You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
139 lines
4.6 KiB
139 lines
4.6 KiB
3 years ago
|
using Duende.IdentityServer;
|
||
|
using Duende.IdentityServer.Models;
|
||
|
using Duende.IdentityServer.Services;
|
||
|
using Easy.Api;
|
||
|
using Identity.Infrastructure.Dtos;
|
||
|
using Identity.Infrastructure.Models;
|
||
|
using Identity.Infrastructure.Repositories;
|
||
|
using Microsoft.AspNetCore.Authentication;
|
||
|
|
||
|
namespace Identity.Realization;
|
||
|
|
||
|
public class Spa : ApiService
|
||
|
{
|
||
|
private readonly IIdentityServerInteractionService _interaction;
|
||
|
private readonly IServerUrls _serverUrls;
|
||
|
private readonly IUserRepository _userRepository;
|
||
|
private readonly IHttpContextAccessor Accessor;
|
||
|
|
||
|
public Spa(IIdentityServerInteractionService interaction, IServerUrls serverUrls,
|
||
|
IUserRepository userRepository, IHttpContextAccessor httpContextAccessor)
|
||
|
{
|
||
|
_interaction = interaction;
|
||
|
_serverUrls = serverUrls;
|
||
|
_userRepository = userRepository;
|
||
|
Accessor = httpContextAccessor;
|
||
|
}
|
||
|
|
||
|
public async Task<ApiResultValue<string>> Login(LoginDto model)
|
||
|
{
|
||
|
var user = await _userRepository.PasswordSignInAsync(model.Username, model.Password);
|
||
|
if (user == null)
|
||
|
return ApiResult.Value("").CustomStatusMessage("UserLoginPassword", "�û�����������Ч");
|
||
|
|
||
|
var isUser = new IdentityServerUser(user.Id.ToString())
|
||
|
{
|
||
|
DisplayName = user.NickName,
|
||
|
};
|
||
|
|
||
|
var props = new AuthenticationProperties
|
||
|
{
|
||
|
IsPersistent = model.Remember
|
||
|
};
|
||
|
|
||
|
await Accessor.HttpContext.SignInAsync(isUser.CreatePrincipal(), props);
|
||
|
|
||
|
var url = model.ReturnUrl != null ? Uri.UnescapeDataString(model.ReturnUrl) : null;
|
||
|
|
||
|
var authzContext = await _interaction.GetAuthorizationContextAsync(url);
|
||
|
|
||
|
return ApiResult.Value(authzContext != null ? url : _serverUrls.BaseUrl).SUCCESS();
|
||
|
|
||
|
}
|
||
|
|
||
|
public async Task<ApiResultValue<string>> Consent(ConsentDto model)
|
||
|
{
|
||
|
var url = Uri.UnescapeDataString(model.ReturnUrl);
|
||
|
|
||
|
var authzContext = await _interaction.GetAuthorizationContextAsync(url);
|
||
|
When.Is(authzContext == null, "����");
|
||
|
|
||
|
if (model.Deny)
|
||
|
{
|
||
|
await _interaction.DenyAuthorizationAsync(authzContext, AuthorizationError.AccessDenied);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
await _interaction.GrantConsentAsync(authzContext,
|
||
|
new ConsentResponse
|
||
|
{
|
||
|
RememberConsent = model.Remember,
|
||
|
ScopesValuesConsented = authzContext.ValidatedResources.RawScopeValues
|
||
|
});
|
||
|
}
|
||
|
|
||
|
return ApiResult.Value(url).SUCCESS();
|
||
|
}
|
||
|
|
||
|
public async Task<ApiResultValue<ContextModel>> GetContext(string returnUrl)
|
||
|
{
|
||
|
var authzContext = await _interaction.GetAuthorizationContextAsync(returnUrl);
|
||
|
When.Is(authzContext == null, "û��������");
|
||
|
return ApiResult.Value(new ContextModel
|
||
|
{
|
||
|
LoginHint = authzContext.LoginHint,
|
||
|
IdP = authzContext.IdP,
|
||
|
Tenant = authzContext.Tenant,
|
||
|
Scopes = authzContext.ValidatedResources.RawScopeValues,
|
||
|
Client = authzContext.Client.ClientName ?? authzContext.Client.ClientId
|
||
|
}).SUCCESS();
|
||
|
}
|
||
|
|
||
|
public async Task<ApiResultValue<ErrorModel>> GetError(string errorId)
|
||
|
{
|
||
|
var errorInfo = await _interaction.GetErrorContextAsync(errorId);
|
||
|
return ApiResult.Value(new ErrorModel()
|
||
|
{
|
||
|
Error = errorInfo.Error,
|
||
|
ErrorDescription = errorInfo.ErrorDescription
|
||
|
}).SUCCESS();
|
||
|
}
|
||
|
public async Task<ApiResultValue<LogOutModel>> Logout(string logoutId)
|
||
|
{
|
||
|
var logoutInfo = await _interaction.GetLogoutContextAsync(logoutId);
|
||
|
|
||
|
await Accessor.HttpContext.SignOutAsync();
|
||
|
return ApiResult.Value(new LogOutModel()
|
||
|
{
|
||
|
PostLogoutRedirectUri = logoutInfo.PostLogoutRedirectUri,
|
||
|
SignOutIFrameUrl = logoutInfo.SignOutIFrameUrl
|
||
|
}).SUCCESS();
|
||
|
}
|
||
|
public async Task<ApiResultValue<LogOutModel>> GetLogout(string logoutId)
|
||
|
{
|
||
|
var logoutInfo = await _interaction.GetLogoutContextAsync(logoutId);
|
||
|
if (logoutInfo != null)
|
||
|
{
|
||
|
if (!logoutInfo.ShowSignoutPrompt || !Accessor.HttpContext.User.Identity.IsAuthenticated)
|
||
|
{
|
||
|
await Accessor.HttpContext.SignOutAsync();
|
||
|
|
||
|
return ApiResult.Value(new LogOutModel()
|
||
|
{
|
||
|
PostLogoutRedirectUri = logoutInfo.PostLogoutRedirectUri,
|
||
|
SignOutIFrameUrl = logoutInfo.SignOutIFrameUrl
|
||
|
}).SUCCESS();
|
||
|
}
|
||
|
|
||
|
}
|
||
|
return ApiResult.Value(new LogOutModel()
|
||
|
{
|
||
|
Prompt = Accessor.HttpContext.User.Identity.IsAuthenticated
|
||
|
}).RETRY("δ��Ȩ");
|
||
|
}
|
||
|
|
||
|
|
||
|
}
|
||
|
|
||
|
|