yavsc/Yavsc/Controllers/OAuthController.cs

using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.DataProtection.KeyManagement;
using Microsoft.AspNet.Http.Authentication;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.WebUtilities;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
using Microsoft.Extensions.Primitives;
using OAuth.AspNet.AuthServer;
using Yavsc.Models;
using Yavsc.Models.Auth;

namespace Yavsc.Controllers
{
    [AllowAnonymous]
    public class OAuthController : Controller
    {
        ApplicationDbContext _context;
        UserManager<ApplicationUser> _userManager;

        SiteSettings _siteSettings;

        ILogger _logger;
        private readonly SignInManager<ApplicationUser> _signInManager;

        public OAuthController(ApplicationDbContext context, SignInManager<ApplicationUser> signInManager, IKeyManager keyManager,
        UserManager<ApplicationUser> userManager,
        IOptions<SiteSettings> siteSettings,
        ILoggerFactory loggerFactory
        )
        {
            _siteSettings = siteSettings.Value;
            _context = context;
            _signInManager = signInManager;
            _userManager = userManager;
            _logger = loggerFactory.CreateLogger<OAuthController>();
        }

       

        [HttpGet("~/api/getclaims"), Produces("application/json")]

        public IActionResult GetClaims()
        {
            var identity = User.Identity as ClaimsIdentity;

            var claims = from c in identity.Claims
                         select new
                         {
                             subject = c.Subject.Name,
                             type = c.Type,
                             value = c.Value
                         };

            return Ok(claims);
        }

        [HttpGet(Constants.AuthorizePath),HttpPost(Constants.AuthorizePath)]
        public async Task<ActionResult> Authorize()
        {
            if (Response.StatusCode != 200)
            {
                return View("AuthorizeError");
            }

            AuthenticationManager authentication = Request.HttpContext.Authentication;
            var appAuthSheme = Startup.IdentityAppOptions.Cookies.ApplicationCookieAuthenticationScheme;

            ClaimsPrincipal principal = await authentication.AuthenticateAsync(appAuthSheme);

            if (principal == null)
            {
                await authentication.ChallengeAsync(appAuthSheme);

                if (Response.StatusCode == 200)
                    return new HttpUnauthorizedResult();

                return new HttpStatusCodeResult(Response.StatusCode);
            }

            string[] scopes = { };
            string redirect_uri=null;

            IDictionary<string,StringValues> queryStringComponents = null;

            if (Request.QueryString.HasValue)
            {
                 queryStringComponents = QueryHelpers.ParseQuery(Request.QueryString.Value);

                if (queryStringComponents.ContainsKey("scope"))
                    scopes = ((string)queryStringComponents["scope"]).Split(' ');
                if (queryStringComponents.ContainsKey("redirect_uri"))
                    redirect_uri = queryStringComponents["redirect_uri"];
            }
            var username = User.GetUserName();

            var model = new AuthorisationView { 
                Scopes = (Constants.SiteScopes.Where(s=> scopes.Contains(s.Id))).ToArray(),
                Message = $"Bienvenue {username}."
                } ;

            if (Request.Method == "POST")
            {
                if (!string.IsNullOrEmpty(Request.Form["submit.Grant"]))
                {
                    principal = new ClaimsPrincipal(principal.Identities);

                    ClaimsIdentity primaryIdentity = (ClaimsIdentity)principal.Identity;

                    foreach (var scope in scopes)
                    {
                        primaryIdentity.AddClaim(new Claim("urn:oauth:scope", scope));
                    }
                    await authentication.SignInAsync(OAuthDefaults.AuthenticationType, principal);
                }
                if (!string.IsNullOrEmpty(Request.Form["submit.Deny"]))
                {
                    await authentication.SignOutAsync(appAuthSheme);
                    if (redirect_uri!=null)
                        return Redirect(redirect_uri+"?error=scope-denied");
                    return Redirect("/");
                }
                if (!string.IsNullOrEmpty(Request.Form["submit.Login"]))
                {
                    await authentication.SignOutAsync(appAuthSheme);
                    await authentication.ChallengeAsync(appAuthSheme);
                    return new HttpUnauthorizedResult();
                }
            }

            if (Request.Headers.Keys.Contains("Accept")) {
                var accepted = Request.Headers["Accept"];
                if (accepted == "application/json")
                {
                    return Ok(model);
                }
            }
            return View(model);
        }

        [HttpGet("~/oauth/success")]
        public IActionResult NativeAuthSuccess ()
        {
            return RedirectToAction("Index","Home");
        }

    }
}