mirror of
https://github.com/btcpayserver/btcpayserver.git
synced 2025-02-24 06:47:50 +01:00
4055eda757
* Part 1 & Part 2 squashed commits pr changes pr fixes remove config for openid -- no need for it for now Part 1: OpenIddict - Minor Changes & Config prep Part2: Openiddict: Init OpenIddict & Database Migration & Auth Policies pr changes fix merge fix compile fix compile #2 Part 1: OpenIddict - Minor Changes & Config prep add missing nuget Part2: Openiddict: Init OpenIddict & Database Migration & Auth Policies * Part3: OpenIddict: Add Flows Event Handlers * pr changes * fix merge * fix rebase * fix imports * cleanup * do not allow u2f enabled accounts to log in * start better tests for flows * add tests * fixes * reintroduce dynamic policy as policies on jwt do not work without it * reduce logs * fix incorrect endpoint definitions * Add implicit flow e2e test * add code flow and refresh flow * do not allow jwt bearer auth for all requests( only those under /api) * remove commentedt code * make sure authorize attr is marked with scheme * remove dynamic policy and set claims in jwt handler * cleanup * change serversettings policy to not need a claim * Add test to checkadmin verification * revert server setting claim removal * fix test * switch back to claim * unit test fixes * try fix build with weird references to csprojes * start fixing rebase * remove https requirement to handle tor * reformat tests correctly * fix csproj * fix ut formatting * PR Changes * do not show selenium browser
78 lines
3.3 KiB
C#
78 lines
3.3 KiB
C#
using System.Collections.Generic;
|
|
using System.Threading.Tasks;
|
|
using AspNet.Security.OpenIdConnect.Primitives;
|
|
using BTCPayServer.Models;
|
|
using BTCPayServer.Security;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.Extensions.Options;
|
|
using OpenIddict.Abstractions;
|
|
using OpenIddict.Server;
|
|
|
|
namespace BTCPayServer.Authentication.OpenId
|
|
{
|
|
public class AuthorizationEventHandler : BaseOpenIdGrantHandler<OpenIddictServerEvents.HandleAuthorizationRequest>
|
|
{
|
|
private readonly UserManager<ApplicationUser> _userManager;
|
|
|
|
public override async Task<OpenIddictServerEventState> HandleAsync(
|
|
OpenIddictServerEvents.HandleAuthorizationRequest notification)
|
|
{
|
|
if (!notification.Context.Request.IsAuthorizationRequest())
|
|
{
|
|
return OpenIddictServerEventState.Unhandled;
|
|
}
|
|
|
|
var auth = await notification.Context.HttpContext.AuthenticateAsync();
|
|
if (!auth.Succeeded)
|
|
{
|
|
// If the client application request promptless authentication,
|
|
// return an error indicating that the user is not logged in.
|
|
if (notification.Context.Request.HasPrompt(OpenIdConnectConstants.Prompts.None))
|
|
{
|
|
var properties = new AuthenticationProperties(new Dictionary<string, string>
|
|
{
|
|
[OpenIdConnectConstants.Properties.Error] = OpenIdConnectConstants.Errors.LoginRequired,
|
|
[OpenIdConnectConstants.Properties.ErrorDescription] = "The user is not logged in."
|
|
});
|
|
|
|
|
|
// Ask OpenIddict to return a login_required error to the client application.
|
|
await notification.Context.HttpContext.ForbidAsync(properties);
|
|
notification.Context.HandleResponse();
|
|
return OpenIddictServerEventState.Handled;
|
|
}
|
|
|
|
await notification.Context.HttpContext.ChallengeAsync();
|
|
notification.Context.HandleResponse();
|
|
return OpenIddictServerEventState.Handled;
|
|
}
|
|
|
|
// Retrieve the profile of the logged in user.
|
|
var user = await _userManager.GetUserAsync(auth.Principal);
|
|
if (user == null)
|
|
{
|
|
notification.Context.Reject(
|
|
error: OpenIddictConstants.Errors.InvalidGrant,
|
|
description: "An internal error has occurred");
|
|
|
|
return OpenIddictServerEventState.Handled;
|
|
}
|
|
|
|
// Create a new authentication ticket.
|
|
var ticket = await CreateTicketAsync(notification.Context.Request, user);
|
|
|
|
// Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
|
|
notification.Context.Validate(ticket);
|
|
return OpenIddictServerEventState.Handled;
|
|
}
|
|
|
|
public AuthorizationEventHandler(
|
|
UserManager<ApplicationUser> userManager, SignInManager<ApplicationUser> signInManager,
|
|
IOptions<IdentityOptions> identityOptions) : base(signInManager, identityOptions)
|
|
{
|
|
_userManager = userManager;
|
|
}
|
|
}
|
|
}
|