public async Task <IActionResult> CreateZoneServerAccount([FromBody][JetBrains.Annotations.NotNull] ZoneServerAccountRegistrationRequest request)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
//We want to log this out for information purposes whenever an auth request begins
if (Logger.IsEnabled(LogLevel.Information))
{
Logger.LogInformation($"Zone Register Request by UserAccount: {ClaimsReader.GetAccountName(this.User)}:{ClaimsReader.GetAccountIdInt(this.User)} {HttpContext.Connection.RemoteIpAddress}:{HttpContext.Connection.RemotePort}");
}
//TODO: Create cryptographically secure random bytes for password and user.
string zoneUserName = Guid.NewGuid().ToString();
string zonePassword = Guid.NewGuid().ToString();
ZoneServerApplicationUser user = new ZoneServerApplicationUser(ClaimsReader.GetAccountIdInt(this.User))
{
UserName = zoneUserName,
Email = "*****@*****.**", //TODO: Real email???
};
IdentityResult identityResult = await UserManager.CreateAsync(user, zonePassword);
if (identityResult.Succeeded)
{
//Adds the vrgid account owner claim.
await UserManager.AddClaimAsync(user, new Claim(GladMMOAuthConstants.ACCOUNT_ID_OWNER_CLAIM_NAME, ClaimsReader.GetAccountId(this.User)));
//Here we inherit each role the user account has to the zoneserver account
foreach (var claim in User.Claims)
{
if (claim.Type == "role") //TODO: Is there a constant for this??
{
if (claim.Value.ToLower() != GladMMOAuthConstants.PLAYERACCOUNT_AUTHORIZATION_ROLE) //DO NOT add the player role.
{
await UserManager.AddToRoleAsync(user, claim.Value);
}
}
}
//Also add the ZoneServer role
await UserManager.AddToRoleAsync(user, GladMMOAuthConstants.ZONESERVER_AUTHORIZATION_ROLE);
//At this point, the account has the PlayFab id claim so it's ready for use.
return(Json(new ZoneServerAccountRegistrationResponse(user.Id, zoneUserName, zonePassword)));
}
else
{
return(BadRequest(identityResult.Errors.Aggregate("", (s, error) => $"{s} {error.Code}:{error.Description}")));
}
}
private async Task <AuthenticationTicket> CreateTicketAsync(IEnumerable <string> scopes, ZoneServerApplicationUser user)
{
// Create a new ClaimsPrincipal containing the claims that
// will be used to create an id_token, a token or a code.
var principal = await SignInManager.CreateUserPrincipalAsync(user);
// Create a new authentication ticket holding the user identity.
var ticket = new AuthenticationTicket(principal,
new Microsoft.AspNetCore.Authentication.AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
// Set the list of scopes granted to the client application.
ticket.SetScopes(new[]
{
OpenIdConnectConstants.Scopes.OpenId,
OpenIdConnectConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles
}.Intersect(scopes.Concat(new string[1] {
OpenIdConnectConstants.Scopes.OpenId
}))); //HelloKitty: Always include the OpenId, it's required for the Playfab authentication
ticket.SetResources("zoneauth-server");
// Note: by default, claims are NOT automatically included in the access and identity tokens.
// To allow OpenIddict to serialize them, you must attach them a destination, that specifies
// whether they should be included in access tokens, in identity tokens or in both.
foreach (var claim in ticket.Principal.Claims)
{
// Never include the security stamp in the access and identity tokens, as it's a secret value.
if (claim.Type == IdentityOptions.Value.ClaimsIdentity.SecurityStampClaimType)
{
continue;
}
var destinations = new List <string>
{
OpenIdConnectConstants.Destinations.AccessToken
};
// Only add the iterated claim to the id_token if the corresponding scope was granted to the client application.
// The other claims will only be added to the access_token, which is encrypted when using the default format.
if ((claim.Type == OpenIdConnectConstants.Claims.Name && ticket.HasScope(OpenIdConnectConstants.Scopes.Profile)) ||
(claim.Type == OpenIdConnectConstants.Claims.Email && ticket.HasScope(OpenIdConnectConstants.Scopes.Email)) ||
(claim.Type == OpenIdConnectConstants.Claims.Role && ticket.HasScope(OpenIddictConstants.Claims.Roles)))
{
destinations.Add(OpenIdConnectConstants.Destinations.IdentityToken);
}
claim.SetDestinations(destinations);
}
return(ticket);
}
