/// <summary>
        /// Returns an action resultKind to the controller's action.
        /// 1). Redirect to the consent screen if the user is authenticated AND the request doesn't contain a login prompt.
        /// 2). Do nothing
        /// </summary>
        /// <param name="authorizationParameter">The parameter</param>
        /// <param name="resourceOwnerPrincipal">Resource owner principal</param>
        /// <param name="code">Encrypted parameter</param>
        /// <param name="issuerName"></param>
        /// <param name="cancellationToken">The <see cref="CancellationToken"/> for the async operation.</param>
        /// <returns>Action resultKind to the controller's action</returns>
        public async Task <EndpointResult> Execute(
            AuthorizationParameter authorizationParameter,
            ClaimsPrincipal?resourceOwnerPrincipal,
            string?code,
            string?issuerName,
            CancellationToken cancellationToken)
        {
            var resourceOwnerIsAuthenticated = resourceOwnerPrincipal.IsAuthenticated();
            var promptParameters             = authorizationParameter.Prompt.ParsePrompts();

            // 1).
            if (resourceOwnerIsAuthenticated &&
                !promptParameters.Contains(PromptParameters.Login))
            {
                var subject = resourceOwnerPrincipal.GetSubject() !;
                var claims  = resourceOwnerPrincipal !.Claims.ToArray();
                return(await _authenticateHelper.ProcessRedirection(
                           authorizationParameter,
                           code,
                           subject,
                           claims,
                           issuerName,
                           cancellationToken)
                       .ConfigureAwait(false));
            }

            // 2).
            return(EndpointResult.CreateAnEmptyActionResultWithNoEffect());
        }
Exemplo n.º 2
0
        public static ActionResult?CreateRedirectionFromActionResult(
            this EndpointResult endpointResult,
            AuthorizationRequest authorizationRequest,
            ILogger logger)
        {
            if (endpointResult.Type == ActionResultType.RedirectToCallBackUrl)
            {
                var parameters  = endpointResult.GetRedirectionParameters();
                var redirectUrl = CreateRedirectHttp(
                    authorizationRequest.redirect_uri !,
                    parameters,
                    endpointResult.RedirectInstruction !.ResponseMode !).ToString();
                logger.LogInformation("Redirection uri: {redirectUrl}", redirectUrl);

                return(new RedirectResult(redirectUrl));
            }

            var actionInformation = endpointResult.GetControllerAndActionFromRedirectionActionResult();

            if (actionInformation != null)
            {
                var routeValueDic = actionInformation.RouteValueDictionary;
                routeValueDic.Add("controller", actionInformation.ControllerName);
                routeValueDic.Add("action", actionInformation.ActionName);
                routeValueDic.Add("area", actionInformation.Area);
                return(new RedirectToRouteResult(routeValueDic));
            }

            return(null);
        }
        public EndpointResult Set(string questionId, OutputDto output)
        {
            var id = new QuestionId(questionId);

            TrySaveAnswer(output, id);

            return(EndpointResult.Success());
        }
        public async Task <EndpointResult> Process(
            AuthorizationParameter authorizationParameter,
            ClaimsPrincipal claimsPrincipal,
            Client client,
            string issuerName,
            CancellationToken cancellationToken = default)
        {
            var     endUserIsAuthenticated = IsAuthenticated(claimsPrincipal);
            Consent?confirmedConsent       = null;

            if (endUserIsAuthenticated)
            {
                confirmedConsent =
                    await GetResourceOwnerConsent(claimsPrincipal, authorizationParameter, cancellationToken)
                    .ConfigureAwait(false);
            }

            EndpointResult?result  = null;
            var            prompts = authorizationParameter.Prompt.ParsePrompts();

            if (prompts.Count == 0)
            {
                prompts = new List <string>();
                if (!endUserIsAuthenticated)
                {
                    prompts.Add(PromptParameters.Login);
                }
                else
                {
                    prompts.Add(confirmedConsent == null ? PromptParameters.Consent : PromptParameters.None);
                }
            }

            if (authorizationParameter.RedirectUrl == null ||
                client.GetRedirectionUrls(authorizationParameter.RedirectUrl).Length == 0)
            {
                var message = string.Format(Strings.RedirectUrlIsNotValid, authorizationParameter.RedirectUrl);
                _logger.LogError(message);
                return(EndpointResult.CreateBadRequestResult(new ErrorDetails
                {
                    Title = ErrorCodes.InvalidRequest,
                    Detail = message,
                    Status = HttpStatusCode.BadRequest
                }));
            }

            var scopeValidationResult = authorizationParameter.Scope.Check(client);

            if (!scopeValidationResult.IsValid)
            {
                _logger.LogError(scopeValidationResult.ErrorMessage !);
                return(EndpointResult.CreateBadRequestResult(new ErrorDetails
                {
                    Title = ErrorCodes.InvalidScope,
                    Detail = scopeValidationResult.ErrorMessage !,
                    Status = HttpStatusCode.BadRequest
                }));
Exemplo n.º 5
0
        public Task <IEndpointResult> HandleAsync(int id, CancellationToken cancellationToken)
        {
            var person = peopleService.AllPeople().SingleOrDefault(p => p.Id == id);

            if (person is null)
            {
                return(Task.FromResult(EndpointResult.NotFound()));
            }
            return(Task.FromResult(EndpointResult.Ok(person)));
        }
Exemplo n.º 6
0
        public static ActionInformation?GetControllerAndActionFromRedirectionActionResult(
            this EndpointResult endpointResult)
        {
            if (endpointResult.Type != ActionResultType.RedirectToAction || endpointResult.RedirectInstruction == null)
            {
                return(null);
            }

            return(endpointResult.RedirectInstruction.GetActionInformation());
        }
Exemplo n.º 7
0
        public async Task When_No_Resource_Owner_Is_Passed_Then_Redirect_To_Index_Page()
        {
            var authorizationParameter = new AuthorizationParameter();

            var result = await _authenticateResourceOwnerOpenIdAction.Execute(authorizationParameter, null, null, null, CancellationToken.None)
                         .ConfigureAwait(false);

            Assert.Equal(
                JsonConvert.SerializeObject(EndpointResult.CreateAnEmptyActionResultWithNoEffect()),
                JsonConvert.SerializeObject(result));
        }
Exemplo n.º 8
0
        public static RouteValueDictionary GetRedirectionParameters(this EndpointResult endpointResult)
        {
            if (endpointResult.Type != ActionResultType.RedirectToAction &&
                endpointResult.Type != ActionResultType.RedirectToCallBackUrl ||
                endpointResult.RedirectInstruction == null)
            {
                return(new RouteValueDictionary());
            }

            return(endpointResult.RedirectInstruction.GetRouteValueDictionary());
        }
Exemplo n.º 9
0
 public DisplayContentResult(
     Client client,
     ICollection <Scope> scopes,
     ICollection <string> allowedClaims,
     EndpointResult endpointResult)
     : this(endpointResult)
 {
     Client        = client;
     Scopes        = scopes;
     AllowedClaims = allowedClaims;
 }
Exemplo n.º 10
0
        public async Task <EndpointResult> Execute(
            AuthorizationParameter authorizationParameter,
            ClaimsPrincipal principal,
            Client client,
            string issuerName,
            CancellationToken cancellationToken)
        {
            var result = await _processAuthorizationRequest.Process(
                authorizationParameter,
                principal,
                client,
                issuerName,
                cancellationToken)
                         .ConfigureAwait(false);

            if (result.Type == ActionResultType.BadRequest)
            {
                return(result);
            }
            // 1. Check the client is authorized to use the authorization_code flow.
            if (!client.CheckGrantTypes(GrantTypes.AuthorizationCode))
            {
                _logger.LogError(
                    string.Format(
                        Strings.TheClientDoesntSupportTheGrantType,
                        authorizationParameter.ClientId,
                        AuthorizationCode));
                return(EndpointResult.CreateBadRequestResult(
                           new ErrorDetails
                {
                    Title = ErrorCodes.InvalidRequest,
                    Detail = string.Format(
                        Strings.TheClientDoesntSupportTheGrantType,
                        authorizationParameter.ClientId,
                        AuthorizationCode),
                    Status = HttpStatusCode.BadRequest
                }));
            }

            if (result.Type == ActionResultType.RedirectToCallBackUrl)
            {
                result = await _generateAuthorizationResponse.Generate(
                    result,
                    authorizationParameter,
                    principal,
                    client,
                    issuerName,
                    CancellationToken.None)
                         .ConfigureAwait(false);
            }

            return(result);
        }
Exemplo n.º 11
0
        public EndpointResult Completed(Guid questionaireId, int slideIndex)
        {
            var questionaire = Context.QuestionnaireGateway.Get(questionaireId);
            var slide        = questionaire.Slides[slideIndex];

            slide.Validate();
            slide.IsCompleted = true;

            Context.QuestionnaireGateway.Set(questionaire);

            return(EndpointResult.Success());
        }
Exemplo n.º 12
0
        public async Task <EndpointResult> GetAuthorization(
            AuthorizationParameter parameter,
            ClaimsPrincipal claimsPrincipal,
            string issuerName,
            CancellationToken cancellationToken)
        {
            var processId = Id.Create();

            var result = await _authorizationCodeGrantTypeParameterValidator.Validate(parameter, cancellationToken)
                         .ConfigureAwait(false);

            Client client = null !;

            switch (result)
            {
            case Option <Client> .Error error:
                return(EndpointResult.CreateBadRequestResult(error.Details));

            case Option <Client> .Result r:
                client = r.Item;
                break;
            }

            EndpointResult?endpointResult = null;

            if (client.RequirePkce &&
                (string.IsNullOrWhiteSpace(parameter.CodeChallenge) || parameter.CodeChallengeMethod == null))
            {
                _logger.LogError(string.Format(Strings.TheClientRequiresPkce, parameter.ClientId));
                return(EndpointResult.CreateBadRequestResult(
                           new ErrorDetails
                {
                    Title = ErrorCodes.InvalidRequest,
                    Detail = string.Format(Strings.TheClientRequiresPkce, parameter.ClientId),
                    Status = HttpStatusCode.BadRequest
                }));
            }

            var responseTypes     = parameter.ResponseType.ParseResponseTypes();
            var authorizationFlow = responseTypes.GetAuthorizationFlow(parameter.State);

            endpointResult = authorizationFlow switch
            {
                Option <AuthorizationFlow> .Error e => EndpointResult.CreateBadRequestResult(e.Details),
                Option <AuthorizationFlow> .Result
                {
                    Item : AuthorizationFlow.AuthorizationCodeFlow
                } => await _getAuthorizationCodeOperation
        public async Task When_There_Is_No_Logged_User_Then_Exception_Is_Throw()
        {
            var redirectInstruction = new EndpointResult {
                RedirectInstruction = new RedirectInstruction()
            };

            await Assert.ThrowsAsync <ArgumentNullException>(
                () => _generateAuthorizationResponse.Generate(
                    redirectInstruction,
                    new AuthorizationParameter(),
                    new ClaimsPrincipal(),
                    new Client(),
                    "",
                    CancellationToken.None))
            .ConfigureAwait(false);
        }
        public EndpointResult AddItems(string id, IEnumerable <string> items)
        {
            RequiresAuthentication();

            var result = Context.SelectionGateway.Get(id);

            foreach (var item in items)
            {
                result.Items.Add(new Item {
                    Id = item
                });
            }

            Context.SelectionGateway.Set(result);

            return(EndpointResult.Success());
        }
        public async Task When_No_Client_Is_Passed_Then_Exception_Is_Thrown()
        {
            var redirectInstruction = new EndpointResult {
                RedirectInstruction = new RedirectInstruction()
            };
            var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity("fake"));

            await Assert.ThrowsAsync <NullReferenceException>(
                () => _generateAuthorizationResponse.Generate(
                    redirectInstruction,
                    new AuthorizationParameter(),
                    claimsPrincipal,
                    null,
                    null,
                    CancellationToken.None))
            .ConfigureAwait(false);
        }
Exemplo n.º 16
0
 public EndpointResult <string> Unmount(Partition partition)
 {
     try
     {
         var result           = new EndpointResult <string>();
         var kebabDisplayName = partition.DisplayName.ToKebabCase();
         _mount.Unmount(kebabDisplayName);
         result.Succeed = true;
         return(result);
     }
     catch (Exception) // details are logged in OSCommander's ILogger
     {
         return(new EndpointResult <string>()
         {
             Succeed = false,
             ErrorMessage = "http.unmountError",
             StatusCode = 461
         });
     }
 }
Exemplo n.º 17
0
 public EndpointResult <string> DisableAutoMount(string uuid, Partition partition)
 {
     try
     {
         var result           = new EndpointResult <string>();
         var kebabDisplayName = partition.DisplayName.ToKebabCase();
         _cron.Remove($"sudo mount -t auto /dev/disk/by-uuid/{uuid} /mnt/armnas/{kebabDisplayName}");
         result.Succeed = true;
         result.Result  = "Partition auto mount disabled.";
         return(result);
     }
     catch (Exception) // details are logged in OSCommander's ILogger
     {
         return(new EndpointResult <string>()
         {
             Succeed = false,
             ErrorMessage = "http.autoMountDisableError",
             StatusCode = 461
         });
     }
 }
Exemplo n.º 18
0
 private void OnCompleteCreateEndPoint(EndpointResult result)
 {
     if (result.Status == Status.Success)
     {
         // Set the newly created endpoint available in result as active(my) endpoint.
         this.RelayContext.Endpoint = result.EndPoint;
         this.Dispatcher.BeginInvoke(
             delegate
         {
             string name = UsernameTextBox.Text;
             RendezvousService.RegisterNameAsync(HawaiiClient.HawaiiApplicationId, name, this.OnCompleteRegisterName);
         });
         NameRegistration nameRegistration = (NameRegistration)result.StateObject;
     }
     else
     {
         // Display a message box, in case of any error creating a new endpoint.
         DisplayMessage("Error creating endpoint.", "Error");
         error();
     }
 }
Exemplo n.º 19
0
 public EndpointResult <bool> CheckAutoMount(string uuid, Partition partition)
 {
     try
     {
         var result           = new EndpointResult <bool>();
         var kebabDisplayName = partition.DisplayName.ToKebabCase();
         var res = _cron.Check("@reboot", $"sudo mount -t auto /dev/disk/by-uuid/{uuid} /mnt/armnas/{kebabDisplayName}");
         result.Succeed = true;
         result.Result  = res;
         return(result);
     }
     catch (Exception) // details are logged in OSCommander's ILogger
     {
         return(new EndpointResult <bool>()
         {
             Succeed = false,
             ErrorMessage = "http.autoMountCheckError",
             StatusCode = 461
         });
     }
 }
        public EndpointResult DeleteItems(string id, IEnumerable <string> items)
        {
            RequiresAuthentication();

            var result = Context.SelectionGateway.Get(id);

            foreach (var item in items)
            {
                var itemToDelete = result.Items.FirstOrDefault(i => i.Id == item);

                if (itemToDelete == null)
                {
                    continue;
                }

                result.Items.Remove(itemToDelete);
            }

            Context.SelectionGateway.Set(result);

            return(EndpointResult.Success());
        }
Exemplo n.º 21
0
        public async Task When_Prompt_Parameter_Contains_Login_Value_Then_Redirect_To_Index_Page()
        {
            var authorizationParameter = new AuthorizationParameter
            {
                Prompt   = "login",
                ClientId = "client",
                Scope    = "scope"
            };
            var claimsIdentity  = new ClaimsIdentity("authServer");
            var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);

            var result = await _authenticateResourceOwnerOpenIdAction.Execute(
                authorizationParameter,
                claimsPrincipal,
                null,
                null,
                CancellationToken.None)
                         .ConfigureAwait(false);

            Assert.Equal(
                JsonConvert.SerializeObject(EndpointResult.CreateAnEmptyActionResultWithNoEffect()),
                JsonConvert.SerializeObject(result));
        }
        public async Task When_Generating_AuthorizationResponse_With_IdToken_Then_IdToken_Is_Added_To_The_Parameters()
        {
            var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity("fake"));
            // const string idToken = "idToken";
            var clientId = "client";
            var authorizationParameter =
                new AuthorizationParameter {
                ResponseType = ResponseTypeNames.IdToken, ClientId = clientId
            };
            var actionResult = new EndpointResult {
                RedirectInstruction = new RedirectInstruction()
            };

            var client = new Client
            {
                ClientId    = clientId,
                JsonWebKeys =
                    TestKeys.SecretKey.CreateJwk(JsonWebKeyUseNames.Sig, KeyOperations.Sign, KeyOperations.Verify)
                    .ToSet(),
                IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256
            };

            _clientStore.Setup(x => x.GetById(It.IsAny <string>(), It.IsAny <CancellationToken>())).ReturnsAsync(client);
            actionResult = await _generateAuthorizationResponse.Generate(
                actionResult,
                authorizationParameter,
                claimsPrincipal,
                client,
                null,
                CancellationToken.None)
                           .ConfigureAwait(false);

            Assert.Contains(
                actionResult.RedirectInstruction !.Parameters,
                p => p.Name == StandardAuthorizationResponseNames.IdTokenName);
        }
 public Task <IEndpointResult> HandleAsync(int id)
 {
     return(Task.FromResult(EndpointResult.Json(new Book {
         Id = id, Name = id.ToString()
     }, id)));
 }
Exemplo n.º 24
0
        public async Task <EndpointResult> ProcessRedirection(
            AuthorizationParameter authorizationParameter,
            string?code,
            string subject,
            Claim[] claims,
            string?issuerName,
            CancellationToken cancellationToken)
        {
            var client = authorizationParameter.ClientId == null
                ? null
                : await _clientRepository.GetById(authorizationParameter.ClientId, cancellationToken)
                         .ConfigureAwait(false);

            if (client == null)
            {
                throw new InvalidOperationException(SharedStrings.TheClientDoesntExist);
            }

            // Redirect to the consent page if the prompt parameter contains "consent"
            EndpointResult result;
            var            prompts = authorizationParameter.Prompt.ParsePrompts();

            if (prompts.Contains(PromptParameters.Consent) && code != null)
            {
                return(EndpointResult.CreateAnEmptyActionResultWithRedirection(
                           SimpleAuthEndPoints.ConsentIndex,
                           new Parameter("code", code)));
            }

            var assignedConsent = await _consentRepository
                                  .GetConfirmedConsents(subject, authorizationParameter, cancellationToken)
                                  .ConfigureAwait(false);

            // If there's already one consent then redirect to the callback
            if (assignedConsent != null)
            {
                var claimsIdentity  = new ClaimsIdentity(claims, "SimpleAuth");
                var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
                result = await _generateAuthorizationResponse.Generate(
                    EndpointResult.CreateAnEmptyActionResultWithRedirectionToCallBackUrl(),
                    authorizationParameter,
                    claimsPrincipal,
                    client,
                    issuerName,
                    cancellationToken)
                         .ConfigureAwait(false);

                var responseMode = authorizationParameter.ResponseMode;
                if (responseMode != ResponseModes.None)
                {
                    return(result with
                    {
                        RedirectInstruction = result.RedirectInstruction !with {
                            ResponseMode = responseMode
                        }
                    });
                }

                var responseTypes     = authorizationParameter.ResponseType.ParseResponseTypes();
                var authorizationFlow = GetAuthorizationFlow(authorizationParameter.State, responseTypes);
                switch (authorizationFlow)
                {
                case Option <AuthorizationFlow> .Error e:
                    return(EndpointResult.CreateBadRequestResult(e.Details));

                case Option <AuthorizationFlow> .Result r:
                    responseMode = GetResponseMode(r.Item);
                    break;
                }

                return(result with
                {
                    RedirectInstruction = result.RedirectInstruction !with {
                        ResponseMode = responseMode
                    }
                });
            }

            // If there's no consent & there's no consent prompt then redirect to the consent screen.
            return(EndpointResult.CreateAnEmptyActionResultWithRedirection(
                       SimpleAuthEndPoints.ConsentIndex,
                       new Parameter("code", code ?? "")));
        }
Exemplo n.º 25
0
 public Task <IEndpointResult> HandleAsync(int id)
 {
     return(Task.FromResult <IEndpointResult>(EndpointResult.StatusCode(id)));
 }
Exemplo n.º 26
0
        public async Task <EndpointResult> Execute(
            AuthorizationParameter authorizationParameter,
            IPrincipal principal,
            Client client,
            string issuerName,
            CancellationToken cancellationToken)
        {
            if (string.IsNullOrWhiteSpace(authorizationParameter.Nonce))
            {
                _logger.LogError(
                    string.Format(
                        Strings.MissingParameter,
                        CoreConstants.StandardAuthorizationRequestParameterNames.NonceName));
                return(EndpointResult.CreateBadRequestResult(
                           new ErrorDetails
                {
                    Title = ErrorCodes.InvalidRequest,
                    Detail = string.Format(
                        Strings.MissingParameter,
                        CoreConstants.StandardAuthorizationRequestParameterNames.NonceName),
                    Status = HttpStatusCode.BadRequest
                }));
            }

            if (!client.CheckGrantTypes(GrantTypes.Implicit))
            {
                _logger.LogError(
                    string.Format(
                        Strings.TheClientDoesntSupportTheGrantType,
                        authorizationParameter.ClientId,
                        "implicit"));
                return(EndpointResult.CreateBadRequestResult(
                           new ErrorDetails
                {
                    Title = ErrorCodes.InvalidRequest,
                    Detail = string.Format(
                        Strings.TheClientDoesntSupportTheGrantType,
                        authorizationParameter.ClientId,
                        "implicit"),
                    Status = HttpStatusCode.BadRequest
                }));
            }

            var claimsPrincipal = (ClaimsPrincipal)principal;
            var result          = await _processAuthorizationRequest.Process(
                authorizationParameter,
                claimsPrincipal,
                client,
                issuerName,
                cancellationToken)
                                  .ConfigureAwait(false);

            if (result.Type == ActionResultType.RedirectToCallBackUrl)
            {
                result = await _generateAuthorizationResponse.Generate(
                    result,
                    authorizationParameter,
                    claimsPrincipal,
                    client,
                    issuerName,
                    cancellationToken)
                         .ConfigureAwait(false);
            }

            return(result);
        }
Exemplo n.º 27
0
        /// <summary>
        /// Fetch the scopes and client name from the ClientRepository and the parameter
        /// Those information are used to create the consent screen.
        /// </summary>
        /// <param name="authorizationParameter">Authorization code grant type parameter.</param>
        /// <param name="claimsPrincipal"></param>
        /// <param name="issuerName"></param>
        /// <param name="cancellationToken">The <see cref="CancellationToken"/> for the async operation.</param>
        /// <returns>Action resultKind.</returns>
        public async Task <DisplayContentResult> Execute(
            AuthorizationParameter authorizationParameter,
            ClaimsPrincipal claimsPrincipal,
            string issuerName,
            CancellationToken cancellationToken)
        {
            var client = authorizationParameter.ClientId == null
                ? null
                : await _clientRepository.GetById(authorizationParameter.ClientId, cancellationToken)
                         .ConfigureAwait(false);

            if (client == null)
            {
                return(new DisplayContentResult(
                           EndpointResult.CreateBadRequestResult(
                               new ErrorDetails
                {
                    Title = ErrorCodes.InvalidRequest,
                    Detail = string.Format(Strings.ClientIsNotValid, authorizationParameter.ClientId),
                    Status = HttpStatusCode.BadRequest
                })));
            }

            EndpointResult endpointResult;
            var            subject         = claimsPrincipal.GetSubject() !;
            var            assignedConsent = await _consentRepository
                                             .GetConfirmedConsents(subject, authorizationParameter, cancellationToken)
                                             .ConfigureAwait(false);

            // If there's already a consent then redirect to the callback
            if (assignedConsent != null)
            {
                endpointResult = await _generateAuthorizationResponse.Generate(
                    EndpointResult.CreateAnEmptyActionResultWithRedirectionToCallBackUrl(),
                    authorizationParameter,
                    claimsPrincipal,
                    client,
                    issuerName,
                    cancellationToken)
                                 .ConfigureAwait(false);

                var responseMode = authorizationParameter.ResponseMode;
                if (responseMode == ResponseModes.None)
                {
                    var responseTypes     = authorizationParameter.ResponseType.ParseResponseTypes();
                    var authorizationFlow = GetAuthorizationFlow(responseTypes, authorizationParameter.State);
                    switch (authorizationFlow)
                    {
                    case Option <AuthorizationFlow> .Error e:
                        return(new DisplayContentResult(EndpointResult.CreateBadRequestResult(e.Details)));

                    case Option <AuthorizationFlow> .Result r:
                        responseMode = GetResponseMode(r.Item);
                        break;
                    }
                }

                endpointResult = endpointResult with {
                    RedirectInstruction = endpointResult.RedirectInstruction !with {
                        ResponseMode = responseMode
                    }
                };
                return(new DisplayContentResult(endpointResult));
            }

            ICollection <string> allowedClaims = Array.Empty <string>();
            ICollection <Scope>  allowedScopes = Array.Empty <Scope>();
            var claimsParameter = authorizationParameter.Claims;

            if (claimsParameter.IsAnyIdentityTokenClaimParameter() || claimsParameter.IsAnyUserInfoClaimParameter())
            {
                allowedClaims = claimsParameter.GetClaimNames();
            }
            else
            {
                allowedScopes =
                    (await GetScopes(authorizationParameter.Scope !, cancellationToken).ConfigureAwait(false))
                    .Where(s => s.IsDisplayedInConsent)
                    .ToList();
            }

            endpointResult = EndpointResult.CreateAnEmptyActionResultWithOutput();
            return(new DisplayContentResult(client, allowedScopes, allowedClaims, endpointResult));
        }
Exemplo n.º 28
0
 public Task <IEndpointResult> HandleAsync(CancellationToken cancellationToken)
 {
     authService.SignOut();
     return(Task.FromResult(EndpointResult.NoContent()));
 }
Exemplo n.º 29
0
        public async Task <EndpointResult> Generate(
            EndpointResult endpointResult,
            AuthorizationParameter authorizationParameter,
            ClaimsPrincipal claimsPrincipal,
            Client client,
            string?issuerName,
            CancellationToken cancellationToken)
        {
            var          allowedTokenScopes = string.Empty;
            GrantedToken?grantedToken       = null;
            var          responses          = authorizationParameter.ResponseType.ParseResponseTypes();
            var          generateIdToken    = await GenerateIdTokenPayload(
                claimsPrincipal,
                authorizationParameter,
                issuerName,
                cancellationToken)
                                              .ConfigureAwait(false);

            if (generateIdToken is Option <JwtPayload> .Result p)
            {
                var idTokenPayload = p.Item;
                var payload        = await GenerateUserInformationPayload(
                    claimsPrincipal,
                    authorizationParameter,
                    cancellationToken)
                                     .ConfigureAwait(false);

                if (payload is Option <JwtPayload> .Error er)
                {
                    return(EndpointResult.CreateBadRequestResult(er.Details));
                }

                var userInformationPayload = (payload as Option <JwtPayload> .Result) !.Item;
                if (responses.Contains(ResponseTypeNames.Token))
                {
                    // 1. Generate an access token.

                    var tokenScopes = authorizationParameter.Scope.ParseScopes();
                    allowedTokenScopes = string.Join(' ', tokenScopes);
                    grantedToken       = await _tokenStore.GetValidGrantedToken(
                        _jwksStore,
                        allowedTokenScopes,
                        client.ClientId,
                        cancellationToken,
                        idTokenJwsPayload : userInformationPayload,
                        userInfoJwsPayload : idTokenPayload)
                                         .ConfigureAwait(false)
                                         ?? await client.GenerateToken(
                        _jwksStore,
                        tokenScopes,
                        issuerName,
                        userInformationPayload,
                        idTokenPayload,
                        cancellationToken : cancellationToken,
                        claimsPrincipal.Claims.Where(
                            c => client.UserClaimsToIncludeInAuthToken.Any(
                                r => r.IsMatch(c.Type)))
                        .ToArray())
                                         .ConfigureAwait(false);

                    endpointResult = endpointResult with
                    {
                        RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
                            StandardAuthorizationResponseNames.AccessTokenName,
                            grantedToken.AccessToken)
                    };
                }

                AuthorizationCode?authorizationCode = null;
                var authorizationParameterClientId  = authorizationParameter.ClientId;
                if (responses.Contains(ResponseTypeNames.Code)) // 2. Generate an authorization code.
                {
                    var subject         = claimsPrincipal.GetSubject() !;
                    var assignedConsent = await _consentRepository
                                          .GetConfirmedConsents(subject, authorizationParameter, cancellationToken)
                                          .ConfigureAwait(false);

                    if (assignedConsent != null)
                    {
                        if (authorizationParameterClientId == null ||
                            authorizationParameter.RedirectUrl == null ||
                            authorizationParameter.Scope == null)
                        {
                            throw new ArgumentException(Strings.MissingValues, nameof(authorizationParameter));
                        }

                        // Insert a temporary authorization code
                        // It will be used later to retrieve tha id_token or an access token.
                        authorizationCode = new AuthorizationCode
                        {
                            Code            = Id.Create(),
                            RedirectUri     = authorizationParameter.RedirectUrl,
                            CreateDateTime  = DateTimeOffset.UtcNow,
                            ClientId        = authorizationParameterClientId,
                            Scopes          = authorizationParameter.Scope,
                            IdTokenPayload  = idTokenPayload,
                            UserInfoPayLoad = userInformationPayload
                        };

                        endpointResult = endpointResult with
                        {
                            RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
                                StandardAuthorizationResponseNames.AuthorizationCodeName,
                                authorizationCode.Code)
                        };
                    }
                }

                _jwtGenerator.FillInOtherClaimsIdentityTokenPayload(
                    idTokenPayload,
                    authorizationCode == null ? string.Empty : authorizationCode.Code,
                    grantedToken == null ? string.Empty : grantedToken.AccessToken,
                    client);

                if (grantedToken != null)
                // 3. Insert the stateful access token into the DB OR insert the access token into the caching.
                {
                    if (authorizationParameterClientId == null || authorizationParameter.ResponseType == null)
                    {
                        throw new ArgumentException(Strings.MissingValues, nameof(authorizationParameter));
                    }

                    await _tokenStore.AddToken(grantedToken, cancellationToken).ConfigureAwait(false);

                    await _eventPublisher.Publish(
                        new TokenGranted(
                            Id.Create(),
                            claimsPrincipal.GetSubject(),
                            authorizationParameterClientId,
                            allowedTokenScopes,
                            authorizationParameter.ResponseType,
                            DateTimeOffset.UtcNow))
                    .ConfigureAwait(false);
                }

                if (authorizationCode != null) // 4. Insert the authorization code into the caching.
                {
                    if (client.RequirePkce)
                    {
                        authorizationCode = authorizationCode with
                        {
                            CodeChallenge       = authorizationParameter.CodeChallenge ?? string.Empty,
                            CodeChallengeMethod = authorizationParameter.CodeChallengeMethod ?? string.Empty
                        };
                    }

                    await _authorizationCodeStore.Add(authorizationCode, cancellationToken).ConfigureAwait(false);

                    await _eventPublisher.Publish(
                        new AuthorizationGranted(
                            Id.Create(),
                            claimsPrincipal.GetSubject(),
                            authorizationParameterClientId !,
                            DateTimeOffset.UtcNow))
                    .ConfigureAwait(false);
                }

                if (responses.Contains(ResponseTypeNames.IdToken))
                {
                    var idToken = await _clientStore.GenerateIdToken(
                        authorizationParameterClientId !,
                        idTokenPayload,
                        _jwksStore,
                        cancellationToken)
                                  .ConfigureAwait(false);

                    endpointResult = endpointResult with
                    {
                        RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
                            StandardAuthorizationResponseNames.IdTokenName,
                            idToken)
                    };
                }

                if (!string.IsNullOrWhiteSpace(authorizationParameter.State))
                {
                    endpointResult = endpointResult with
                    {
                        RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
                            StandardAuthorizationResponseNames.StateName,
                            authorizationParameter.State)
                    };
                }

                var sessionState = GetSessionState(
                    authorizationParameterClientId,
                    authorizationParameter.OriginUrl,
                    authorizationParameter.SessionId);
                if (sessionState != null)
                {
                    endpointResult = endpointResult with
                    {
                        RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
                            StandardAuthorizationResponseNames.SessionState,
                            sessionState)
                    };
                }

                if (authorizationParameter.ResponseMode == ResponseModes.FormPost)
                {
                    endpointResult = endpointResult with
                    {
                        Type = ActionResultType.RedirectToAction,
                        RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
                            "redirect_uri",
                            authorizationParameter.RedirectUrl?.AbsoluteUri) with
                        {
                            Action = SimpleAuthEndPoints.FormIndex
                        }
                    };
                }

                // Set the response mode
                if (endpointResult.Type == ActionResultType.RedirectToCallBackUrl)
                {
                    var responseMode = authorizationParameter.ResponseMode;
                    if (responseMode == ResponseModes.None)
                    {
                        var responseTypes     = authorizationParameter.ResponseType.ParseResponseTypes();
                        var authorizationFlow = responseTypes.GetAuthorizationFlow(authorizationParameter.State);
                        switch (authorizationFlow)
                        {
                        case Option <AuthorizationFlow> .Error error:
                            return(EndpointResult.CreateBadRequestResult(error.Details));

                        case Option <AuthorizationFlow> .Result r:
                            responseMode = CoreConstants.MappingAuthorizationFlowAndResponseModes[r.Item];
                            break;
                        }
                    }

                    endpointResult = endpointResult with
                    {
                        RedirectInstruction = endpointResult.RedirectInstruction !with {
                            ResponseMode = responseMode
                        }
                    };
                }

                return(endpointResult);
            }
            var e = generateIdToken as Option <JwtPayload> .Error;

            return(EndpointResult.CreateBadRequestResult(e !.Details));
        }
Exemplo n.º 30
0
 public DisplayContentResult(EndpointResult endpointResult)
 {
     EndpointResult = endpointResult;
 }