tsai
/
abp
mirror of https://github.com/abpframework/abp.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update Consent page.

pull/4578/head
maliming 6 years ago
parent
cf75e6cdb3
commit
7a885cfe9a
4 changed files with 142 additions and 198 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 17
      modules/account/src/Volo.Abp.Account.Web.IdentityServer/ConsentOptions.cs
  2. 74
      modules/account/src/Volo.Abp.Account.Web.IdentityServer/Pages/Consent.cshtml
  3. 243
      modules/account/src/Volo.Abp.Account.Web.IdentityServer/Pages/Consent.cshtml.cs
  4. 6
      modules/account/src/Volo.Abp.Account.Web/Pages/Account/LoggedOut.cshtml

17
modules/account/src/Volo.Abp.Account.Web.IdentityServer/ConsentOptions.cs
View File

@ -1,17 +0,0 @@
namespace Volo.Abp.Account.Web
{
public class ConsentOptions
{
public static bool EnableOfflineAccess = true;
public static string OfflineAccessDisplayName = "Offline Access";
public static string OfflineAccessDescription = "Access to your applications and resources, even when you are offline";
//TODO: How to handle this
public static readonly string MustChooseOneErrorMessage = "You must pick at least one permission";
//TODO: How to handle this
public static readonly string InvalidSelectionErrorMessage = "Invalid selection";
}
}

74
modules/account/src/Volo.Abp.Account.Web.IdentityServer/Pages/Consent.cshtml
View File

@ -1,17 +1,18 @@
@page
@using Volo.Abp.Account.Web.Pages
@using Volo.Abp.Account.Web.Pages.Account
@model ConsentModel
<abp-card id="IdentityServerConsentWrapper">
<abp-card-header>
<div class="row">
<div class="col-md-12">
<h2>
@if (Model.Consent.ClientLogoUrl != null)
@if (Model.ClientInfo.ClientLogoUrl != null)
{
<img src="@Model.Consent.ClientLogoUrl">
<img src="@Model.ClientInfo.ClientLogoUrl">
}
@Model.Consent.ClientName
@Model.ClientInfo.ClientName
<small>is requesting your permission</small>
</h2>
</div>
@ -24,62 +25,59 @@
<div>Uncheck the permissions you do not wish to grant.</div>
@if (!Model.Consent.IdentityScopes.IsNullOrEmpty())
@if (!Model.ConsentInput.IdentityScopes.IsNullOrEmpty())
{
<h3>Personal Information</h3>
<ul class="list-group">
@for (var i = 0; i < Model.Consent.IdentityScopes.Count; i++)
@for (var i = 0; i < Model.ConsentInput.IdentityScopes.Count; i++)
{
<li class="list-group-item">
<div class="form-check">
<label asp-for="@Model.Consent.IdentityScopes[i].Checked" class="form-check-label">
<input asp-for="@Model.Consent.IdentityScopes[i].Checked" class="form-check-input" />
@Model.Consent.IdentityScopes[i].DisplayName
@if (Model.Consent.IdentityScopes[i].Required)
<label asp-for="@Model.ConsentInput.IdentityScopes[i].Checked" class="form-check-label">
<input asp-for="@Model.ConsentInput.IdentityScopes[i].Checked" class="form-check-input" />
@Model.ConsentInput.IdentityScopes[i].DisplayName
@if (Model.ConsentInput.IdentityScopes[i].Required)
{
<span><em>(required)</em></span>
}
</label>
</div>
<input asp-for="@Model.Consent.IdentityScopes[i].Value" type="hidden" /> @* TODO: Use attributes on the view model instead of using hidden here *@
@if (Model.Consent.IdentityScopes[i].Description != null)
<input asp-for="@Model.ConsentInput.IdentityScopes[i].Name" type="hidden" /> @* TODO: Use attributes on the view model instead of using hidden here *@
@if (Model.ConsentInput.IdentityScopes[i].Description != null)
{
<div class="consent-description">
@Model.Consent.IdentityScopes[i].Description
@Model.ConsentInput.IdentityScopes[i].Description
</div>
}
</li>
}
</ul>
}
@if (!Model.Consent.ApiScopes.IsNullOrEmpty())
@if (!Model.ConsentInput.ApiScopes.IsNullOrEmpty())
{
<h3>Application Access</h3>
<ul class="list-group">
@for (var i = 0; i < Model.Consent.ApiScopes.Count; i++)
@for (var i = 0; i < Model.ConsentInput.ApiScopes.Count; i++)
{
<li class="list-group-item">
<div class="form-check">
<label asp-for="@Model.Consent.ApiScopes[i].Checked" class="form-check-label">
<input asp-for="@Model.Consent.ApiScopes[i].Checked" class="form-check-input" disabled="@Model.Consent.ApiScopes[i].Required" />
@Model.Consent.ApiScopes[i].DisplayName
@if (Model.Consent.ApiScopes[i].Required)
<label asp-for="@Model.ConsentInput.ApiScopes[i].Checked" class="form-check-label">
<input asp-for="@Model.ConsentInput.ApiScopes[i].Checked" class="form-check-input" disabled="@Model.ConsentInput.ApiScopes[i].Required" />
@Model.ConsentInput.ApiScopes[i].DisplayName
@if (Model.ConsentInput.ApiScopes[i].Required)
{
<span><em>(required)</em></span>
}
</label>
</div>
<input asp-for="@Model.Consent.ApiScopes[i].Value" type="hidden" /> @* TODO: Use attributes on the view model instead of using hidden here *@
@if (Model.Consent.ApiScopes[i].Description != null)
<input asp-for="@Model.ConsentInput.ApiScopes[i].Name" type="hidden" /> @* TODO: Use attributes on the view model instead of using hidden here *@
@if (Model.ConsentInput.ApiScopes[i].Description != null)
{
<div class="consent-description">
@Model.Consent.ApiScopes[i].Description
@Model.ConsentInput.ApiScopes[i].Description
</div>
}
</li>
@ -87,35 +85,23 @@
</ul>
}
<div class="form-group">
<div class="card">
<div class="card-header">
<span class="glyphicon glyphicon-tasks"></span>
Description
</div>
<div class="card-body">
<input class="form-control" placeholder="Description or name of device" asp-for="@Model.Consent.Description" autofocus>
</div>
</div>
</div>
@if (Model.Consent.AllowRememberConsent)
@if (Model.ClientInfo.AllowRememberConsent)
{
<div class="form-check">
<label asp-for="@Model.Consent.RememberConsent" class="form-check-label">
<input asp-for="@Model.Consent.RememberConsent" class="form-check-input" />
<label asp-for="@Model.ConsentInput.RememberConsent" class="form-check-label">
<input asp-for="@Model.ConsentInput.RememberConsent" class="form-check-input" />
<strong>Remember My Decision</strong>
</label>
</div>
}
<div>
<button name="Consent.Button" value="yes" class="btn btn-primary" autofocus>Yes, Allow</button>
<button name="Consent.Button" value="no" class="btn">No, Do Not Allow</button>
@if (Model.Consent.ClientUrl != null)
<button name="ConsentInput.UserDecision" value="yes" class="btn btn-primary" autofocus>Yes, Allow</button>
<button name="ConsentInput.UserDecision" value="no" class="btn">No, Do Not Allow</button>
@if (Model.ClientInfo.ClientUrl != null)
{
<a class="pull-right btn btn-secondary" target="_blank" href="@Model.Consent.ClientUrl">
<strong>@Model.Consent.ClientName</strong>
<a class="pull-right btn btn-secondary" target="_blank" href="@Model.ClientInfo.ClientUrl">
<strong>@Model.ClientInfo.ClientName</strong>
</a>
}
</div>

243
modules/account/src/Volo.Abp.Account.Web.IdentityServer/Pages/Consent.cshtml.cs
View File

@ -3,13 +3,13 @@ using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Threading.Tasks;
using IdentityServer4.Extensions;
using IdentityServer4.Models;
using IdentityServer4.Services;
using IdentityServer4.Stores;
using IdentityServer4.Validation;
using Microsoft.AspNetCore.Mvc;
using Volo.Abp.AspNetCore.Mvc.UI.RazorPages;
using Volo.Abp.UI;
namespace Volo.Abp.Account.Web.Pages
{
@ -25,7 +25,9 @@ namespace Volo.Abp.Account.Web.Pages
public string ReturnUrlHash { get; set; }
[BindProperty]
public ConsentViewModel Consent { get; set; }
public ConsentModel.ConsentInputModel ConsentInput { get; set; }
public ClientInfoModel ClientInfo { get; set; }
private readonly IIdentityServerInteractionService _interaction;
private readonly IClientStore _clientStore;
@ -43,7 +45,49 @@ namespace Volo.Abp.Account.Web.Pages
public virtual async Task<IActionResult> OnGet()
{
Consent = await BuildViewModelAsync(ReturnUrl);
var request = await _interaction.GetAuthorizationContextAsync(ReturnUrl);
if (request == null)
{
throw new ApplicationException($"No consent request matching request: {ReturnUrl}");
}
var client = await _clientStore.FindEnabledClientByIdAsync(request.Client.ClientId);
if (client == null)
{
throw new ApplicationException($"Invalid client id: {request.Client.ClientId}");
}
var resources = await _resourceStore.FindEnabledResourcesByScopeAsync(request.ValidatedResources.RawScopeValues);
if (resources == null || (!resources.IdentityResources.Any() && !resources.ApiResources.Any()))
{
throw new ApplicationException($"No scopes matching: {request.ValidatedResources.RawScopeValues.Aggregate((x, y) => x + ", " + y)}");
}
ClientInfo = new ClientInfoModel(client);
ConsentInput = new ConsentInputModel
{
RememberConsent = true,
IdentityScopes = resources.IdentityResources.Select(x => CreateScopeViewModel(x, true)).ToList(),
};
var apiScopes = new List<ScopeViewModel>();
foreach(var parsedScope in request.ValidatedResources.ParsedScopes)
{
var apiScope = request.ValidatedResources.Resources.FindApiScope(parsedScope.ParsedName);
if (apiScope != null)
{
var scopeVm = CreateScopeViewModel(parsedScope, apiScope, true);
apiScopes.Add(scopeVm);
}
}
if (resources.OfflineAccess)
{
apiScopes.Add(GetOfflineAccessScope(true));
}
ConsentInput.ApiScopes = apiScopes;
return Page();
}
@ -65,137 +109,56 @@ namespace Volo.Abp.Account.Web.Pages
throw new ApplicationException("Unknown Error!");
}
protected virtual async Task<ProcessConsentResult> ProcessConsentAsync()
protected virtual async Task<ConsentModel.ProcessConsentResult> ProcessConsentAsync()
{
var result = new ProcessConsentResult();
var result = new ConsentModel.ProcessConsentResult();
// validate return url is still valid
var request = await _interaction.GetAuthorizationContextAsync(ReturnUrl);
if (request == null)
{
return result;
}
ConsentResponse grantedConsent = null;
ConsentResponse grantedConsent;
// user clicked 'no' - send back the standard 'access_denied' response
if (Consent?.Button == "no")
if (ConsentInput.UserDecision == "no")
{
grantedConsent = new ConsentResponse { Error = AuthorizationError.AccessDenied };
// emit event
//await _events.RaiseAsync(new ConsentDeniedEvent(User.GetSubjectId(), request.Client.ClientId, request.ValidatedResources.RawScopeValues));
grantedConsent = new ConsentResponse
{
Error = AuthorizationError.AccessDenied
};
}
// user clicked 'yes' - validate the data
else if (Consent?.Button == "yes")
else
{
Consent.ScopesConsented =
Consent.ApiScopes.Union(Consent.IdentityScopes).Distinct().Select(x => x.Value).ToList();
// if the user consented to some scope, build the response model
if (!Consent.ScopesConsented.IsNullOrEmpty())
if (!ConsentInput.IdentityScopes.IsNullOrEmpty() || !ConsentInput.ApiScopes.IsNullOrEmpty())
{
var scopes = Consent.ScopesConsented;
if (ConsentOptions.EnableOfflineAccess == false)
{
scopes = scopes.Where(x => x != IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess).ToList();
}
grantedConsent = new ConsentResponse
{
RememberConsent = Consent.RememberConsent,
ScopesValuesConsented = scopes.ToArray(),
Description = Consent.Description
RememberConsent = ConsentInput.RememberConsent,
ScopesValuesConsented = ConsentInput.GetAllowedScopeNames()
};
// emit event
//await _events.RaiseAsync(new ConsentGrantedEvent(User.GetSubjectId(), request.Client.ClientId, request.ValidatedResources.RawScopeValues, grantedConsent.ScopesValuesConsented, grantedConsent.RememberConsent));
}
else
{
//throw new UserFriendlyException("You must pick at least one permission"); //TODO: How to handle this
result.ValidationError = ConsentOptions.MustChooseOneErrorMessage;
throw new UserFriendlyException("You must pick at least one permission"); //TODO: How to handle this
}
}
else
{
result.ValidationError = ConsentOptions.InvalidSelectionErrorMessage;
}
if (grantedConsent != null)
{
// communicate outcome of consent back to identityserver
await _interaction.GrantConsentAsync(request, grantedConsent);
// indicate that's it ok to redirect back to authorization endpoint
result.RedirectUri = ReturnUrl; //TODO: ReturnUrlHash?
result.Client = request.Client;
}
else
{
// we need to redisplay the consent UI
result.ViewModel = await BuildViewModelAsync(ReturnUrl, Consent);
}
return result;
}
private async Task<ConsentViewModel> BuildViewModelAsync(string returnUrl, ConsentInputModel model = null)
{
var request = await _interaction.GetAuthorizationContextAsync(returnUrl);
if (request != null)
{
return CreateConsentViewModel(model, returnUrl, request);
}
throw new ApplicationException($"No consent request matching request: {returnUrl}");
}
private ConsentViewModel CreateConsentViewModel(ConsentInputModel model, string returnUrl, AuthorizationRequest request)
{
var consentViewModel = new ConsentViewModel
{
RememberConsent = model?.RememberConsent ?? true,
ScopesConsented = model?.ScopesConsented ?? new List<string>(),
Description = model?.Description,
ClientName = request.Client.ClientName ?? request.Client.ClientId,
ClientUrl = request.Client.ClientUri,
ClientLogoUrl = request.Client.LogoUri,
AllowRememberConsent = request.Client.AllowRememberConsent
};
consentViewModel.IdentityScopes = request.ValidatedResources.Resources.IdentityResources.Select(x =>
CreateScopeViewModel(x, consentViewModel.ScopesConsented.Contains(x.Name) || model == null))
.ToList();
var apiScopes = new List<ScopeViewModel>();
foreach(var parsedScope in request.ValidatedResources.ParsedScopes)
{
var apiScope = request.ValidatedResources.Resources.FindApiScope(parsedScope.ParsedName);
if (apiScope != null)
var request = await _interaction.GetAuthorizationContextAsync(ReturnUrl);
if (request == null)
{
var scopeVm = CreateScopeViewModel(parsedScope, apiScope,
consentViewModel.ScopesConsented.Contains(parsedScope.RawValue) || model == null);
apiScopes.Add(scopeVm);
return result;
}
}
if (ConsentOptions.EnableOfflineAccess && request.ValidatedResources.Resources.OfflineAccess)
{
apiScopes.Add(GetOfflineAccessScope(consentViewModel.ScopesConsented.Contains(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess) || model == null));
}
await _interaction.GrantConsentAsync(request, grantedConsent);
consentViewModel.ApiScopes = apiScopes;
result.RedirectUri = ReturnUrl; //TODO: ReturnUrlHash?
}
return consentViewModel;
return result;
}
protected virtual ScopeViewModel CreateScopeViewModel(IdentityResource identity, bool check)
protected virtual ConsentModel.ScopeViewModel CreateScopeViewModel(IdentityResource identity, bool check)
{
return new ScopeViewModel
return new ConsentModel.ScopeViewModel
{
Value = identity.Name,
Name = identity.Name,
DisplayName = identity.DisplayName,
Description = identity.Description,
Emphasize = identity.Emphasize,
@ -204,7 +167,7 @@ namespace Volo.Abp.Account.Web.Pages
};
}
protected virtual ScopeViewModel CreateScopeViewModel(ParsedScopeValue parsedScopeValue, ApiScope apiScope, bool check)
protected virtual ConsentModel.ScopeViewModel CreateScopeViewModel(ParsedScopeValue parsedScopeValue, ApiScope apiScope, bool check)
{
var displayName = apiScope.DisplayName ?? apiScope.Name;
if (!string.IsNullOrWhiteSpace(parsedScopeValue.ParsedParameter))
@ -214,7 +177,7 @@ namespace Volo.Abp.Account.Web.Pages
return new ScopeViewModel
{
Value = parsedScopeValue.RawValue,
Name = parsedScopeValue.RawValue,
DisplayName = displayName,
Description = apiScope.Description,
Emphasize = apiScope.Emphasize,
@ -223,11 +186,11 @@ namespace Volo.Abp.Account.Web.Pages
};
}
protected virtual ScopeViewModel GetOfflineAccessScope(bool check)
protected virtual ConsentModel.ScopeViewModel GetOfflineAccessScope(bool check)
{
return new ScopeViewModel
return new ConsentModel.ScopeViewModel
{
Value = IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess,
Name = IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess,
DisplayName = "Offline Access", //TODO: Localize
Description = "Access to your applications and resources, even when you are offline",
Emphasize = true,
@ -237,36 +200,28 @@ namespace Volo.Abp.Account.Web.Pages
public class ConsentInputModel
{
[Required]
public string Button { get; set; }
public List<ConsentModel.ScopeViewModel> IdentityScopes { get; set; }
public List<string> ScopesConsented { get; set; }
public List<ConsentModel.ScopeViewModel> ApiScopes { get; set; }
public bool RememberConsent { get; set; }
public string Description { get; set; }
}
public class ConsentViewModel : ConsentInputModel
{
public string ClientName { get; set; }
public string ClientUrl { get; set; }
public string ClientLogoUrl { get; set; }
public bool AllowRememberConsent { get; set; }
[Required]
public string UserDecision { get; set; }
public List<ScopeViewModel> IdentityScopes { get; set; }
public bool RememberConsent { get; set; }
public List<ScopeViewModel> ApiScopes { get; set; }
public List<string> GetAllowedScopeNames()
{
var identityScopes = IdentityScopes ?? new List<ConsentModel.ScopeViewModel>();
var apiScopes = ApiScopes ?? new List<ConsentModel.ScopeViewModel>();
return identityScopes.Union(apiScopes).Where(s => s.Checked).Select(s => s.Name).ToList();
}
}
public class ScopeViewModel
{
[Required]
[HiddenInput]
public string Value { get; set; }
public string Name { get; set; }
public bool Checked { get; set; }
@ -283,13 +238,29 @@ namespace Volo.Abp.Account.Web.Pages
{
public bool IsRedirect => RedirectUri != null;
public string RedirectUri { get; set; }
public Client Client { get; set; }
public bool ShowView => ViewModel != null;
public ConsentViewModel ViewModel { get; set; }
public bool HasValidationError => ValidationError != null;
public string ValidationError { get; set; }
}
public class ClientInfoModel
{
public string ClientName { get; set; }
public string ClientUrl { get; set; }
public string ClientLogoUrl { get; set; }
public bool AllowRememberConsent { get; set; }
public ClientInfoModel(Client client)
{
//TODO: Automap
ClientName = client.ClientId;
ClientUrl = client.ClientUri;
ClientLogoUrl = client.LogoUri;
AllowRememberConsent = client.AllowRememberConsent;
}
}
}
}

6
modules/account/src/Volo.Abp.Account.Web/Pages/Account/LoggedOut.cshtml
View File

@ -3,8 +3,12 @@
@using Volo.Abp.Account.Localization
@using Microsoft.AspNetCore.Mvc.Localization
@using Volo.Abp.Account.Web.Pages.Account
@using Volo.Abp.AspNetCore.Mvc.UI.Theming
@inject IThemeManager ThemeManager
@inject IHtmlLocalizer<AccountResource> L
@{
Layout = ThemeManager.CurrentTheme.GetApplicationLayout();
}
@section scripts {
<abp-script-bundle name="@typeof(LoggedOutModel).FullName">
<abp-script src="/Pages/Account/LoggedOut.js"/>

Write Preview
Loading…
Cancel
Save