public virtual async Task <ClientDto> UpdateAsync(Guid id, ClientUpdateDto input)
{
return(await ClientAppService.UpdateAsync(id, input));
}
public virtual async Task <ClientDto> UpdateAsync(Guid id, ClientUpdateDto input)
{
var client = await ClientRepository.GetAsync(id);
#region Basic
if (!string.Equals(client.ClientId, input.ClientId, StringComparison.InvariantCultureIgnoreCase))
{
client.ClientId = input.ClientId;
}
if (!string.Equals(client.ClientUri, input.ClientUri, StringComparison.InvariantCultureIgnoreCase))
{
client.ClientUri = input.ClientUri;
}
if (!string.Equals(client.ClientName, input.ClientName, StringComparison.InvariantCultureIgnoreCase))
{
client.ClientName = input.ClientName;
}
if (!string.Equals(client.BackChannelLogoutUri, input.BackChannelLogoutUri, StringComparison.InvariantCultureIgnoreCase))
{
client.BackChannelLogoutUri = input.BackChannelLogoutUri;
}
if (!string.Equals(client.FrontChannelLogoutUri, input.FrontChannelLogoutUri, StringComparison.InvariantCultureIgnoreCase))
{
client.FrontChannelLogoutUri = input.FrontChannelLogoutUri;
}
if (!string.Equals(client.ClientClaimsPrefix, input.ClientClaimsPrefix, StringComparison.InvariantCultureIgnoreCase))
{
client.ClientClaimsPrefix = input.ClientClaimsPrefix;
}
if (!string.Equals(client.Description, input.Description, StringComparison.InvariantCultureIgnoreCase))
{
client.Description = input.Description;
}
if (!string.Equals(client.LogoUri, input.LogoUri, StringComparison.InvariantCultureIgnoreCase))
{
client.LogoUri = input.LogoUri;
}
if (!string.Equals(client.UserCodeType, input.UserCodeType, StringComparison.InvariantCultureIgnoreCase))
{
client.UserCodeType = input.UserCodeType;
}
if (!string.Equals(client.PairWiseSubjectSalt, input.PairWiseSubjectSalt, StringComparison.InvariantCultureIgnoreCase))
{
client.PairWiseSubjectSalt = input.PairWiseSubjectSalt;
}
if (!string.Equals(client.ProtocolType, input.ProtocolType, StringComparison.InvariantCultureIgnoreCase))
{
client.ProtocolType = input.ProtocolType;
}
client.AbsoluteRefreshTokenLifetime = input.AbsoluteRefreshTokenLifetime;
client.AccessTokenLifetime = input.AccessTokenLifetime;
client.AccessTokenType = input.AccessTokenType;
client.AllowAccessTokensViaBrowser = input.AllowAccessTokensViaBrowser;
client.AllowOfflineAccess = input.AllowOfflineAccess;
client.AllowPlainTextPkce = input.AllowPlainTextPkce;
client.AllowRememberConsent = input.AllowRememberConsent;
client.AlwaysIncludeUserClaimsInIdToken = input.AlwaysIncludeUserClaimsInIdToken;
client.AlwaysSendClientClaims = input.AlwaysSendClientClaims;
client.AuthorizationCodeLifetime = input.AuthorizationCodeLifetime;
client.BackChannelLogoutSessionRequired = input.BackChannelLogoutSessionRequired;
client.DeviceCodeLifetime = input.DeviceCodeLifetime;
client.ConsentLifetime = input.ConsentLifetime ?? client.ConsentLifetime;
client.Enabled = input.Enabled;
client.EnableLocalLogin = input.EnableLocalLogin;
client.FrontChannelLogoutSessionRequired = input.FrontChannelLogoutSessionRequired;
client.IdentityTokenLifetime = input.IdentityTokenLifetime;
client.IncludeJwtId = input.IncludeJwtId;
client.RefreshTokenExpiration = input.RefreshTokenExpiration;
client.RefreshTokenUsage = input.RefreshTokenUsage;
client.RequireClientSecret = input.RequireClientSecret;
client.RequireConsent = input.RequireConsent;
client.RequirePkce = input.RequirePkce;
client.SlidingRefreshTokenLifetime = input.SlidingRefreshTokenLifetime;
client.UpdateAccessTokenClaimsOnRefresh = input.UpdateAccessTokenClaimsOnRefresh;
client.UserSsoLifetime = input.UserSsoLifetime ?? client.UserSsoLifetime;
#endregion
#region AllowScope
// 删除未在身份资源和Api资源中的作用域
client.AllowedScopes.RemoveAll(scope => !input.AllowedScopes.Contains(scope.Scope));
foreach (var scope in input.AllowedScopes)
{
if (client.FindScope(scope) == null)
{
client.AddScope(scope);
}
}
#endregion
#region RedirectUris
// 删除不存在的uri
client.RedirectUris.RemoveAll(uri => !input.RedirectUris.Contains(uri.RedirectUri));
foreach (var redirect in input.RedirectUris)
{
if (client.FindRedirectUri(redirect) == null)
{
client.AddRedirectUri(redirect);
}
}
#endregion
#region AllowedGrantTypes
// 删除不存在的验证类型
client.AllowedGrantTypes.RemoveAll(grantType => !input.AllowedGrantTypes.Contains(grantType.GrantType));
foreach (var grantType in input.AllowedGrantTypes)
{
if (client.FindGrantType(grantType) == null)
{
client.AddGrantType(grantType);
}
}
#endregion
#region AllowedCorsOrigins
// 删除不存在的同源域名
client.AllowedCorsOrigins.RemoveAll(corgOrigin => !input.AllowedCorsOrigins.Contains(corgOrigin.Origin));
foreach (var corgOrigin in input.AllowedCorsOrigins)
{
if (client.FindCorsOrigin(corgOrigin) == null)
{
client.AddCorsOrigin(corgOrigin);
}
}
#endregion
#region PostLogoutRedirectUris
// 删除不存在的登录重定向域名
client.PostLogoutRedirectUris.RemoveAll(uri => !input.PostLogoutRedirectUris.Contains(uri.PostLogoutRedirectUri));
foreach (var logoutRedirectUri in input.PostLogoutRedirectUris)
{
if (client.FindPostLogoutRedirectUri(logoutRedirectUri) == null)
{
client.AddPostLogoutRedirectUri(logoutRedirectUri);
}
}
#endregion
#region IdentityProviderRestrictions
// 删除身份认证限制提供商
client.IdentityProviderRestrictions.RemoveAll(provider => !input.IdentityProviderRestrictions.Contains(provider.Provider));
foreach (var provider in input.IdentityProviderRestrictions)
{
if (client.FindIdentityProviderRestriction(provider) == null)
{
client.AddIdentityProviderRestriction(provider);
}
}
#endregion
#region Secrets
if (await IsGrantAsync(AbpIdentityServerPermissions.Clients.ManageSecrets))
{
// 移除已经不存在的客户端密钥
client.ClientSecrets.RemoveAll(secret => !input.Secrets.Any(inputSecret => secret.Value == inputSecret.Value && secret.Type == inputSecret.Type));
foreach (var inputSecret in input.Secrets)
{
// 先对加密过的进行过滤
if (client.FindSecret(inputSecret.Value, inputSecret.Type) != null)
{
continue;
}
var inputSecretValue = inputSecret.Value;
// 如果是 SharedSecret 类型的密钥
// 采用 IdentityServer4 服务器扩展方法加密
if (IdentityServerConstants.SecretTypes.SharedSecret.Equals(inputSecret.Type))
{
if (inputSecret.HashType == HashType.Sha256)
{
inputSecretValue = inputSecret.Value.Sha256();
}
else if (inputSecret.HashType == HashType.Sha512)
{
inputSecretValue = inputSecret.Value.Sha512();
}
}
else
{
throw new UserFriendlyException(L["EncryptionNotImplemented", inputSecret.Type]);
}
var clientSecret = client.FindSecret(inputSecretValue, inputSecret.Type);
if (clientSecret == null)
{
client.AddSecret(inputSecretValue, inputSecret.Expiration, inputSecret.Type, inputSecret.Description);
}
}
}
#endregion
#region Properties
if (await IsGrantAsync(AbpIdentityServerPermissions.Clients.ManageProperties))
{
// 移除不存在的属性
client.Properties.RemoveAll(prop => !input.Properties.ContainsKey(prop.Key));
foreach (var inputProp in input.Properties)
{
if (client.FindProperty(inputProp.Key, inputProp.Value) == null)
{
client.AddProperty(inputProp.Key, inputProp.Value);
}
}
}
#endregion
#region Claims
if (await IsGrantAsync(AbpIdentityServerPermissions.Clients.ManageClaims))
{
// 移除已经不存在的客户端声明
client.Claims.RemoveAll(secret => !input.Claims.Any(inputClaim => secret.Value == inputClaim.Value && secret.Type == inputClaim.Type));
foreach (var inputClaim in input.Claims)
{
if (client.FindClaim(inputClaim.Value, inputClaim.Type) == null)
{
client.AddClaim(inputClaim.Value, inputClaim.Type);
}
}
}
#endregion
client = await ClientRepository.UpdateAsync(client);
await CurrentUnitOfWork.SaveChangesAsync();
return(ObjectMapper.Map <Client, ClientDto>(client));
}
