From e41fa8c19980d6e6bdc2231c315e892fe90906b6 Mon Sep 17 00:00:00 2001
From: Uncled1023 <admin@teknik.io>
Date: Mon, 12 Jul 2021 20:21:50 -0700
Subject: [PATCH] Fixed identity APi responses/management errors

---
 .gitignore                                    |  1 +
 Configuration/IdentityServerConfig.cs         |  2 +
 .../Controllers/ManageController.cs           | 42 +++++++++----------
 IdentityServer/IdentityServer.csproj          |  1 +
 .../Teknik Identity - Development.pubxml      |  2 +-
 IdentityServer/Startup.cs                     | 22 ++++++++--
 .../Areas/User/Controllers/UserController.cs  |  2 +-
 Teknik/Areas/User/Models/IdentityUserInfo.cs  | 36 ++++++----------
 Teknik/Startup.cs                             |  3 +-
 Teknik/Teknik.csproj                          |  1 +
 10 files changed, 60 insertions(+), 52 deletions(-)

diff --git a/.gitignore b/.gitignore
index fd84efc..a5dffd6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -269,3 +269,4 @@ __pycache__/
 /ServiceWorker/Properties/launchSettings.json
 /IdentityServer/App_Data/Config.json
 /ServiceWorker/Output
+/IdentityServer/tempkey.jwk
diff --git a/Configuration/IdentityServerConfig.cs b/Configuration/IdentityServerConfig.cs
index dc86007..353733a 100644
--- a/Configuration/IdentityServerConfig.cs
+++ b/Configuration/IdentityServerConfig.cs
@@ -18,6 +18,8 @@ namespace Teknik.Configuration
         public string APIName { get; set; }
         public string APISecret { get; set; }
 
+        public string SigningCertificate { get; set; }
+
         public IdentityServerConfig()
         {
             Host = "localhost:5002";
diff --git a/IdentityServer/Controllers/ManageController.cs b/IdentityServer/Controllers/ManageController.cs
index c32cf1d..4331949 100644
--- a/IdentityServer/Controllers/ManageController.cs
+++ b/IdentityServer/Controllers/ManageController.cs
@@ -89,12 +89,12 @@ namespace Teknik.IdentityServer.Controllers
             if (foundUser != null)
             {
                 // Find this user's clients
-                var foundClients = configContext.Clients.Where(c =>
-                                        c.Properties.Exists(p =>
-                                            p.Key == "username" &&
-                                            p.Value.ToLower() == model.Username.ToLower())
-                                        ).ToList();
-                if (foundClients != null)
+                var lowerUsername = model.Username.ToLower();
+                var foundClients = configContext.Clients
+                                        .Select(c => new { Client = c, Username = c.Properties.FirstOrDefault(p => p.Key == "username").Value })
+                                        .Where(c => c.Username.ToLower() == lowerUsername)
+                                        .Select(c => c.Client);
+                if (foundClients.Any())
                 {
                     configContext.Clients.RemoveRange(foundClients);
                     configContext.SaveChanges();
@@ -133,7 +133,8 @@ namespace Teknik.IdentityServer.Controllers
             var foundUser = await GetCachedUser(username);
             if (foundUser != null)
             {
-                return new JsonResult(new { success = true, data = foundUser.ToJson() });
+                var userJson = foundUser.ToJson();
+                return new JsonResult(new { success = true, data = userJson });
             }
             return new JsonResult(new { success = false, message = "User does not exist." });
         }
@@ -479,15 +480,15 @@ namespace Teknik.IdentityServer.Controllers
             if (string.IsNullOrEmpty(clientId))
                 return new JsonResult(new { success = false, message = "Client Id is required" });
 
-            var client = configContext.Clients.FirstOrDefault(c => 
-                                    c.ClientId == clientId && 
-                                    c.Properties.Exists(p => 
-                                        p.Key == "username" && 
-                                        p.Value.ToLower() == username.ToLower())
-                                    );
+            var lowerUsername = username.ToLower();
+            var client = configContext.Clients
+                                    .Select(c => new { Id = c.ClientId, Username = c.Properties.FirstOrDefault(p => p.Key == "username").Value })
+                                    .FirstOrDefault(c => 
+                                    c.Id == clientId &&
+                                    c.Username.ToLower() == lowerUsername);
             if (client != null)
             {
-                var foundClient = await clientStore.FindClientByIdAsync(client.ClientId);
+                var foundClient = await clientStore.FindClientByIdAsync(client.Id);
                 return new JsonResult(new { success = true, data = foundClient });
             }
 
@@ -500,15 +501,14 @@ namespace Teknik.IdentityServer.Controllers
             if (string.IsNullOrEmpty(username))
                 return new JsonResult(new { success = false, message = "Username is required" });
 
-            var foundClientIds = configContext.Clients.Where(c =>
-                                    c.Properties.Exists(p =>
-                                        p.Key == "username" &&
-                                        p.Value.ToLower() == username.ToLower())
-                                    ).Select(c => c.ClientId);
+            var lowerUsername = username.ToLower();
+            var foundClientIds = configContext.Clients
+                                    .Select(c => new { Id = c.ClientId, Username = c.Properties.FirstOrDefault(p => p.Key == "username").Value })
+                                    .Where(c => c.Username.ToLower() == lowerUsername);
             var clients = new List<IdentityServer4.Models.Client>();
-            foreach (var clientId in foundClientIds)
+            foreach (var client in foundClientIds)
             {
-                var foundClient = await clientStore.FindClientByIdAsync(clientId);
+                var foundClient = await clientStore.FindClientByIdAsync(client.Id);
                 if (foundClient != null)
                     clients.Add(foundClient);
             }
diff --git a/IdentityServer/IdentityServer.csproj b/IdentityServer/IdentityServer.csproj
index 8bb0df1..770f984 100644
--- a/IdentityServer/IdentityServer.csproj
+++ b/IdentityServer/IdentityServer.csproj
@@ -26,6 +26,7 @@
     <PackageReference Include="IdentityServer4.EntityFramework" Version="4.1.2" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="5.0.7" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Core" Version="2.2.5" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="5.0.7" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Proxies" Version="5.0.7" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="5.0.7" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="5.0.7">
diff --git a/IdentityServer/Properties/PublishProfiles/Teknik Identity - Development.pubxml b/IdentityServer/Properties/PublishProfiles/Teknik Identity - Development.pubxml
index 2a5f102..b104a7d 100644
--- a/IdentityServer/Properties/PublishProfiles/Teknik Identity - Development.pubxml	
+++ b/IdentityServer/Properties/PublishProfiles/Teknik Identity - Development.pubxml	
@@ -11,7 +11,7 @@ by editing this MSBuild file. In order to learn more about this please visit htt
     <SiteUrlToLaunchAfterPublish>https://authdev.teknik.io</SiteUrlToLaunchAfterPublish>
     <LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
     <ExcludeApp_Data>True</ExcludeApp_Data>
-    <TargetFramework>netcoreapp2.2</TargetFramework>
+    <TargetFramework>net5.0</TargetFramework>
     <ProjectGuid>05842e03-223a-4f43-9e81-d968a9475a97</ProjectGuid>
     <SelfContained>false</SelfContained>
     <_IsPortable>true</_IsPortable>
diff --git a/IdentityServer/Startup.cs b/IdentityServer/Startup.cs
index 62a899e..c39dae0 100644
--- a/IdentityServer/Startup.cs
+++ b/IdentityServer/Startup.cs
@@ -65,6 +65,7 @@ namespace Teknik.IdentityServer
             var devEnv = config?.DevEnvironment ?? true;
             var defaultConn = config?.DbConnection ?? string.Empty;
             var authority = config?.UserConfig?.IdentityServerConfig?.Authority ?? string.Empty;
+            var signingCert = config?.UserConfig?.IdentityServerConfig?.SigningCertificate ?? string.Empty;
 
             if (devEnv)
             {
@@ -95,7 +96,8 @@ namespace Teknik.IdentityServer
 
             services.AddScoped<IErrorController, ErrorController>();
             services.AddControllersWithViews()
-                    .AddControllersAsServices();
+                    .AddControllersAsServices()
+                    .AddNewtonsoftJson();
 
             // Sessions
             services.AddResponseCaching();
@@ -132,7 +134,7 @@ namespace Teknik.IdentityServer
                 .AddEntityFrameworkStores<ApplicationDbContext>()
                 .AddDefaultTokenProviders();
 
-            services.AddIdentityServer(options =>
+            var identityBuilder = services.AddIdentityServer(options =>
             {
                 options.Events.RaiseErrorEvents = true;
                 options.Events.RaiseInformationEvents = true;
@@ -154,8 +156,16 @@ namespace Teknik.IdentityServer
                         builder.UseSqlServer(defaultConn, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)))
                 .AddConfigurationStoreCache()
                 .AddAspNetIdentity<ApplicationUser>()
-                .AddRedirectUriValidator<TeknikRedirectUriValidator>()
-                .AddDeveloperSigningCredential();
+                .AddRedirectUriValidator<TeknikRedirectUriValidator>();
+
+            if (!string.IsNullOrEmpty(signingCert))
+            {
+                identityBuilder.AddSigningCredential($"CN={signingCert}");
+            }
+            else
+            {
+                identityBuilder.AddDeveloperSigningCredential();
+            }
 
             services.AddAuthorization(options =>
             {
@@ -236,6 +246,10 @@ namespace Teknik.IdentityServer
 
             app.UseIdentityServer();
 
+            // Authorize all the things!
+            app.UseAuthentication();
+            app.UseAuthorization();
+
             app.UseEndpoints(endpoints =>
             {
                 endpoints.MapDefaultControllerRoute();
diff --git a/Teknik/Areas/User/Controllers/UserController.cs b/Teknik/Areas/User/Controllers/UserController.cs
index f7979fb..bdd25e4 100644
--- a/Teknik/Areas/User/Controllers/UserController.cs
+++ b/Teknik/Areas/User/Controllers/UserController.cs
@@ -1282,7 +1282,7 @@ namespace Teknik.Areas.Users.Controllers
 
                     string renderedView = await RenderPartialViewToString(viewEngine, "~/Areas/User/Views/User/Settings/ClientView.cshtml", model);
 
-                    return Json(new { result = true, clientId = client["id"], secret = client["secret"], html = renderedView });
+                    return Json(new { result = true, clientId = client["id"].ToString(), secret = client["secret"].ToString(), html = renderedView });
                 }
                 return Json(new { error = result.Message });
             }
diff --git a/Teknik/Areas/User/Models/IdentityUserInfo.cs b/Teknik/Areas/User/Models/IdentityUserInfo.cs
index 66a2456..5bbbb81 100644
--- a/Teknik/Areas/User/Models/IdentityUserInfo.cs
+++ b/Teknik/Areas/User/Models/IdentityUserInfo.cs
@@ -32,26 +32,22 @@ namespace Teknik.Areas.Users.Models
         {
             if (claims.FirstOrDefault(c => c.Type == "creation-date") != null)
             {
-                DateTime dateTime = new DateTime();
-                if (DateTime.TryParse(claims.FirstOrDefault(c => c.Type == "creation-date").Value, out dateTime))
+                if (DateTime.TryParse(claims.FirstOrDefault(c => c.Type == "creation-date").Value, out var dateTime))
                     CreationDate = dateTime;
             }
             if (claims.FirstOrDefault(c => c.Type == "last-seen") != null)
             {
-                DateTime dateTime = new DateTime();
-                if (DateTime.TryParse(claims.FirstOrDefault(c => c.Type == "last-seen").Value, out dateTime))
+                if (DateTime.TryParse(claims.FirstOrDefault(c => c.Type == "last-seen").Value, out var dateTime))
                     CreationDate = dateTime;
             }
             if (claims.FirstOrDefault(c => c.Type == "account-type") != null)
             {
-                AccountType accountType = Utilities.AccountType.Basic;
-                if (Enum.TryParse(claims.FirstOrDefault(c => c.Type == "account-type").Value, out accountType))
+                if (Enum.TryParse(claims.FirstOrDefault(c => c.Type == "account-type").Value, out AccountType accountType))
                     AccountType = accountType;
             }
             if (claims.FirstOrDefault(c => c.Type == "account-status") != null)
             {
-                AccountStatus accountStatus = Utilities.AccountStatus.Active;
-                if (Enum.TryParse(claims.FirstOrDefault(c => c.Type == "account-status").Value, out accountStatus))
+                if (Enum.TryParse(claims.FirstOrDefault(c => c.Type == "account-status").Value, out AccountStatus accountStatus))
                     AccountStatus = accountStatus;
             }
             if (claims.FirstOrDefault(c => c.Type == "recovery-email") != null)
@@ -60,14 +56,12 @@ namespace Teknik.Areas.Users.Models
             }
             if (claims.FirstOrDefault(c => c.Type == "recovery-verified") != null)
             {
-                bool verified = false;
-                if (bool.TryParse(claims.FirstOrDefault(c => c.Type == "recovery-verified").Value, out verified))
+                if (bool.TryParse(claims.FirstOrDefault(c => c.Type == "recovery-verified").Value, out var verified))
                     RecoveryVerified = verified;
             }
             if (claims.FirstOrDefault(c => c.Type == "2fa-enabled") != null)
             {
-                bool twoFactor = false;
-                if (bool.TryParse(claims.FirstOrDefault(c => c.Type == "2fa-enabled").Value, out twoFactor))
+                if (bool.TryParse(claims.FirstOrDefault(c => c.Type == "2fa-enabled").Value, out var twoFactor))
                     TwoFactorEnabled = twoFactor;
             }
             if (claims.FirstOrDefault(c => c.Type == "pgp-public-key") != null)
@@ -80,26 +74,22 @@ namespace Teknik.Areas.Users.Models
         {
             if (info["creation-date"] != null)
             {
-                DateTime dateTime = new DateTime();
-                if (DateTime.TryParse(info["creation-date"].ToString(), out dateTime))
+                if (DateTime.TryParse(info["creation-date"].ToString(), out var dateTime))
                     CreationDate = dateTime;
             }
             if (info["last-seen"] != null)
             {
-                DateTime dateTime = new DateTime();
-                if (DateTime.TryParse(info["last-seen"].ToString(), out dateTime))
+                if (DateTime.TryParse(info["last-seen"].ToString(), out var dateTime))
                     LastSeen = dateTime;
             }
             if (info["account-type"] != null)
             {
-                AccountType accountType = Utilities.AccountType.Basic;
-                if (Enum.TryParse(info["account-type"].ToString(), out accountType))
+                if (Enum.TryParse(info["account-type"].ToString(), out AccountType accountType))
                     AccountType = accountType;
             }
             if (info["account-status"] != null)
             {
-                AccountStatus accountStatus = Utilities.AccountStatus.Active;
-                if (Enum.TryParse(info["account-status"].ToString(), out accountStatus))
+                if (Enum.TryParse(info["account-status"].ToString(), out AccountStatus accountStatus))
                     AccountStatus = accountStatus;
             }
             if (info["recovery-email"] != null)
@@ -108,14 +98,12 @@ namespace Teknik.Areas.Users.Models
             }
             if (info["recovery-verified"] != null)
             {
-                bool verified = false;
-                if (bool.TryParse(info["recovery-verified"].ToString(), out verified))
+                if (bool.TryParse(info["recovery-verified"].ToString(), out var verified))
                     RecoveryVerified = verified;
             }
             if (info["2fa-enabled"] != null)
             {
-                bool twoFactor = false;
-                if (bool.TryParse(info["2fa-enabled"].ToString(), out twoFactor))
+                if (bool.TryParse(info["2fa-enabled"].ToString(), out var twoFactor))
                     TwoFactorEnabled = twoFactor;
             }
             if (info["pgp-public-key"] != null)
diff --git a/Teknik/Startup.cs b/Teknik/Startup.cs
index d91ad01..ebc4fa9 100644
--- a/Teknik/Startup.cs
+++ b/Teknik/Startup.cs
@@ -95,7 +95,8 @@ namespace Teknik
             });
 
             services.AddControllersWithViews()
-                    .AddControllersAsServices();
+                    .AddControllersAsServices()
+                    .AddNewtonsoftJson();
 
             services.AddHostedService<TrackingService>();
             services.AddSingleton<IBackgroundTaskQueue, BackgroundTaskQueue>();
diff --git a/Teknik/Teknik.csproj b/Teknik/Teknik.csproj
index 41908eb..7815454 100644
--- a/Teknik/Teknik.csproj
+++ b/Teknik/Teknik.csproj
@@ -40,6 +40,7 @@
     <PackageReference Include="IdentityServer4.AspNetIdentity" Version="4.1.2" />
     <PackageReference Include="IdentityServer4.EntityFramework" Version="4.1.2" />
     <PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="5.2.7" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="5.0.7" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="5.0.2" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="5.0.7" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Proxies" Version="5.0.7" />