/// <summary>获取详细信息</summary>
/// <param name="doc">Xml 文档对象</param>
/// <returns>返回操作结果</returns>
public string GetAccessToken(XmlDocument doc)
{
// http://local.passport.x3platform.com/api/connect.auth.token.aspx?code=28f35bf4743030ae
string code = XmlHelper.Fetch("code", doc);
ConnectAuthorizationCodeInfo authorizationCodeInfo = ConnectContext.Instance.ConnectAuthorizationCodeService[code];
if (authorizationCodeInfo == null)
{
return("{\"message\":{\"returnCode\":1,\"value\":\"authorization code not find\"}}");
}
ConnectAccessTokenInfo accessTokenInfo = ConnectContext.Instance.ConnectAccessTokenService.FindOneByAccountId(authorizationCodeInfo.AppKey, authorizationCodeInfo.AccountId);
if (accessTokenInfo == null)
{
return("{\"message\":{\"returnCode\":1,\"value\":\"access token not find\"}}");
}
StringBuilder outString = new StringBuilder();
outString.Append("{\"data\":{");
outString.Append("accessToken:\"" + accessTokenInfo.Id + "\",");
outString.Append("expiresIn:\"" + accessTokenInfo.ExpiresIn + "\",");
outString.Append("refreshToken:\"" + accessTokenInfo.RefreshToken + "\" ");
outString.Append("},\"message\":{\"returnCode\":0,\"value\":\"query success\"}}");
return(outString.ToString());
}
// -------------------------------------------------------
// 接口地址:/api/connect.oauth2.refresh.aspx
// -------------------------------------------------------
#region 函数:RefreshAccessToken(XmlDocument doc)
/// <summary>获取详细信息</summary>
/// <param name="doc">Xml 文档对象</param>
/// <returns>返回操作结果</returns>
public string RefreshAccessToken(XmlDocument doc)
{
// http://x10.x3platform.com/api/connect.oauth2.refresh.aspx?refresh_token=28f35bf4743030ae
string clientId = XmlHelper.Fetch("client_id", doc);
string refreshToken = XmlHelper.Fetch("refresh_token", doc);
DateTime expireDate = DateTime.Now.AddSeconds(ConnectConfigurationView.Instance.SessionTimeLimit);
ConnectAccessTokenInfo accessTokenInfo = ConnectContext.Instance.ConnectAccessTokenService.FindOneByRefreshToken(clientId, refreshToken);
if (accessTokenInfo == null)
{
return("{\"message\":{\"returnCode\":1,\"value\":\"access token not find\"}}");
}
ConnectContext.Instance.ConnectAccessTokenService.Refesh(clientId, refreshToken, expireDate);
accessTokenInfo = ConnectContext.Instance.ConnectAccessTokenService.FindOne(accessTokenInfo.Id);
StringBuilder outString = new StringBuilder();
outString.Append("{\"data\":{");
outString.Append("\"accessToken\":\"" + accessTokenInfo.Id + "\",");
outString.Append("\"tokenType\":\"bearer\",");
outString.Append("\"expiresIn\":\"" + accessTokenInfo.ExpiresIn + "\",");
outString.Append("\"refreshToken\":\"" + accessTokenInfo.RefreshToken + "\" ");
outString.Append("},\"message\":{\"returnCode\":0,\"value\":\"refresh success\"}}");
return(outString.ToString());
}
// -------------------------------------------------------
// 接口地址:/api/connect.oauth2.token.aspx
// -------------------------------------------------------
#region 函数:GetAccessToken(XmlDocument doc)
/// <summary>获取详细信息</summary>
/// <param name="doc">Xml 文档对象</param>
/// <returns>返回操作结果</returns>
public string GetAccessToken(XmlDocument doc)
{
// http://x10.x3platform.com/api/connect.oauth2.token.aspx?code=28f35bf4743030ae
string code = XmlHelper.Fetch("code", doc);
ConnectAuthorizationCodeInfo authorizationCodeInfo = ConnectContext.Instance.ConnectAuthorizationCodeService[code];
if (authorizationCodeInfo == null)
{
return("{error:1,descriptiopn:\"not find\"}");
}
ConnectAccessTokenInfo accessTokenInfo = ConnectContext.Instance.ConnectAccessTokenService.FindOneByAccountId(authorizationCodeInfo.AppKey, authorizationCodeInfo.AccountId);
if (accessTokenInfo == null)
{
return("{error:1,descriptiopn:\"not find\"}");
}
StringBuilder outString = new StringBuilder();
outString.Append("{");
outString.Append("\"access_token\":\"" + accessTokenInfo.Id + "\",");
outString.Append("\"token_type\":\"bearer\",");
outString.Append("\"expires_in\":\"" + accessTokenInfo.ExpiresIn + "\",");
outString.Append("\"refresh_token\":\"" + accessTokenInfo.RefreshToken + "\" ");
outString.Append("}");
return(outString.ToString());
}
// -------------------------------------------------------
// 保存 删除
// -------------------------------------------------------
#region 函数:Save(ConnectAccessTokenInfo param)
/// <summary>保存记录</summary>
/// <param name="param"><see cref="ConnectAccessTokenInfo"/>实例详细信息</param>
/// <param name="message">数据库操作返回的相关信息</param>
/// <returns><see cref="ConnectAccessTokenInfo"/>实例详细信息</returns>
public ConnectAccessTokenInfo Save(ConnectAccessTokenInfo param)
{
if (string.IsNullOrEmpty(param.Id))
{
throw new NullReferenceException("实例标识不能为空。");
}
// 过滤 Cross Site Script
param = StringHelper.ToSafeXSS <ConnectAccessTokenInfo>(param);
return(this.provider.Save(param));
}
// -------------------------------------------------------
// 保存 添加 修改 删除
// -------------------------------------------------------
#region 函数:Save(ConnectAccessTokenInfo param)
/// <summary>保存记录</summary>
/// <param name="param"><see cref="ConnectAccessTokenInfo"/>实例详细信息</param>
/// <returns><see cref="ConnectAccessTokenInfo"/>实例详细信息</returns>
public ConnectAccessTokenInfo Save(ConnectAccessTokenInfo param)
{
if (!IsExist(param.Id))
{
this.Insert(param);
}
else
{
this.Update(param);
}
return(param);
}
/// <summary>获取详细信息</summary>
/// <param name="doc">Xml 文档对象</param>
/// <returns>返回操作结果</returns>
public string Me(XmlDocument doc)
{
string accessToken = XmlHelper.Fetch("accessToken", doc);
StringBuilder outString = new StringBuilder();
ConnectAccessTokenInfo accessTokenInfo = ConnectContext.Instance.ConnectAccessTokenService[accessToken];
IMemberInfo member = MembershipManagement.Instance.MemberService[accessTokenInfo.AccountId];
if (member == null)
{
return("{\"message\":{\"returnCode\":1,\"value\":\"people not find\"}}");
}
return("{\"data\":" + ToPeopleJson(member) + ",\"message\":{\"returnCode\":0,\"value\":\"query success\"}}");
}
/// <summary>获取认证的用户信息</summary>
public override IAccountInfo GetAuthUser()
{
string accessToken = this.GetAccessToken();
string accountIdentity = this.GetIdentityValue();
if (string.IsNullOrEmpty(accountIdentity) && !string.IsNullOrEmpty(accessToken))
{
// accessToken => accountIdentity
ConnectAccessTokenInfo token = ConnectContext.Instance.ConnectAccessTokenService[accessToken];
accountIdentity = token.AccountId + "-" + token.Id;
}
// Http方式的验证, accountIdentity 不允许为空.
if (string.IsNullOrEmpty(accountIdentity))
{
return(null);
}
// 获取帐号信息
IAccountInfo account = this.GetSessionAccount(accountIdentity);
if (account == null)
{
return(null);
}
// 写入临时存储
if (!this.cacheStorage.ContainsKey(accountIdentity))
{
lock (this.cacheSyncRoot)
{
if (!this.cacheStorage.ContainsKey(accountIdentity))
{
this.AddSession(accountIdentity, account);
}
}
}
return(account);
}
/// <summary>合并Url地址和访问令牌</summary>
private string CombineUrlAndAccessToken(string redirectUri, ConnectAccessTokenInfo token)
{
if (redirectUri == null)
{
redirectUri = string.Empty;
}
if (redirectUri.IndexOf("?") == -1 && redirectUri.IndexOf("&") == -1)
{
return(redirectUri + "?token=" + token.Id + "&expiresIn=" + token.ExpiresIn + "&refreshToken=" + token.RefreshToken);
}
else if (redirectUri.IndexOf("?") > -1 && redirectUri.IndexOf("&") == -1)
{
return(redirectUri + "&token=" + token.Id + "&expiresIn=" + token.ExpiresIn);
}
else
{
return(redirectUri + "&token=" + token.Id + "&expiresIn=" + token.ExpiresIn);
}
}
/// <summary>写入的帐号的访问令牌信息</summary>
/// <param name="appKey">应用标识</param>
/// <param name="accountId">帐号标识</param>
/// <returns></returns>
public int Write(string appKey, string accountId)
{
ConnectAccessTokenInfo param = this.FindOneByAccountId(appKey, accountId);
if (param == null)
{
param = new ConnectAccessTokenInfo();
param.Id = DigitalNumberContext.Generate("Key_32DigitGuid");
param.AppKey = appKey;
param.AccountId = accountId;
param.ExpireDate = DateTime.Now.AddSeconds(ConnectConfigurationView.Instance.SessionTimeLimit);
param.RefreshToken = DigitalNumberContext.Generate("Key_32DigitGuid");
this.Save(param);
}
else
{
this.Refesh(appKey, param.RefreshToken, DateTime.Now.AddSeconds(ConnectConfigurationView.Instance.SessionTimeLimit));
}
return(0);
}
/// <summary>修改记录</summary>
/// <param name="param">实例<see cref="ConnectAccessTokenInfo"/>详细信息</param>
public void Update(ConnectAccessTokenInfo param)
{
this.ibatisMapper.Update(StringHelper.ToProcedurePrefix(string.Format("{0}_Update", this.tableName)), param);
}
/// <summary>添加记录</summary>
/// <param name="param">实例<see cref="ConnectAccessTokenInfo"/>详细信息</param>
public void Insert(ConnectAccessTokenInfo param)
{
this.ibatisMapper.Insert(StringHelper.ToProcedurePrefix(string.Format("{0}_Insert", this.tableName)), param);
}
// -------------------------------------------------------
// 接口地址:/api/connect.auth.authorize.aspx
// -------------------------------------------------------
#region 函数:GetAuthorizeCode(XmlDocument doc)
/// <summary>获取详细信息</summary>
/// <param name="doc">Xml 文档对象</param>
/// <returns>返回操作结果</returns>
public string GetAuthorizeCode(XmlDocument doc)
{
StringBuilder outString = new StringBuilder();
string clientId = XmlHelper.Fetch("clientId", doc);
string redirectUri = XmlHelper.Fetch("redirectUri", doc);
string responseType = XmlHelper.Fetch("responseType", doc);
string scope = XmlHelper.Fetch("scope", doc);
string style = XmlHelper.Fetch("style", doc);
string loginName = XmlHelper.Fetch("loginName", doc);
string password = XmlHelper.Fetch("password", doc);
if (string.IsNullOrEmpty(loginName) || string.IsNullOrEmpty(password))
{
HttpContentTypeHelper.SetValue("html");
return(CreateLoginPage(clientId, redirectUri, responseType, scope));
}
else
{
// 当前用户信息
IAccountInfo account = MembershipManagement.Instance.AccountService.LoginCheck(loginName, password);
if (account == null)
{
if (string.IsNullOrEmpty(responseType))
{
outString.Append("{\"message\":{\"returnCode\":1,\"value\":\"帐号或者密码错误。\"}}");
return(outString.ToString());
}
else
{
// 输出登录页面
// 设置输出的内容类型,默认为 html 格式。
HttpContentTypeHelper.SetValue("html");
return(CreateLoginPage(clientId, redirectUri, responseType, scope));
}
}
else
{
// 检验是否有授权码
if (!ConnectContext.Instance.ConnectAuthorizationCodeService.IsExist(clientId, account.Id))
{
ConnectAuthorizationCodeInfo authorizationCode = new ConnectAuthorizationCodeInfo();
authorizationCode.Id = DigitalNumberContext.Generate("Key_32DigitGuid");
authorizationCode.AppKey = clientId;
authorizationCode.AccountId = account.Id;
authorizationCode.AuthorizationScope = string.IsNullOrEmpty(scope) ? "public" : scope;
ConnectContext.Instance.ConnectAuthorizationCodeService.Save(authorizationCode);
}
// 设置访问令牌
ConnectContext.Instance.ConnectAccessTokenService.Write(clientId, account.Id);
// 设置会话信息
ConnectAccessTokenInfo token = ConnectContext.Instance.ConnectAccessTokenService.FindOneByAccountId(clientId, account.Id);
// 记录日志
string ip = IPQueryContext.GetClientIP();
MembershipManagement.Instance.AccountService.SetIPAndLoginDate(account.Id, ip, DateTime.Now);
MembershipManagement.Instance.AccountLogService.Log(account.Id, "connect.auth.authorize", string.Format("【{0}】在 {1} 登录了系统。【IP:{2}】", account.Name, DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"), ip));
string sessionId = token.AccountId + "-" + token.Id;
KernelContext.Current.AuthenticationManagement.AddSession(clientId, sessionId, account);
HttpAuthenticationCookieSetter.SetUserCookies(sessionId);
string code = ConnectContext.Instance.ConnectAuthorizationCodeService.GetAuthorizationCode(clientId, account);
// responseType == null 则输出令牌信息
if (string.IsNullOrEmpty(responseType))
{
outString.Append("{\"data\":" + AjaxUtil.Parse <ConnectAccessTokenInfo>(token) + ",");
outString.Append("\"message\":{\"returnCode\":0,\"value\":\"验证成功。\"}}");
string callback = XmlHelper.Fetch("callback", doc);
return(string.IsNullOrEmpty(callback)
? outString.ToString()
: callback + "(" + outString.ToString() + ")");
}
else if (responseType == "code")
{
HttpContext.Current.Response.Redirect(CombineUrlAndAuthorizationCode(redirectUri, code));
}
else if (responseType == "token")
{
HttpContext.Current.Response.Redirect(CombineUrlAndAccessToken(redirectUri, token));
}
else
{
HttpContext.Current.Response.Redirect(CombineUrlAndAuthorizationCode(redirectUri, code));
}
}
}
outString.Append("{\"message\":{\"returnCode\":0,\"value\":\"执行成功。\"}}");
return(outString.ToString());
}
