceRequest = new BDFaceVerifyRequest();
faceRequest.uid = uid;
faceRequest.topNum = 1;
faceRequest.image = image;
var r = await restClient.Post <ResponseMessage <BDFaceVerifyResponse> >("/baidu/face/verify", faceRequest);
if (r.IsSuccess() && r.Extension != null && r.Extension.result != null && r.Extension.result[0] >= 80)
{
var user = _dbContext.Users.Where(x => x.UserName.ToLower() == uid.ToLower()).FirstOrDefault();
if (user == null)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = "login_error",
ErrorDescription = "用户不存在"
}));
}
if (user.IsDeleted)
{
return(BadRequest(new OpenIdConnectResponse
{
Error = "login_error",
ErrorDescription = "用户不存在"
}));
}
var ticket = await CreateTicketAsync(request, user);
await _userLoginLogManager.CreateAsync(new UserLoginLog
{
LoginTime = DateTime.Now,
TrueName = user.TrueName,
UserId = user.Id,
UserName = user.UserName,
OrganizationId = user.OrganizationId,
LoginApplication = request.ClientId,
LoginIp = HttpContext.Connection.RemoteIpAddress.ToString()
}, CancellationToken.None);
return(SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme));
}
else
{
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "人脸认证失败"
}));
}
}
}
return(BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.UnsupportedGrantType,
ErrorDescription = "The specified grant type is not supported."
}));
}
