public bool InsertAuthorizationCode(Server.DataModel.AuthorizationCode Token)
{
const string tokenSQL = "INSERT INTO AuthorizationCode(authorization_code, client_id, resource_owner_id, redirect_uri, issue_time, scope) VALUES(@authorization_code, @client_id, @resource_owner_id, @redirect_uri, @issue_time, @scope);";
const string scopeSQL = "INSERT INTO AuthorizationCode_Scope(authorization_code, scope_name) VALUES(@authorization_code, @scope_name);";
using (IDbConnection db = DBFactory.Open())
{
using (IDbTransaction trans = db.BeginTransaction())
{
int res = db.Execute(tokenSQL, Token, trans);
if (res != 1)
{
trans.Rollback();
return(false);
}
if (!string.IsNullOrWhiteSpace(Token.scope))
{
foreach (string scope in Token.scope.Split(new char[] { ' ', ',', ';' }, StringSplitOptions.RemoveEmptyEntries))
{
if (db.Execute(scopeSQL, new { authorization_code = Token.authorization_code, scope_name = scope }, trans) != 1)
{
trans.Rollback();
return(false);
}
}
}
trans.Commit();
return(true);
}
}
}
public Server.DataModel.AuthorizationCode InsertAuthorizationCode(string AuthorizationCode, string ClientID, string ResourceOwnerID, long IssueTime, string Scope = "", string RedirectURI = null)
{
Server.DataModel.AuthorizationCode code = new Server.DataModel.AuthorizationCode()
{
authorization_code = AuthorizationCode,
client_id = ClientID,
resource_owner_id = ResourceOwnerID,
issue_time = IssueTime,
redirect_uri = RedirectURI,
scope = Scope,
};
if (InsertAuthorizationCode(code))
{
return(code);
}
return(null);
}
public T Exchange <T>(DataModels.ITokenRequest Request, DataModels.Client Client)
where T : DataModels.Token, new()
{
Server.DataModel.AuthorizationCode code = AuthorizationCodeModel.GetAuthorizationCode(Request.code, Client.id, Request.redirect_uri != null ? Request.redirect_uri.ToString() : null);
if (code == null)
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.invalid_request, "Invalid token");
}
DataModels.Approval Approval = ApprovalModel.GetApproval(Client.id, code.resource_owner_id);
if (!AuthorizationCodeModel.DeleteAuthorizationCode(code.authorization_code, code.client_id, code.redirect_uri))
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.access_denied, "Code already used");
}
return(TokenModel.InsertToken <T>(
Extension.TokenHelper.CreateAccessToken(), DataModels.TokenTypes.bearer, 3600, DateTime.Now.GetTotalSeconds(), Client.id, Approval.scope, Approval.resource_owner_id, Approval.refresh_token));
}
public Server.DataModel.AuthorizationCode Authorize(DataModels.ITokenRequest Request, DataModels.Approval Approval, DataModels.Client Client, DataModels.ResourceOwner Owner)
{
Server.DataModel.AuthorizationCode code = AuthorizationCodeModel.InsertAuthorizationCode(
Extension.TokenHelper.CreateAccessToken(), Client, Owner, DateTime.Now.GetTotalSeconds(), Approval.scope, Request.redirect_uri);
if (code == null)
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Error storing access code");
}
if (string.IsNullOrWhiteSpace(Approval.refresh_token))
{
Approval.refresh_token = Extension.TokenHelper.CreateAccessToken();
if (!ApprovalModel.AddOrUpdateApproval(Approval))
{
AuthorizationCodeModel.DeleteAuthorizationCode(code.authorization_code, code.client_id, code.redirect_uri);
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Error updating approval");
}
}
return(code);
}
