public async Task <IActionResult> Create(string returnUrl = null) { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageOpenIdApplications)) { return(Unauthorized()); } var openIdSettings = await _openIdService.GetOpenIdSettingsAsync(); if (!_openIdService.IsValidOpenIdSettings(openIdSettings)) { _notifier.Warning(H["OpenID Connect settings are not properly configured."]); } var model = new CreateOpenIdApplicationViewModel() { RoleEntries = (await _roleProvider.GetRoleNamesAsync()).Select(r => new RoleEntry() { Name = r }).ToList() }; ViewData["OpenIdSettings"] = openIdSettings; ViewData["ReturnUrl"] = returnUrl; return(View(model)); }
public async Task ConfidentionalClientNeedsSecret(string clientType, string clientSecret, bool allowAuthFlow, bool allowPasswordFlow, bool expectValidModel) { var controller = new ApplicationController( Mock.Of <IShapeFactory>(), Mock.Of <ISiteService>(), MockStringLocalizer().Object, MockAuthorizationServiceMock().Object, Mock.Of <IOpenIdApplicationManager>(), Mock.Of <IOpenIdScopeManager>(), Mock.Of <IHtmlLocalizer <ApplicationController> >(), Mock.Of <INotifier>(), Mock.Of <ShellDescriptor>()); controller.ControllerContext = CreateControllerContext(); var model = new CreateOpenIdApplicationViewModel(); model.Type = clientType; model.ClientSecret = clientSecret; model.AllowAuthorizationCodeFlow = allowAuthFlow; model.AllowPasswordFlow = allowPasswordFlow; var result = await controller.Create(model); if (expectValidModel) { Assert.IsType <RedirectToActionResult>(result); } else { Assert.IsType <ViewResult>(result); } Assert.Equal(expectValidModel, controller.ModelState.IsValid); }
public async Task <IActionResult> Create(string returnUrl = null) { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications)) { return(Unauthorized()); } var model = new CreateOpenIdApplicationViewModel(); var roleService = HttpContext.RequestServices?.GetService <IRoleService>(); if (roleService != null) { foreach (var role in await roleService.GetRoleNamesAsync()) { model.RoleEntries.Add(new CreateOpenIdApplicationViewModel.RoleEntry { Name = role }); } } else { _notifier.Warning(H["There are no registered services to provide roles."]); } ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync(); ViewData["ReturnUrl"] = returnUrl; return(View(model)); }
public async Task <IActionResult> Create(CreateOpenIdApplicationViewModel model, string returnUrl = null) { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications)) { return(Forbid()); } if (!string.IsNullOrEmpty(model.ClientSecret) && string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { ModelState.AddModelError(nameof(model.ClientSecret), S["No client secret can be set for public applications."]); } else if (string.IsNullOrEmpty(model.ClientSecret) && string.Equals(model.Type, OpenIddictConstants.ClientTypes.Confidential, StringComparison.OrdinalIgnoreCase)) { ModelState.AddModelError(nameof(model.ClientSecret), S["The client secret is required for confidential applications."]); } if (!string.IsNullOrEmpty(model.ClientId) && await _applicationManager.FindByClientIdAsync(model.ClientId) != null) { ModelState.AddModelError(nameof(model.ClientId), S["The client identifier is already taken by another application."]); } if (!ModelState.IsValid) { ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync(); ViewData["ReturnUrl"] = returnUrl; return(View(model)); } var settings = new OpenIdApplicationSettings() { AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow, AllowClientCredentialsFlow = model.AllowClientCredentialsFlow, AllowHybridFlow = model.AllowHybridFlow, AllowImplicitFlow = model.AllowImplicitFlow, AllowLogoutEndpoint = model.AllowLogoutEndpoint, AllowPasswordFlow = model.AllowPasswordFlow, AllowRefreshTokenFlow = model.AllowRefreshTokenFlow, ClientId = model.ClientId, ClientSecret = model.ClientSecret, ConsentType = model.ConsentType, DisplayName = model.DisplayName, PostLogoutRedirectUris = model.PostLogoutRedirectUris, RedirectUris = model.RedirectUris, Roles = model.RoleEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(), Scopes = model.ScopeEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(), Type = model.Type }; await _applicationManager.UpdateDescriptorFromSettings(settings); if (string.IsNullOrEmpty(returnUrl)) { return(RedirectToAction(nameof(Index))); } return(this.LocalRedirect(returnUrl, true)); }
public async Task RedirectUrisAreValid(string uris, bool expectValidModel) { var controller = new ApplicationController( Mock.Of <IShapeFactory>(), Mock.Of <ISiteService>(), MockStringLocalizer().Object, MockAuthorizationServiceMock().Object, Mock.Of <IRoleProvider>(), Mock.Of <IOpenIdApplicationManager>(), Mock.Of <IHtmlLocalizer <ApplicationController> >(), Mock.Of <INotifier>(), Mock.Of <ShellDescriptor>()); controller.ControllerContext = CreateControllerContext(); var model = new CreateOpenIdApplicationViewModel(); model.Type = OpenIddictConstants.ClientTypes.Public; model.AllowAuthorizationCodeFlow = true; model.RedirectUris = uris; var result = await controller.Create(model); if (expectValidModel) { Assert.IsType <RedirectToActionResult>(result); } else { Assert.IsType <ViewResult>(result); } Assert.Equal(expectValidModel, controller.ModelState.IsValid); }
public async Task <IActionResult> Create(CreateOpenIdApplicationViewModel model, string returnUrl = null) { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageOpenIdApplications)) { return(Unauthorized()); } if (model.Type == ClientType.Confidential) { var user = await _userManager.FindByNameAsync(User.Identity.Name); await ValidateClientSecretAsync(user, model.ClientSecret, (key, message) => ModelState.AddModelError(key, message)); } else if (model.Type == ClientType.Public && !string.IsNullOrEmpty(model.ClientSecret)) { ModelState.AddModelError(nameof(model.ClientSecret), T["No client secret can be set for public applications."]); } if (!model.AllowAuthorizationCodeFlow && !model.AllowClientCredentialsFlow && !model.AllowImplicitFlow && !model.AllowPasswordFlow && !model.AllowRefreshTokenFlow) { ModelState.AddModelError(string.Empty, "At least one flow must be enabled."); } if (await _applicationManager.FindByClientIdAsync(model.ClientId) != null) { ModelState.AddModelError(nameof(model.ClientId), T["The client identifier is already taken by another application."]); } if (!ModelState.IsValid) { var openIdSettings = await _openIdService.GetOpenIdSettingsAsync(); if (!_openIdService.IsValidOpenIdSettings(openIdSettings)) { _notifier.Warning(H["OpenID Connect settings are not properly configured."]); } ViewData["OpenIdSettings"] = openIdSettings; ViewData["ReturnUrl"] = returnUrl; return(View("Create", model)); } await _applicationManager.CreateAsync(model); if (string.IsNullOrEmpty(returnUrl)) { return(RedirectToAction("Index")); } return(LocalRedirect(returnUrl)); }
public async Task RedirectUrisAreValid(string uris, bool expectValidModel) { var controller = new ApplicationController( Mock.Of <IShapeFactory>(), Mock.Of <ISiteService>(), MockStringLocalizer().Object, MockAuthorizationServiceMock().Object, Mock.Of <IOpenIdApplicationManager>(), Mock.Of <IOpenIdScopeManager>(), Mock.Of <IHtmlLocalizer <ApplicationController> >(), Mock.Of <INotifier>(), Mock.Of <ShellDescriptor>()); controller.ControllerContext = CreateControllerContext(); var model = new CreateOpenIdApplicationViewModel(); model.Type = OpenIddictConstants.ClientTypes.Public; model.AllowAuthorizationCodeFlow = true; model.RedirectUris = uris; var validationContext = new ValidationContext(model); var localizerMock = new Mock <IStringLocalizer <CreateOpenIdApplicationViewModel> >(); localizerMock.Setup(x => x[It.IsAny <string>(), It.IsAny <object[]>()]) .Returns((string name, object[] args) => new LocalizedString(name, string.Format(name, args))); validationContext.InitializeServiceProvider((t) => localizerMock.Object); foreach (var validation in model.Validate(validationContext)) { controller.ModelState.AddModelError(validation.MemberNames.First(), validation.ErrorMessage); } var result = await controller.Create(model); if (expectValidModel) { Assert.IsType <RedirectToActionResult>(result); } else { Assert.IsType <ViewResult>(result); } Assert.Equal(expectValidModel, controller.ModelState.IsValid); }
public async Task <IActionResult> Create(string returnUrl = null) { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications)) { return(Unauthorized()); } var model = new CreateOpenIdApplicationViewModel(); foreach (var role in await _roleProvider.GetRoleNamesAsync()) { model.RoleEntries.Add(new CreateOpenIdApplicationViewModel.RoleEntry { Name = role }); } ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync(); ViewData["ReturnUrl"] = returnUrl; return(View(model)); }
public async Task <IActionResult> Create(CreateOpenIdApplicationViewModel model, string returnUrl = null) { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageOpenIdApplications)) { return(Unauthorized()); } if (model.Type == ClientType.Confidential) { var user = await _userManager.FindByNameAsync(User.Identity.Name); await ValidateClientSecretAsync(user, model.ClientSecret, (key, message) => ModelState.AddModelError(key, message)); } else if (model.Type == ClientType.Public && !string.IsNullOrEmpty(model.ClientSecret)) { ModelState.AddModelError(nameof(model.ClientSecret), T["No client secret can be set for public applications."]); } if (!ModelState.IsValid) { var openIdSettings = await _openIdService.GetOpenIdSettingsAsync(); if (!_openIdService.IsValidOpenIdSettings(openIdSettings)) { _notifier.Warning(H["OpenID Connect settings are not properly configured."]); } ViewData["OpenIdSettings"] = openIdSettings; ViewData["ReturnUrl"] = returnUrl; return(View("Create", model)); } var roleNames = new List <string>(); if (model.Type == ClientType.Confidential && model.AllowClientCredentialsFlow) { roleNames = model.RoleEntries.Where(r => r.Selected).Select(r => r.Name).ToList(); } var application = new OpenIdApplication { DisplayName = model.DisplayName, RedirectUri = model.RedirectUri, LogoutRedirectUri = model.LogoutRedirectUri, ClientId = model.ClientId, Type = model.Type, SkipConsent = model.SkipConsent, RoleNames = roleNames, AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow, AllowClientCredentialsFlow = model.AllowClientCredentialsFlow, AllowImplicitFlow = model.AllowImplicitFlow, AllowPasswordFlow = model.AllowPasswordFlow, AllowRefreshTokenFlow = model.AllowRefreshTokenFlow, AllowHybridFlow = model.AllowHybridFlow }; await _applicationManager.CreateAsync(application, model.ClientSecret, HttpContext.RequestAborted); if (string.IsNullOrEmpty(returnUrl)) { return(RedirectToAction("Index")); } return(LocalRedirect(returnUrl)); }
public async Task <IActionResult> Create(CreateOpenIdApplicationViewModel model, string returnUrl = null) { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageApplications)) { return(Unauthorized()); } if (!string.IsNullOrEmpty(model.ClientSecret) && string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase)) { ModelState.AddModelError(nameof(model.ClientSecret), T["No client secret can be set for public applications."]); } else if (string.IsNullOrEmpty(model.ClientSecret) && string.Equals(model.Type, OpenIddictConstants.ClientTypes.Confidential, StringComparison.OrdinalIgnoreCase)) { ModelState.AddModelError(nameof(model.ClientSecret), T["The client secret is required for confidential applications."]); } if (!string.IsNullOrEmpty(model.ClientId) && await _applicationManager.FindByClientIdAsync(model.ClientId) != null) { ModelState.AddModelError(nameof(model.ClientId), T["The client identifier is already taken by another application."]); } if (!ModelState.IsValid) { ViewData[nameof(OpenIdServerSettings)] = await GetServerSettingsAsync(); ViewData["ReturnUrl"] = returnUrl; return(View(model)); } var descriptor = new OpenIdApplicationDescriptor { ClientId = model.ClientId, ClientSecret = model.ClientSecret, ConsentType = model.ConsentType, DisplayName = model.DisplayName, Type = model.Type }; if (model.AllowLogoutEndpoint) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout); } else { descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout); } if (model.AllowAuthorizationCodeFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } if (model.AllowClientCredentialsFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } if (model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } if (model.AllowPasswordFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } if (model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow) { descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } descriptor.PostLogoutRedirectUris.UnionWith( from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute)); descriptor.RedirectUris.UnionWith( from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty <string>() select new Uri(uri, UriKind.Absolute)); descriptor.Roles.UnionWith(model.RoleEntries .Where(role => role.Selected) .Select(role => role.Name)); await _applicationManager.CreateAsync(descriptor); if (string.IsNullOrEmpty(returnUrl)) { return(RedirectToAction("Index")); } return(LocalRedirect(returnUrl)); }
public virtual async Task <IOpenIdApplication> CreateAsync( CreateOpenIdApplicationViewModel model, CancellationToken cancellationToken = default) { if (model == null) { throw new ArgumentNullException(nameof(model)); } var application = await Store.InstantiateAsync(cancellationToken); if (application == null) { throw new InvalidOperationException("An error occurred while trying to create a new application"); } await Store.SetClientIdAsync(application, model.ClientId, cancellationToken); await Store.SetClientSecretAsync(application, model.ClientSecret, cancellationToken); await Store.SetClientTypeAsync(application, model.Type.ToString().ToLowerInvariant(), cancellationToken); await Store.SetDisplayNameAsync(application, model.DisplayName, cancellationToken); await Store.SetConsentTypeAsync(application, model.SkipConsent? OpenIddictConstants.ConsentTypes.Implicit : OpenIddictConstants.ConsentTypes.Explicit, cancellationToken); if (!string.IsNullOrEmpty(model.LogoutRedirectUri)) { await Store.SetPostLogoutRedirectUrisAsync(application, ImmutableArray.Create(model.LogoutRedirectUri), cancellationToken); } if (!string.IsNullOrEmpty(model.RedirectUri)) { await Store.SetRedirectUrisAsync(application, ImmutableArray.Create(model.RedirectUri), cancellationToken); } var permissions = new HashSet <string>(StringComparer.OrdinalIgnoreCase); if (model.AllowAuthorizationCodeFlow) { permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode); } if (model.AllowClientCredentialsFlow) { permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials); } if (model.AllowImplicitFlow) { permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit); } if (model.AllowPasswordFlow) { permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password); } if (model.AllowRefreshTokenFlow) { permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken); } if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow) { permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization); } if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow || model.AllowPasswordFlow || model.AllowRefreshTokenFlow) { permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token); } await Store.SetPermissionsAsync(application, permissions.ToImmutableArray(), cancellationToken); await Store.SetRolesAsync(application, model.RoleEntries .Where(role => role.Selected) .Select(role => role.Name) .ToImmutableArray(), cancellationToken); var secret = await Store.GetClientSecretAsync(application, cancellationToken); if (!string.IsNullOrEmpty(secret)) { await Store.SetClientSecretAsync(application, /* secret: */ null, cancellationToken); await CreateAsync(application, secret, cancellationToken); } else { await CreateAsync(application, cancellationToken); } return(application); }