using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNet.Authorization; using Microsoft.AspNet.DataProtection.KeyManagement; using Microsoft.AspNet.Http.Authentication; using Microsoft.AspNet.Identity; using Microsoft.AspNet.Mvc; using Microsoft.AspNet.WebUtilities; using Microsoft.Extensions.Logging; using Microsoft.Extensions.OptionsModel; using Microsoft.Extensions.Primitives; using OAuth.AspNet.AuthServer; using Yavsc.Models; using Yavsc.Models.Auth; namespace Yavsc.Controllers { [AllowAnonymous] public class OAuthController : Controller { ApplicationDbContext _context; UserManager _userManager; SiteSettings _siteSettings; ILogger _logger; private readonly SignInManager _signInManager; public OAuthController(ApplicationDbContext context, SignInManager signInManager, IKeyManager keyManager, UserManager userManager, IOptions siteSettings, ILoggerFactory loggerFactory ) { _siteSettings = siteSettings.Value; _context = context; _signInManager = signInManager; _userManager = userManager; _logger = loggerFactory.CreateLogger(); } [HttpGet("~/api/getclaims"), Produces("application/json")] public IActionResult GetClaims() { var identity = User.Identity as ClaimsIdentity; var claims = from c in identity.Claims select new { subject = c.Subject.Name, type = c.Type, value = c.Value }; return Ok(claims); } [HttpGet(Constants.AuthorizePath),HttpPost(Constants.AuthorizePath)] public async Task Authorize() { if (Response.StatusCode != 200) { return View("AuthorizeError"); } AuthenticationManager authentication = Request.HttpContext.Authentication; var appAuthSheme = Startup.IdentityAppOptions.Cookies.ApplicationCookieAuthenticationScheme; ClaimsPrincipal principal = await authentication.AuthenticateAsync(appAuthSheme); if (principal == null) { await authentication.ChallengeAsync(appAuthSheme); if (Response.StatusCode == 200) return new HttpUnauthorizedResult(); return new HttpStatusCodeResult(Response.StatusCode); } string[] scopes = { }; string redirect_uri=null; IDictionary queryStringComponents = null; if (Request.QueryString.HasValue) { queryStringComponents = QueryHelpers.ParseQuery(Request.QueryString.Value); if (queryStringComponents.ContainsKey("scope")) scopes = ((string)queryStringComponents["scope"]).Split(' '); if (queryStringComponents.ContainsKey("redirect_uri")) redirect_uri = queryStringComponents["redirect_uri"]; } var username = User.GetUserName(); var model = new AuthorisationView { Scopes = (Constants.SiteScopes.Where(s=> scopes.Contains(s.Id))).ToArray(), Message = $"Bienvenue {username}." } ; if (Request.Method == "POST") { if (!string.IsNullOrEmpty(Request.Form["submit.Grant"])) { principal = new ClaimsPrincipal(principal.Identities); ClaimsIdentity primaryIdentity = (ClaimsIdentity)principal.Identity; foreach (var scope in scopes) { primaryIdentity.AddClaim(new Claim("urn:oauth:scope", scope)); } await authentication.SignInAsync(OAuthDefaults.AuthenticationType, principal); } if (!string.IsNullOrEmpty(Request.Form["submit.Deny"])) { await authentication.SignOutAsync(appAuthSheme); if (redirect_uri!=null) return Redirect(redirect_uri+"?error=scope-denied"); return Redirect("/"); } if (!string.IsNullOrEmpty(Request.Form["submit.Login"])) { await authentication.SignOutAsync(appAuthSheme); await authentication.ChallengeAsync(appAuthSheme); return new HttpUnauthorizedResult(); } } if (Request.Headers.Keys.Contains("Accept")) { var accepted = Request.Headers["Accept"]; if (accepted == "application/json") { return Ok(model); } } return View(model); } [HttpGet("~/oauth/success")] public IActionResult NativeAuthSuccess () { return RedirectToAction("Index","Home"); } } }