From 69bec955bcee71e2ef29e4fcf3da803778fe3cf6 Mon Sep 17 00:00:00 2001 From: Paul Schneider Date: Fri, 20 May 2016 12:56:42 +0200 Subject: [PATCH] refactoring --- Yavsc/package.json | 2 +- Yavsc/project.json | 4 +-- Yavsc/project.lock.json | 24 ++++++------- Yavsc/src/Providers/OAuthProvider.cs | 4 +-- Yavsc/src/Startup.cs | 52 +++++++++++++++++++--------- 5 files changed, 52 insertions(+), 34 deletions(-) diff --git a/Yavsc/package.json b/Yavsc/package.json index ea633c5d..9274aeb5 100644 --- a/Yavsc/package.json +++ b/Yavsc/package.json @@ -1,5 +1,5 @@ { - "name": "YavscWeb", + "name": "Yavsc", "version": "0.0.0", "devDependencies": { "gulp": "^3.9.0", diff --git a/Yavsc/project.json b/Yavsc/project.json index ca8cd8f1..0bed7e4b 100755 --- a/Yavsc/project.json +++ b/Yavsc/project.json @@ -42,7 +42,7 @@ }, "webroot": "wwwroot", "tooling": { - "defaultNamespace": "YavscWeb" + "defaultNamespace": "Yavsc" }, "dependencies": { "EntityFramework.Core": "7.0.0-rc1-*", @@ -150,4 +150,4 @@ "prepublish": "gulp min", "postpublish": "./postPublish.sh" } -} \ No newline at end of file +} diff --git a/Yavsc/project.lock.json b/Yavsc/project.lock.json index a7feec15..9906dc83 100644 --- a/Yavsc/project.lock.json +++ b/Yavsc/project.lock.json @@ -260,12 +260,12 @@ "Zlib.Portable.Signed": "1.11.0" }, "compile": { - "lib/net45/Google.Apis.dll": {}, - "lib/net45/Google.Apis.PlatformServices.dll": {} + "lib/net45/Google.Apis.PlatformServices.dll": {}, + "lib/net45/Google.Apis.dll": {} }, "runtime": { - "lib/net45/Google.Apis.dll": {}, - "lib/net45/Google.Apis.PlatformServices.dll": {} + "lib/net45/Google.Apis.PlatformServices.dll": {}, + "lib/net45/Google.Apis.dll": {} } }, "Google.Apis.Core/1.11.1": { @@ -3235,12 +3235,12 @@ "Zlib.Portable.Signed": "1.11.0" }, "compile": { - "lib/net45/Google.Apis.dll": {}, - "lib/net45/Google.Apis.PlatformServices.dll": {} + "lib/net45/Google.Apis.PlatformServices.dll": {}, + "lib/net45/Google.Apis.dll": {} }, "runtime": { - "lib/net45/Google.Apis.dll": {}, - "lib/net45/Google.Apis.PlatformServices.dll": {} + "lib/net45/Google.Apis.PlatformServices.dll": {}, + "lib/net45/Google.Apis.dll": {} } }, "Google.Apis.Core/1.11.1": { @@ -6210,12 +6210,12 @@ "Zlib.Portable.Signed": "1.11.0" }, "compile": { - "lib/net45/Google.Apis.dll": {}, - "lib/net45/Google.Apis.PlatformServices.dll": {} + "lib/net45/Google.Apis.PlatformServices.dll": {}, + "lib/net45/Google.Apis.dll": {} }, "runtime": { - "lib/net45/Google.Apis.dll": {}, - "lib/net45/Google.Apis.PlatformServices.dll": {} + "lib/net45/Google.Apis.PlatformServices.dll": {}, + "lib/net45/Google.Apis.dll": {} } }, "Google.Apis.Core/1.11.1": { diff --git a/Yavsc/src/Providers/OAuthProvider.cs b/Yavsc/src/Providers/OAuthProvider.cs index f2d6c8b6..725f4e78 100644 --- a/Yavsc/src/Providers/OAuthProvider.cs +++ b/Yavsc/src/Providers/OAuthProvider.cs @@ -8,7 +8,7 @@ using Microsoft.Extensions.DependencyInjection; using Yavsc.Models; namespace Yavsc.Providers { - public sealed class AuthorizationProvider : OpenIdConnectServerProvider { + public sealed class OIAuthorizationProvider : OpenIdConnectServerProvider { public override Task MatchEndpoint(MatchEndpointContext context) { // Note: by default, OpenIdConnectServerHandler only handles authorization requests made to the authorization endpoint. // This context handler uses a more relaxed policy that allows extracting authorization requests received at @@ -117,4 +117,4 @@ namespace Yavsc.Providers { } -} \ No newline at end of file +} diff --git a/Yavsc/src/Startup.cs b/Yavsc/src/Startup.cs index 647d4706..cae0971f 100755 --- a/Yavsc/src/Startup.cs +++ b/Yavsc/src/Startup.cs @@ -5,6 +5,7 @@ using System.IdentityModel.Tokens; using System.IO; using System.Reflection; using System.Security.Claims; +using System.Threading.Tasks; using System.Web; using System.Web.Optimization; using AspNet.Security.OpenIdConnect.Extensions; @@ -20,6 +21,7 @@ using Microsoft.AspNet.Diagnostics; using Microsoft.AspNet.FileProviders; using Microsoft.AspNet.Hosting; using Microsoft.AspNet.Http; +using Microsoft.AspNet.Http.Authentication; using Microsoft.AspNet.Identity; using Microsoft.AspNet.Identity.EntityFramework; using Microsoft.AspNet.Localization; @@ -174,8 +176,6 @@ namespace Yavsc services.Add(ServiceDescriptor.Singleton(typeof(IOptions), typeof(OptionsManager))); services.Add(ServiceDescriptor.Singleton(typeof(IOptions), typeof(OptionsManager))); - - services.AddTransient(); services.AddDataProtection(); services.Add(ServiceDescriptor.Singleton(typeof(IApplicationDiscriminator), @@ -220,7 +220,15 @@ namespace Yavsc } */ ); + // Add memory cache services + services.AddCaching(); + // Add session related services. + services.AddSession(); + + // Add the system clock service + services.AddSingleton(); + services.AddAuthorization(options => { options.AddPolicy("AdministratorOnly", policy => policy.RequireRole(Constants.AdminGroupName)); @@ -278,14 +286,7 @@ namespace Yavsc options.ResourcesPath = "Resources"; }); - // Add memory cache services - services.AddCaching(); - - // Add session related services. - services.AddSession(); - // Add the system clock service - services.AddSingleton(); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. @@ -488,8 +489,24 @@ namespace Yavsc app.UseStaticFiles().UseWebSockets(); app.UseOpenIdConnectServer(options => { - options.Provider = new AuthorizationProvider(); + options.Provider = new OIAuthorizationProvider() + + /* { + OnValidateAuthorizationRequest = context => { + // Note: you MUST NOT validate the request if client_id is invalid or if redirect_uri + // doesn't correspond to a trusted URL associated with the client application. + // You SHOULD also strongly consider validating the type of the client application + // (public or confidential) to prevent code flow -> implicit flow downgrade attacks. + if (string.Equals(context.ClientId, "client_id", StringComparison.Ordinal)) { + context.Validated(); + } + // Note: if Validate() is not explicitly called, + // the request is automatically rejected. + return Task.FromResult(0); + } */; + + // Register the certificate used to sign the JWT tokens. /* options.SigningCredentials.AddCertificate( assembly: typeof(Startup).GetTypeInfo().Assembly, @@ -501,25 +518,26 @@ namespace Yavsc // information concerning ApplicationCanDisplayErrors. options.ApplicationCanDisplayErrors = true; options.AllowInsecureHttp = true; - /* options.AutomaticChallenge = true; + options.ClaimsIssuer = "http://dev.pschneider.fr"; + options.Description.DisplayName = "DEV OIDC server"; options.AuthorizationEndpointPath = new PathString("/connect/authorize"); options.TokenEndpointPath = new PathString("/connect/token"); options.UseSlidingExpiration = true; options.AuthenticationScheme = "oidc"; - options.LogoutEndpointPath = new PathString("/connect/logout");*/ + options.LogoutEndpointPath = new PathString("/connect/logout"); /* options.ValidationEndpointPath = new PathString("/connect/introspect"); */ }); - app.UseOpenIdConnectAuthentication(options => { + /* app.UseOpenIdConnectAuthentication(options => { options.AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme; options.RequireHttpsMetadata = false; // Note: these settings must match the application details // inserted in the database at the server level. - options.ClientId = "WebApiClient"; - options.ClientSecret = "secWebApiClientret_secret"; - options.PostLogoutRedirectUri = "http://dev.pschneider.fr/Manage"; + options.ClientId = "016c5ae4-f4cd-40e3-b250-13701c871ecd"; + options.ClientSecret = "blahblah"; + options.PostLogoutRedirectUri = "/MobileLogout"; // Use the authorization code flow. options.ResponseType = OpenIdConnectResponseTypes.Code; @@ -533,7 +551,7 @@ namespace Yavsc // access token should be issued for (values must be space-delimited). options.Resource = "http://dev.pschneider.fr/"; options.Scope.Add("api-resource-controller"); - }); + });*/ app.UseRequestLocalization(localizationOptions.Value, (RequestCulture)new RequestCulture((string)"fr"));