public async Task <IdentityServiceResult> ValidateScopeAsync(
ApplicationManager <TApplication> manager,
TApplication application,
string scope)
{
var errors = new List <IdentityServiceError>();
if (string.IsNullOrWhiteSpace(scope))
{
errors.Add(ErrorDescriber.InvalidScope(scope));
}
else if (!string.IsNullOrEmpty(manager.Options.AllowedScopeCharacters) &&
scope.Any(c => !manager.Options.AllowedScopeCharacters.Contains(c)))
{
errors.Add(ErrorDescriber.InvalidScope(scope));
}
else if (manager.Options.MaxScopeLength.HasValue &&
scope.Length > manager.Options.MaxScopeLength)
{
errors.Add(ErrorDescriber.InvalidScope(scope));
}
else
{
var scopes = await manager.FindScopesAsync(application);
if (scopes != null && scopes.Contains(scope, StringComparer.OrdinalIgnoreCase))
{
errors.Add(ErrorDescriber.DuplicateScope(scope));
}
}
return(errors.Count > 0 ? IdentityServiceResult.Failed(errors.ToArray()) : IdentityServiceResult.Success);
}
public async Task <IdentityServiceResult> UpdateScopeAsync(TApplication application, string oldScope, string newScope)
{
var scopeStore = GetScopeStore();
var scope = await FindScopeAsync(application, oldScope);
if (scope == null)
{
return(IdentityServiceResult.Failed(ErrorDescriber.ScopeNotFound(oldScope)));
}
var validation = await ValidateScopeAsync(application, newScope);
if (!validation.Succeeded)
{
return(validation);
}
var result = await scopeStore.UpdateScopeAsync(application, oldScope, newScope, CancellationToken);
if (!result.Succeeded)
{
return(result);
}
return(await scopeStore.UpdateAsync(application, CancellationToken));
}
public async Task <IdentityServiceResult> UnregisterLogoutUriAsync(TApplication application, string logoutUri)
{
ThrowIfDisposed();
if (application == null)
{
throw new ArgumentNullException(nameof(application));
}
if (logoutUri == null)
{
throw new ArgumentNullException(nameof(logoutUri));
}
var redirectStore = GetRedirectUriStore();
var registeredUri = await FindRegisteredLogoutUriAsync(application, logoutUri);
if (registeredUri == null)
{
return(IdentityServiceResult.Failed(ErrorDescriber.LogoutUriNotFound(logoutUri)));
}
var result = await redirectStore.UnregisterLogoutRedirectUriAsync(application, logoutUri, CancellationToken);
if (!result.Succeeded)
{
return(result);
}
return(await redirectStore.UpdateAsync(application, CancellationToken));
}
public async Task <IdentityServiceResult> UpdateRedirectUriAsync(TApplication application, string oldRedirectUri, string newRedirectUri)
{
var redirectStore = GetRedirectUriStore();
var registeredUri = await FindRegisteredUriAsync(application, oldRedirectUri);
if (registeredUri == null)
{
return(IdentityServiceResult.Failed(ErrorDescriber.RedirectUriNotFound(oldRedirectUri)));
}
var validation = await ValidateRedirectUriAsync(application, newRedirectUri);
if (!validation.Succeeded)
{
return(validation);
}
var result = await redirectStore.UpdateRedirectUriAsync(application, oldRedirectUri, newRedirectUri, CancellationToken);
if (!result.Succeeded)
{
return(result);
}
return(await redirectStore.UpdateAsync(application, CancellationToken));
}
public async Task <IdentityServiceResult> AddClientSecretAsync(TApplication application, string clientSecret)
{
ThrowIfDisposed();
var store = GetClientSecretStore();
if (application == null)
{
throw new ArgumentNullException(nameof(application));
}
var hash = await store.GetClientSecretHashAsync(application, CancellationToken);
if (hash != null)
{
return(IdentityServiceResult.Failed(ErrorDescriber.ApplicationAlreadyHasClientSecret()));
}
var result = await UpdateClientSecretHashAsync(store, application, clientSecret);
if (!result.Succeeded)
{
return(result);
}
return(await UpdateAsync(application));
}
public async Task <IdentityServiceResult> ValidateAsync(
ApplicationManager <TApplication> manager,
TApplication application)
{
var errors = new List <IdentityServiceError>();
await ValidateNameAsync(manager, application, errors);
await ValidateClientIdAsync(manager, application, errors);
return(errors.Count > 0 ? IdentityServiceResult.Failed(errors.ToArray()) : IdentityServiceResult.Success);
}
public static IdentityServiceResult Failed(params IdentityServiceError[] errors)
{
var result = new IdentityServiceResult {
Succeeded = false
};
if (errors != null)
{
result._errors.AddRange(errors);
}
return(result);
}
public async Task <IdentityServiceResult> ValidateRedirectUriAsync(
ApplicationManager <TApplication> manager,
TApplication application,
string redirectUri)
{
var errors = new List <IdentityServiceError>();
var redirectUris = await manager.FindRegisteredUrisAsync(application);
if (redirectUris.Contains(redirectUri, StringComparer.OrdinalIgnoreCase))
{
errors.Add(ErrorDescriber.DuplicateRedirectUri(redirectUri));
}
if (!manager.Options.AllowedRedirectUris.Contains(redirectUri, StringComparer.OrdinalIgnoreCase))
{
if (!Uri.TryCreate(redirectUri, UriKind.Absolute, out var parsedUri))
{
errors.Add(ErrorDescriber.InvalidRedirectUri(redirectUri));
}
else
{
if (!parsedUri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase))
{
errors.Add(ErrorDescriber.NoHttpsUri(redirectUri));
}
var logoutUris = await manager.FindRegisteredUrisAsync(application);
var regularLogoutUris = logoutUris.Except(manager.Options.AllowedLogoutUris, StringComparer.Ordinal);
var regularRedirectUris = redirectUris.Except(manager.Options.AllowedRedirectUris, StringComparer.Ordinal);
var allApplicationUris = regularRedirectUris.Concat(regularLogoutUris);
foreach (var nonSpecialUri in allApplicationUris)
{
var existingUri = new Uri(nonSpecialUri, UriKind.Absolute);
if (!parsedUri.Host.Equals(existingUri.Host, StringComparison.OrdinalIgnoreCase))
{
errors.Add(ErrorDescriber.DifferentDomains());
break;
}
}
}
}
return(errors.Count > 0 ? IdentityServiceResult.Failed(errors.ToArray()) : IdentityServiceResult.Success);
}
public async Task <IdentityServiceResult> RemoveScopeAsync(TApplication application, string scope)
{
var scopeStore = GetScopeStore();
var foundScope = await FindScopeAsync(application, scope);
if (foundScope == null)
{
return(IdentityServiceResult.Failed(ErrorDescriber.ScopeNotFound(scope)));
}
var result = await scopeStore.RemoveScopeAsync(application, scope, CancellationToken);
if (!result.Succeeded)
{
return(result);
}
return(await scopeStore.UpdateAsync(application, CancellationToken));
}
private async Task <IdentityServiceResult> ValidateApplicationAsync(TApplication application)
{
var errors = new List <IdentityServiceError>();
foreach (var v in ApplicationValidators)
{
var result = await v.ValidateAsync(this, application);
if (!result.Succeeded)
{
errors.AddRange(result.Errors);
}
}
if (errors.Count > 0)
{
return(IdentityServiceResult.Failed(errors.ToArray()));
}
return(IdentityServiceResult.Success);
}
