using Duende.IdentityServer.Models; using Duende.IdentityServer.Services; using Easy.DDD.Domain.Repositories; using IdentityModel; using IdentityServer.DDD.Domain.Entites; using Microsoft.EntityFrameworkCore; using System.Security.Claims; namespace IdentityServer.Realization; public class CustomProfileService : IProfileService { private readonly IRepository UserRepository; public CustomProfileService(IRepository userService) { UserRepository = userService; } async private Task VerifySubAsync(ClaimsPrincipal subject) { subject = subject ?? throw new ArgumentNullException(nameof(subject)); var subjectId = subject.Claims.Where(x => x.Type == "sub").FirstOrDefault().Value; if (!Guid.TryParse(subjectId, out Guid id)) { throw new ArgumentException("主题是用户ID,但不是Guid!"); } var user = await UserRepository.Set .Include(o => o.Roles) //.Include(o => o.OrganizationUnits) .FirstOrDefaultAsync(o => o.Id == id); if (user == null) { throw new ArgumentException("无效的主题标识符"); } return user; } async public Task GetProfileDataAsync(ProfileDataRequestContext context) { IdentityUser user = await VerifySubAsync(context.Subject); context.IssuedClaims = GetClaimsFromUser(user); } async public Task IsActiveAsync(IsActiveContext context) { IdentityUser user = await VerifySubAsync(context.Subject); context.IsActive = !user.LockoutEnabled || !user.LockoutEnd.HasValue || user.LockoutEnd <= DateTime.Now; } private static List GetClaimsFromUser(IdentityUser user) { var claims = new List { new Claim("U", user.Id.ToString()), new Claim(JwtClaimTypes.NickName, user.NickName) }; if (user.Roles.Count != 0) { var claim = new Claim(JwtClaimTypes.Role, string.Join(",", user.Roles.Select(o => o.RoleId))); claims.Add(claim); } return claims; } }