示例#1
0
        public async Task <IActionResult> CodeToOpenId(CodeToOpenIdAddressModel model)
        {
            var appId      = _tokenManager.ValidateAccessToken(model.AccessToken);
            var targetPack = await _dbContext
                             .OAuthPack
                             .SingleOrDefaultAsync(t => t.Code == model.Code);

            if (targetPack == null)
            {
                return(this.Protocol(ErrorType.WrongKey, "The code doesn't exists in our database."));
            }
            // Use time is more than 10 seconds from now.
            if (targetPack.UseTime != DateTime.MinValue && targetPack.UseTime + TimeSpan.FromSeconds(10) < DateTime.UtcNow)
            {
                return(this.Protocol(ErrorType.HasDoneAlready, "Code is used already!"));
            }
            if (targetPack.ApplyAppId != appId)
            {
                return(this.Protocol(ErrorType.Unauthorized, "The app granted code is not the app granting access token!"));
            }
            var capp = (await _apiService.AppInfoAsync(targetPack.ApplyAppId)).App;

            if (!capp.ViewOpenId)
            {
                return(this.Protocol(ErrorType.Unauthorized, "The app doesn't have view open id permission."));
            }
            targetPack.UseTime = DateTime.UtcNow;
            await _dbContext.SaveChangesAsync();

            var viewModel = new CodeToOpenIdViewModel
            {
                OpenId  = targetPack.UserId,
                Scope   = "scope",
                Message = "Successfully get user openid",
                Code    = ErrorType.Success
            };

            return(Json(viewModel));
        }
示例#2
0
        public async Task <IActionResult> Authorize(AuthorizeAddressModel model)
        {
            App app;

            try
            {
                app = (await _apiService.AppInfoAsync(model.appid)).App;
            }
            catch (AiurUnexceptedResponse)
            {
                return(NotFound());
            }
            if (!ModelState.IsValid)
            {
                return(View("AuthError"));
            }
            var url  = new Uri(model.redirect_uri);
            var user = await GetCurrentUserAsync();

            // Wrong domain
            if (url.Host != app.AppDomain && app.DebugMode == false)
            {
                ModelState.AddModelError(string.Empty, "Redirect uri did not work in the valid domain!");
                _logger.LogInformation($"A request with appId {model.appid} is access wrong domian.");
                return(View("AuthError"));
            }
            // Signed in. App is not in force input password mode. User did not specify force input.
            else if (user != null && app.ForceInputPassword != true && model.forceConfirm != true)
            {
                return(await FinishAuth(model.Convert(user.Email), app.ForceConfirmation));
            }
            // Not signed in but we don't want his info
            else if (model.tryAutho == true)
            {
                return(Redirect($"{url.Scheme}://{url.Host}:{url.Port}/?{Values.DirectShowString.Key}={Values.DirectShowString.Value}"));
            }
            var viewModel = new AuthorizeViewModel(model.redirect_uri, model.state, model.appid, model.scope, model.response_type, app.AppName, app.AppIconAddress);

            return(View(viewModel));
        }