From 80a8d25debdc00fbde6c7610db71b3bf1a013c69 Mon Sep 17 00:00:00 2001
From: Paul Schneider <paul@pschneider.fr>
Date: Mon, 6 Jun 2016 14:00:05 +0200
Subject: [PATCH] testoidc

---
 Yavsc/Views/Shared/SignIn.cshtml         |  4 +-
 Yavsc/src/Controllers/OAuthController.cs | 16 +++---
 Yavsc/src/Startup.cs                     | 67 +++++++++++++-----------
 3 files changed, 45 insertions(+), 42 deletions(-)

diff --git a/Yavsc/Views/Shared/SignIn.cshtml b/Yavsc/Views/Shared/SignIn.cshtml
index 6c98ad5b..c1b1723d 100644
--- a/Yavsc/Views/Shared/SignIn.cshtml
+++ b/Yavsc/Views/Shared/SignIn.cshtml
@@ -69,10 +69,10 @@
                     @foreach (var description in Model.ExternalProviders) {
         <form action="/signin" method="post">
             <input type="hidden" name="Provider" value="@description.AuthenticationScheme" />
-            <input type="hidden" name="ReturnUrl" value="@Url.Action("ExternalLoginCallback","Account", new { returnUrl = Model.ReturnUrl })" />
+            <input type="hidden" name="ReturnUrl" value="@Model.ReturnUrl" />
             <button class="btn btn-lg btn-success" type="submit">@SR["Connect using"] @description.DisplayName</button>
             @Html.AntiForgeryToken()
         </form>
                 }
     }
-</div>
\ No newline at end of file
+</div>
diff --git a/Yavsc/src/Controllers/OAuthController.cs b/Yavsc/src/Controllers/OAuthController.cs
index ffb294df..deb760b3 100644
--- a/Yavsc/src/Controllers/OAuthController.cs
+++ b/Yavsc/src/Controllers/OAuthController.cs
@@ -108,10 +108,10 @@ namespace Yavsc.Controllers
                     _logger.LogWarning("ReturnUrl not specified");
                     return HttpBadRequest();
             }
-            
-            return new ChallengeResult(Provider, new AuthenticationProperties {
-                RedirectUri = Url.Action("ExternalLoginCallback","Account", new {returnUrl= ReturnUrl})
-            });
+            var redirectUrl = Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = ReturnUrl });
+            var properties = _signInManager.ConfigureExternalAuthenticationProperties(Provider, redirectUrl);
+            //  var properties = new AuthenticationProperties{RedirectUri=ReturnUrl};
+            return new ChallengeResult(Provider,properties);
         }
 
 
@@ -181,10 +181,10 @@ namespace Yavsc.Controllers
 
             if (!User.Identities.Any(identity => identity.IsAuthenticated))
             {
-                return new ChallengeResult(new AuthenticationProperties
-                {
-                    RedirectUri = Url.Action("ExternalLoginCallback","Account",new {returnUrl=request.BuildRedirectUrl()})
-                });
+                return new ChallengeResult(new AuthenticationProperties {
+                    RedirectUri = Url.Action(nameof(Authorize), new {
+                        unique_id = request.GetUniqueIdentifier()
+                    })});
             }
             // Note: ASOS automatically ensures that an application corresponds to the client_id specified
             // in the authorization request by calling IOpenIdConnectServerProvider.ValidateAuthorizationRequest.
diff --git a/Yavsc/src/Startup.cs b/Yavsc/src/Startup.cs
index b9cd5b6f..1232ac4e 100755
--- a/Yavsc/src/Startup.cs
+++ b/Yavsc/src/Startup.cs
@@ -210,6 +210,7 @@ namespace Yavsc
                     option.Cookies.ApplicationCookie.DataProtectionProvider =
           new  MonoDataProtectionProvider(Configuration["Site:Title"]);
           option.Cookies.ApplicationCookie.CookieName = "Bearer";
+          
                 }
             ).AddEntityFrameworkStores<ApplicationDbContext>()
                  .AddTokenProvider<EmailTokenProvider<ApplicationUser>>(Constants.EMailFactor)
@@ -247,7 +248,7 @@ namespace Yavsc
 
                 options.AddPolicy("FrontOffice", policy => policy.RequireRole(Constants.FrontOfficeGroupName));
                 options.AddPolicy("Bearer",new AuthorizationPolicyBuilder()
-                    .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌​)
+                    .AddAuthenticationSchemes("ServerCookie")
                     .RequireAuthenticatedUser().Build());
                 // options.AddPolicy("EmployeeId", policy => policy.RequireClaim("EmployeeId", "123", "456"));
                 // options.AddPolicy("BuildingEntry", policy => policy.Requirements.Add(new OfficeEntryRequirement()));
@@ -358,18 +359,13 @@ namespace Yavsc
                 }
             }
 
-            app.UseIISPlatformHandler(
-                options => options.AuthenticationDescriptions.Clear()
-            );
-
             var googleOptions = new YavscGoogleOptions
             {
                 ClientId = Configuration["Authentication:Google:ClientId"],
                 ClientSecret = Configuration["Authentication:Google:ClientSecret"],
-       /*         AccessType = "offline",
+                AccessType = "offline",
                 SaveTokensAsClaims = true,
-                UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me",*/
-                AutomaticAuthenticate=true,
+                UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me",
                 AutomaticChallenge=true
             };
             var gvents = new OAuthEvents();
@@ -392,6 +388,12 @@ namespace Yavsc
 
             googleOptions.Scope.Add("https://www.googleapis.com/auth/calendar");
 
+            app.UseIISPlatformHandler(options =>
+            {
+                options.AuthenticationDescriptions.Clear();
+                options.AutomaticAuthentication = true;
+            });
+            
             app.UseFileServer(new FileServerOptions()
             {
                 FileProvider = new PhysicalFileProvider(
@@ -406,7 +408,30 @@ namespace Yavsc
                 EnableDirectoryBrowsing = false
             });
             app.UseStaticFiles().UseWebSockets();
+            
             app.UseIdentity();
+            
+             app.UseCookieAuthentication(options =>
+                {
+                    options.AutomaticAuthenticate = true;
+                    options.AutomaticChallenge = true;
+                    options.AuthenticationScheme = "ServerCookie";
+                    options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
+                   options.LoginPath = new PathString("/signin");
+                   options.LogoutPath = new PathString("/signout");
+             //      options.CookieName = "Bearer";
+                }); 
+
+                app.UseMiddleware<Yavsc.Auth.GoogleMiddleware>(googleOptions);
+
+                // Facebook
+                app.UseFacebookAuthentication(options =>
+                    {
+                        options.AppId = Configuration["Authentication:Facebook:AppId"];
+                        options.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
+                        options.Scope.Add("email");
+                        options.UserInformationEndpoint = "https://graph.facebook.com/v2.5/me?fields=id,name,email,first_name,last_name";
+                    });
             app.UseOpenIdConnectServer(options =>
                {
                    options.Provider = new AuthorizationProvider(loggerFactory, 
@@ -424,6 +449,8 @@ namespace Yavsc
                    options.ApplicationCanDisplayErrors = true;
                    options.AllowInsecureHttp = true;
                    options.AutomaticChallenge = true;
+                 //  options.AutomaticAuthenticate=true;
+
                    
                    options.AuthorizationEndpointPath = new PathString("/connect/authorize");
                    options.TokenEndpointPath = new PathString("/connect/authorize/accept");
@@ -434,30 +461,6 @@ namespace Yavsc
 
                    // options.ValidationEndpointPath = new PathString("/connect/introspect");
                }); /**/
-               
-           
-            
-                app.UseCookieAuthentication(options =>
-                {
-                    options.AutomaticAuthenticate = true;
-                    options.AutomaticChallenge = true;
-                    options.AuthenticationScheme = "ServerCookie";
-                    options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
-                    options.LoginPath = new PathString("/signin");
-                    options.LogoutPath = new PathString("/signout");
-                });
-
-                app.UseMiddleware<Yavsc.Auth.GoogleMiddleware>(googleOptions);
-
-                // Facebook
-                app.UseFacebookAuthentication(options =>
-                    {
-                        options.AppId = Configuration["Authentication:Facebook:AppId"];
-                        options.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
-                        options.Scope.Add("email");
-                        options.UserInformationEndpoint = "https://graph.facebook.com/v2.5/me?fields=id,name,email,first_name,last_name";
-                    });
-            
             app.UseRequestLocalization(localizationOptions.Value, (RequestCulture)new RequestCulture((string)"fr"));
 
             /* Generic OAuth (here GitHub): options.Notifications = new OAuthAuthenticationNotifications