private ConsentViewModel CreateConsentViewModel(
ConsentInputModel model, string returnUrl,
AuthorizationRequest request)
{
var vm = new ConsentViewModel
{
RememberConsent = model?.RememberConsent ?? true,
ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>(),
Description = model?.Description,
ReturnUrl = returnUrl,
ClientName = request.Client.ClientName ?? request.Client.ClientId,
ClientUrl = request.Client.ClientUri,
ClientLogoUrl = request.Client.LogoUri,
AllowRememberConsent = request.Client.AllowRememberConsent
};
vm.IdentityScopes = request.ValidatedResources.Resources.IdentityResources.Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
var apiScopes = new List <ScopeViewModel>();
foreach (var parsedScope in request.ValidatedResources.ParsedScopes)
{
var apiScope = request.ValidatedResources.Resources.FindApiScope(parsedScope.ParsedName);
if (apiScope != null)
{
var scopeVm = CreateScopeViewModel(parsedScope, apiScope, vm.ScopesConsented.Contains(parsedScope.RawValue) || model == null);
apiScopes.Add(scopeVm);
}
}
if (ConsentOptions.EnableOfflineAccess && request.ValidatedResources.Resources.OfflineAccess)
{
apiScopes.Add(GetOfflineAccessScope(vm.ScopesConsented.Contains(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess) || model == null));
}
vm.ApiScopes = apiScopes;
return(vm);
}
// GET: Consent
public ActionResult Index()
{
var consent = consentInfoProvider.Get(TrackingConsentGenerator.CONSENT_NAME);
if (consent != null)
{
var model = new ConsentViewModel
{
ConsentShortText = consent.GetConsentText(Thread.CurrentThread.CurrentUICulture.Name).ShortText
};
var contact = ContactManagementContext.CurrentContact;
if ((contact != null) && consentAgreementService.IsAgreed(contact, consent))
{
model.IsConsentAgreed = true;
}
return(PartialView("_TrackingConsent", model));
}
return(new EmptyResult());
}
private ConsentViewModel CreateConsentViewModel(
ConsentInputModel model,
string returnUrl,
AuthorizationRequest request,
Client client,
Resources resources)
{
var viewModel = new ConsentViewModel
{
RememberConsent = model?.RememberConsent ?? true,
ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>(),
ReturnUrl = returnUrl,
ClientName = client.ClientName ?? client.ClientId,
ClientUrl = client.ClientUri,
ClientLogoUrl = client.LogoUri,
AllowRememberConsent = client.AllowRememberConsent
};
viewModel.IdentityScopes = resources.IdentityResources
.Select(x => CreateScopeViewModel(x, viewModel.ScopesConsented.Contains(x.Name) || model == null))
.ToArray();
viewModel.ResourceScopes = resources.ApiResources
.SelectMany(x => x.Scopes)
.Select(x => CreateScopeViewModel(x, viewModel.ScopesConsented.Contains(x.Name) || model == null))
.ToArray();
if (ConsentOptions.EnableOfflineAccess && resources.OfflineAccess)
{
viewModel.ResourceScopes = viewModel.ResourceScopes
.Union(new[] {
GetOfflineAccessScope(
viewModel.ScopesConsented.Contains(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess) || model == null)
});
}
return(viewModel);
}
//配置ConsentViewModel
private ConsentViewModel CreateConsentViewModel(
ConsentInputModel model, string returnUrl,
AuthorizationRequest request,
Client client, Resources resources)
{
var vm = new ConsentViewModel();
vm.RememberConsent = model?.RememberConsent ?? true;
vm.ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>();
vm.ReturnUrl = returnUrl;
vm.ClientName = client.ClientName ?? client.ClientId;
vm.ClientUrl = client.ClientUri;
vm.ClientLogoUrl = client.LogoUri;
vm.AllowRememberConsent = client.AllowRememberConsent;
vm.IdentityScopes = resources.IdentityResources.Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
vm.ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes).Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
return(vm);
}
public async Task <ConsentViewModel> BuildConsentViewModel(string returnUrl)
{
var request = await _identityServerInteractionService.GetAuthorizationContextAsync(returnUrl);
if (request == null)
{
return(null);
}
var client = await _clientStore.FindClientByIdAsync(request.ClientId);
var resource = await _resourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested);
ConsentViewModel model = new ConsentViewModel();
model.ClientName = client.ClientName;
model.ClientLogoUrl = client.LogoUri;
model.IdentityScopes = resource.IdentityResources.Select(r => new ScopeViewModel
{
Name = r.Name,
DisplayName = r.DisplayName,
Description = r.Description,
Checked = r.Required,
Required = r.Required,
Emphasize = r.Emphasize
});
model.ResorceScopes = resource.ApiResources.SelectMany(x => x.Scopes)
.Select(r => new ScopeViewModel
{
Name = r.Name,
DisplayName = r.DisplayName,
Description = r.Description,
Checked = r.Required,
Required = r.Required,
Emphasize = r.Emphasize
});
model.ReturnUrl = returnUrl;
return(model);
}
public ConsentViewModel GetConsentViewModel(string returnUrl, ClientViewModel client,
IList <ScopeViewModel> scopes,
IList <IdentityResourceViewModel> identityResources)
{
var selectableIdentityResources = m_genericViewModelFactory.GetSelectableViewmodelList(identityResources);
selectableIdentityResources.ForEach(x => x.IsSelected = x.Item.Required);
var selectableScopes = m_genericViewModelFactory.GetSelectableViewmodelList(scopes);
selectableScopes.ForEach(x => x.IsSelected = x.Item.Required);
var viewModel = new ConsentViewModel
{
RememberConsent = true,
ReturnUrl = returnUrl,
Client = client,
IdentityResources = selectableIdentityResources,
Scopes = selectableScopes,
};
return(viewModel);
}
public async Task <IActionResult> Index(ConsentViewModel model)
{
var result = await ProcessConsent(model);
if (result.IsRedirect)
{
if (await _clientStore.IsPkceClientAsync(result.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return(View("Redirect", result.RedirectUri));
}
return(Redirect(result.RedirectUri));
}
if (result.HasValidationError)
{
ModelState.AddModelError("", result.ValidationError);
}
return(View("Error"));
}
public static ConsentModel ToModel(this ConsentViewModel model)
{
if (model == null)
{
return(null);
}
var entity = new ConsentModel
{
SignatureId = model.SignatureId,
SignatureBlob = Convert.FromBase64String(model.SignatureBlob),
ContactId = model.ContactId,
AuthorizedBy = model.AuthorizedBy,
ContactName = model.ContactName,
ContactDateofBirth = model.ContactDateofBirth,
IsActive = model.IsActive,
ModifiedOn = model.ModifiedOn,
ModifiedBy = model.ModifiedBy,
ForceRollback = model.ForceRollback
};
return(entity);
}
public async Task <IActionResult> Index(ConsentViewModel model)
{
if (model is null)
{
throw new ArgumentNullException(nameof(model));
}
if (!ModelState.IsValid)
{
return(View(model));
}
var returnUrl = model.ReturnUrl;
var result = await _consentService.GrantConsent(returnUrl, User.GetSubjectId());
if (result.IsSuccess)
{
return(Redirect(returnUrl.ToString()));
}
return(View("Error"));
}
private IHttpActionResult CreateConsentResult(
ValidatedAuthorizeRequest validatedRequest,
UserConsent consent,
NameValueCollection requestParameters,
string errorMessage)
{
string loginWithDifferentAccountUrl = null;
if (validatedRequest.HasIdpAcrValue() == false)
{
loginWithDifferentAccountUrl = Url.Route(Constants.RouteNames.Oidc.SwitchUser, null)
.AddQueryString(requestParameters.ToQueryString());
}
var env = Request.GetOwinEnvironment();
var consentModel = new ConsentViewModel
{
RequestId = env.GetRequestId(),
SiteName = _options.SiteName,
SiteUrl = env.GetIdentityServerBaseUrl(),
ErrorMessage = errorMessage,
CurrentUser = env.GetCurrentUserDisplayName(),
LogoutUrl = env.GetIdentityServerLogoutUrl(),
ClientName = validatedRequest.Client.ClientName,
ClientUrl = validatedRequest.Client.ClientUri,
ClientLogoUrl = validatedRequest.Client.LogoUri,
IdentityScopes = validatedRequest.GetIdentityScopes(this._localizationService),
ResourceScopes = validatedRequest.GetResourceScopes(this._localizationService),
AllowRememberConsent = validatedRequest.Client.AllowRememberConsent,
RememberConsent = consent == null || consent.RememberConsent,
LoginWithDifferentAccountUrl = loginWithDifferentAccountUrl,
ConsentUrl = Url.Route(Constants.RouteNames.Oidc.Consent, null).AddQueryString(requestParameters.ToQueryString()),
AntiForgery = _antiForgeryToken.GetAntiForgeryToken()
};
return(new ConsentActionResult(_viewService, consentModel, validatedRequest));
}
public async Task <ConsentViewModel> BuildConsentViewModel(string returnUrl)
{
var request = await _identityServerInteractionService.GetAuthorizationContextAsync(returnUrl);
if (request == null)
{
return(null);
}
var client = await _clientStore.FindEnabledClientByIdAsync(request.ClientId);
if (client == null)
{
return(null);
}
var resources = await _resourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested);
if (resources == null)
{
return(null);
}
var consentViewModel = new ConsentViewModel();
consentViewModel.ClientName = client.ClientName;
consentViewModel.ClientLogoUrl = client.LogoUri;
consentViewModel.ClientUrl = client.ClientUri;
consentViewModel.AllowRememberConsent = client.AllowRememberConsent;
consentViewModel.IdentityScopes = resources.IdentityResources.Select(p => CreateScopViewModel(p));
consentViewModel.ResourceScopes = resources.ApiResources.SelectMany(p => p.Scopes).Select(p => CreateScopViewModel(p));
consentViewModel.ReturnUrl = returnUrl;
return(consentViewModel);
}
private async Task <ConsentViewModel> CreateConsentViewModel(
ConsentInputModel model, string returnUrl,
AuthorizationRequest request,
Client client, Resources resources)
{
var vm = new ConsentViewModel
{
RememberConsent = model?.RememberConsent ?? true,
ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>(),
ReturnUrl = returnUrl,
ClientName = client.ClientName ?? client.ClientId,
ClientUrl = client.ClientUri,
ClientLogoUrl = client.LogoUri,
AllowRememberConsent = client.AllowRememberConsent
};
UserModel user = await _userManager.GetUserAsync(HttpContext.User);
if (user == null)
{
throw new AuthenticationException("Invalid login info.");
}
vm.IdentityScopes = resources.IdentityResources.Select(x => CreateScopeViewModel(x, user, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
vm.ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes).Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
if (ConsentOptions.EnableOfflineAccess && resources.OfflineAccess)
{
vm.ResourceScopes = vm.ResourceScopes.Union(new ScopeViewModel[] {
GetOfflineAccessScope(vm.ScopesConsented.Contains(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess) || model == null)
});
}
return(vm);
}
public Task <Stream> Consent(ConsentViewModel model, ValidatedAuthorizeRequest authorizeRequest)
{
return(Task.FromResult(RunTemplate("consent", model, authorizeRequest.ClientId)));
}
private ConsentViewModel BuildConsentViewModel(ConsentInputModel model, Client client,
Resources resources, string returnUrl)
{
var scopesConsented = (model?.ScopesConsented ?? new string[0]).ToList();
var identityScopes = resources.IdentityResources.Select(ir =>
new Scope
(
ir.Name,
ir.DisplayName,
ir.Description,
scopesConsented.Contains(ir.Name) || model == null || ir.Required,
ir.Emphasize,
ir.Required
))
.ToList();
var resourceScopes = resources.ApiResources.SelectMany(ar => ar.Scopes).Select(s =>
new Scope
(
s.Name,
s.DisplayName,
s.Description,
scopesConsented.Contains(s.Name) || model == null || s.Required,
s.Emphasize,
s.Required
))
.ToList();
if (ConsentConfig.EnableOfflineAccess && resources.OfflineAccess)
{
resourceScopes = resourceScopes.Union(new[]
{
new Scope
(
IdentityServerConstants.StandardScopes.OfflineAccess,
"Offline access",
"Access to your applications and resources, even when you are offline",
scopesConsented.Contains(IdentityServerConstants.StandardScopes.OfflineAccess) || model == null,
true,
false
)
})
.ToList();
}
var viewModel = new ConsentViewModel
(
client.ClientName ?? client.ClientId,
client.ClientUri,
client.LogoUri,
identityScopes,
resourceScopes,
client.AllowRememberConsent
)
{
RememberConsent = model?.RememberConsent ?? true,
ReturnUrl = returnUrl,
ScopesConsented = scopesConsented
};
return(viewModel);
}
public async Task <IActionResult> Consent([FromForm] ConsentInputModel inputModel)
{
ConsentResponse grantedConsent = null;
string returnUrl = null;
string validationError = null;
ConsentViewModel viewModel = null;
if (inputModel.GrantConsent)
{
if (inputModel.ScopesConsented != null && inputModel.ScopesConsented.Any())
{
var scopes = inputModel.ScopesConsented;
if (ConsentConfig.EnableOfflineAccess == false)
{
scopes = scopes.Where(s => s != IdentityServerConstants.StandardScopes.OfflineAccess);
}
grantedConsent = new ConsentResponse
{
RememberConsent = inputModel.RememberConsent,
ScopesConsented = scopes.ToList()
};
}
else
{
validationError = "You must pick at least one permission";
}
}
else
{
grantedConsent = ConsentResponse.Denied;
}
if (grantedConsent != null)
{
var authorizationRequest = await _interactionService.GetAuthorizationContextAsync(inputModel.ReturnUrl);
if (authorizationRequest != null)
{
await _interactionService.GrantConsentAsync(authorizationRequest, grantedConsent);
returnUrl = inputModel.ReturnUrl;
}
}
else
{
viewModel = await BuildConsentViewModelAsync(inputModel.ReturnUrl, inputModel);
}
if (viewModel != null)
{
if (validationError != null)
{
ModelState.AddModelError("", "Error granting consent");
}
return(View("Consent", viewModel));
}
if (returnUrl != null)
{
return(Redirect(returnUrl));
}
return(View("Error"));
}
/// <summary>
/// Loads the HTML for the user consent page.
/// </summary>
/// <param name="model">The model.</param>
/// <param name="authorizeRequest">The validated authorize request.</param>
/// <returns>
/// Stream for the HTML
/// </returns>
public virtual Task <Stream> Consent(ConsentViewModel model, ValidatedAuthorizeRequest authorizeRequest)
{
return(Render(model, ConsentView));
}
public ConsentActionResult(IViewService viewSvc, IDictionary <string, object> env, ConsentViewModel model)
: base(async() => await viewSvc.Consent(env, model))
{
if (viewSvc == null)
{
throw new ArgumentNullException("viewSvc");
}
if (env == null)
{
throw new ArgumentNullException("env");
}
if (model == null)
{
throw new ArgumentNullException("model");
}
}
public Response <ConsentViewModel> AddConsentSignature(ConsentViewModel consentModel)
{
return(consentRepository.AddConsentSignature(consentModel));
}
private void PolicyLinkBtn_Click(object sender, EventArgs e)
{
ConsentViewModel.OpenPrivacyPolicyLink();
}
/// <summary>
/// Loads the HTML for the user consent page.
/// </summary>
/// <param name="model">
/// The model.
/// </param>
/// <returns>
/// The <see cref="ActionResult"/>.
/// </returns>
public ActionResult Consent(ConsentViewModel model)
{
return(this.View(model));
}
public async Task <IActionResult> OnGet(string returnUrl)
{
ConsentVM = await BuildViewModelAsync(returnUrl);
return(Page());
}
public virtual Task <Stream> Consent(ConsentViewModel model, ValidatedAuthorizeRequest authorizeRequest)
{
throw new NotImplementedException();
}
public async Task <IActionResult> GenerateAuthorisationCode([FromBody] ConsentViewModel vm)
{
if (!ModelState.IsValid)
{
return(new JsonResult(new
{
status = 400,
message = "Validation failed",
data = ModelState
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
Application application = await _applicationService.FindAsync(vm.ApplicationId);
if (application == null)
{
return(new JsonResult(new
{
status = 400,
message =
"Invalid application id specified - please provide the application's GUID and not it's client id"
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
User user = (User)HttpContext.Items["User"];
/*
* At this point we've verified the application ID being sent back is legitimate and that user is logged
* in - indicating they have instructed us to generate an authorisation code for this application to
* access their account.
*
* At this point we must validate this claim - if there is no user application record found,
* the user has likely not been through the OAuth prompt and this request should be immediately
* dropped since this request is malicious.
*/
UserApplication userApplication =
await _userApplicationService.FindByUserAndApplicationAsync(user, application);
if (userApplication == null)
{
return(new JsonResult(new
{
status = 400,
message = "No user application link found - applications are not allowed to link to accounts " +
"without explicit user consent!"
})
{
StatusCode = StatusCodes.Status403Forbidden
});
}
AuthorisationCode authCode = await _authorisationCodeService.CreateAsync(user, application);
/*
* At this point in the process the user has consented to this application getting access
* to their account and an authorisation token has been created, the user will be sent
* back to the client with this authorisation token
*/
await _userApplicationService.AuthoriseApplicationAsync(user, application);
return(Ok(new
{
status = 200,
message = "Authorisation code generated successfully",
data = new
{
authorisationCode = authCode.Code
}
}));
}
partial void PrivacyPolicy_TouchUpInside(UIButton sender)
{
ConsentViewModel.OpenPrivacyPolicyLink();
}
void OnPrivacyPolicyPressed(object sender, EventArgs eventArgs)
{
ConsentViewModel.OpenPrivacyPolicyLink();
}
public virtual Task<System.IO.Stream> Consent(IDictionary<string, object> env, ConsentViewModel model)
{
return Render(model, "consent");
}
public virtual Task <Stream> Consent(IDictionary <string, object> env, ConsentViewModel model)
{
return(Render(model, "consent"));
}
private async Task <ProcessConsentResult> BuildProcessConsentResultAsync(ConsentResponse grantedConsent, ConsentViewModel model, AuthorizationRequest request)
{
// communicate outcome of consent back to identityserver
await _interaction.GrantConsentAsync(request, grantedConsent);
// indicate that's it ok to redirect back to authorization endpoint
return(new ProcessConsentResult(model.ReturnUrl, request.ClientId));
}
/// <summary>
/// Loads the HTML for the user consent page.
/// </summary>
/// <param name="model">The model.</param>
/// <returns>
/// Stream for the HTML
/// </returns>
public virtual Task <Stream> Consent(ConsentViewModel model)
{
return(Render(model, "consent"));
}
public Task <Stream> Consent(ConsentViewModel model, ValidatedAuthorizeRequest authorizeRequest)
{
return(Render(model, "consent"));
}
