notazof
/
yavsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'vnext' of github.com:pazof/yavsc into vnext

main
Paul Schneider 7 years ago
parent e9eb49d112 2548693d8f
commit 242a18f7b8
1 changed files with 160 additions and 180 deletions
Show Stats Download Patch File Download Diff File

140
src/Yavsc/Startup/Startup.OAuth.cs
Unescape Escape View File

@ -1,33 +1,31 @@
using System; using System;
using System.Security.Claims; using System.Security.Claims;
using Google.Apis.Auth.OAuth2.Responses;
using Google.Apis.Util.Store;
using Microsoft.AspNet.Authentication; using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Authentication.Cookies; using Microsoft.AspNet.Authentication.Cookies;
using Microsoft.AspNet.Authentication.Facebook; using Microsoft.AspNet.Authentication.Facebook;
using Microsoft.AspNet.Authentication.Twitter;
using Microsoft.AspNet.Authentication.JwtBearer; using Microsoft.AspNet.Authentication.JwtBearer;
using Microsoft.AspNet.Authentication.OAuth; using Microsoft.AspNet.Authentication.OAuth;
using Microsoft.AspNet.Authentication.Twitter;
using Microsoft.AspNet.Builder; using Microsoft.AspNet.Builder;
using Microsoft.AspNet.Http; using Microsoft.AspNet.Http;
using Microsoft.AspNet.Identity; using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.EntityFramework; using Microsoft.AspNet.Identity.EntityFramework;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel; using Microsoft.Extensions.OptionsModel;
using Microsoft.Extensions.WebEncoders; using Microsoft.Extensions.WebEncoders;
using OAuth.AspNet.AuthServer; using OAuth.AspNet.AuthServer;
using OAuth.AspNet.Tokens; using OAuth.AspNet.Tokens;
using Google.Apis.Util.Store;
using Microsoft.Extensions.Logging;
using Google.Apis.Auth.OAuth2.Responses;
namespace Yavsc namespace Yavsc {
{
using Auth; using Auth;
using Extensions; using Extensions;
using Models;
using Helpers.Google; using Helpers.Google;
using Models;
public partial class Startup public partial class Startup {
{
public static CookieAuthenticationOptions ExternalCookieAppOptions { get; private set; } public static CookieAuthenticationOptions ExternalCookieAppOptions { get; private set; }
public static IdentityOptions IdentityAppOptions { get; set; } public static IdentityOptions IdentityAppOptions { get; set; }
@ -36,32 +34,28 @@ namespace Yavsc
public static TwitterOptions TwitterAppOptions { get; private set; } public static TwitterOptions TwitterAppOptions { get; private set; }
public static OAuthAuthorizationServerOptions OAuthServerAppOptions { get; private set; } public static OAuthAuthorizationServerOptions OAuthServerAppOptions { get; private set; }
public static YavscGoogleOptions YavscGoogleAppOptions { get; private set; } public static YavscGoogleOptions YavscGoogleAppOptions { get; private set; }
public static MonoDataProtectionProvider ProtectionProvider { get; private set; } public static MonoDataProtectionProvider ProtectionProvider { get; private set; }
// public static CookieAuthenticationOptions BearerCookieOptions { get; private set; } // public static CookieAuthenticationOptions BearerCookieOptions { get; private set; }
private void ConfigureOAuthServices(IServiceCollection services) private void ConfigureOAuthServices (IServiceCollection services) {
{ services.Configure<SharedAuthenticationOptions> (options => options.SignInScheme = Constants.ApplicationAuthenticationSheme);
services.Configure<SharedAuthenticationOptions>(options => options.SignInScheme = Constants.ApplicationAuthenticationSheme);
services.Add(ServiceDescriptor.Singleton(typeof(IOptions<OAuth2AppSettings>), typeof(OptionsManager<OAuth2AppSettings>))); services.Add (ServiceDescriptor.Singleton (typeof (IOptions<OAuth2AppSettings>), typeof (OptionsManager<OAuth2AppSettings>)));
// used by the YavscGoogleOAuth middelware (TODO drop it) // used by the YavscGoogleOAuth middelware (TODO drop it)
services.AddTransient<Microsoft.Extensions.WebEncoders.UrlEncoder, UrlEncoder>(); services.AddTransient<Microsoft.Extensions.WebEncoders.UrlEncoder, UrlEncoder> ();
services.AddAuthentication(options => services.AddAuthentication (options => {
{
options.SignInScheme = Constants.ExternalAuthenticationSheme; options.SignInScheme = Constants.ExternalAuthenticationSheme;
}); });
ProtectionProvider = new MonoDataProtectionProvider(Configuration["Site:Title"]); ; ProtectionProvider = new MonoDataProtectionProvider (Configuration["Site:Title"]);;
services.AddInstance<MonoDataProtectionProvider> services.AddInstance<MonoDataProtectionProvider>
(ProtectionProvider); (ProtectionProvider);
services.AddIdentity<ApplicationUser, IdentityRole>( services.AddIdentity<ApplicationUser, IdentityRole> (
option => option => {
{
IdentityAppOptions = option; IdentityAppOptions = option;
option.User.AllowedUserNameCharacters += " "; option.User.AllowedUserNameCharacters += " ";
option.User.RequireUniqueEmail = true; option.User.RequireUniqueEmail = true;
@ -83,8 +77,8 @@ namespace Yavsc
option.Cookies.ExternalCookie.DataProtectionProvider = protector; option.Cookies.ExternalCookie.DataProtectionProvider = protector;
*/ */
} }
).AddEntityFrameworkStores<ApplicationDbContext>() ).AddEntityFrameworkStores<ApplicationDbContext> ()
.AddTokenProvider<EmailTokenProvider<ApplicationUser>>(Constants.DefaultFactor) .AddTokenProvider<EmailTokenProvider<ApplicationUser>> (Constants.DefaultFactor)
// .AddTokenProvider<UserTokenProvider>(Constants.DefaultFactor) // .AddTokenProvider<UserTokenProvider>(Constants.DefaultFactor)
// .AddTokenProvider<UserTokenProvider>(Constants.SMSFactor) // .AddTokenProvider<UserTokenProvider>(Constants.SMSFactor)
// .AddTokenProvider<UserTokenProvider>(Constants.EMailFactor) // .AddTokenProvider<UserTokenProvider>(Constants.EMailFactor)
@ -92,72 +86,64 @@ namespace Yavsc
// .AddDefaultTokenProviders() // .AddDefaultTokenProviders()
; ;
} }
private void ConfigureOAuthApp(IApplicationBuilder app, private void ConfigureOAuthApp (IApplicationBuilder app,
SiteSettings settingsOptions, ILogger logger) SiteSettings settingsOptions, ILogger logger) {
{
app.UseIdentity ();
app.UseIdentity(); app.UseWhen (context => context.Request.Path.StartsWithSegments ("/api"),
app.UseWhen(context => context.Request.Path.StartsWithSegments("/api"), branch => {
branch => branch.UseJwtBearerAuthentication (
{ options => {
branch.UseJwtBearerAuthentication(
options =>
{
options.AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme; options.AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
options.AutomaticAuthenticate = true; options.AutomaticAuthenticate = true;
options.SecurityTokenValidators.Clear(); options.SecurityTokenValidators.Clear ();
options.SecurityTokenValidators.Add(new TicketDataFormatTokenValidator( options.SecurityTokenValidators.Add (new TicketDataFormatTokenValidator (
ProtectionProvider ProtectionProvider
)); ));
} }
); );
}); });
app.UseWhen(context => !context.Request.Path.StartsWithSegments("/api"), app.UseWhen (context => !context.Request.Path.StartsWithSegments ("/api"),
branch => branch => {
{
// External authentication shared cookie: // External authentication shared cookie:
branch.UseCookieAuthentication(options => branch.UseCookieAuthentication (options => {
{
ExternalCookieAppOptions = options; ExternalCookieAppOptions = options;
options.AuthenticationScheme = Constants.ExternalAuthenticationSheme; options.AuthenticationScheme = Constants.ExternalAuthenticationSheme;
options.AutomaticAuthenticate = true; options.AutomaticAuthenticate = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(5); options.ExpireTimeSpan = TimeSpan.FromMinutes (5);
options.LoginPath = new PathString(Constants.LoginPath.Substring(1)); options.LoginPath = new PathString (Constants.LoginPath.Substring (1));
// TODO implement an access denied page // TODO implement an access denied page
options.AccessDeniedPath = new PathString(Constants.LoginPath.Substring(1)); options.AccessDeniedPath = new PathString (Constants.LoginPath.Substring (1));
}); });
YavscGoogleAppOptions = new YavscGoogleOptions {
ClientId = GoogleWebClientConfiguration["web:client_id"],
YavscGoogleAppOptions = new YavscGoogleOptions ClientSecret = GoogleWebClientConfiguration["web:client_secret"],
{
ClientId = GoogleWebClientConfiguration ["web:client_id"],
ClientSecret = GoogleWebClientConfiguration ["web:client_secret"],
AccessType = "offline", AccessType = "offline",
Scope = { "profile", "https://www.googleapis.com/auth/plus.login", Scope = {
"profile",
"https://www.googleapis.com/auth/plus.login",
"https://www.googleapis.com/auth/admin.directory.resource.calendar", "https://www.googleapis.com/auth/admin.directory.resource.calendar",
"https://www.googleapis.com/auth/calendar", "https://www.googleapis.com/auth/calendar",
"https://www.googleapis.com/auth/calendar.events"}, "https://www.googleapis.com/auth/calendar.events"
},
SaveTokensAsClaims = true, SaveTokensAsClaims = true,
UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me", UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me",
Events = new OAuthEvents Events = new OAuthEvents {
{ OnCreatingTicket = async context => {
OnCreatingTicket = async context => using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory> ()
{ .CreateScope ()) {
using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>()
.CreateScope())
{
var gcontext = context as GoogleOAuthCreatingTicketContext; var gcontext = context as GoogleOAuthCreatingTicketContext;
context.Identity.AddClaim(new Claim(YavscClaimTypes.GoogleUserId, gcontext.GoogleUserId)); context.Identity.AddClaim (new Claim (YavscClaimTypes.GoogleUserId, gcontext.GoogleUserId));
var dbContext = serviceScope.ServiceProvider.GetService<ApplicationDbContext>(); var dbContext = serviceScope.ServiceProvider.GetService<ApplicationDbContext> ();
var store = serviceScope.ServiceProvider.GetService<IDataStore>(); var store = serviceScope.ServiceProvider.GetService<IDataStore> ();
await store.StoreAsync(gcontext.GoogleUserId, new TokenResponse { await store.StoreAsync (gcontext.GoogleUserId, new TokenResponse {
AccessToken = gcontext.TokenResponse.AccessToken, AccessToken = gcontext.TokenResponse.AccessToken,
RefreshToken = gcontext.TokenResponse.RefreshToken, RefreshToken = gcontext.TokenResponse.RefreshToken,
TokenType = gcontext.TokenResponse.TokenType, TokenType = gcontext.TokenResponse.TokenType,
ExpiresInSeconds = int.Parse(gcontext.TokenResponse.ExpiresIn), ExpiresInSeconds = int.Parse (gcontext.TokenResponse.ExpiresIn),
IssuedUtc = DateTime.Now IssuedUtc = DateTime.Now
}); });
await dbContext.StoreTokenAsync (gcontext.GoogleUserId, await dbContext.StoreTokenAsync (gcontext.GoogleUserId,
@ -172,8 +158,8 @@ namespace Yavsc
} }
}; };
branch.UseMiddleware<Yavsc.Auth.GoogleMiddleware>(YavscGoogleAppOptions); branch.UseMiddleware<Yavsc.Auth.GoogleMiddleware> (YavscGoogleAppOptions);
/* FIXME 403 /* FIXME 403
branch.UseTwitterAuthentication(options=> branch.UseTwitterAuthentication(options=>
{ {
@ -182,35 +168,30 @@ namespace Yavsc
options.ConsumerSecret = Configuration["Authentication:Twitter:ClientSecret"]; options.ConsumerSecret = Configuration["Authentication:Twitter:ClientSecret"];
}); */ }); */
branch.UseOAuthAuthorizationServer (
branch.UseOAuthAuthorizationServer( options => {
options =>
{
OAuthServerAppOptions = options; OAuthServerAppOptions = options;
options.AuthorizeEndpointPath = new PathString(Constants.AuthorizePath.Substring(1)); options.AuthorizeEndpointPath = new PathString (Constants.AuthorizePath.Substring (1));
options.TokenEndpointPath = new PathString(Constants.TokenPath.Substring(1)); options.TokenEndpointPath = new PathString (Constants.TokenPath.Substring (1));
options.ApplicationCanDisplayErrors = true; options.ApplicationCanDisplayErrors = true;
options.AllowInsecureHttp = true; options.AllowInsecureHttp = true;
options.AuthenticationScheme = OAuthDefaults.AuthenticationType; options.AuthenticationScheme = OAuthDefaults.AuthenticationType;
options.TokenDataProtector = ProtectionProvider.CreateProtector("Bearer protection"); options.TokenDataProtector = ProtectionProvider.CreateProtector ("Bearer protection");
options.Provider = new OAuthAuthorizationServerProvider options.Provider = new OAuthAuthorizationServerProvider {
{
OnValidateClientRedirectUri = ValidateClientRedirectUri, OnValidateClientRedirectUri = ValidateClientRedirectUri,
OnValidateClientAuthentication = ValidateClientAuthentication, OnValidateClientAuthentication = ValidateClientAuthentication,
OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials, OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
OnGrantClientCredentials = GrantClientCredetails OnGrantClientCredentials = GrantClientCredetails
}; };
options.AuthorizationCodeProvider = new AuthenticationTokenProvider options.AuthorizationCodeProvider = new AuthenticationTokenProvider {
{
OnCreate = CreateAuthenticationCode, OnCreate = CreateAuthenticationCode,
OnReceive = ReceiveAuthenticationCode, OnReceive = ReceiveAuthenticationCode,
}; };
options.RefreshTokenProvider = new AuthenticationTokenProvider options.RefreshTokenProvider = new AuthenticationTokenProvider {
{
OnCreate = CreateRefreshToken, OnCreate = CreateRefreshToken,
OnReceive = ReceiveRefreshToken, OnReceive = ReceiveRefreshToken,
}; };
@ -223,7 +204,6 @@ namespace Yavsc
Environment.SetEnvironmentVariable ("GOOGLE_APPLICATION_CREDENTIALS", "google-secret.json"); Environment.SetEnvironmentVariable ("GOOGLE_APPLICATION_CREDENTIALS", "google-secret.json");
} }
} }
} }
Write Preview
Loading…