From 8ce7767672fbb1dfd9587bcd493a993eb53da7ff Mon Sep 17 00:00:00 2001
From: Paul Schneider <paul@pschneider.fr>
Date: Sun, 12 Jun 2016 02:31:59 +0200
Subject: [PATCH] =?UTF-8?q?Restauration=20param=C3=A8tres=20d'usine?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Yavsc/Controllers/OAuthController.cs          | 23 ++++++-------
 Yavsc/ViewModels/Auth/AuthorisationView.cs    |  6 ----
 Yavsc/Views/OAuth/Authorize-new.cshtml        | 32 -------------------
 Yavsc/Views/OAuth/Authorize.cshtml            |  7 +---
 Yavsc/Views/OAuth/AuthorizeDenied.cshtml      | 17 ++++++++++
 .../Controllers/AuthenticationController.cs   | 15 +++++++--
 6 files changed, 39 insertions(+), 61 deletions(-)
 delete mode 100644 Yavsc/Views/OAuth/Authorize-new.cshtml
 create mode 100644 Yavsc/Views/OAuth/AuthorizeDenied.cshtml

diff --git a/Yavsc/Controllers/OAuthController.cs b/Yavsc/Controllers/OAuthController.cs
index fcca1f0a..6591f94c 100644
--- a/Yavsc/Controllers/OAuthController.cs
+++ b/Yavsc/Controllers/OAuthController.cs
@@ -136,9 +136,7 @@ namespace Yavsc.Controllers
             }
 
             string[] scopes = { };
-            string redirect_uri = null;
-            string client_id = null;
-            string state = null;
+            string redirect_uri=null;
 
             IDictionary<string,StringValues> queryStringComponents = null;
 
@@ -150,20 +148,11 @@ namespace Yavsc.Controllers
                     scopes = queryStringComponents["scope"];
                 if (queryStringComponents.ContainsKey("redirect_uri"))
                     redirect_uri = queryStringComponents["redirect_uri"];
-                if (queryStringComponents.ContainsKey("client_id"))
-                    client_id = queryStringComponents["client_id"];
-                if (queryStringComponents.ContainsKey("state"))
-                    state = queryStringComponents["state"];
             }
 
             var model = new AuthorisationView { 
                 Scopes = Constants.SiteScopes.Where(s=> scopes.Contains(s.Id)).ToArray(),
-                RedirectUrl = redirect_uri,
-                Message = "Welcome.",
-                QueryStringComponents = queryStringComponents,
-                ClientId = client_id,
-                State = state,
-                ResponseType="code"
+                Message = "Welcome."
                 } ;
 
             if (Request.Method == "POST")
@@ -181,7 +170,13 @@ namespace Yavsc.Controllers
                     _logger.LogWarning("Logging user {principal} against {OAuthDefaults.AuthenticationType}");
                     await authentication.SignInAsync(OAuthDefaults.AuthenticationType, principal);
                 }
-
+                if (!string.IsNullOrEmpty(Request.Form["submit.Deny"]))
+                {
+                    await authentication.SignOutAsync(appAuthSheme);
+                    if (redirect_uri!=null)
+                        return Redirect(redirect_uri+"?error=scope-denied");
+                    return Redirect("/");
+                }
                 if (!string.IsNullOrEmpty(Request.Form["submit.Login"]))
                 {
                     await authentication.SignOutAsync(appAuthSheme);
diff --git a/Yavsc/ViewModels/Auth/AuthorisationView.cs b/Yavsc/ViewModels/Auth/AuthorisationView.cs
index 5cf0dc8e..0342e083 100644
--- a/Yavsc/ViewModels/Auth/AuthorisationView.cs
+++ b/Yavsc/ViewModels/Auth/AuthorisationView.cs
@@ -5,13 +5,7 @@ namespace Yavsc.Models.Auth
 {
     public class AuthorisationView { 
         public Scope[] Scopes { get; set; }
-        public string RedirectUrl { get; set; }
         public string Message { get; set; }
-        public string ClientId {get; set; }
-        public string State {get; set; }
 
-        public string ResponseType { get; set; }
-
-        public IDictionary<string,StringValues> QueryStringComponents { get; set; }
     }
 }
\ No newline at end of file
diff --git a/Yavsc/Views/OAuth/Authorize-new.cshtml b/Yavsc/Views/OAuth/Authorize-new.cshtml
deleted file mode 100644
index 55ad9ac6..00000000
--- a/Yavsc/Views/OAuth/Authorize-new.cshtml
+++ /dev/null
@@ -1,32 +0,0 @@
-@using Microsoft.AspNet.Http.Authentication
-@using Microsoft.AspNet.WebUtilities
-@using System.Security.Claims
-@using Microsoft.Extensions.Primitives
-@model Yavsc.Models.Auth.AuthorisationView
-@{
-    ViewBag.Title = @SR["Authorize"];
-}
-<h1>Authorization Server</h1>
-<h2>OAuth2 Authorize</h2>
-<form method="POST" asp-action="Authorize" asp-controller="OAuth">
-    <p>Hello, @User.Identity.Name</p>
-    <p>@Model.Message</p>
-    <p>A third party application want to do the following on your behalf:</p>
-    <ul>
-        @foreach (var scope in Model.Scopes)
-        {
-            <li><em>@scope.Id</em>: @scope.Description</li>
-        }
-    </ul>
-    <p>
-        <input type="submit" class="btn btn-lg btn-success" name="submit.Grant" value="Grant" />
-        <input type="submit" class="btn btn-lg btn-danger" name="submit.Deny" value="Deny" />
-        <input type="submit" class="btn btn-lg btn-success" name="submit.Login" value="Sign in as different user" />
-    </p>
-    @if (Model.QueryStringComponents!=null) {
-        @foreach (var key in Model.QueryStringComponents.Keys) {
-            @Html.Hidden(key,Model.QueryStringComponents[key])
-        }
-    
-    }
-</form>
diff --git a/Yavsc/Views/OAuth/Authorize.cshtml b/Yavsc/Views/OAuth/Authorize.cshtml
index 7ca8b37f..554184f2 100644
--- a/Yavsc/Views/OAuth/Authorize.cshtml
+++ b/Yavsc/Views/OAuth/Authorize.cshtml
@@ -8,12 +8,7 @@
 <h1>Authorization Server</h1>
 <h2>OAuth2 Authorize</h2>
 
-<form method="POST" asp-action="Authorize" asp-controller="OAuth"
- asp-route-client_id="@Model.ClientId"
- asp-route-redirect_url="@Model.RedirectUrl"
- asp-route-state="@Model.State"
- asp-route-response_type="@Model.ResponseType"
- >
+<form method="POST">
     <p>Hello, @User.Identity.Name</p>
     <p>@Model.Message</p>
     <p>A third party application want to do the following on your behalf:</p>
diff --git a/Yavsc/Views/OAuth/AuthorizeDenied.cshtml b/Yavsc/Views/OAuth/AuthorizeDenied.cshtml
new file mode 100644
index 00000000..83d4b8f5
--- /dev/null
+++ b/Yavsc/Views/OAuth/AuthorizeDenied.cshtml
@@ -0,0 +1,17 @@
+@using Microsoft.AspNet.Http
+@using System
+@using System.Security.Claims
+@{
+    var error = Context.Items["oauth.Error"];
+    var errorDescription = Context.Items["oauth.ErrorDescription"];
+    var errorUri = Context.Items["oauth.ErrorUri"];
+}
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+    <title>Authorization Denied</title>
+</head>
+<body>
+    <h1>Authorization denied</h1>
+</body>
+</html>
\ No newline at end of file
diff --git a/testOauthClient/Controllers/AuthenticationController.cs b/testOauthClient/Controllers/AuthenticationController.cs
index ed65f72a..6ac6b858 100644
--- a/testOauthClient/Controllers/AuthenticationController.cs
+++ b/testOauthClient/Controllers/AuthenticationController.cs
@@ -1,4 +1,5 @@
 
+using System.Threading.Tasks;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Mvc;
 
@@ -6,12 +7,20 @@ namespace Mvc.Client.Controllers {
     public class AuthenticationController : Controller {
         
         [HttpGet("~/signin")]
-        public ActionResult SignIn() {
+        public ActionResult SignIn(string returnUrl="/") {
             // Instruct the OIDC client middleware to redirect the user agent to the identity provider.
-            // Note: the authenticationType parameter must match the value configured in Startup.cs
-            var properties = new AuthenticationProperties { RedirectUri = "http://localhost:5002/signin-yavsc" };
+            // Note: the authenticationType parameter must match the value configured in Startup.cs.
+            // But, this redirect URI doesn't need to match the OAuth parameter, it's serialized in the query state,
+            // to be used once the identification ends.
+            var properties = new AuthenticationProperties { RedirectUri = returnUrl };
             return new ChallengeResult("Yavsc", properties);
         }
+        [HttpGet("~/signout")]
+        public async Task<IActionResult> SignOut(string returnUrl="/") {
+            await HttpContext.Authentication.SignOutAsync("Bearer");
+            return Redirect(returnUrl);
+        }
+
 
     }
 }
\ No newline at end of file