mirror of
https://git.teknik.io/Teknikode/Teknik.git
synced 2023-08-02 14:16:22 +02:00
108 lines
3.9 KiB
C#
108 lines
3.9 KiB
C#
using IdentityModel;
|
|
using IdentityServer4.Extensions;
|
|
using IdentityServer4.Services;
|
|
using IdentityServer4.Stores;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Http;
|
|
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
using Teknik.IdentityServer.Models;
|
|
using Teknik.IdentityServer.Options;
|
|
using Teknik.IdentityServer.ViewModels;
|
|
|
|
namespace Teknik.IdentityServer.Services
|
|
{
|
|
public class AccountService
|
|
{
|
|
private readonly IClientStore _clientStore;
|
|
private readonly IIdentityServerInteractionService _interaction;
|
|
private readonly IHttpContextAccessor _httpContextAccessor;
|
|
private readonly IAuthenticationSchemeProvider _schemeProvider;
|
|
|
|
public AccountService(
|
|
IIdentityServerInteractionService interaction,
|
|
IHttpContextAccessor httpContextAccessor,
|
|
IAuthenticationSchemeProvider schemeProvider,
|
|
IClientStore clientStore)
|
|
{
|
|
_interaction = interaction;
|
|
_httpContextAccessor = httpContextAccessor;
|
|
_schemeProvider = schemeProvider;
|
|
_clientStore = clientStore;
|
|
}
|
|
|
|
public async Task<LoginViewModel> BuildLoginViewModelAsync(string returnUrl)
|
|
{
|
|
var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
|
|
|
|
var allowLocal = true;
|
|
if (context?.Client?.ClientId != null)
|
|
{
|
|
var client = await _clientStore.FindEnabledClientByIdAsync(context.Client.ClientId);
|
|
if (client != null)
|
|
{
|
|
allowLocal = client.EnableLocalLogin;
|
|
}
|
|
}
|
|
|
|
return new LoginViewModel
|
|
{
|
|
AllowRememberLogin = AccountOptions.AllowRememberLogin,
|
|
EnableLocalLogin = allowLocal && AccountOptions.AllowLocalLogin,
|
|
ReturnUrl = returnUrl,
|
|
Username = context?.LoginHint
|
|
};
|
|
}
|
|
|
|
public async Task<LoginViewModel> BuildLoginViewModelAsync(LoginInputModel model)
|
|
{
|
|
var vm = await BuildLoginViewModelAsync(model.ReturnUrl);
|
|
vm.Username = model.Username;
|
|
vm.RememberMe = model.RememberMe;
|
|
return vm;
|
|
}
|
|
|
|
public async Task<LogoutViewModel> BuildLogoutViewModelAsync(string logoutId)
|
|
{
|
|
var vm = new LogoutViewModel { LogoutId = logoutId, ShowLogoutPrompt = AccountOptions.ShowLogoutPrompt };
|
|
|
|
var user = _httpContextAccessor.HttpContext.User;
|
|
if (user?.Identity.IsAuthenticated != true)
|
|
{
|
|
// if the user is not authenticated, then just show logged out page
|
|
vm.ShowLogoutPrompt = false;
|
|
return vm;
|
|
}
|
|
|
|
var context = await _interaction.GetLogoutContextAsync(logoutId);
|
|
if (context?.ShowSignoutPrompt == false)
|
|
{
|
|
// it's safe to automatically sign-out
|
|
vm.ShowLogoutPrompt = false;
|
|
return vm;
|
|
}
|
|
|
|
// show the logout prompt. this prevents attacks where the user
|
|
// is automatically signed out by another malicious web page.
|
|
return vm;
|
|
}
|
|
|
|
public async Task<LoggedOutViewModel> BuildLoggedOutViewModelAsync(string logoutId)
|
|
{
|
|
// get context information (client name, post logout redirect URI and iframe for federated signout)
|
|
var logout = await _interaction.GetLogoutContextAsync(logoutId);
|
|
|
|
var vm = new LoggedOutViewModel
|
|
{
|
|
AutomaticRedirectAfterSignOut = AccountOptions.AutomaticRedirectAfterSignOut,
|
|
PostLogoutRedirectUri = logout?.PostLogoutRedirectUri,
|
|
ClientName = logout?.ClientId,
|
|
SignOutIframeUrl = logout?.SignOutIFrameUrl,
|
|
LogoutId = logoutId
|
|
};
|
|
|
|
return vm;
|
|
}
|
|
}
|
|
}
|