paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OAuth OK!

Browse Source
This commit is contained in:
Paul Schneider
2016-06-12 01:32:51 +02:00
parent 7bbc219725
commit 6654e599c9
382 changed files with 52465 additions and 7559 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Yavsc/Controllers/AccountController.cs
View File

@ -11,11 +11,10 @@ using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
using Microsoft.AspNet.Http;
using Yavsc.Extensions;
using Yavsc.Models;
using Yavsc.Services;
using Yavsc.ViewModels.Account;
using Microsoft.AspNet.Http.Authentication;
using Yavsc.Helpers;
namespace Yavsc.Controllers
{
@ -50,6 +49,7 @@ namespace Yavsc.Controllers
_smtpSettings = smtpSettings.Value;
_twilioSettings = twilioSettings.Value;
_logger = loggerFactory.CreateLogger<AccountController>();
}
[HttpGet(Constants.LoginPath)]
@ -127,6 +127,7 @@ namespace Yavsc.Controllers
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
return Redirect(model.ReturnUrl);

122
Yavsc/Controllers/ApplicationController.cs
View File

@ -1,122 +0,0 @@
using System;
using System.Linq;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Yavsc.Models;
namespace Yavsc.Controllers
{
[Authorize("AdministratorOnly")]
public class ApplicationController : Controller
{
private ApplicationDbContext _context;
public ApplicationController(ApplicationDbContext context)
{
_context = context;
}
// GET: Application
public IActionResult Index()
{
return View(_context.Applications.ToList());
}
// GET: Application/Details/5
public IActionResult Details(string id)
{
if (id == null)
{
return HttpNotFound();
}
Application application = _context.Applications.Single(m => m.ApplicationID == id);
if (application == null)
{
return HttpNotFound();
}
return View(application);
}
// GET: Application/Create
public IActionResult Create()
{
return View();
}
// POST: Application/Create
[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult Create(Application application)
{
if (ModelState.IsValid)
{
application.ApplicationID = Guid.NewGuid().ToString();
_context.Applications.Add(application);
_context.SaveChanges();
return RedirectToAction("Index");
}
return View(application);
}
// GET: Application/Edit/5
public IActionResult Edit(string id)
{
if (id == null)
{
return HttpNotFound();
}
Application application = _context.Applications.Single(m => m.ApplicationID == id);
if (application == null)
{
return HttpNotFound();
}
return View(application);
}
// POST: Application/Edit/5
[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult Edit(Application application)
{
if (ModelState.IsValid)
{
_context.Update(application);
_context.SaveChanges();
return RedirectToAction("Index");
}
return View(application);
}
// GET: Application/Delete/5
[ActionName("Delete")]
public IActionResult Delete(string id)
{
if (id == null)
{
return HttpNotFound();
}
Application application = _context.Applications.Single(m => m.ApplicationID == id);
if (application == null)
{
return HttpNotFound();
}
return View(application);
}
// POST: Application/Delete/5
[HttpPost, ActionName("Delete")]
[ValidateAntiForgeryToken]
public IActionResult DeleteConfirmed(string id)
{
Application application = _context.Applications.Single(m => m.ApplicationID == id);
_context.Applications.Remove(application);
_context.SaveChanges();
return RedirectToAction("Index");
}
}
}

137
Yavsc/Controllers/ClientController.cs Normal file
View File

@ -0,0 +1,137 @@
using System;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Yavsc.Models;
using Yavsc.Models.Auth;
namespace Yavsc.Controllers
{
public class ClientController : Controller
{
private ApplicationDbContext _context;
public ClientController(ApplicationDbContext context)
{
_context = context;
}
// GET: Client
public async Task<IActionResult> Index()
{
return View(await _context.Applications.ToListAsync());
}
// GET: Client/Details/5
public async Task<IActionResult> Details(string id)
{
if (id == null)
{
return HttpNotFound();
}
Client client = await _context.Applications.SingleAsync(m => m.Id == id);
if (client == null)
{
return HttpNotFound();
}
return View(client);
}
// GET: Client/Create
public IActionResult Create()
{
return View();
}
// POST: Client/Create
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(Client client)
{
if (ModelState.IsValid)
{
client.Id = Guid.NewGuid().ToString();
_context.Applications.Add(client);
await _context.SaveChangesAsync();
return RedirectToAction("Index");
}
SetAppTypesInputValues();
return View(client);
}
private void SetAppTypesInputValues()
{
ViewData["Type"] =
new SelectListItem[] { 
new SelectListItem {
Text = ApplicationTypes.JavaScript.ToString(),
Value = ((int) ApplicationTypes.JavaScript).ToString() },
new SelectListItem {
Text = ApplicationTypes.NativeConfidential.ToString(),
Value = ((int) ApplicationTypes.NativeConfidential).ToString()
}
};
}
// GET: Client/Edit/5
public async Task<IActionResult> Edit(string id)
{
if (id == null)
{
return HttpNotFound();
}
Client client = await _context.Applications.SingleAsync(m => m.Id == id);
if (client == null)
{
return HttpNotFound();
}
SetAppTypesInputValues();
return View(client);
}
// POST: Client/Edit/5
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Edit(Client client)
{
if (ModelState.IsValid)
{
_context.Update(client);
await _context.SaveChangesAsync();
return RedirectToAction("Index");
}
return View(client);
}
// GET: Client/Delete/5
[ActionName("Delete")]
public async Task<IActionResult> Delete(string id)
{
if (id == null)
{
return HttpNotFound();
}
Client client = await _context.Applications.SingleAsync(m => m.Id == id);
if (client == null)
{
return HttpNotFound();
}
return View(client);
}
// POST: Client/Delete/5
[HttpPost, ActionName("Delete")]
[ValidateAntiForgeryToken]
public async Task<IActionResult> DeleteConfirmed(string id)
{
Client client = await _context.Applications.SingleAsync(m => m.Id == id);
_context.Applications.Remove(client);
await _context.SaveChangesAsync();
return RedirectToAction("Index");
}
}
}

1
Yavsc/Controllers/FrontOfficeController.cs
View File

@ -6,6 +6,7 @@ using Microsoft.AspNet.Identity;
using Microsoft.Data.Entity;
using Microsoft.Extensions.Logging;
using Yavsc.Models.Booking;
using Yavsc.Helpers;
namespace Yavsc.Controllers
{

45
Yavsc/Controllers/OAuthController.cs
View File

@ -1,4 +1,5 @@
using System.Linq;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
@ -9,8 +10,10 @@ using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.WebUtilities;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
using Microsoft.Extensions.Primitives;
using OAuth.AspNet.AuthServer;
using Yavsc.Models;
using Yavsc.Models.Auth;
namespace Yavsc.Controllers
{
@ -109,7 +112,7 @@ namespace Yavsc.Controllers
return Ok(claims);
}
[HttpGet(Constants.AuthorizePath)]
[HttpGet(Constants.AuthorizePath),HttpPost(Constants.AuthorizePath)]
public async Task<ActionResult> Authorize()
{
if (Response.StatusCode != 200)
@ -118,12 +121,13 @@ namespace Yavsc.Controllers
}
AuthenticationManager authentication = Request.HttpContext.Authentication;
var appAuthSheme = Startup.IdentityAppOptions.Cookies.ApplicationCookieAuthenticationScheme;
ClaimsPrincipal principal = await authentication.AuthenticateAsync(Constants.ApplicationAuthenticationSheme);
ClaimsPrincipal principal = await authentication.AuthenticateAsync(appAuthSheme);
if (principal == null)
{
await authentication.ChallengeAsync(Constants.ApplicationAuthenticationSheme);
await authentication.ChallengeAsync(appAuthSheme);
if (Response.StatusCode == 200)
return new HttpUnauthorizedResult();
@ -132,15 +136,36 @@ namespace Yavsc.Controllers
}
string[] scopes = { };
string redirect_uri = null;
string client_id = null;
string state = null;
IDictionary<string,StringValues> queryStringComponents = null;
if (Request.QueryString.HasValue)
{
var queryStringComponents = QueryHelpers.ParseQuery(Request.QueryString.Value);
queryStringComponents = QueryHelpers.ParseQuery(Request.QueryString.Value);
if (queryStringComponents.ContainsKey("scope"))
scopes = queryStringComponents["scope"];
if (queryStringComponents.ContainsKey("redirect_uri"))
redirect_uri = queryStringComponents["redirect_uri"];
if (queryStringComponents.ContainsKey("client_id"))
client_id = queryStringComponents["client_id"];
if (queryStringComponents.ContainsKey("state"))
state = queryStringComponents["state"];
}
var model = new AuthorisationView {
Scopes = Constants.SiteScopes.Where(s=> scopes.Contains(s.Id)).ToArray(),
RedirectUrl = redirect_uri,
Message = "Welcome.",
QueryStringComponents = queryStringComponents,
ClientId = client_id,
State = state,
ResponseType="code"
} ;
if (Request.Method == "POST")
{
if (!string.IsNullOrEmpty(Request.Form["submit.Grant"]))
@ -153,21 +178,19 @@ namespace Yavsc.Controllers
{
primaryIdentity.AddClaim(new Claim("urn:oauth:scope", scope));
}
_logger.LogWarning("Logging user {principal} against {OAuthDefaults.AuthenticationType}");
await authentication.SignInAsync(OAuthDefaults.AuthenticationType, principal);
}
if (!string.IsNullOrEmpty(Request.Form["submit.Login"]))
{
await authentication.SignOutAsync(Constants.ApplicationAuthenticationSheme);
await authentication.ChallengeAsync(Constants.ApplicationAuthenticationSheme);
await authentication.SignOutAsync(appAuthSheme);
await authentication.ChallengeAsync(appAuthSheme);
return new HttpUnauthorizedResult();
}
}
return View(new AuthorisationView { Scopes = scopes } );
return View(model);
}
}