|
|
@ -1,31 +1,33 @@
|
|
|
|
using System;
|
|
|
|
using System;
|
|
|
|
using System.Security.Claims;
|
|
|
|
using System.Security.Claims;
|
|
|
|
using Google.Apis.Auth.OAuth2.Responses;
|
|
|
|
|
|
|
|
using Google.Apis.Util.Store;
|
|
|
|
|
|
|
|
using Microsoft.AspNet.Authentication;
|
|
|
|
using Microsoft.AspNet.Authentication;
|
|
|
|
using Microsoft.AspNet.Authentication.Cookies;
|
|
|
|
using Microsoft.AspNet.Authentication.Cookies;
|
|
|
|
using Microsoft.AspNet.Authentication.Facebook;
|
|
|
|
using Microsoft.AspNet.Authentication.Facebook;
|
|
|
|
|
|
|
|
using Microsoft.AspNet.Authentication.Twitter;
|
|
|
|
using Microsoft.AspNet.Authentication.JwtBearer;
|
|
|
|
using Microsoft.AspNet.Authentication.JwtBearer;
|
|
|
|
using Microsoft.AspNet.Authentication.OAuth;
|
|
|
|
using Microsoft.AspNet.Authentication.OAuth;
|
|
|
|
using Microsoft.AspNet.Authentication.Twitter;
|
|
|
|
|
|
|
|
using Microsoft.AspNet.Builder;
|
|
|
|
using Microsoft.AspNet.Builder;
|
|
|
|
using Microsoft.AspNet.Http;
|
|
|
|
using Microsoft.AspNet.Http;
|
|
|
|
using Microsoft.AspNet.Identity;
|
|
|
|
using Microsoft.AspNet.Identity;
|
|
|
|
using Microsoft.AspNet.Identity.EntityFramework;
|
|
|
|
using Microsoft.AspNet.Identity.EntityFramework;
|
|
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
|
|
|
|
using Microsoft.Extensions.OptionsModel;
|
|
|
|
using Microsoft.Extensions.OptionsModel;
|
|
|
|
using Microsoft.Extensions.WebEncoders;
|
|
|
|
using Microsoft.Extensions.WebEncoders;
|
|
|
|
using OAuth.AspNet.AuthServer;
|
|
|
|
using OAuth.AspNet.AuthServer;
|
|
|
|
using OAuth.AspNet.Tokens;
|
|
|
|
using OAuth.AspNet.Tokens;
|
|
|
|
|
|
|
|
using Google.Apis.Util.Store;
|
|
|
|
|
|
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
|
|
|
|
using Google.Apis.Auth.OAuth2.Responses;
|
|
|
|
|
|
|
|
|
|
|
|
namespace Yavsc {
|
|
|
|
namespace Yavsc
|
|
|
|
|
|
|
|
{
|
|
|
|
using Auth;
|
|
|
|
using Auth;
|
|
|
|
using Extensions;
|
|
|
|
using Extensions;
|
|
|
|
using Helpers.Google;
|
|
|
|
|
|
|
|
using Models;
|
|
|
|
using Models;
|
|
|
|
|
|
|
|
using Helpers.Google;
|
|
|
|
|
|
|
|
|
|
|
|
public partial class Startup {
|
|
|
|
public partial class Startup
|
|
|
|
|
|
|
|
{
|
|
|
|
public static CookieAuthenticationOptions ExternalCookieAppOptions { get; private set; }
|
|
|
|
public static CookieAuthenticationOptions ExternalCookieAppOptions { get; private set; }
|
|
|
|
|
|
|
|
|
|
|
|
public static IdentityOptions IdentityAppOptions { get; set; }
|
|
|
|
public static IdentityOptions IdentityAppOptions { get; set; }
|
|
|
@ -34,6 +36,7 @@ namespace Yavsc {
|
|
|
|
public static TwitterOptions TwitterAppOptions { get; private set; }
|
|
|
|
public static TwitterOptions TwitterAppOptions { get; private set; }
|
|
|
|
public static OAuthAuthorizationServerOptions OAuthServerAppOptions { get; private set; }
|
|
|
|
public static OAuthAuthorizationServerOptions OAuthServerAppOptions { get; private set; }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public static YavscGoogleOptions YavscGoogleAppOptions { get; private set; }
|
|
|
|
public static YavscGoogleOptions YavscGoogleAppOptions { get; private set; }
|
|
|
|
public static MonoDataProtectionProvider ProtectionProvider { get; private set; }
|
|
|
|
public static MonoDataProtectionProvider ProtectionProvider { get; private set; }
|
|
|
|
|
|
|
|
|
|
|
@ -47,7 +50,8 @@ namespace Yavsc {
|
|
|
|
// used by the YavscGoogleOAuth middelware (TODO drop it)
|
|
|
|
// used by the YavscGoogleOAuth middelware (TODO drop it)
|
|
|
|
services.AddTransient<Microsoft.Extensions.WebEncoders.UrlEncoder, UrlEncoder>();
|
|
|
|
services.AddTransient<Microsoft.Extensions.WebEncoders.UrlEncoder, UrlEncoder>();
|
|
|
|
|
|
|
|
|
|
|
|
services.AddAuthentication (options => {
|
|
|
|
services.AddAuthentication(options =>
|
|
|
|
|
|
|
|
{
|
|
|
|
options.SignInScheme = Constants.ExternalAuthenticationSheme;
|
|
|
|
options.SignInScheme = Constants.ExternalAuthenticationSheme;
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
@ -56,7 +60,8 @@ namespace Yavsc {
|
|
|
|
(ProtectionProvider);
|
|
|
|
(ProtectionProvider);
|
|
|
|
|
|
|
|
|
|
|
|
services.AddIdentity<ApplicationUser, IdentityRole>(
|
|
|
|
services.AddIdentity<ApplicationUser, IdentityRole>(
|
|
|
|
option => {
|
|
|
|
option =>
|
|
|
|
|
|
|
|
{
|
|
|
|
IdentityAppOptions = option;
|
|
|
|
IdentityAppOptions = option;
|
|
|
|
option.User.AllowedUserNameCharacters += " ";
|
|
|
|
option.User.AllowedUserNameCharacters += " ";
|
|
|
|
option.User.RequireUniqueEmail = true;
|
|
|
|
option.User.RequireUniqueEmail = true;
|
|
|
@ -88,13 +93,16 @@ namespace Yavsc {
|
|
|
|
;
|
|
|
|
;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
private void ConfigureOAuthApp(IApplicationBuilder app,
|
|
|
|
private void ConfigureOAuthApp(IApplicationBuilder app,
|
|
|
|
SiteSettings settingsOptions, ILogger logger) {
|
|
|
|
SiteSettings settingsOptions, ILogger logger)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
app.UseIdentity();
|
|
|
|
app.UseIdentity();
|
|
|
|
app.UseWhen(context => context.Request.Path.StartsWithSegments("/api"),
|
|
|
|
app.UseWhen(context => context.Request.Path.StartsWithSegments("/api"),
|
|
|
|
branch => {
|
|
|
|
branch =>
|
|
|
|
|
|
|
|
{
|
|
|
|
branch.UseJwtBearerAuthentication(
|
|
|
|
branch.UseJwtBearerAuthentication(
|
|
|
|
options => {
|
|
|
|
options =>
|
|
|
|
|
|
|
|
{
|
|
|
|
options.AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
|
|
|
|
options.AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
|
|
|
|
options.AutomaticAuthenticate = true;
|
|
|
|
options.AutomaticAuthenticate = true;
|
|
|
|
options.SecurityTokenValidators.Clear();
|
|
|
|
options.SecurityTokenValidators.Clear();
|
|
|
@ -104,8 +112,13 @@ namespace Yavsc {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
);
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
app.UseWhen(context => !context.Request.Path.StartsWithSegments("/api"),
|
|
|
|
|
|
|
|
branch =>
|
|
|
|
|
|
|
|
{
|
|
|
|
// External authentication shared cookie:
|
|
|
|
// External authentication shared cookie:
|
|
|
|
branch.UseCookieAuthentication (options => {
|
|
|
|
branch.UseCookieAuthentication(options =>
|
|
|
|
|
|
|
|
{
|
|
|
|
ExternalCookieAppOptions = options;
|
|
|
|
ExternalCookieAppOptions = options;
|
|
|
|
options.AuthenticationScheme = Constants.ExternalAuthenticationSheme;
|
|
|
|
options.AuthenticationScheme = Constants.ExternalAuthenticationSheme;
|
|
|
|
options.AutomaticAuthenticate = true;
|
|
|
|
options.AutomaticAuthenticate = true;
|
|
|
@ -115,23 +128,26 @@ namespace Yavsc {
|
|
|
|
options.AccessDeniedPath = new PathString(Constants.LoginPath.Substring(1));
|
|
|
|
options.AccessDeniedPath = new PathString(Constants.LoginPath.Substring(1));
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
YavscGoogleAppOptions = new YavscGoogleOptions {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
YavscGoogleAppOptions = new YavscGoogleOptions
|
|
|
|
|
|
|
|
{
|
|
|
|
ClientId = GoogleWebClientConfiguration ["web:client_id"],
|
|
|
|
ClientId = GoogleWebClientConfiguration ["web:client_id"],
|
|
|
|
ClientSecret = GoogleWebClientConfiguration ["web:client_secret"],
|
|
|
|
ClientSecret = GoogleWebClientConfiguration ["web:client_secret"],
|
|
|
|
AccessType = "offline",
|
|
|
|
AccessType = "offline",
|
|
|
|
Scope = {
|
|
|
|
Scope = { "profile", "https://www.googleapis.com/auth/plus.login",
|
|
|
|
"profile",
|
|
|
|
|
|
|
|
"https://www.googleapis.com/auth/plus.login",
|
|
|
|
|
|
|
|
"https://www.googleapis.com/auth/admin.directory.resource.calendar",
|
|
|
|
"https://www.googleapis.com/auth/admin.directory.resource.calendar",
|
|
|
|
"https://www.googleapis.com/auth/calendar",
|
|
|
|
"https://www.googleapis.com/auth/calendar",
|
|
|
|
"https://www.googleapis.com/auth/calendar.events"
|
|
|
|
"https://www.googleapis.com/auth/calendar.events"},
|
|
|
|
},
|
|
|
|
|
|
|
|
SaveTokensAsClaims = true,
|
|
|
|
SaveTokensAsClaims = true,
|
|
|
|
UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me",
|
|
|
|
UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me",
|
|
|
|
Events = new OAuthEvents {
|
|
|
|
Events = new OAuthEvents
|
|
|
|
OnCreatingTicket = async context => {
|
|
|
|
{
|
|
|
|
|
|
|
|
OnCreatingTicket = async context =>
|
|
|
|
|
|
|
|
{
|
|
|
|
using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>()
|
|
|
|
using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>()
|
|
|
|
.CreateScope ()) {
|
|
|
|
.CreateScope())
|
|
|
|
|
|
|
|
{
|
|
|
|
var gcontext = context as GoogleOAuthCreatingTicketContext;
|
|
|
|
var gcontext = context as GoogleOAuthCreatingTicketContext;
|
|
|
|
context.Identity.AddClaim(new Claim(YavscClaimTypes.GoogleUserId, gcontext.GoogleUserId));
|
|
|
|
context.Identity.AddClaim(new Claim(YavscClaimTypes.GoogleUserId, gcontext.GoogleUserId));
|
|
|
|
var dbContext = serviceScope.ServiceProvider.GetService<ApplicationDbContext>();
|
|
|
|
var dbContext = serviceScope.ServiceProvider.GetService<ApplicationDbContext>();
|
|
|
@ -166,9 +182,11 @@ namespace Yavsc {
|
|
|
|
options.ConsumerSecret = Configuration["Authentication:Twitter:ClientSecret"];
|
|
|
|
options.ConsumerSecret = Configuration["Authentication:Twitter:ClientSecret"];
|
|
|
|
}); */
|
|
|
|
}); */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
branch.UseOAuthAuthorizationServer(
|
|
|
|
branch.UseOAuthAuthorizationServer(
|
|
|
|
|
|
|
|
|
|
|
|
options => {
|
|
|
|
options =>
|
|
|
|
|
|
|
|
{
|
|
|
|
OAuthServerAppOptions = options;
|
|
|
|
OAuthServerAppOptions = options;
|
|
|
|
options.AuthorizeEndpointPath = new PathString(Constants.AuthorizePath.Substring(1));
|
|
|
|
options.AuthorizeEndpointPath = new PathString(Constants.AuthorizePath.Substring(1));
|
|
|
|
options.TokenEndpointPath = new PathString(Constants.TokenPath.Substring(1));
|
|
|
|
options.TokenEndpointPath = new PathString(Constants.TokenPath.Substring(1));
|
|
|
@ -177,19 +195,22 @@ namespace Yavsc {
|
|
|
|
options.AuthenticationScheme = OAuthDefaults.AuthenticationType;
|
|
|
|
options.AuthenticationScheme = OAuthDefaults.AuthenticationType;
|
|
|
|
options.TokenDataProtector = ProtectionProvider.CreateProtector("Bearer protection");
|
|
|
|
options.TokenDataProtector = ProtectionProvider.CreateProtector("Bearer protection");
|
|
|
|
|
|
|
|
|
|
|
|
options.Provider = new OAuthAuthorizationServerProvider {
|
|
|
|
options.Provider = new OAuthAuthorizationServerProvider
|
|
|
|
|
|
|
|
{
|
|
|
|
OnValidateClientRedirectUri = ValidateClientRedirectUri,
|
|
|
|
OnValidateClientRedirectUri = ValidateClientRedirectUri,
|
|
|
|
OnValidateClientAuthentication = ValidateClientAuthentication,
|
|
|
|
OnValidateClientAuthentication = ValidateClientAuthentication,
|
|
|
|
OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
|
|
|
|
OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
|
|
|
|
OnGrantClientCredentials = GrantClientCredetails
|
|
|
|
OnGrantClientCredentials = GrantClientCredetails
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
options.AuthorizationCodeProvider = new AuthenticationTokenProvider {
|
|
|
|
options.AuthorizationCodeProvider = new AuthenticationTokenProvider
|
|
|
|
|
|
|
|
{
|
|
|
|
OnCreate = CreateAuthenticationCode,
|
|
|
|
OnCreate = CreateAuthenticationCode,
|
|
|
|
OnReceive = ReceiveAuthenticationCode,
|
|
|
|
OnReceive = ReceiveAuthenticationCode,
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
options.RefreshTokenProvider = new AuthenticationTokenProvider {
|
|
|
|
options.RefreshTokenProvider = new AuthenticationTokenProvider
|
|
|
|
|
|
|
|
{
|
|
|
|
OnCreate = CreateRefreshToken,
|
|
|
|
OnCreate = CreateRefreshToken,
|
|
|
|
OnReceive = ReceiveRefreshToken,
|
|
|
|
OnReceive = ReceiveRefreshToken,
|
|
|
|
};
|
|
|
|
};
|
|
|
@ -202,6 +223,7 @@ namespace Yavsc {
|
|
|
|
|
|
|
|
|
|
|
|
Environment.SetEnvironmentVariable ("GOOGLE_APPLICATION_CREDENTIALS", "google-secret.json");
|
|
|
|
Environment.SetEnvironmentVariable ("GOOGLE_APPLICATION_CREDENTIALS", "google-secret.json");
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|