public void UpdateClientAuthorization(int id, ClientDto clientDto)
{
Client client = this.Session.Get <Client>(id);
if (client == null)
{
throw new FluentValidationException($"客户端{id}不存在。");
}
client.FrontChannelLogoutUri = clientDto.FrontChannelLogoutUri;
client.FrontChannelLogoutSessionRequired = clientDto.FrontChannelLogoutSessionRequired;
client.BackChannelLogoutUri = clientDto.BackChannelLogoutUri;
client.BackChannelLogoutSessionRequired = clientDto.BackChannelLogoutSessionRequired;
client.EnableLocalLogin = clientDto.EnableLocalLogin;
client.UserSsoLifetime = clientDto.UserSsoLifetime;
var transaction = this.Session.BeginTransaction();
try
{
this.Session.Update(client);
this.Session.CreateQuery("delete from ClientPostLogoutRedirectUri where ClientId=:ClientId")
.SetInt32("ClientId", id)
.ExecuteUpdate();
clientDto.PostLogoutRedirectUris.ForEach(postLogoutRedirectUri =>
{
ClientPostLogoutRedirectUri clientPostLogoutRedirectUri = new ClientPostLogoutRedirectUri();
clientPostLogoutRedirectUri.ClientId = client.Id;
clientPostLogoutRedirectUri.PostLogoutRedirectUri = postLogoutRedirectUri;
this.Session.Save(clientPostLogoutRedirectUri);
});
this.Session.CreateQuery("delete from ClientIdPRestriction where ClientId=:ClientId")
.SetInt32("ClientId", id)
.ExecuteUpdate();
clientDto.IdentityProviderRestrictions.ForEach(provider =>
{
ClientIdPRestriction clientIdPRestriction = new ClientIdPRestriction();
clientIdPRestriction.ClientId = client.Id;
clientIdPRestriction.Provider = provider;
this.Session.Save(clientIdPRestriction);
});
transaction.Commit();
}
catch (Exception ex)
{
transaction.Rollback();
throw ex;
}
}
public Result <int> Update(ClientModel model, int id)
{
try
{
var result = new Result <int>();
var existingClient = clientContext.Clients
.Where(x => x.Id == id)
.Include(x => x.AllowedScopes)
.Include(x => x.ClientSecrets)
.Include(x => x.RedirectUris)
.Include(x => x.PostLogoutRedirectUris)
.Include(x => x.AllowedCorsOrigins)
.Include(x => x.IdentityProviderRestrictions)
.Include(x => x.Claims)
.Include(x => x.AllowedCustomGrantTypes)
.SingleOrDefault();
if (existingClient == null)
{
result.Exists = false;
return(result);
}
var duplicateClientId = clientContext.Clients
.Where(x => x.ClientId == model.ClientId)
.FirstOrDefault();
if (duplicateClientId != null && duplicateClientId.Id != id)
{
throw new Exception("pre-existing clientid");
}
clientContext.Entry(existingClient).CurrentValues.SetValues(model); // copy all values from object
#region Update related properties
var exRedirectUris = existingClient.RedirectUris.ToList();
//delete redirect uri's that have been removed
foreach (var item in exRedirectUris)
{
if (!model.RedirectUris.Any(x => x.Id == item.Id))
{
existingClient.RedirectUris.Remove(item);
}
}
if (model.RedirectUris != null && model.RedirectUris.Any())
{
//update and add new uris
foreach (var item in model.RedirectUris)
{
var exRedirectUri = existingClient.RedirectUris.FirstOrDefault(x => x.Id == item.Id);
if (exRedirectUri != null)
{
clientContext.Entry(exRedirectUri).CurrentValues.SetValues(item);
}
else
{
var redirectUri = new ClientRedirectUri
{
Uri = item.Uri,
};
existingClient.RedirectUris.Add(redirectUri);
}
}
}
//delete post redirect uri's that have been removed
var exPostRedirectUris = existingClient.PostLogoutRedirectUris.ToList();
foreach (var item in exPostRedirectUris)
{
if (!model.PostLogoutRedirectUris.Any(x => x.Id == item.Id))
{
existingClient.PostLogoutRedirectUris.Remove(item);
}
}
if (model.PostLogoutRedirectUris != null && model.PostLogoutRedirectUris.Any())
{
foreach (var item in model.PostLogoutRedirectUris)
{
var exPostRedirectUri = existingClient.PostLogoutRedirectUris.FirstOrDefault(x => x.Id == item.Id);
if (exPostRedirectUri != null)
{
clientContext.Entry(exPostRedirectUri).CurrentValues.SetValues(item);
}
else
{
var postRedirectUri = new ClientPostLogoutRedirectUri
{
Uri = item.Uri,
};
existingClient.PostLogoutRedirectUris.Add(postRedirectUri);
}
}
}
//update and add new post redirect uris
var exIdProvRestrictions = existingClient.IdentityProviderRestrictions.ToList();
foreach (var item in exIdProvRestrictions)
{
if (!model.IdentityProviderRestrictions.Any(x => x.Id == item.Id))
{
existingClient.IdentityProviderRestrictions.Remove(item);
}
}
if (model.IdentityProviderRestrictions != null && model.IdentityProviderRestrictions.Any())
{
foreach (var item in model.IdentityProviderRestrictions)
{
var exIdProvRestriction = existingClient.IdentityProviderRestrictions.FirstOrDefault(x => x.Id == item.Id);
if (exIdProvRestriction != null)
{
clientContext.Entry(exIdProvRestriction).CurrentValues.SetValues(item);
}
else
{
var IdentityProvRestriction = new ClientIdPRestriction
{
Provider = item.Provider,
};
existingClient.IdentityProviderRestrictions.Add(exIdProvRestriction);
}
}
}
//update and add new post redirect uris
//delete post redirect uri's that have been removed
//delete allowed scopes that have been removed
var exScopes = existingClient.AllowedScopes.ToList();
foreach (var item in exScopes)
{
if (!model.AllowedScopes.Any(x => x.Id == item.Id))
{
existingClient.AllowedScopes.Remove(item);
}
}
if (model.AllowedScopes != null && model.AllowedScopes.Any())
{
foreach (var item in model.AllowedScopes)
{
var exScope = existingClient.AllowedScopes.FirstOrDefault(x => x.Id == item.Id);
if (exScope != null)
{
clientContext.Entry(exScope).CurrentValues.SetValues(item);
}
else
{
var newScope = new ClientScope
{
Scope = item.Scope,
};
existingClient.AllowedScopes.Add(newScope);
}
}
}
//delete client claims that have been removed
var exClaims = existingClient.Claims.ToList();
foreach (var item in exClaims)
{
if (!model.Claims.Any(x => x.Id == item.Id))
{
existingClient.Claims.Remove(item);
}
}
if (model.Claims != null && model.Claims.Any())
{
//update and add new post redirect uris
foreach (var item in model.Claims)
{
var exClaim = existingClient.Claims.FirstOrDefault(x => x.Id == item.Id);
if (exClaim != null)
{
clientContext.Entry(exClaim).CurrentValues.SetValues(item);
}
else
{
var newClaim = new ClientClaim
{
Type = item.Type,
Value = item.Value
};
existingClient.Claims.Add(newClaim);
}
}
}
//delete client claims that have been removed
var exAllowedCors = existingClient.AllowedCorsOrigins.ToList();
foreach (var item in exAllowedCors)
{
if (!model.AllowedCorsOrigins.Any(x => x.Id == item.Id))
{
existingClient.AllowedCorsOrigins.Remove(item);
}
}
if (model.AllowedCorsOrigins != null && model.AllowedCorsOrigins.Any())
{
//update and add new post redirect uris
foreach (var item in model.AllowedCorsOrigins)
{
var exAllowedCor = existingClient.AllowedCorsOrigins.FirstOrDefault(x => x.Id == item.Id);
if (exAllowedCor != null)
{
clientContext.Entry(exAllowedCor).CurrentValues.SetValues(item);
}
else
{
var newClientCor = new ClientCorsOrigin
{
Origin = item.Origin
};
existingClient.AllowedCorsOrigins.Add(newClientCor);
}
}
}
//delete custom grant types that have been removed
var exCustomGrants = existingClient.AllowedCustomGrantTypes.ToList();
foreach (var item in exCustomGrants)
{
if (!model.AllowedCustomGrantTypes.Any(x => x.Id == item.Id))
{
existingClient.AllowedCustomGrantTypes.Remove(item);
}
}
if (model.AllowedCustomGrantTypes != null && model.AllowedCustomGrantTypes.Any())
{
//update and add new post redirect uris
foreach (var item in model.AllowedCustomGrantTypes)
{
var exCustomGrant = existingClient.AllowedCustomGrantTypes.FirstOrDefault(x => x.Id == item.Id);
if (exCustomGrant != null)
{
clientContext.Entry(exCustomGrant).CurrentValues.SetValues(item);
}
else
{
var newCustomGrant = new ClientCustomGrantType
{
GrantType = item.GrantType
};
existingClient.AllowedCustomGrantTypes.Add(newCustomGrant);
}
}
}
//delete custom grant types that have been removed
var exSecrets = existingClient.ClientSecrets.ToList();
foreach (var item in exSecrets)
{
if (!model.ClientSecrets.Any(x => x.Id == item.Id))
{
existingClient.ClientSecrets.Remove(item);
}
}
if (model.ClientSecrets != null && model.ClientSecrets.Any())
{
//update and add new post redirect uris
foreach (var item in model.ClientSecrets)
{
var exSecret = existingClient.ClientSecrets.FirstOrDefault(x => x.Id == item.Id);
if (exSecret != null)
{
exSecret.Value = exSecret.Value;
clientContext.Entry(exSecret).CurrentValues.SetValues(item);
}
else
{
var newSecret = new ClientSecret
{
Type = item.Type,
Value = item.Value.Sha256(),
Expiration = item.Expiration,
Description = item.Description,
};
existingClient.ClientSecrets.Add(newSecret);
}
}
}
#endregion
clientContext.SaveChanges();
result.Exists = true;
result.Response = existingClient.Id;
result.CustomValue = existingClient.ClientName;
return(result);
}
catch (Exception ex)
{
ErrorLogger.Log(ex);
throw;
}
}
public async Task OnPostAsync()
{
// Arrange
const string idPRestriction1OriginalProvider = "Original Provider";
const string idPRestriction1EditedProvider = "Edited Provider";
const string newIdPRestrictionProvider = "New Provider";
var databaseName = $"{DatabaseNamePrefix}.{nameof(OnPostAsync)}";
var options = new DbContextOptionsBuilder <OidcDbContext>()
.UseInMemoryDatabase(databaseName)
.Options;
IdPRestrictionsModel idPRestrictions;
IActionResult post;
var idPRestriction1 = new ClientIdPRestriction
{
Id = Random.Next(),
Provider = idPRestriction1OriginalProvider
};
var idPRestriction2 = new ClientIdPRestriction {
Id = Random.Next()
};
var client = new Client
{
Id = Random.Next(),
IdentityProviderRestrictions = new List <ClientIdPRestriction>
{
idPRestriction1,
idPRestriction2
}
};
using (var context = new OidcDbContext(options))
{
context.Add(client);
await context.SaveChangesAsync().ConfigureAwait(false);
}
// Act
using (var context = new OidcDbContext(options))
{
idPRestrictions = new IdPRestrictionsModel(context)
{
Client = new Client
{
Id = client.Id,
IdentityProviderRestrictions = new List <ClientIdPRestriction>
{
new ClientIdPRestriction
{
Id = idPRestriction1.Id,
Provider = idPRestriction1EditedProvider
},
new ClientIdPRestriction {
Provider = newIdPRestrictionProvider
}
}
}
};
post = await idPRestrictions.OnPostAsync().ConfigureAwait(false);
}
// Assert
using (var context = new OidcDbContext(options))
{
client = await context.Clients
.Include(x => x.IdentityProviderRestrictions)
.SingleOrDefaultAsync(x => x.Id.Equals(client.Id))
.ConfigureAwait(false);
idPRestriction1 = client.IdentityProviderRestrictions.SingleOrDefault(x => x.Id.Equals(idPRestriction1.Id));
idPRestriction2 = client.IdentityProviderRestrictions.SingleOrDefault(x => x.Id.Equals(idPRestriction2.Id));
var newIdPRestriction = client.IdentityProviderRestrictions.SingleOrDefault(x => x.Provider.Equals(newIdPRestrictionProvider));
Assert.NotNull(idPRestriction1);
Assert.Equal(idPRestriction1EditedProvider, idPRestriction1.Provider);
Assert.Null(idPRestriction2);
Assert.NotNull(newIdPRestriction);
}
var result = Assert.IsType <RedirectToPageResult>(post);
Assert.Equal("../Details/IdPRestrictions", result.PageName);
Assert.Collection(result.RouteValues, routeValue =>
{
var(key, value) = routeValue;
Assert.Equal(nameof(Client.Id), key);
Assert.Equal(idPRestrictions.Client.Id, value);
});
}