示例#1
0
        public async Task <SecurableItem> AddSecurableItem(string clientId, SecurableItem item)
        {
            item.CreatedDateTimeUtc = DateTime.UtcNow;
            item.Id = Guid.NewGuid();
            var client = await _clientStore.Get(clientId);

            CheckUniqueness(client.TopLevelSecurableItem, item);
            client.TopLevelSecurableItem.SecurableItems.Add(item);
            await _clientStore.Update(client);

            return(item);
        }
示例#2
0
        public async Task <Client> Update(Client model)
        {
            var entity = await _store.Load(model.Id);

            if (!CanManage(entity))
            {
                throw new InvalidOperationException();
            }

            // strings
            entity.Name               = model.Name.Trim();
            entity.DisplayName        = model.DisplayName?.Trim();
            entity.Description        = model.Description?.Trim();
            entity.ClientClaimsPrefix = model.ClientClaimsPrefix?.Trim() ?? "client_";

            // simple-timespans
            entity.ConsentLifetime              = model.ConsentLifetime.ToSeconds();
            entity.IdentityTokenLifetime        = model.IdentityTokenLifetime.ToSeconds();
            entity.AccessTokenLifetime          = model.AccessTokenLifetime.ToSeconds();
            entity.AuthorizationCodeLifetime    = model.AuthorizationCodeLifetime.ToSeconds();
            entity.AbsoluteRefreshTokenLifetime = model.AbsoluteRefreshTokenLifetime.ToSeconds();
            entity.SlidingRefreshTokenLifetime  = model.SlidingRefreshTokenLifetime.ToSeconds();

            // flags
            entity.Flags = ClientFlag.EnableLocalLogin;
            if (model.RequirePkce)
            {
                entity.Flags |= ClientFlag.RequirePkce;
            }
            if (model.RequireConsent)
            {
                entity.Flags |= ClientFlag.RequireConsent;
            }
            if (model.AlwaysIncludeUserClaimsInIdToken)
            {
                entity.Flags |= ClientFlag.AlwaysIncludeUserClaimsInIdToken;
            }
            if (model.AllowOfflineAccess)
            {
                entity.Flags |= ClientFlag.AllowOfflineAccess;
            }
            if (model.UpdateAccessTokenClaimsOnRefresh)
            {
                entity.Flags |= ClientFlag.UpdateAccessTokenClaimsOnRefresh;
            }
            if (model.UseOneTimeRefreshTokens)
            {
                entity.Flags |= ClientFlag.UseOneTimeRefreshTokens;
            }
            if (model.Published)
            {
                entity.Flags |= ClientFlag.Published;
            }
            if (model.AlwaysSendClientClaims)
            {
                entity.Flags |= ClientFlag.AlwaysSendClientClaims;
            }

            // urls
            UpdateUrl(entity, ClientUriType.ClientUri, model.Url?.Trim());
            UpdateUrl(entity, ClientUriType.LogoUri, model.LogoUrl?.Trim());
            UpdateUrl(entity, ClientUriType.FrontChannelLogoutUri, model.FrontChannelLogoutUrl?.Trim());
            UpdateUrl(entity, ClientUriType.BackChannelLogoutUri, model.BackChannelLogoutUrl?.Trim());
            UpdateUrls(entity, ClientUriType.RedirectUri, model.RedirectUrls);
            UpdateUrls(entity, ClientUriType.PostLogoutRedirectUri, model.PostLogoutUrls);
            UpdateUrls(entity, ClientUriType.CorsUri, model.CorsUrls);

            // client claims
            UpdateClaims(entity, model.Claims);

            // secrets
            UpdateSecrets(entity, model.Secrets);

            // managers
            UpdateManagers(entity, model.Managers);

            // validate scopes
            entity.Grants = model.Grants;
            if (!entity.Grants.Contains("client_credentials"))
            {
                entity.Grants += " client_credentials";
            }

            if (entity.Grants.Contains("implicit"))
            {
                entity.Flags |= ClientFlag.AllowAccessTokensViaBrowser;
                entity.Flags |= ClientFlag.AllowOfflineAccess;
                entity.Flags ^= ClientFlag.AllowOfflineAccess;
            }

            await ValidateScopes(entity, model.Scopes?.Trim());

            // only admins can enable
            if (_profile.IsPrivileged)
            {
                entity.Enabled = model.Enabled;
            }

            try
            {
                await _store.Update(entity);
            }
            catch (Exception ex)
            {
                if (ex.GetBaseException().Message.ToLower().Contains("unique"))
                {
                    throw new ClientNameNotUniqueException();
                }
                else
                {
                    throw new ClientUpdateException();
                }
            }

            return(Mapper.Map <Client>(entity));
        }