notazof
/
yavsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OAuth Api call success

main
Paul Schneider 10 years ago
parent 8ce7767672
commit ca4625a7cf
22 changed files with 1510 additions and 1779 deletions
Show Stats Download Patch File Download Diff File

15
Yavsc/ApiController/AccountController.cs
Unescape Escape View File

@ -7,6 +7,7 @@ using Microsoft.AspNet.Mvc;
using Yavsc.ViewModels.Account; using Yavsc.ViewModels.Account;
using System.Security.Claims; using System.Security.Claims;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using Yavsc.Models.Auth;
namespace Yavsc.WebApi.Controllers namespace Yavsc.WebApi.Controllers
{ {
@ -121,18 +122,14 @@ namespace Yavsc.WebApi.Controllers
[HttpGet("~/api/me"),Produces("application/json")] [HttpGet("~/api/me"),Produces("application/json")]
public async Task<IActionResult> Me () public async Task<IActionResult> Me ()
{ {
if (User==null)
if (User==null) return new BadRequestObjectResult( return new BadRequestObjectResult(
new { new { error = "user not found" });
error = "no user"
});
var uid = User.GetUserId(); var uid = User.GetUserId();
if (uid == null) if (uid == null)
return new BadRequestObjectResult( return new BadRequestObjectResult(
new { new { error = "user not identified" });
error = "not identified" return Ok(new Me(await UserManager.FindByIdAsync(uid)));
});
return Ok(await UserManager.FindByIdAsync(uid));
} }
} }

147
Yavsc/Auth/Yavsc/YavscAuthenticationHandler.cs
Unescape Escape View File

@ -1,147 +0,0 @@
//
// YavscAuthenticationHandler.cs
//
// Author:
// Paul Schneider <paul@pschneider.fr>
//
// Copyright (c) 2016 GNU GPL
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
namespace Yavsc.Authentication
{
using System.Net.Http;
using System.Net.Http.Headers;
using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Authentication.OAuth;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Http.Authentication;
using Microsoft.AspNet.Http.Features.Authentication;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json.Linq;
public static class YavscAuthenticationExtensions
{
}
class YavscAuthenticationHandler : OAuthHandler<YavscAuthenticationOptions>
{
private ILogger _logger;
private HttpClient _backchannel;
public YavscAuthenticationHandler(HttpClient backchannel, ILogger logger) : base (backchannel)
{
_backchannel = backchannel;
_logger = logger;
}
protected new async Task<AuthenticationTicket> AuthenticateAsync(AuthenticateContext context)
{
AuthenticationProperties properties = null;
try
{
// ASP.Net Identity requires the NameIdentitifer field to be set or it won't
// accept the external login (AuthenticationManagerExtensions.GetExternalLoginInfo)
string code = null;
string state = null;
IReadableStringCollection query = Request.Query;
IList<string> values = query["code"];
if (values != null && values.Count == 1)
{
code = values[0];
}
values = query["state"];
if (values != null && values.Count == 1)
{
state = values[0];
}
properties = Options.StateDataFormat.Unprotect(state);
if (properties == null)
{
return null;
}
// OAuth2 10.12 CSRF
if (!ValidateCorrelationId(properties))
{
return new AuthenticationTicket(null, properties, this.Options.AuthenticationScheme);
}
string requestPrefix = Request.Scheme + "://" + Request.Host;
string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
// Build up the body for the token request
var body = new List<KeyValuePair<string, string>>();
body.Add(new KeyValuePair<string, string>("grant_type", "authorization_code"));
body.Add(new KeyValuePair<string, string>("code", code));
body.Add(new KeyValuePair<string, string>("redirect_uri", redirectUri));
body.Add(new KeyValuePair<string, string>("client_id", Options.ClientId));
body.Add(new KeyValuePair<string, string>("client_secret", Options.ClientSecret));
// Request the token
HttpResponseMessage tokenResponse =
await _backchannel.PostAsync(Options.TokenEndpoint, new FormUrlEncodedContent(body));
tokenResponse.EnsureSuccessStatusCode();
string text = await tokenResponse.Content.ReadAsStringAsync();
// Deserializes the token response
JObject response = JObject.Parse(text);
string accessToken = response.Value<string>("access_token");
if (string.IsNullOrWhiteSpace(accessToken))
{
_logger.LogWarning("Access token was not found");
return new AuthenticationTicket(null, properties, this.Options.AuthenticationScheme);
}
// Get the user
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
request.Headers.Authorization = new AuthenticationHeaderValue(this.Options.AuthenticationScheme, accessToken);
HttpResponseMessage graphResponse = await _backchannel.SendAsync(request);
graphResponse.EnsureSuccessStatusCode();
text = await graphResponse.Content.ReadAsStringAsync();
JObject user = JObject.Parse(text);
// Read user data
var id = new ClaimsIdentity(
Options.SignInAsAuthenticationType,
ClaimsIdentity.DefaultNameClaimType,
ClaimsIdentity.DefaultRoleClaimType);
context.Authenticated(new ClaimsPrincipal(id)
, new Dictionary<string,string>(), new Dictionary<string,object>{
{ "John" , (object) "Doe" }
});
return new AuthenticationTicket(context.Principal, properties, Options.SignInAsAuthenticationType);
}
catch (Exception ex)
{
_logger.LogError("Authentication failed", ex);
return new AuthenticationTicket(null, properties, this.Options.AuthenticationScheme);
}
}
}
}

102
Yavsc/Auth/Yavsc/YavscAuthenticationMiddleware.cs
Unescape Escape View File

@ -1,102 +0,0 @@
//
// YavscAuthenticationMiddleware.cs
//
// Author:
// Paul Schneider <paul@pschneider.fr>
//
// Copyright (c) 2016 GNU GPL
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
using System;
using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Authentication.OAuth;
using Microsoft.AspNet.Builder;
using Microsoft.AspNet.DataProtection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
using Microsoft.Extensions.WebEncoders;
namespace Yavsc.Authentication
{
public class YavscAuthenticationMiddleware : OAuthMiddleware<YavscAuthenticationOptions>
{
RequestDelegate _next;
ILogger _logger;
public YavscAuthenticationMiddleware(
RequestDelegate next,
IDataProtectionProvider dataProtectionProvider,
ILoggerFactory loggerFactory,
UrlEncoder encoder,
IOptions<SharedAuthenticationOptions> sharedOptions,
YavscAuthenticationOptions options)
: base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
{
if (next == null)
{
throw new ArgumentNullException(nameof(next));
}
_next = next;
if (dataProtectionProvider == null)
{
throw new ArgumentNullException(nameof(dataProtectionProvider));
}
if (loggerFactory == null)
{
throw new ArgumentNullException(nameof(loggerFactory));
}
_logger = loggerFactory.CreateLogger<YavscAuthenticationMiddleware>();
if (encoder == null)
{
throw new ArgumentNullException(nameof(encoder));
}
if (sharedOptions == null)
{
throw new ArgumentNullException(nameof(sharedOptions));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if(string.IsNullOrEmpty(options.SignInAsAuthenticationType))
{
options.SignInAsAuthenticationType = sharedOptions.Value.SignInScheme;
}
if(options.StateDataFormat == null)
{
var dataProtector = dataProtectionProvider.CreateProtector(typeof(YavscAuthenticationMiddleware).FullName,
options.AuthenticationScheme);
options.StateDataFormat = new PropertiesDataFormat(dataProtector);
}
}
// Called for each request, to create a handler for each request.
protected override AuthenticationHandler<YavscAuthenticationOptions> CreateHandler()
{
return new YavscAuthenticationHandler(this.Backchannel,_logger);
}
}
}

62
Yavsc/Auth/Yavsc/YavscAuthenticationMiddlewareOptions.cs
Unescape Escape View File

@ -1,62 +0,0 @@
//
// YavscAuthenticationMiddlewareOptions.cs
//
// Author:
// Paul Schneider <paul@pschneider.fr>
//
// Copyright (c) 2016 GNU GPL
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
using System;
using Microsoft.AspNet.Authentication.OAuth;
using Microsoft.AspNet.Http;
namespace Yavsc.Authentication
{
public class YavscAuthenticationOptions: OAuthOptions
{
public YavscAuthenticationOptions()
{}
public YavscAuthenticationOptions(string authType, string clientId, string clientSecret)
{
if (authType == null)
throw new NotSupportedException();
Description.AuthenticationScheme = authType;
ClientId = clientId;
ClientSecret = clientSecret;
SignInAsAuthenticationType = authType;
Scope.Clear();
}
public PathString TokenPath { get; set; }
public PathString AuthorizePath { get; set; }
public PathString ReturnUrl { get; set; }
public PathString LoginPath { get; set; }
public PathString LogoutPath { get; set; }
internal string AuthenticationServerUri = "https://accounts.google.com/o/oauth2/auth";
internal string TokenServerUri = "https://accounts.google.com/o/oauth2/token";
private string signInAsAuthenticationType = null;
public string SignInAsAuthenticationType { get
{ return signInAsAuthenticationType ; }
set { signInAsAuthenticationType = value;
ReturnUrl = new PathString("/signin-"+signInAsAuthenticationType.ToLower());
} }
}
}

45
Yavsc/Constants.cs
Unescape Escape View File

@ -4,14 +4,26 @@ namespace Yavsc
public static class Constants public static class Constants
{ {
public const string AccessDeniedPath = "~/signin", AuthorizePath = "~/authorize", public const string ApplicationName = "Yavsc",
TokenPath = "~/token", LocalLoginPath = "~/signin", LoginPath = "~/signin", CompanyClaimType = "https://schemas.pschneider.fr/identity/claims/Company",
ExternalLoginPath = "~/extsign", LogoutPath = "~/signout", MePath = "~/api/Me"; UserNameRegExp = @"^[a-zA-Z][a-zA-Z0-9 ]*$",
AuthorizePath = "~/authorize",
public const string TokenPath = "~/token", LoginPath = "~/signin",
LogoutPath = "~/signout", UserInfoPath = "~/api/me",
ApplicationAuthenticationSheme = "ServerCookie", ApplicationAuthenticationSheme = "ServerCookie",
ExternalAuthenticationSheme= "ExternalCookie"; ExternalAuthenticationSheme= "ExternalCookie",
CompanyInfoUrl = " https://societeinfo.com/app/rest/api/v1/company/json?registration_number={0}&key={1}",
DefaultFactor = "Default",
MobileAppFactor = "Mobile Application",
EMailFactor = "Email",
SMSFactor = "SMS",
AdminGroupName = "Administrator",
BlogModeratorGroupName = "Moderator",
FrontOfficeGroupName = "FrontOffice",
UserBillsFilesDir= "Bills",
UserFilesDir = "UserFiles",
GCMNotificationUrl = "https://gcm-http.googleapis.com/gcm/send",
KeyProtectorPurpose = "OAuth.AspNet.AuthServer";
public static readonly Scope[] SiteScopes = {  public static readonly Scope[] SiteScopes = { 
new Scope { Id = "profile", Description = "Your profile informations" },   new Scope { Id = "profile", Description = "Your profile informations" },  
new Scope { Id = "book" , Description ="Your booking interface"},   new Scope { Id = "book" , Description ="Your booking interface"},  
@ -23,26 +35,9 @@ namespace Yavsc
new Scope { Id = "frontoffice" , Description ="Your front office interface" } new Scope { Id = "frontoffice" , Description ="Your front office interface" }
}; };
public const string
CompanyInfoUrl = " https://societeinfo.com/app/rest/api/v1/company/json?registration_number={0}&key={1}",
DefaultFactor = "Default",
MobileAppFactor = "Google.clood",
EMailFactor = "Email",
SMSFactor = "Phone",
AdminGroupName = "Administrator",
BlogModeratorGroupName = "Moderator",
FrontOfficeGroupName = "FrontOffice",
UserBillsFilesDir= "Bills",
UserFilesDir = "UserFiles",
GCMNotificationUrl = "https://gcm-http.googleapis.com/gcm/send",
KeyProtectorPurpose = "OAuth.AspNet.AuthServer";
private static readonly string[] GoogleScopes = { "openid", "profile", "email" };
private static readonly string[] GoogleScopes = { "openid", "profile", "email" };
public static readonly string[] GoogleCalendarScopes = public static readonly string[] GoogleCalendarScopes =
{ "openid", "profile", "email", "https://www.googleapis.com/auth/calendar" }; { "openid", "profile", "email", "https://www.googleapis.com/auth/calendar" };
public const string ApplicationName = "Yavsc",
Issuer = "https://dev.pschneider.fr",
CompanyClaimType = "https://schemas.pschneider.fr/identity/claims/Company",
UserNameRegExp = @"^[a-zA-Z][a-zA-Z0-9 ]*$";
} }
} }

80
Yavsc/Controllers/AccountController.cs
Unescape Escape View File

@ -18,7 +18,7 @@ using Yavsc.Helpers;
namespace Yavsc.Controllers namespace Yavsc.Controllers
{ {
[ServiceFilter(typeof(LanguageActionFilter)),AllowAnonymous] [ServiceFilter(typeof(LanguageActionFilter)), AllowAnonymous]
public class AccountController : Controller public class AccountController : Controller
{ {
private readonly UserManager<ApplicationUser> _userManager; private readonly UserManager<ApplicationUser> _userManager;
@ -75,29 +75,51 @@ namespace Yavsc.Controllers
{ {
if (Request.Method == "POST") if (Request.Method == "POST")
{ {
if (model.Provider=="LOCAL") if (model.Provider == "LOCAL")
{ {
return await Login(model); if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
return Redirect(model.ReturnUrl);
} }
if (result.RequiresTwoFactor)
{
return RedirectToAction(nameof(SendCode), new { ReturnUrl = model.ReturnUrl, RememberMe = model.RememberMe });
} }
model.ExternalProviders = HttpContext.GetExternalProviders(); if (result.IsLockedOut)
{
_logger.LogWarning(2, "User account locked out.");
return View("Lockout");
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return View(model); return View(model);
} }
}
[HttpPost(Constants.ExternalLoginPath)] // If we got this far, something failed, redisplay form
public IActionResult ExternalLogin(string Provider, string ReturnUrl) ModelState.AddModelError(string.Empty, "Unexpected behavior: something failed ... you could try again, or contact me ...");
}
else
{ {
// Note: the "provider" parameter corresponds to the external // Note: the "provider" parameter corresponds to the external
// authentication provider choosen by the user agent. // authentication provider choosen by the user agent.
if (string.IsNullOrEmpty(Provider)) if (string.IsNullOrEmpty(model.Provider))
{ {
_logger.LogWarning("Provider not specified"); _logger.LogWarning("Provider not specified");
return HttpBadRequest(); return HttpBadRequest();
} }
if (!_signInManager.GetExternalAuthenticationSchemes().Any(x => x.AuthenticationScheme == Provider)) if (!_signInManager.GetExternalAuthenticationSchemes().Any(x => x.AuthenticationScheme == model.Provider))
{ {
_logger.LogWarning($"Provider not found : {Provider}"); _logger.LogWarning($"Provider not found : {model.Provider}");
return HttpBadRequest(); return HttpBadRequest();
} }
@ -108,48 +130,20 @@ namespace Yavsc.Controllers
// Note: the "returnUrl" parameter corresponds to the endpoint the user agent // Note: the "returnUrl" parameter corresponds to the endpoint the user agent
// will be redirected to after a successful authentication and not // will be redirected to after a successful authentication and not
// the redirect_uri of the requesting client application. // the redirect_uri of the requesting client application.
if (string.IsNullOrEmpty(ReturnUrl)) if (string.IsNullOrEmpty(model.ReturnUrl))
{ {
_logger.LogWarning("ReturnUrl not specified"); _logger.LogWarning("ReturnUrl not specified");
return HttpBadRequest(); return HttpBadRequest();
} }
// Note: this still is not the redirect uri given to the third party provider, at building the challenge. // Note: this still is not the redirect uri given to the third party provider, at building the challenge.
var redirectUrl = Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = ReturnUrl }); var redirectUrl = Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = model.ReturnUrl });
var properties = _signInManager.ConfigureExternalAuthenticationProperties(Provider, redirectUrl); var properties = _signInManager.ConfigureExternalAuthenticationProperties(model.Provider, redirectUrl);
// var properties = new AuthenticationProperties{RedirectUri=ReturnUrl}; // var properties = new AuthenticationProperties{RedirectUri=ReturnUrl};
return new ChallengeResult(Provider, properties); return new ChallengeResult(model.Provider, properties);
}
public async Task<IActionResult> Login(SignInViewModel model)
{
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
return Redirect(model.ReturnUrl);
}
if (result.RequiresTwoFactor)
{
return RedirectToAction(nameof(SendCode), new { ReturnUrl = model.ReturnUrl, RememberMe = model.RememberMe });
} }
if (result.IsLockedOut)
{
_logger.LogWarning(2, "User account locked out.");
return View("Lockout");
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return View(model);
} }
} model.ExternalProviders = HttpContext.GetExternalProviders();
// If we got this far, something failed, redisplay form
ModelState.AddModelError(string.Empty, "Unexpected behavior: something failed ... you could try again, or contact me ...");
return View(model); return View(model);
} }
@ -198,7 +192,7 @@ namespace Yavsc.Controllers
{ {
await _signInManager.SignOutAsync(); await _signInManager.SignOutAsync();
_logger.LogInformation(4, "User logged out."); _logger.LogInformation(4, "User logged out.");
if (returnUrl==null) return RedirectToAction(nameof(HomeController.Index), "Home"); if (returnUrl == null) return RedirectToAction(nameof(HomeController.Index), "Home");
return Redirect(returnUrl); return Redirect(returnUrl);
} }

4
Yavsc/Controllers/HomeController.cs
Unescape Escape View File

@ -29,6 +29,10 @@ namespace Yavsc.Controllers
{ {
return View(); return View();
} }
public IActionResult AboutMarkdown()
{
return View();
}
public IActionResult Contact() public IActionResult Contact()
{ {

1
Yavsc/Controllers/OAuthController.cs
Unescape Escape View File

@ -167,7 +167,6 @@ namespace Yavsc.Controllers
{ {
primaryIdentity.AddClaim(new Claim("urn:oauth:scope", scope)); primaryIdentity.AddClaim(new Claim("urn:oauth:scope", scope));
} }
_logger.LogWarning("Logging user {principal} against {OAuthDefaults.AuthenticationType}");
await authentication.SignInAsync(OAuthDefaults.AuthenticationType, principal); await authentication.SignInAsync(OAuthDefaults.AuthenticationType, principal);
} }
if (!string.IsNullOrEmpty(Request.Form["submit.Deny"])) if (!string.IsNullOrEmpty(Request.Form["submit.Deny"]))

79
Yavsc/Startup/Startup.OAuth.cs
Unescape Escape View File

@ -3,6 +3,7 @@ using System.Security.Claims;
using Microsoft.AspNet.Authentication; using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Authentication.Cookies; using Microsoft.AspNet.Authentication.Cookies;
using Microsoft.AspNet.Authentication.Facebook; using Microsoft.AspNet.Authentication.Facebook;
using Microsoft.AspNet.Authentication.JwtBearer;
using Microsoft.AspNet.Authentication.OAuth; using Microsoft.AspNet.Authentication.OAuth;
using Microsoft.AspNet.Builder; using Microsoft.AspNet.Builder;
using Microsoft.AspNet.Http; using Microsoft.AspNet.Http;
@ -12,7 +13,9 @@ using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.OptionsModel; using Microsoft.Extensions.OptionsModel;
using Microsoft.Extensions.WebEncoders; using Microsoft.Extensions.WebEncoders;
using OAuth.AspNet.AuthServer; using OAuth.AspNet.AuthServer;
using OAuth.AspNet.Tokens;
using Yavsc.Auth; using Yavsc.Auth;
using Yavsc.Extensions;
using Yavsc.Models; using Yavsc.Models;
namespace Yavsc namespace Yavsc
@ -26,6 +29,8 @@ namespace Yavsc
public static FacebookOptions FacebookAppOptions { get; private set; } public static FacebookOptions FacebookAppOptions { get; private set; }
public static OAuthAuthorizationServerOptions OAuthServerAppOptions { get; private set; } public static OAuthAuthorizationServerOptions OAuthServerAppOptions { get; private set; }
public static OAuthOptions OAuthClientOptions { get; set; }
public static YavscGoogleOptions YavscGoogleAppOptions { get; private set; } public static YavscGoogleOptions YavscGoogleAppOptions { get; private set; }
public static MonoDataProtectionProvider ProtectionProvider { get; private set; } public static MonoDataProtectionProvider ProtectionProvider { get; private set; }
@ -38,23 +43,7 @@ namespace Yavsc
services.Add(ServiceDescriptor.Singleton(typeof(IOptions<OAuth2AppSettings>), typeof(OptionsManager<OAuth2AppSettings>))); services.Add(ServiceDescriptor.Singleton(typeof(IOptions<OAuth2AppSettings>), typeof(OptionsManager<OAuth2AppSettings>)));
// used by the YavscGoogleOAuth middelware (TODO drop it) // used by the YavscGoogleOAuth middelware (TODO drop it)
services.AddTransient<Microsoft.Extensions.WebEncoders.UrlEncoder, UrlEncoder>(); services.AddTransient<Microsoft.Extensions.WebEncoders.UrlEncoder, UrlEncoder>();
/* Obsolete:
var keyParamsFileInfo =
new FileInfo(Configuration["DataProtection:RSAParamFile"]);
var keyParams = (keyParamsFileInfo.Exists) ?
RSAKeyUtils.GetKeyParameters(keyParamsFileInfo.Name) :
RSAKeyUtils.GenerateKeyAndSave(keyParamsFileInfo.Name);
key = new RsaSecurityKey(keyParams);
services.Configure<TokenAuthOptions>(
to =>
{
to.Audience = Configuration["Site:Audience"];
to.Issuer = Configuration["Site:Authority"];
to.SigningCredentials =
new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature);
}
); */
services.AddAuthentication(options => services.AddAuthentication(options =>
{ {
options.SignInScheme = Constants.ExternalAuthenticationSheme; options.SignInScheme = Constants.ExternalAuthenticationSheme;
@ -94,19 +83,9 @@ namespace Yavsc
; ;
} }
private void ConfigureOAuthApp(IApplicationBuilder app) private void ConfigureOAuthApp(IApplicationBuilder app, SiteSettings settings)
{
// External authentication shared cookie:
app.UseCookieAuthentication(options =>
{ {
ExternalCookieAppOptions = options; app.UseIdentity();
options.AuthenticationScheme = Constants.ExternalAuthenticationSheme;
options.AutomaticAuthenticate = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
options.LoginPath = new PathString(Constants.LoginPath.Substring(1));
options.AccessDeniedPath = new PathString(Constants.AccessDeniedPath.Substring(1));
});
app.UseOAuthAuthorizationServer( app.UseOAuthAuthorizationServer(
options => options =>
@ -117,6 +96,7 @@ namespace Yavsc
options.ApplicationCanDisplayErrors = true; options.ApplicationCanDisplayErrors = true;
options.AllowInsecureHttp = true; options.AllowInsecureHttp = true;
options.AuthenticationScheme = OAuthDefaults.AuthenticationType; options.AuthenticationScheme = OAuthDefaults.AuthenticationType;
options.TokenDataProtector = ProtectionProvider.CreateProtector("Bearer protection");
options.Provider = new OAuthAuthorizationServerProvider options.Provider = new OAuthAuthorizationServerProvider
{ {
@ -143,7 +123,38 @@ namespace Yavsc
} }
); );
app.UseIdentity(); app.UseWhen(context => context.Request.Path.StartsWithSegments("/api"),
branch =>
{
branch.UseJwtBearerAuthentication(
options =>
{
options.AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
options.AutomaticAuthenticate = true;
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new TicketDataFormatTokenValidator(
ProtectionProvider
));
}
);
});
app.UseWhen(context => !context.Request.Path.StartsWithSegments("/api"),
branch =>
{
// External authentication shared cookie:
branch.UseCookieAuthentication(options =>
{
ExternalCookieAppOptions = options;
options.AuthenticationScheme = Constants.ExternalAuthenticationSheme;
options.AutomaticAuthenticate = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
options.LoginPath = new PathString(Constants.LoginPath.Substring(1));
// TODO implement an access denied page
options.AccessDeniedPath = new PathString(Constants.LoginPath.Substring(1));
});
var gvents = new OAuthEvents(); var gvents = new OAuthEvents();
YavscGoogleAppOptions = new YavscGoogleOptions YavscGoogleAppOptions = new YavscGoogleOptions
@ -170,10 +181,10 @@ namespace Yavsc
} }
}; };
YavscGoogleAppOptions.Scope.Add("https://www.googleapis.com/auth/calendar"); YavscGoogleAppOptions.Scope.Add("https://www.googleapis.com/auth/calendar");
app.UseMiddleware<Yavsc.Auth.GoogleMiddleware>(YavscGoogleAppOptions); branch.UseMiddleware<Yavsc.Auth.GoogleMiddleware>(YavscGoogleAppOptions);
// Facebook // Facebook
app.UseFacebookAuthentication(options => branch.UseFacebookAuthentication(options =>
{ {
FacebookAppOptions = options; FacebookAppOptions = options;
options.AppId = Configuration["Authentication:Facebook:AppId"]; options.AppId = Configuration["Authentication:Facebook:AppId"];
@ -181,6 +192,10 @@ namespace Yavsc
options.Scope.Add("email"); options.Scope.Add("email");
options.UserInformationEndpoint = "https://graph.facebook.com/v2.5/me?fields=id,name,email,first_name,last_name"; options.UserInformationEndpoint = "https://graph.facebook.com/v2.5/me?fields=id,name,email,first_name,last_name";
}); });
});
} }
} }

36
Yavsc/Startup/Startup.OAuthHelpers.cs
Unescape Escape View File

@ -1,9 +1,12 @@
using System; using System;
using System.Collections.Concurrent; using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Security.Claims; using System.Security.Claims;
using System.Security.Principal; using System.Security.Principal;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNet.Identity;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using OAuth.AspNet.AuthServer; using OAuth.AspNet.AuthServer;
using Yavsc.Helpers; using Yavsc.Helpers;
@ -73,16 +76,36 @@ namespace Yavsc
return Task.FromResult(0); return Task.FromResult(0);
} }
private Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) private async Task<Task> GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{ {
ApplicationUser user = null;
logger.LogWarning($"GrantResourceOwnerCredentials task ... {context.UserName}"); logger.LogWarning($"GrantResourceOwnerCredentials task ... {context.UserName}");
// var user = ValidateUser(context.UserName, context.Password) using (var usermanager = context.HttpContext.ApplicationServices.GetRequiredService<UserManager<ApplicationUser>>())
{
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity(context.UserName, OAuthDefaults.AuthenticationType), context.Scope.Select(x => new Claim("urn:oauth:scope", x)))); user = await usermanager.FindByNameAsync(context.UserName);
if (await usermanager.CheckPasswordAsync(user,context.Password))
{
var claims = new List<Claim>(
context.Scope.Select(x => new Claim("urn:oauth:scope", x))
);
claims.Add(new Claim(ClaimTypes.NameIdentifier,user.Id));
claims.Add(new Claim(ClaimTypes.Email,user.Email));
claims.AddRange((await usermanager.GetRolesAsync(user)).Select(
r => new Claim(ClaimTypes.Role,r)
) );
ClaimsPrincipal principal = new ClaimsPrincipal(
new ClaimsIdentity(
new GenericIdentity(context.UserName, OAuthDefaults.AuthenticationType),
claims)
);
// TODO set a NameIdentifier, roles and scopes claims // TODO set a NameIdentifier, roles and scopes claims
context.HttpContext.User = principal;
context.Validated(principal); context.Validated(principal);
}
}
return Task.FromResult(0); return Task.FromResult(0);
} }
@ -117,6 +140,9 @@ namespace Yavsc
{ {
var uid = context.Ticket.Principal.GetUserId(); var uid = context.Ticket.Principal.GetUserId();
logger.LogInformation($"CreateRefreshToken for {uid}"); logger.LogInformation($"CreateRefreshToken for {uid}");
foreach (var c in context.Ticket.Principal.Claims)
logger.LogInformation($"| User claim: {c.Type} {c.Value}");
context.SetToken(context.SerializeTicket()); context.SetToken(context.SerializeTicket());
} }
@ -124,6 +150,8 @@ namespace Yavsc
{ {
var uid = context.Ticket.Principal.GetUserId(); var uid = context.Ticket.Principal.GetUserId();
logger.LogInformation($"ReceiveRefreshToken for {uid}"); logger.LogInformation($"ReceiveRefreshToken for {uid}");
foreach (var c in context.Ticket.Principal.Claims)
logger.LogInformation($"| User claim: {c.Type} {c.Value}");
context.DeserializeTicket(context.Token); context.DeserializeTicket(context.Token);
} }
} }

9
Yavsc/Startup/Startup.cs
Unescape Escape View File

@ -29,6 +29,9 @@ namespace Yavsc
public partial class Startup public partial class Startup
{ {
public static string ConnectionString { get; private set; } public static string ConnectionString { get; private set; }
public static string Authority { get; private set; }
public static string Audience { get; private set; }
private static ILogger logger; private static ILogger logger;
public Startup(IHostingEnvironment env, IApplicationEnvironment appEnv) public Startup(IHostingEnvironment env, IApplicationEnvironment appEnv)
{ {
@ -268,14 +271,16 @@ namespace Yavsc
} }
} }
app.UseIISPlatformHandler(options => app.UseIISPlatformHandler(options =>
{ {
options.AuthenticationDescriptions.Clear(); options.AuthenticationDescriptions.Clear();
options.AutomaticAuthentication = false; options.AutomaticAuthentication = false;
}); });
ConfigureOAuthApp(app); Authority = siteSettings.Value.Authority;
Audience = siteSettings.Value.Audience;
ConfigureOAuthApp(app,siteSettings.Value);
ConfigureFileServerApp(app,siteSettings.Value,env); ConfigureFileServerApp(app,siteSettings.Value,env);

21
Yavsc/ViewModels/Account/Me.cs
Unescape Escape View File

@ -0,0 +1,21 @@
namespace Yavsc.Models.Auth
{
public class Me {
public Me(ApplicationUser user)
{
Id = user.Id;
GivenName = user.UserName;
Emails = new string [] { user.Email } ;
}
public string Id { get; set; }
public string GivenName { get; set; }
public string[] Emails { get; set; }
/// <summary>
/// Known as profile, could point to an avatar
/// </summary>
/// <returns></returns>
public string Url { get; set; }
}
}

6
Yavsc/ViewModels/Auth/AuthorisationHandlers.cs
Unescape Escape View File

@ -108,7 +108,7 @@ public class BlogViewHandler : AuthorizationHandler<ViewRequirement, Blog>
protected override void Handle(AuthorizationContext context, PrivateChatEntryRequirement requirement) protected override void Handle(AuthorizationContext context, PrivateChatEntryRequirement requirement)
{ {
if (!context.User.HasClaim(c => c.Type == "TemporaryBadgeExpiry" && if (!context.User.HasClaim(c => c.Type == "TemporaryBadgeExpiry" &&
c.Issuer == Constants.Issuer)) c.Issuer == Startup.Authority))
{ {
return; return;
} }
@ -116,7 +116,7 @@ public class BlogViewHandler : AuthorizationHandler<ViewRequirement, Blog>
var temporaryBadgeExpiry = var temporaryBadgeExpiry =
Convert.ToDateTime(context.User.FindFirst( Convert.ToDateTime(context.User.FindFirst(
c => c.Type == "TemporaryBadgeExpiry" && c => c.Type == "TemporaryBadgeExpiry" &&
c.Issuer == Constants.Issuer).Value); c.Issuer == Startup.Authority).Value);
if (temporaryBadgeExpiry > DateTime.Now) if (temporaryBadgeExpiry > DateTime.Now)
{ {
@ -130,7 +130,7 @@ public class BlogViewHandler : AuthorizationHandler<ViewRequirement, Blog>
protected override void Handle(AuthorizationContext context, PrivateChatEntryRequirement requirement) protected override void Handle(AuthorizationContext context, PrivateChatEntryRequirement requirement)
{ {
if (!context.User.HasClaim(c => c.Type == "BadgeNumber" && if (!context.User.HasClaim(c => c.Type == "BadgeNumber" &&
c.Issuer == Constants.Issuer)) c.Issuer == Startup.Authority))
{ {
return; return;
} }

14
Yavsc/Views/Home/AboutMarkdown.cshtml
Unescape Escape View File

@ -4,10 +4,16 @@
<h1>@ViewData["Title"]</h1> <h1>@ViewData["Title"]</h1>
<markdown> <markdown>
Quelques extension à un Markdown de base : Quelques extensions à un Markdown de base :
* les video et audio * les video et audio: `![video: Ep. 28 - La France en commun - Une invitation à écrire un nouveau projet d'émancipation humaine](/images/testVideo.mp4)`
* le tag bug = Bug#542
* le tag annonce = A#542 ![video: Ep. 28 - La France en commun - Une invitation à écrire un nouveau projet d'émancipation humaine](/images/testVideo.mp4)
à faire:
* le tag "Numéro de ticket": `Ticket#6854`
* le tag "Titre d'article": `#1_great_title`
* le tag "User" = `@@(007, it'sme)` ou `@@james`
</markdown> </markdown>

2
Yavsc/Views/Shared/SignIn.cshtml
Unescape Escape View File

@ -67,7 +67,7 @@
else else
{ {
@foreach (var description in Model.ExternalProviders) { @foreach (var description in Model.ExternalProviders) {
<form action="@Constants.ExternalLoginPath" method="post"> <form action="@Constants.LoginPath" method="post">
<input type="hidden" name="Provider" value="@description.AuthenticationScheme" /> <input type="hidden" name="Provider" value="@description.AuthenticationScheme" />
<input type="hidden" name="ReturnUrl" value="@Model.ReturnUrl" /> <input type="hidden" name="ReturnUrl" value="@Model.ReturnUrl" />
<button class="btn btn-lg btn-success" type="submit" name="Submit.Login">@SR["Connect using"] @description.DisplayName</button> <button class="btn btn-lg btn-success" type="submit" name="Submit.Login">@SR["Connect using"] @description.DisplayName</button>

4
Yavsc/project.json
Unescape Escape View File

@ -74,7 +74,6 @@
"Microsoft.AspNet.SignalR.JS": "2.2.0", "Microsoft.AspNet.SignalR.JS": "2.2.0",
"Microsoft.AspNet.Tooling.Razor": "1.0.0-rc1-*", "Microsoft.AspNet.Tooling.Razor": "1.0.0-rc1-*",
"Microsoft.AspNet.WebSockets.Server": "1.0.0-rc1-final", "Microsoft.AspNet.WebSockets.Server": "1.0.0-rc1-final",
"Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-rc1-final",
"Microsoft.Extensions.Configuration.Abstractions": "1.0.0-rc1-final", "Microsoft.Extensions.Configuration.Abstractions": "1.0.0-rc1-final",
"Microsoft.Extensions.Configuration.FileProviderExtensions": "1.0.0-rc1-*", "Microsoft.Extensions.Configuration.FileProviderExtensions": "1.0.0-rc1-*",
"Microsoft.Extensions.Configuration.Json": "1.0.0-rc1-*", "Microsoft.Extensions.Configuration.Json": "1.0.0-rc1-*",
@ -105,7 +104,8 @@
"Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-rc1-final", "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-rc1-final",
"PayPalCoreSDK": "1.7.1", "PayPalCoreSDK": "1.7.1",
"PayPalButtonManagerSDK": "2.10.109", "PayPalButtonManagerSDK": "2.10.109",
"Microsoft.AspNet.Owin": "1.0.0-rc1-final" "Microsoft.AspNet.Owin": "1.0.0-rc1-final",
"Microsoft.AspNet.Authentication.OAuth": "1.0.0-rc1-final"
}, },
"commands": { "commands": {
"web": "Microsoft.AspNet.Server.Kestrel --server.urls http://*:5000", "web": "Microsoft.AspNet.Server.Kestrel --server.urls http://*:5000",

2412
Yavsc/project.lock.json
View File

File diff suppressed because it is too large Load Diff

BIN
Yavsc/wwwroot/images/testVideo.mp4
View File

Binary file not shown.

27
testOauthClient/Controllers/HomeController.cs
Unescape Escape View File

@ -1,6 +1,9 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNet.Mvc; using Microsoft.AspNet.Mvc;
@ -8,11 +11,35 @@ namespace testOauthClient.Controllers
{ {
public class HomeController : Controller public class HomeController : Controller
{ {
[HttpGet]
public IActionResult Index() public IActionResult Index()
{ {
return View(); return View();
} }
[HttpPost]
public async Task<IActionResult> GetUserInfo(CancellationToken cancellationToken)
{
using (var client = new HttpClient()) {
var request = new HttpRequestMessage(HttpMethod.Get, "http://dev.pschneider.fr/api/me");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", AccessToken);
var response = await client.SendAsync(request, cancellationToken);
response.EnsureSuccessStatusCode();
return View("Index", model: await response.Content.ReadAsStringAsync());
}
}
protected string AccessToken {
get {
var claim = HttpContext.User?.FindFirst("access_token");
if (claim == null) {
throw new InvalidOperationException();
}
return claim.Value;
}
}
public IActionResult About() public IActionResult About()
{ {
ViewData["Message"] = "Your application description page."; ViewData["Message"] = "Your application description page.";

2
testOauthClient/Startup.cs
Unescape Escape View File

@ -78,7 +78,7 @@ namespace testOauthClient
options.ClientId="21d8bd1b-4aed-4fcb-9ed9-00b43f6a8169"; options.ClientId="21d8bd1b-4aed-4fcb-9ed9-00b43f6a8169";
options.ClientSecret="blih"; options.ClientSecret="blih";
options.Scope.Add("profile"); options.Scope.Add("profile");
options.SaveTokensAsClaims = true; // options.SaveTokensAsClaims = true;
options.UserInformationEndpoint = "http://dev.pschneider.fr/api/me"; options.UserInformationEndpoint = "http://dev.pschneider.fr/api/me";
} }
); );

2
testOauthClient/Views/Home/Index.cshtml
Unescape Escape View File

@ -16,7 +16,7 @@
<h3>Message received from the resource controller: @Model</h3> <h3>Message received from the resource controller: @Model</h3>
} }
<form action="~/" method="post"> <form action="~/Home/GetUserInfo" method="post">
<button class="btn btn-lg btn-warning" type="submit">Query the resource controller</button> <button class="btn btn-lg btn-warning" type="submit">Query the resource controller</button>
</form> </form>

1
testOauthClient/project.json
Unescape Escape View File

@ -7,7 +7,6 @@
"defaultNamespace": "testOauthClient" "defaultNamespace": "testOauthClient"
}, },
"dependencies": { "dependencies": {
"Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-rc1-final",
"Microsoft.AspNet.Authentication.Cookies": "1.0.0-rc1-final", "Microsoft.AspNet.Authentication.Cookies": "1.0.0-rc1-final",
"Microsoft.AspNet.Authentication.OAuth": "1.0.0-rc1-final", "Microsoft.AspNet.Authentication.OAuth": "1.0.0-rc1-final",
"Microsoft.AspNet.Diagnostics": "1.0.0-rc1-final", "Microsoft.AspNet.Diagnostics": "1.0.0-rc1-final",

Write Preview
Loading…