public LinkedInOAuth(OAuthConfig config) : base(config) { }
public AdalTokenProvider(OAuthConfig oAuthConfig, ILogger logger, IContainerResolve container) { Logger = logger; Container = container; this.oAuthConfig = oAuthConfig; }
public async Task <IActionResult> Login(LoginInputModel model) { // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (ModelState.IsValid) { AuthenticationProperties props = null; IdentityServerUser isuser = null; UserLoginSuccessEvent successEvent = null; bool isValid = false; string errMsg = null; // 测试用户 var testUser = OAuthConfig.GetTestUsers().Find(t => t.Username == model.Username && t.Password == model.Password); if (testUser != null) { successEvent = new UserLoginSuccessEvent(testUser.Username, testUser.SubjectId, testUser.Username, clientId: context?.Client.ClientId); // issue authentication cookie with subject ID and username isuser = new IdentityServerUser(testUser.SubjectId) { DisplayName = testUser.Username, AdditionalClaims = { new Claim(UserClaimEnum.UserId.ToString(), testUser.SubjectId), new Claim(UserClaimEnum.UserName.ToString(), testUser.Username) } }; isValid = true; } else { //E登账号 var edUser = _edApiService.GetEdUser(model.Username, model.Password, out string msg); errMsg = msg; if (edUser != null) { successEvent = new UserLoginSuccessEvent(edUser.LoginName, edUser.ID.ToString(), edUser.EmployeeName, clientId: context?.Client.ClientId); // issue authentication cookie with subject ID and username isuser = new IdentityServerUser(edUser.ID.ToString()) { DisplayName = edUser.EmployeeName, AdditionalClaims = { new Claim(UserClaimEnum.UserId.ToString(), edUser.ID.ToString()), new Claim(UserClaimEnum.UserName.ToString(), edUser.EmployeeName.ToString()) } }; isValid = true; } } if (isValid) { //身份认证通过 await _events.RaiseAsync(successEvent); // only set explicit expiration here if user chooses "remember me". // otherwise we rely upon expiration configured in cookie middleware. if (AccountOptions.AllowRememberLogin && model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } ; await HttpContext.SignInAsync(isuser, props); if (context != null) { if (context.IsNativeClient()) { // The client is native, so this change in how to // return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } else if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } else { // user might have clicked on a malicious link - should be logged throw new Exception("无效的返回URL"); } } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "无效的证书", clientId : context?.Client.ClientId)); ModelState.AddModelError(string.Empty, errMsg ?? AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public FacebookOAuth(OAuthConfig oauthConfig) : base(oauthConfig) { }
/// <summary>绑定用户,用户未有效绑定或需要强制绑定时</summary> /// <param name="uc"></param> /// <param name="client"></param> public virtual IManageUser OnBind(UserConnect uc, OAuthClient client) { var log = LogProvider.Provider; var prv = Provider; var mode = ""; // 如果未登录,需要注册一个 var user = prv.Current; if (user == null) { // 匹配UnionId if (user == null && !client.UnionID.IsNullOrEmpty()) { var list = UserConnect.FindAllByUnionId(client.UnionID); //// 排除当前项,选择登录次数最多的用户 //list = list.Where(e => e.ID != uc.ID && e.UserID > 0).ToList(); // 选择登录次数最多的用户 var ids = list.Where(e => e.Enable && e.UserID > 0).Select(e => e.UserID).Distinct().ToArray(); var users = ids.Select(e => User.FindByID(e)).Where(e => e != null).ToList(); if (users.Count > 0) { mode = "UnionID"; user = users.OrderByDescending(e => e.Logins).FirstOrDefault(); } } var set = Setting.Current; var cfg = OAuthConfig.FindByName(client.Name); //if (!cfg.AutoRegister) throw new InvalidOperationException($"绑定[{cfg}]要求本地已登录!"); if (user == null && !set.AutoRegister && !cfg.AutoRegister) { log?.WriteLog(typeof(User), "SSO登录", false, $"无法找到[{client.Name}]的[{client.NickName}]在本地的绑定,且没有打开自动注册,准备进入登录页面,利用其它登录方式后再绑定", 0, user + ""); return(null); } // 先找用户名,如果存在,就加上提供者前缀,直接覆盖 var name = client.UserName; if (name.IsNullOrEmpty()) { name = client.NickName; } if (user == null && !name.IsNullOrEmpty()) { // 强制绑定本地用户时,没有前缀 if (set.ForceBindUser) { mode = "UserName"; user = prv.FindByName(name); } else { mode = "Provider-UserName"; name = client.Name + "_" + name; user = prv.FindByName(name); } } // 匹配Code if (user == null && set.ForceBindUserCode) { mode = "UserCode"; if (!client.UserCode.IsNullOrEmpty()) { user = User.FindByCode(client.UserCode); } } // 匹配Mobile if (user == null && set.ForceBindUserMobile) { mode = "UserMobile"; if (!client.Mobile.IsNullOrEmpty()) { user = User.FindByMobile(client.Mobile); } } // 匹配Mail if (user == null && set.ForceBindUserMail) { mode = "UserMail"; if (!client.Mail.IsNullOrEmpty()) { user = User.FindByMail(client.Mail); } } // QQ、微信 等不返回用户名 if (user == null && name.IsNullOrEmpty()) { // OpenID和AccessToken不可能同时为空 var openid = client.OpenID; if (openid.IsNullOrEmpty()) { openid = client.AccessToken; } // 过长,需要随机一个较短的 var num = openid.GetBytes().Crc(); mode = "OpenID-Crc"; name = client.Name + "_" + num.ToString("X8"); user = prv.FindByName(name); } if (user == null) { mode = "Register"; // 新注册用户采用魔方默认角色 var rid = Role.GetOrAdd(set.DefaultRole).ID; //if (rid == 0 && client.Items.TryGetValue("roleid", out var roleid)) rid = roleid.ToInt(); //if (rid <= 0) rid = GetRole(client.Items, rid < -1); // 注册用户,随机密码 user = prv.Register(name, Rand.NextString(16), rid, true); //if (user is User user2) user2.RoleIDs = GetRoles(client.Items, rid < -2).Join(); } } uc.UserID = user.ID; uc.Enable = true; // 写日志 log?.WriteLog(typeof(User), "绑定", true, $"[{user}]依据[{mode}]绑定到[{client.Name}]的[{client.NickName}]", user.ID, user + ""); return(user); }
public TwitterServiceBase(OAuthConfig oauthConfig) { _oauthConfig = oauthConfig; }
private void BindData() { this.Repeater1.DataSource = OAuthConfig.LoadAll(); this.Repeater1.DataBind(); }
/// <summary>填充用户,登录成功并获取用户信息之后</summary> /// <param name="client"></param> /// <param name="user"></param> protected virtual void Fill(OAuthClient client, IManageUser user) { client.Fill(user); var dic = client.Items; // 用户信息 if (dic != null && user is User user2) { if (user2.Code.IsNullOrEmpty()) { user2.Code = client.UserCode; } if (user2.Mobile.IsNullOrEmpty()) { user2.Mobile = client.Mobile; } if (user2.Mail.IsNullOrEmpty()) { user2.Mail = client.Mail; } if (user2.Sex == SexKinds.未知 && client.Sex != 0) { user2.Sex = (SexKinds)client.Sex; } if (user2.Remark.IsNullOrEmpty()) { user2.Remark = client.Detail; } var set = Setting.Current; var roleId = 0; List <Int32> roleIds = null; // 使用认证中心的角色 if (set.UseSsoRole) { // 跟本地系统角色合并 var sys = user2.Roles.Where(e => e.IsSystem).Select(e => e.ID).ToList(); if (sys.Count > 0) { roleId = user2.RoleID; if (roleIds == null) { roleIds = new List <Int32>(); } roleIds.AddRange(sys); } roleId = GetRole(dic, true); if (roleId > 0) { user2.RoleID = roleId; var ids = GetRoles(client.Items, true).ToList(); if (roleIds == null) { roleIds = new List <Int32>(); } roleIds.AddRange(ids); } } // 使用本地角色 if (user2.RoleID <= 0 && !set.DefaultRole.IsNullOrEmpty()) { user2.RoleID = roleId = Role.GetOrAdd(set.DefaultRole).ID; } // OAuth提供者的自动角色 var cfg = OAuthConfig.FindAllWithCache().FirstOrDefault(e => e.Name.EqualIgnoreCase(client.Name)); if (cfg != null && !cfg.AutoRole.IsNullOrEmpty()) { var ids = GetRoles(cfg.AutoRole, true).ToList(); if (roleIds == null) { roleIds = new List <Int32>(); } roleIds.AddRange(ids); } if (roleIds != null) { roleIds = roleIds.Distinct().ToList(); if (roleIds.Contains(roleId)) { roleIds.Remove(roleId); } if (roleIds.Count == 0) { user2.RoleIds = null; } else { user2.RoleIds = "," + roleIds.OrderBy(e => e).Join() + ","; } } // 部门 if (set.UseSsoDepartment && !client.DepartmentCode.IsNullOrEmpty() && !client.DepartmentName.IsNullOrEmpty()) { var dep = Department.FindByCode(client.DepartmentCode); if (dep == null) { dep = new Department { Code = client.DepartmentCode, Name = client.DepartmentName, Enable = true }; dep.Insert(); } user2.DepartmentID = dep.ID; } // 头像。有可能是相对路径,需要转为绝对路径 var av = client.Avatar; if (av != null && av.StartsWith("/") && client.Server.StartsWithIgnoreCase("http")) { av = new Uri(new Uri(client.Server), av) + ""; } if (user2.Avatar.IsNullOrEmpty()) { user2.Avatar = av; } // 本地头像,如果不存在,也要更新 else if (user2.Avatar.StartsWithIgnoreCase("/Sso/Avatar/", "/Sso/Avatar?")) { var av2 = Setting.Current.AvatarPath.CombinePath(user2.ID + ".png").GetBasePath(); if (!File.Exists(av2)) { LogProvider.Provider?.WriteLog(user.GetType(), "更新头像", true, $"{user2.Avatar} => {av}", user.ID, user + ""); user2.Avatar = av; } } // 下载远程头像到本地,Avatar还是保存远程头像地址 if (user2.Avatar.StartsWithIgnoreCase("http") && !set.AvatarPath.IsNullOrEmpty()) { Task.Run(() => FetchAvatar(user, av)); } } }
public OSChinaOAuth(OAuthConfig oauthConfig) : base(oauthConfig) { }
public GithubOAuth(OAuthConfig oauthConfig) : base(oauthConfig) { }
public GiteeOAuth(OAuthConfig oauthConfig) : base(oauthConfig) { }
public TwitterServiceMonoTouch(OAuthConfig oauthConfig, Func <UIViewController> getViewController) : base(oauthConfig) { _getViewController = getViewController; LoadCredentials(); }
/// <summary>应用参数</summary> /// <param name="mi"></param> public override void Apply(OAuthConfig mi) { base.Apply(mi); SetMode(Scope); }
public OAuthAuthorizerMonoTouch(OAuthConfig config, Func <UIViewController> getViewController) : base(config) { _getViewController = getViewController; //_parent = getViewController(); }
public OAuthAuthorizerMonoTouch(OAuthConfig config) : base(config) { }