Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections.Generic;
- using System.Linq;
- using System.Security.Claims;
- using System.Security.Principal;
- using System.Threading.Tasks;
- using IdentityModel;
- using IdentityServer4.Events;
- using IdentityServer4.Extensions;
- using IdentityServer4.Services;
- using IdentityServer4.Stores;
- using IdentityServer4.Test;
- using Microsoft.AspNetCore.Authentication;
- using Microsoft.AspNetCore.Http;
- using Microsoft.AspNetCore.Mvc;
- using MindsUnited.Authority.Api.Models;
- using MindsUnited.Authority.Api.Services;
- namespace MindsUnited.Authority.Api.Controllers
- {
- [SecurityHeaders]
- public class AccountController : Controller
- {
- private readonly TestUserStore _users;
- private readonly IIdentityServerInteractionService _interaction;
- private readonly IEventService _events;
- private readonly AccountService _account;
- public AccountController(
- IIdentityServerInteractionService interaction,
- IClientStore clientStore,
- IHttpContextAccessor httpContextAccessor,
- IAuthenticationSchemeProvider schemeProvider,
- IEventService events,
- TestUserStore users = null)
- {
- _users = users ?? new TestUserStore(TestUsers.Users);
- _interaction = interaction;
- _events = events;
- _account = new AccountService(interaction, httpContextAccessor, schemeProvider, clientStore);
- }
- [HttpGet]
- public async Task<IActionResult> Login(string returnUrl)
- {
- var vm = await _account.BuildLoginViewModelAsync(returnUrl);
- var prov = vm.VisibleExternalProviders.First();
- var props = new AuthenticationProperties()
- {
- RedirectUri = Url.Action("ExternalLoginCallback"),
- Items =
- {
- { "returnUrl", returnUrl }
- }
- };
- if (AccountOptions.WindowsAuthenticationSchemeName == prov.AuthenticationScheme)
- {
- var result = await HttpContext.AuthenticateAsync(AccountOptions.WindowsAuthenticationSchemeName);
- if (result?.Principal is WindowsPrincipal wp)
- {
- props.Items.Add("scheme", AccountOptions.WindowsAuthenticationSchemeName);
- var id = new ClaimsIdentity(prov.AuthenticationScheme);
- id.AddClaim(new Claim(JwtClaimTypes.Subject, wp.Identity.Name));
- id.AddClaim(new Claim(JwtClaimTypes.Name, wp.Identity.Name));
- foreach (Claim wpClaim in wp.Claims)
- {
- id.AddClaim(new Claim(wpClaim.Type, wpClaim.Value));
- }
- if (AccountOptions.IncludeWindowsGroups)
- {
- var wi = wp.Identity as WindowsIdentity;
- var groups = wi?.Groups?.Translate(typeof(NTAccount));
- if (groups != null)
- {
- var roles = groups.Select(x => new Claim(JwtClaimTypes.Role, x.Value));
- id.AddClaims(roles);
- }
- }
- await HttpContext.SignInAsync(
- IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme,
- new ClaimsPrincipal(id),
- props);
- return Redirect(props.RedirectUri);
- }
- return Challenge(AccountOptions.WindowsAuthenticationSchemeName);
- }
- props.Items.Add("scheme", prov.AuthenticationScheme);
- return Challenge(props, prov.AuthenticationScheme);
- }
- [HttpGet]
- public async Task<IActionResult> ExternalLoginCallback()
- {
- var result = await HttpContext.AuthenticateAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
- if (result?.Succeeded != true)
- {
- throw new Exception("External authentication error");
- }
- var externalUser = result.Principal;
- var claims = externalUser.Claims.ToList();
- var userIdClaim = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Subject);
- if (userIdClaim == null)
- {
- userIdClaim = claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier);
- }
- if (userIdClaim == null)
- {
- throw new Exception("Unknown userid");
- }
- claims.Remove(userIdClaim);
- var provider = result.Properties.Items["scheme"];
- var userId = userIdClaim.Value;
- var user = _users.FindByExternalProvider(provider, userId);
- if (user == null)
- {
- user = _users.AutoProvisionUser(provider, userId, claims);
- }
- user.Claims.Remove(user.Claims
- .SingleOrDefault(c => c.Type.Equals("name") && c.Issuer.Equals("LOCAL AUTHORITY")));
- var additionalClaims = new List<Claim>();
- var sid = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.SessionId);
- if (sid != null)
- {
- additionalClaims.Add(new Claim(JwtClaimTypes.SessionId, sid.Value));
- }
- AuthenticationProperties props = null;
- var idToken = result.Properties.GetTokenValue("id_token");
- if (idToken != null)
- {
- props = new AuthenticationProperties();
- props.StoreTokens(new[] { new AuthenticationToken { Name = "id_token", Value = idToken } });
- }
- await _events.RaiseAsync(new UserLoginSuccessEvent(provider, userId, user.SubjectId, user.Username));
- await HttpContext.SignInAsync(user.SubjectId, user.Username, provider, props, claims.ToArray());
- await HttpContext.SignOutAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
- var returnUrl = result.Properties.Items["returnUrl"];
- if (_interaction.IsValidReturnUrl(returnUrl) || Url.IsLocalUrl(returnUrl))
- {
- return Redirect(returnUrl);
- }
- return Redirect("~/");
- }
- [HttpGet]
- public async Task<IActionResult> Logout(string logoutId)
- {
- var model = await _account.BuildLogoutViewModelAsync(logoutId);
- var vm = await _account.BuildLoggedOutViewModelAsync(model.LogoutId);
- var user = HttpContext.User;
- if (user?.Identity.IsAuthenticated == true)
- {
- await HttpContext.SignOutAsync();
- await _events.RaiseAsync(new UserLogoutSuccessEvent(user.GetSubjectId(), user.GetDisplayName()));
- }
- if (vm.TriggerExternalSignout)
- {
- string url = Url.Action("Logout", new { logoutId = vm.LogoutId });
- return SignOut(new AuthenticationProperties { RedirectUri = url }, vm.ExternalAuthenticationScheme);
- }
- return Redirect(vm.PostLogoutRedirectUri ?? "~/");
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
