Improvement to cookies

7 years ago · 922bb1ce69
7 changed files with 65 additions and 4 deletions
--- a/src/Squidex.Domain.Users/UserManagerExtensions.cs
+++ b/src/Squidex.Domain.Users/UserManagerExtensions.cs
@ -65,6 +65,18 @@ namespace Squidex.Domain.Users
            return await userManager.ResolveUserAsync(user);
        }

+        public static async Task<UserWithClaims> FindByLoginWithClaimsAsync(this UserManager<IdentityUser> userManager, string loginProvider, string providerKey)
+        {
+            if (loginProvider == null || providerKey == null)
+            {
+                return null;
+            }
+
+            var user = await userManager.FindByLoginAsync(loginProvider, providerKey);
+
+            return await userManager.ResolveUserAsync(user);
+        }
+
        public static Task<long> CountByEmailAsync(this UserManager<IdentityUser> userManager, string email = null)
        {
            var count = QueryUsers(userManager, email).LongCount();
--- a/src/Squidex.Web/ClearCookiesAttribute.cs
+++ b/src/Squidex.Web/ClearCookiesAttribute.cs
@ -0,0 +1,24 @@
+// ==========================================================================
+//  Squidex Headless CMS
+// ==========================================================================
+//  Copyright (c) Squidex UG (haftungsbeschränkt)
+//  All rights reserved. Licensed under the MIT license.
+// ==========================================================================
+
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace Squidex.Web
+{
+    public sealed class ClearCookiesAttribute : ActionFilterAttribute
+    {
+        public override void OnActionExecuting(ActionExecutingContext context)
+        {
+            var cookies = context.HttpContext.Response.Cookies;
+
+            foreach (var cookie in context.HttpContext.Request.Cookies.Keys)
+            {
+                cookies.Delete(cookie);
+            }
+        }
+    }
+}
--- a/src/Squidex/Areas/IdentityServer/Controllers/Account/AccountController.cs
+++ b/src/Squidex/Areas/IdentityServer/Controllers/Account/AccountController.cs
@ -26,6 +26,7 @@ using Squidex.Infrastructure.Tasks;
 using Squidex.Shared;
 using Squidex.Shared.Identity;
 using Squidex.Shared.Users;
+using Squidex.Web;

 namespace Squidex.Areas.IdentityServer.Controllers.Account
 {
@ -164,6 +165,7 @@ namespace Squidex.Areas.IdentityServer.Controllers.Account

        [HttpGet]
        [Route("account/login/")]
+        [ClearCookies]
        public Task<IActionResult> Login(string returnUrl = null)
        {
            return LoginViewAsync(returnUrl, true, false);
@ -242,7 +244,11 @@ namespace Squidex.Areas.IdentityServer.Controllers.Account

            UserWithClaims user = null;

-            if (!isLoggedIn)
+            if (isLoggedIn)
+            {
+                user = await userManager.FindByLoginWithClaimsAsync(externalLogin.LoginProvider, externalLogin.ProviderKey);
+            }
+            else
            {
                var email = externalLogin.Principal.FindFirst(ClaimTypes.Email).Value;

--- a/src/Squidex/Areas/IdentityServer/Controllers/Error/ErrorController.cs
+++ b/src/Squidex/Areas/IdentityServer/Controllers/Error/ErrorController.cs
@ -9,6 +9,7 @@ using System.Threading.Tasks;
 using IdentityServer4.Models;
 using IdentityServer4.Services;
 using Microsoft.AspNetCore.Diagnostics;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Squidex.Infrastructure;

@ -17,15 +18,19 @@ namespace Squidex.Areas.IdentityServer.Controllers.Error
    public sealed class ErrorController : IdentityServerController
    {
        private readonly IIdentityServerInteractionService interaction;
+        private readonly SignInManager<IdentityUser> signInManager;

-        public ErrorController(IIdentityServerInteractionService interaction)
+        public ErrorController(IIdentityServerInteractionService interaction, SignInManager<IdentityUser> signInManager)
        {
            this.interaction = interaction;
+            this.signInManager = signInManager;
        }

        [Route("error/")]
        public async Task<IActionResult> Error(string errorId = null)
        {
+            await signInManager.SignOutAsync();
+
            var vm = new ErrorViewModel();

            if (!string.IsNullOrWhiteSpace(errorId))
--- a/src/Squidex/Config/Authentication/AuthenticationServices.cs
+++ b/src/Squidex/Config/Authentication/AuthenticationServices.cs
@ -5,6 +5,7 @@
 //  All rights reserved. Licensed under the MIT license.
 // ==========================================================================

+using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;

@ -17,12 +18,22 @@ namespace Squidex.Config.Authentication
            var identityOptions = config.GetSection("identity").Get<MyIdentityOptions>();

            services.AddAuthentication()
+                .AddMyCookie()
                .AddMyExternalGithubAuthentication(identityOptions)
                .AddMyExternalGoogleAuthentication(identityOptions)
                .AddMyExternalMicrosoftAuthentication(identityOptions)
                .AddMyExternalOdic(identityOptions)
-                .AddMyIdentityServerAuthentication(identityOptions, config)
-                .AddCookie();
+                .AddMyIdentityServerAuthentication(identityOptions, config);
+        }
+
+        public static AuthenticationBuilder AddMyCookie(this AuthenticationBuilder builder)
+        {
+            builder.Services.ConfigureApplicationCookie(options =>
+            {
+                options.Cookie.Name = ".sq.auth";
+            });
+
+            return builder.AddCookie();
        }
    }
 }
--- a/src/Squidex/Config/Authentication/OidcServices.cs
+++ b/src/Squidex/Config/Authentication/OidcServices.cs
@ -26,6 +26,7 @@ namespace Squidex.Config.Authentication
                    options.ClientId = identityOptions.OidcClient;
                    options.ClientSecret = identityOptions.OidcSecret;
                    options.Scope.Add(Constants.EmailScope);
+                    options.Scope.Add(Constants.PermissionsScope);
                    options.RequireHttpsMetadata = false;
                });
            }
--- a/src/Squidex/Config/Logging.cs
+++ b/src/Squidex/Config/Logging.cs
@ -38,6 +38,8 @@ namespace Squidex.Config
                    return level >= LogLevel.Warning;
                }

+                return true;
+
                if (category.StartsWith("Microsoft.AspNetCore.", StringComparison.OrdinalIgnoreCase))
                {
                    return level > LogLevel.Information;