private ConsentModel CreateConsentViewModel(ConsentInputModel inputModel, string returnUrl, Client client, Resources resources)
{
var model = new ConsentModel
{
RememberConsent = inputModel?.RememberConsent ?? true,
ScopesConsented = inputModel?.ScopesConsented ?? Enumerable.Empty <string>(),
ReturnUrl = returnUrl,
ClientName = client.ClientName ?? client.ClientId,
ClientUrl = client.ClientUri,
ClientLogoUrl = client.LogoUri,
AllowRememberConsent = client.AllowRememberConsent
};
model.IdentityScopes = resources.IdentityResources
.Select(x => this.CreateScopeViewModel(x, model.ScopesConsented.Contains(x.Name) || inputModel == null))
.ToArray();
model.ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes)
.Select(x => this.CreateScopeViewModel(x, model.ScopesConsented.Contains(x.Name) || inputModel == null))
.ToArray();
if (ConsentOptions.EnableOfflineAccess && resources.OfflineAccess)
{
model.ResourceScopes = model.ResourceScopes
.Union(
new[]
{
this.GetOfflineAccessScope(model.ScopesConsented.Contains(IdentityServerConstants.StandardScopes.OfflineAccess) || inputModel == null)
});
}
return(model);
}
/// <summary>
/// 生成授权模型
/// </summary>
/// <param name="returnUrl"></param>
/// <param name="request"></param>
/// <param name="client"></param>
/// <param name="resources"></param>
/// <returns></returns>
private ConsentModel CreateConsentModel(
string returnUrl,
AuthorizationRequest request,
Client client,
Resources resources)
{
var vm = new ConsentModel();
//vm.RememberConsent = model?.RememberConsent ?? true;
//vm.ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty<string>();
//vm.ReturnUrl = returnUrl;
vm.ClientName = client.ClientName ?? client.ClientId;
vm.ClientUrl = client.ClientUri;
vm.ClientLogoUrl = client.LogoUri;
vm.AllowRememberConsent = client.AllowRememberConsent;
vm.IdentityScopes = resources.IdentityResources.Select(x => CreateScopeViewModel(x)).ToArray();
vm.ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes).Select(x => CreateScopeViewModel(x)).ToArray();
// 离线共享域
if (ConsentOptions.EnableOfflineAccess && resources.OfflineAccess)
{
vm.ResourceScopes = vm.ResourceScopes.Union(new ScopeResourceModel[] {
GetOfflineAccessScope()
});
}
return(vm);
}
public IActionResult SaveConsent(ConsentModel consentModel)
{
var consent = consentModel.Id > 0 ? _consentService.Get(consentModel.Id) : new Consent();
if (consent == null)
{
return(NotFound());
}
consent.Title = consentModel.Title;
consent.Description = consentModel.Description;
consent.DisplayOrder = consentModel.DisplayOrder;
consent.EnableLogging = consentModel.EnableLogging;
consent.Published = consentModel.Published;
consent.IsRequired = consentModel.IsRequired;
consent.OneTimeSelection = consentModel.OneTimeSelection;
consent.ConsentGroupId = consentModel.ConsentGroup?.Id ?? 0;
if (consent.ConsentGroupId < 0)
{
consent.ConsentGroupId = 0;
}
_consentService.InsertOrUpdate(consent);
return(R.Success.Result);
}
private ConsentModel CreateConsent(ResourceModel model, string returnUrl, AuthorizationRequest request, Client client, Resources resources)
{
ConsentModel consent = new ConsentModel
{
ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>(),
ReturnUrl = returnUrl,
ClientName = client.ClientName ?? client.ClientId,
ClientUrl = client.ClientUri,
ClientLogoUrl = client.LogoUri
};
consent.IdentityScopes = resources.IdentityResources.Select(x => CreateScope(x, consent.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
consent.ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes).Select(x => CreateScope(x, consent.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
if (resources.OfflineAccess)
{
consent.ResourceScopes = consent.ResourceScopes.Union(new ScopeModel[] {
new ScopeModel
{
Name = IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess,
DisplayName = Config.OfflineAccessDisplayName,
Description = Config.OfflineAccessDescription,
Emphasize = true,
Checked = (consent.ScopesConsented.Contains(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess) || model == null)
}
});
}
return(consent);
}
/// <summary> Creates consent model. </summary>
/// <param name="model"> The model. </param>
/// <param name="returnUrl"> URL of the return. </param>
/// <param name="client"> The client. </param>
/// <param name="resources"> The resources. </param>
/// <returns> The new consent view model. </returns>
private ConsentModel CreateConsentModel(
ConsentInputModel model, string returnUrl,
Client client, IdentityServer4.Models.Resources resources)
{
var vm = new ConsentModel
{
RememberConsent = model?.RememberConsent ?? true,
ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>(),
ReturnUrl = returnUrl,
ClientName = client.ClientName,
ClientUrl = client.ClientUri,
ClientLogoUrl = client.LogoUri,
AllowRememberConsent = client.AllowRememberConsent
};
vm.IdentityScopes = resources.IdentityResources
.Select(x => CreateScopeModel(x, vm.ScopesConsented.Contains(x.Name) || model == null))
.ToArray();
vm.ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes)
.Select(x => CreateScopeModel(x, vm.ScopesConsented.Contains(x.Name) || model == null))
.ToArray();
if (ConsentOptions.EnableOfflineAccess && resources.OfflineAccess)
{
vm.ResourceScopes = vm.ResourceScopes.Union(new[]
{
GetOfflineAccessScope(vm.ScopesConsented.Contains(IdentityServerConstants.StandardScopes.OfflineAccess) ||
model == null)
});
}
return(vm);
}
public async Task <IActionResult> GetIndex(string returnUrl)
{
ConsentModel consents = await CreateConsentsAsync(returnUrl);
if (consents != null)
{
return(View("Index", consents));
}
return(View("Error"));
}
public ConsentModel Create(Consent entity)
{
var consentModel = new ConsentModel()
{
Title = entity.Title,
Description = entity.Description,
IsRequired = entity.IsRequired,
OneTimeSelection = entity.OneTimeSelection,
Id = entity.Id
};
return(consentModel);
}
public async Task AddConsentSignature_Failure()
{
var addModel = new ConsentModel()
{
SignatureBlob = _convertedImage, ContactId = -1, IsActive = true, ModifiedBy = 3, ForceRollback = true
};
var response =
await httpClient.PostAsync <ConsentModel>("/api/Consent/AddConsentSignature", addModel, new JsonMediaTypeFormatter());
var result = response.Content.ReadAsStringAsync().Result;
var model = Json.Decode <Response <ConsentModel> >(result);
Assert.IsTrue(model.ResultCode != 0, "Consent signature saved, but it should have failed.");
}
public async Task AddConsentSignature_Success()
{
var addModel = new ConsentModel()
{
SignatureBlob = Convert.FromBase64String(_sigImage), ContactId = _defaultContactId, IsActive = true, ModifiedBy = 3, ForceRollback = true
};
var response =
await _httpClient.PostAsync <ConsentModel>("/api/Consent/AddConsentSignature", addModel, new JsonMediaTypeFormatter());
var result = response.Content.ReadAsStringAsync().Result;
var responseModel = Json.Decode <Response <ConsentModel> >(result);
Assert.IsTrue(responseModel.RowAffected > 0, "Consent signature could not be saved.");
}
// GET
public async Task <IActionResult> Index(string returnUrl)
{
var request = await interactionService.GetAuthorizationContextAsync(returnUrl);
if (request != null)
{
var client = await clientStore.FindEnabledClientByIdAsync(request.ClientId);
if (client != null)
{
var resources = await resourceStore.FindResourcesByScopeAsync(request.ScopesRequested);
var model = new ConsentModel {
ClientId = request.ClientId,
ClientName = client.ClientName,
ClientLogoUrl = client.LogoUri,
AllowRememberConsent = client.AllowRememberConsent,
ReturnUrl = returnUrl,
ClientUrl = client.ClientUri
};
model.IdentityScopes = resources.IdentityResources.Select(r => new ScopeModel {
Name = r.Name,
DisplayName = r.DisplayName,
Checked = r.Required,
Description = r.Description,
Emphasize = r.Emphasize,
Required = r.Required
}).ToArray();
model.ResourceScopes = resources.ApiResources.SelectMany(r => r.Scopes).Select(r => new ScopeModel {
Name = r.Name,
DisplayName = r.DisplayName,
Checked = r.Required,
Description = r.Description,
Emphasize = r.Emphasize,
Required = r.Required
}).ToArray();
return(View(model));
}
return(View(null));
}
return(View(null));
}
public Response <ConsentModel> AddConsentSignature(ConsentModel consent)
{
var consentRepository = unitOfWork.GetRepository <ConsentModel>(SchemaName.ESignature);
SqlParameter contactIdParam = new SqlParameter("ContactID", consent.ContactId);
SqlParameter signatureBlobParam = new SqlParameter("SignatureBlob", consent.SignatureBlob);
signatureBlobParam.DbType = DbType.Binary;
SqlParameter isActiveParam = new SqlParameter("IsActive", consent.IsActive);
SqlParameter modifiedOnParam = new SqlParameter("ModifiedOn", consent.ModifiedOn ?? DateTime.Now);
List <SqlParameter> procParams = new List <SqlParameter>()
{
contactIdParam, signatureBlobParam, isActiveParam, modifiedOnParam
};
return(unitOfWork.EnsureInTransaction <Response <ConsentModel> >(consentRepository.ExecuteNQStoredProc, "usp_AddContactSignatures", procParams, forceRollback: consent.ForceRollback.GetValueOrDefault(false)));
}
private IHttpActionResult CreateConsentResult(
ValidatedAuthorizeRequest validatedRequest,
NameValueCollection requestParameters,
string errorMessage)
{
var consentModel = new ConsentModel(validatedRequest, requestParameters);
string name = User.GetName();
return(new EmbeddedHtmlResult(
Request,
new LayoutModel
{
Server = _settings.SiteName,
ErrorMessage = errorMessage,
Page = "consent",
Username = name,
SwitchUrl = Url.Route("switch", null) + "?" + requestParameters.ToQueryString(),
PageModel = consentModel
}));
}
public static ConsentViewModel ToViewModel(this ConsentModel entity)
{
if (entity == null)
{
return(null);
}
var model = new ConsentViewModel
{
SignatureId = entity.SignatureId,
SignatureBlob = entity.SignatureBlob == null ? string.Empty : Convert.ToBase64String(entity.SignatureBlob),
ContactId = entity.ContactId,
AuthorizedBy = entity.AuthorizedBy,
ContactName = entity.ContactName,
ContactDateofBirth = entity.ContactDateofBirth,
IsActive = entity.IsActive,
ModifiedOn = entity.ModifiedOn,
ModifiedBy = entity.ModifiedBy
};
return(model);
}
public static ConsentModel ToModel(this ConsentViewModel model)
{
if (model == null)
{
return(null);
}
var entity = new ConsentModel
{
SignatureId = model.SignatureId,
SignatureBlob = Convert.FromBase64String(model.SignatureBlob),
ContactId = model.ContactId,
AuthorizedBy = model.AuthorizedBy,
ContactName = model.ContactName,
ContactDateofBirth = model.ContactDateofBirth,
IsActive = model.IsActive,
ModifiedOn = model.ModifiedOn,
ModifiedBy = model.ModifiedBy,
ForceRollback = model.ForceRollback
};
return(entity);
}
public IHttpActionResult AddConsentSignature(ConsentModel consent)
{
return(new HttpResult <Response <ConsentModel> >(consentDataProvider.AddConsentSignature(consent), Request));
}
public IHttpActionResult AddConsentSignature(ConsentModel consent)
{
return(new HttpResult <Response <ConsentModel> >(consentRuleEngine.AddConsentSignature(consent), Request));
}
public void PassCodeConsented(ConsentModel input)
{
//do some Passcode consented magic
//throw new NotImplementedException();
}
public Response <ConsentModel> AddConsentSignature(ConsentModel consent)
{
return(consentService.AddConsentSignature(consent));
}
/// <summary>
/// Checks consent for a particular feature
/// </summary>
/// <param name="feature"></param>
/// <returns></returns>
public bool CheckConsent(string feature)
{
return(ConsentModel.CheckConsent(feature));
}
public Response <ConsentModel> AddConsentSignature(ConsentModel consent)
{
var apiUrl = baseRoute + "AddConsentSignature";
return(_communicationManager.Post <ConsentModel, Response <ConsentModel> >(consent, apiUrl));
}
/// <summary>
/// Updates a feature to give/deny consent
/// </summary>
/// <param name="feature"></param>
/// <param name="permission"></param>
public void UpdateConsent(string feature, bool permission)
{
ConsentModel.UpdateConsent(feature, permission);
}
public async Task <IActionResult> Index(ConsentModel model)
{
//获取授权上下文,验证返回 URL 是否有效
var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
if (request == null)
{
model.Error = "请求授权上下文失效";
return(RedirectToAction("error"));
}
//同意-响应
ConsentResponse grantedConsent = null;
// 是否同意授权
if (!model.ConsentBtn)
{
//拒绝
grantedConsent = ConsentResponse.Denied;
// 触发拒绝事件
await _events.RaiseAsync(new ConsentDeniedEvent(User.GetSubjectId(), request.ClientId, request.ScopesRequested));
//return Redirect(model.ReturnUrl);
}
else
{
grantedConsent = new ConsentResponse
{
RememberConsent = model.RememberConsent
};
if (model.apis.Any())
{
grantedConsent.ScopesConsented = model.identitys.Concat(model.apis);
}
else
{
grantedConsent.ScopesConsented = model.identitys;
}
//grantedConsent.ScopesConsented = grantedConsent.ScopesConsented.Where(l => l != IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess);
var subjectId = User.GetSubjectId();
// 触发授权事件
await _events.RaiseAsync(new ConsentGrantedEvent(subjectId, request.ClientId, request.ScopesRequested, grantedConsent.ScopesConsented, grantedConsent.RememberConsent));
}
// 将授权的结果传达回IdentityServer
await _interaction.GrantConsentAsync(request, grantedConsent);
if (!string.IsNullOrWhiteSpace(request.ClientId))
{
var client = await _clientStore.FindEnabledClientByIdAsync(request.ClientId);
//指定基于授权码的令牌请求是否需要证明密钥(默认为false)。
if (client?.RequirePkce == true)
{
model.Error = "请求授权上下文失效";
return(RedirectToAction("error"));
}
}
return(Redirect(model.ReturnUrl));
}
