private static ConsentVM CreateConsentViewModel(ISecurableService securableService, ConsentInputVM model, string returnUrl, AuthorisationRequestSM request,
ClientSM client, SecurableResourcesSM resources)
{
var vm = new ConsentVM
{
RememberConsent = model?.RememberConsent ?? true,
ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>(),
ReturnUrl = returnUrl,
ClientName = client.ClientName ?? client.ClientId,
ClientUrl = client.ClientUri,
ClientLogoUrl = client.LogoUri,
AllowRememberConsent = client.AllowRememberConsent
};
vm.IdentityScopes = resources.IdentityResources.Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
vm.ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes).Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
if (ConsentOptionsOM.EnableOfflineAccess && resources.OfflineAccess)
{
vm.ResourceScopes = vm.ResourceScopes.Union(new ScopeVM[] {
GetOfflineAccessScope(securableService, vm.ScopesConsented.Contains(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess) || model == null)
});
}
return(vm);
}
public static async Task <ConsentVM> BuildConsentVMAsync(ISecurableService securableService, ILogger logger, string returnUrl, ConsentInputVM model = null)
{
AuthorisationRequestSM request = await securableService.GetAuthorizationContextAsync(returnUrl);
if (request != null)
{
var client = await securableService.FindEnabledClientByIdAsync(request.ClientId);
if (client != null)
{
var resources = await securableService.FindEnabledResourcesByScopeAsync(request.ScopesRequested);
if (resources != null && (resources.IdentityResources.Any() || resources.ApiResources.Any()))
{
return(CreateConsentViewModel(securableService, model, returnUrl, request, client, resources));
}
else
{
logger.LogError("No scopes matching: {0}", request.ScopesRequested.Aggregate((x, y) => x + ", " + y));
}
}
else
{
logger.LogError("Invalid client id: {0}", request.ClientId);
}
}
else
{
logger.LogError("No consent request matching request: {0}", returnUrl);
}
return(null);
}
public ConsentController(
ISecurableService securableService,
ILogger <ConsentController> logger)
{
_securableService = securableService;
_logger = logger;
}
public static async Task <LoginVM> BuildLoginVMAsync(ISecurableService securableService, IAuthenticationSchemeProvider schemeProvider, LoginInputVM model)
{
var vm = await BuildLoginVMAsync(securableService, schemeProvider, model.ReturnUrl);
vm.Username = model.Username;
vm.RememberLogin = model.RememberLogin;
return(vm);
}
public static async Task <LoginVM> BuildLoginVMAsync(ISecurableService securableService, IAuthenticationSchemeProvider schemeProvider, string returnUrl)
{
var context = await securableService.GetAuthorizationContextAsync(returnUrl);
if (context?.IdP != null)
{
// this is meant to short circuit the UI and only trigger the one external IdP
return(new LoginVM
{
EnableLocalLogin = false,
ReturnUrl = returnUrl,
Username = context?.LoginHint,
ExternalProviders = new ExternalProviderPM[] { new ExternalProviderPM {
AuthenticationScheme = context.IdP
} }
});
}
var schemes = await schemeProvider.GetAllSchemesAsync();
var providers = schemes
.Where(x => x.DisplayName != null ||
(x.Name.Equals(AccountOptionsOM.WindowsAuthenticationSchemeName, StringComparison.OrdinalIgnoreCase))
)
.Select(x => new ExternalProviderPM
{
DisplayName = x.Name == "Windows" ? x.Name : x.DisplayName,
AuthenticationScheme = x.Name
}).ToList();
var allowLocal = true;
if (context?.ClientId != null)
{
var client = await securableService.FindEnabledClientByIdAsync(context.ClientId);
if (client != null)
{
allowLocal = client.EnableLocalLogin;
if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any())
{
providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList();
}
}
}
return(new LoginVM
{
AllowRememberLogin = AccountOptionsOM.AllowRememberLogin,
EnableLocalLogin = allowLocal && AccountOptionsOM.AllowLocalLogin,
ReturnUrl = returnUrl,
Username = context?.LoginHint,
ExternalProviders = providers.ToArray()
});
}
private static ScopeVM GetOfflineAccessScope(ISecurableService securableService, bool check)
{
return(new ScopeVM
{
Name = securableService.GetOfflineAccessScopeName(),
DisplayName = ConsentOptionsOM.OfflineAccessDisplayName,
Description = ConsentOptionsOM.OfflineAccessDescription,
Emphasize = true,
Checked = check
});
}
public AccountController(
IAccountService accountService,
ISecurableService securableService,
IAuthenticationSchemeProvider schemeProvider,
INotificationService notificationService,
ILogger <AccountController> logger)
{
_accountService = accountService;
_securableService = securableService;
_schemeProvider = schemeProvider;
_notificationService = notificationService;
_logger = logger;
}
