public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (string.IsNullOrEmpty(context.UserName))
{
context.SetError(ErrorOAuthCode.Invalid_Email, "邮箱不能为空");
return;
}
if (string.IsNullOrEmpty(context.Password))
{
context.SetError(ErrorOAuthCode.Invalid_Password, "密码不能为空");
return;
}
//从数据库获取用户和角色信息
bool loginResult = userRepository.LoginApp(context.UserName, context.Password, null, null);
if (!loginResult)
{
context.SetError(ErrorOAuthCode.Invalid_Account, "邮箱或者密码不正确");
return;
}
var userRole = userRepository.GetUser(context.UserName);
UserClaimsInfoModel userClaimsInfoModel = this.identityService.CreateUserClaimsInfoModelFromUserRepoModel(userRole);
var claimsIdentity = identityService.CreateClaimsIdentity(context.Options.AuthenticationType, userClaimsInfoModel);
var authenticationTicket = identityService.CreateAuthenticationTicket(claimsIdentity);
context.Validated(authenticationTicket);
await base.GrantResourceOwnerCredentials(context);
}
public async Task <HttpResponseMessage> OAuthSuccessResponse(UserClaimsInfoModel userClaimsInfoModel)
{
DateTimeOffset currentUtc = DateTimeOffset.UtcNow;
DateTimeOffset expiresUtc = currentUtc.Add(options.AccessTokenExpireTimeSpan);
var claimsIdentity = CreateClaimsIdentity(options.AuthenticationType, userClaimsInfoModel);
var ticket = CreateAuthenticationTicket(claimsIdentity, null, currentUtc, expiresUtc);
string accessToken = options.AccessTokenFormat.Protect(ticket);
AuthenticationTokenCreateContext authenticationTokenCreateContext = new AuthenticationTokenCreateContext(null,
options.RefreshTokenFormat, ticket);
await options.RefreshTokenProvider.CreateAsync(authenticationTokenCreateContext);
string refreshToken = authenticationTokenCreateContext.Token;
AccessTokenModel model = new AccessTokenModel();
model.access_token = accessToken;
model.refresh_token = refreshToken;
model.token_type = "bearer";
TimeSpan?expiresTimeSpan = expiresUtc - currentUtc;
var expiresIn = (long)expiresTimeSpan.Value.TotalSeconds;
if (expiresIn > 0)
{
model.expires_in = expiresIn;
}
return(GenerateOAuthRespose(model));
}
//public static string CreateRefeshTokenAndSetTicketExpires(AuthenticationTicket ticket)
//{
// string tokenValue = Guid.NewGuid().ToString("n");
// TimeSpan? expireTimeSpan = null;
// if (ticket.Properties.IssuedUtc.HasValue && ticket.Properties.ExpiresUtc.HasValue)
// {
// expireTimeSpan = ticket.Properties.ExpiresUtc.Value - ticket.Properties.IssuedUtc.Value;
// ticket.Properties.IssuedUtc = DateTimeOffset.UtcNow;
// ticket.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddTicks(expireTimeSpan.Value.Ticks * 2);
// }
// return tokenValue;
//}
/// <summary>
/// 创建身份声明
/// </summary>
/// <param name="authenticationType"></param>
/// <param name="userRepoModel"></param>
/// <returns></returns>
public ClaimsIdentity CreateClaimsIdentity(string authenticationType, UserClaimsInfoModel userClaimsInfoModel)
{
var claimsIdentity = new ClaimsIdentity(authenticationType);
claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, userClaimsInfoModel.userID.ToString()));
claimsIdentity.AddClaim(new Claim(ClaimTypes.Email, userClaimsInfoModel.mail));
return(claimsIdentity);
}
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
HttpResponseMessage response = new HttpResponseMessage();
string id = string.Empty;
try
{
id = await AuthenticateWithThirdPartyApp(request);
}
catch (Exception ex)
{
ErrorOAtuhModel res = new ErrorOAtuhModel();
res.error = ErrorOAuthCode.Invalid_ThirdParty_OAuth;
res.error_description = "第三方App认证失败";
response = identityService.GenerateOAuthRespose(res);
return(response);
}
bool loginRessult = userRepository.LoginApp(null, null, id, this.app_type);
if (loginRessult)
{
var userRole = userRepository.GetUserByThirdPartyId(id, this.app_type);
#region 当前第三方用户已经在本应用绑定过
//根据绑定获取用户名和角色
UserClaimsInfoModel userClaimsInfoModel = this.identityService.CreateUserClaimsInfoModelFromUserRepoModel(userRole);
response = await identityService.OAuthSuccessResponse(userClaimsInfoModel);
#endregion
}
else
{
#region 当前第三方用户尚未在本应用绑定过
UnBindErrorOAuthModel res = new UnBindErrorOAuthModel();
res.error = ErrorOAuthCode.Invalid_bind_OAuth;
res.error_description = "第三方App认证成功,但尚未与本地账号绑定";
//要存储到redis中
string relationAccountToken = Guid.NewGuid().ToString();
RelationAccountModel relationAccountModel = new RelationAccountModel();
relationAccountModel.from = this.app_type;
relationAccountModel.thirdPartyID = id;
await relationAccountRepository.InsertRelationAccountModel(relationAccountToken, relationAccountModel, new TimeSpan(1, 0, 0));
res.relationAccountID = relationAccountToken;
response = identityService.GenerateOAuthRespose(res);
#endregion
}
return(response);
}
public UserClaimsInfoModel CreateUserClaimsInfoModelFromUserRepoModel(UserRepoModel userRepoModel)
{
UserClaimsInfoModel userClaimsInfoModel = null;
if (userRepoModel != null)
{
userClaimsInfoModel = new UserClaimsInfoModel();
userClaimsInfoModel.userID = userRepoModel.info.userID;
userClaimsInfoModel.mail = userRepoModel.info.mail;
}
return(userClaimsInfoModel);
}
/// <summary>
/// 根据身份认证创建UserRepoModel对象
/// </summary>
/// <param name="claimsIdentity"></param>
/// <returns></returns>
public UserClaimsInfoModel CreateUserClaimsInfoModelFromClaimsIdentity(ClaimsIdentity claimsIdentity)
{
UserClaimsInfoModel userClaimsInfoModel = new UserClaimsInfoModel();
int userID = 0;
int.TryParse(claimsIdentity.Name, out userID);
userClaimsInfoModel.userID = userID;
userClaimsInfoModel.mail = claimsIdentity.FindFirst(ClaimTypes.Email).Value;
return(userClaimsInfoModel);
}