tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix login URL and naming.

pull/837/head
Sebastian 4 years ago
parent
467dec4d63
commit
e7611a68c4
10 changed files with 40 additions and 31 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      backend/src/Squidex.Infrastructure/Json/ClaimsPrincipalSurrogate.cs
  2. 4
      backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs
  3. 3
      backend/src/Squidex/Areas/IdentityServer/Controllers/Account/AccountController.cs
  4. 30
      backend/src/Squidex/Areas/IdentityServer/Controllers/Connect/ConnectController.cs
  5. 4
      backend/src/Squidex/Config/Authentication/AuthenticationServices.cs
  6. 2
      backend/src/Squidex/Config/Domain/SerializationServices.cs
  7. 10
      backend/src/Squidex/Startup.cs
  8. 2
      backend/tests/Squidex.Domain.Apps.Core.Tests/TestHelpers/TestUtils.cs
  9. 2
      backend/tests/Squidex.Infrastructure.Tests/TestHelpers/TestUtils.cs
  10. 12
      backend/tests/Squidex.Web.Tests/Pipeline/ApiPermissionUnifierTests.cs

2
backend/src/Squidex.Infrastructure/Json/ClaimsPrinicpalSurrogate.cs → backend/src/Squidex.Infrastructure/Json/ClaimsPrincipalSurrogate.cs
View File

@ -9,7 +9,7 @@ using System.Security.Claims;
namespace Squidex.Infrastructure.Json
{
public sealed class ClaimsPrinicpalSurrogate : List<ClaimsIdentitySurrogate>, ISurrogate<ClaimsPrincipal>
public sealed class ClaimsPrincipalSurrogate : List<ClaimsIdentitySurrogate>, ISurrogate<ClaimsPrincipal>
{
public void FromSource(ClaimsPrincipal source)
{

4
backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs
View File

@ -121,8 +121,6 @@ namespace Squidex.Areas.IdentityServer.Config
var issuerUrl = Constants.PrefixIdentityServer;
options.Issuer = new Uri(urlGenerator.BuildUrl(issuerUrl, false));
options.AuthorizationEndpointUris.Add(
new Uri(urlGenerator.BuildUrl($"{issuerUrl}/connect/authorize", false)));
@ -137,6 +135,8 @@ namespace Squidex.Areas.IdentityServer.Config
options.UserinfoEndpointUris.Add(
new Uri(urlGenerator.BuildUrl($"{issuerUrl}/connect/userinfo", false)));
options.Issuer = new Uri(urlGenerator.BuildUrl(issuerUrl, false));
});
}
}

3
backend/src/Squidex/Areas/IdentityServer/Controllers/Account/AccountController.cs
View File

@ -251,8 +251,7 @@ namespace Squidex.Areas.IdentityServer.Controllers.Account
user = await userService.CreateAsync(email, values, identityOptions.LockAutomatically, HttpContext.RequestAborted);
await userService.AddLoginAsync(user.Id, login,
HttpContext.RequestAborted);
await userService.AddLoginAsync(user.Id, login, HttpContext.RequestAborted);
(isLoggedIn, var locked) = await LoginAsync(login);

30
backend/src/Squidex/Areas/IdentityServer/Controllers/Connect/ConnectController.cs
View File

@ -43,7 +43,6 @@ namespace Notifo.Areas.Account.Controllers
public async Task<IActionResult> Exchange()
{
var request = HttpContext.GetOpenIddictServerRequest();
if (request == null)
{
throw new InvalidOperationException("The OpenID Connect request cannot be retrieved.");
@ -52,14 +51,12 @@ namespace Notifo.Areas.Account.Controllers
if (request.IsAuthorizationCodeGrantType() || request.IsRefreshTokenGrantType() || request.IsImplicitFlow())
{
var principal = (await HttpContext.AuthenticateAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)).Principal;
if (principal == null)
{
throw new InvalidOperationException("The user details cannot be retrieved.");
}
var user = await userService.GetAsync(principal, HttpContext.RequestAborted);
if (user == null)
{
return Forbid(
@ -104,7 +101,7 @@ namespace Notifo.Areas.Account.Controllers
throw new InvalidOperationException("The application details cannot be found in the database.");
}
var principal = await CreateApplicationPrinicpalAsync(request, application);
var principal = await CreateApplicationPrincipalAsync(request, application);
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}
@ -155,9 +152,7 @@ namespace Notifo.Areas.Account.Controllers
throw new InvalidOperationException("The user details cannot be retrieved.");
}
var principal = await SignInManager.CreateUserPrincipalAsync((IdentityUser)user.Identity);
await EnrichPrincipalAsync(request, principal, false);
var principal = await CreatePrincipalAsync(request, user);
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}
@ -170,7 +165,14 @@ namespace Notifo.Areas.Account.Controllers
return SignOut(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}
private async Task<ClaimsPrincipal> CreateApplicationPrinicpalAsync(OpenIddictRequest request, object application)
private async Task<ClaimsPrincipal> CreatePrincipalAsync(OpenIddictRequest request, Squidex.Shared.Users.IUser? user)
{
var principal = await SignInManager.CreateUserPrincipalAsync((IdentityUser)user.Identity);
return await EnrichPrincipalAsync(principal, request, false);
}
private async Task<ClaimsPrincipal> CreateApplicationPrincipalAsync(OpenIddictRequest request, object application)
{
var identity = new ClaimsIdentity(
TokenValidationParameters.DefaultAuthenticationType,
@ -193,22 +195,24 @@ namespace Notifo.Areas.Account.Controllers
identity.AddClaim(claim);
}
await EnrichPrincipalAsync(request, principal, true);
return principal;
return await EnrichPrincipalAsync(principal, request, true);
}
private async Task EnrichPrincipalAsync(OpenIddictRequest request, ClaimsPrincipal principal, bool alwaysDeliverPermissions)
private async Task<ClaimsPrincipal> EnrichPrincipalAsync(ClaimsPrincipal principal, OpenIddictRequest request, bool alwaysDeliverPermissions)
{
var scopes = request.GetScopes();
var resources = await scopeManager.ListResourcesAsync(scopes, HttpContext.RequestAborted).ToListAsync(HttpContext.RequestAborted);
principal.SetScopes(scopes);
principal.SetResources(await scopeManager.ListResourcesAsync(scopes, HttpContext.RequestAborted).ToListAsync(HttpContext.RequestAborted));
principal.SetResources(resources);
foreach (var claim in principal.Claims)
{
claim.SetDestinations(GetDestinations(claim, principal, alwaysDeliverPermissions));
}
return principal;
}
private static IEnumerable<string> GetDestinations(Claim claim, ClaimsPrincipal principal, bool alwaysDeliverPermissions)

4
backend/src/Squidex/Config/Authentication/AuthenticationServices.cs
View File

@ -31,6 +31,10 @@ namespace Squidex.Config.Authentication
builder.Services.ConfigureApplicationCookie(options =>
{
options.AccessDeniedPath = "/identity-server/account/access-denied";
options.LoginPath = "/identity-server/account/login";
options.LogoutPath = "/identity-server/account/login";
options.Cookie.Name = ".sq.auth";
if (urlsOptions.BaseUrl?.StartsWith("https://", StringComparison.OrdinalIgnoreCase) == true)

2
backend/src/Squidex/Config/Domain/SerializationServices.cs
View File

@ -46,7 +46,7 @@ namespace Squidex.Config.Domain
new ExecutionResultJsonConverter(new ErrorInfoProvider()),
new JsonValueConverter(),
new StringEnumConverter(),
new SurrogateConverter<ClaimsPrincipal, ClaimsPrinicpalSurrogate>(),
new SurrogateConverter<ClaimsPrincipal, ClaimsPrincipalSurrogate>(),
new SurrogateConverter<FilterNode<IJsonValue>, JsonFilterSurrogate>(),
new SurrogateConverter<LanguageConfig, LanguageConfigSurrogate>(),
new SurrogateConverter<LanguagesConfig, LanguagesConfigSurrogate>(),

10
backend/src/Squidex/Startup.cs
View File

@ -37,13 +37,17 @@ namespace Squidex
services.AddDefaultWebServices(config);
services.AddDefaultForwardRules();
// They must be called in this order.
services.AddSquidexMvcWithPlugins(config);
services.AddSquidexIdentity(config);
services.AddSquidexIdentityServer();
services.AddSquidexAuthentication(config);
services.AddSquidexImageResizing(config);
services.AddSquidexAssetInfrastructure(config);
services.AddSquidexSerializers();
services.AddSquidexMvcWithPlugins(config);
services.AddSquidexApps(config);
services.AddSquidexAssets(config);
services.AddSquidexAuthentication(config);
services.AddSquidexBackups();
services.AddSquidexCommands(config);
services.AddSquidexComments();
@ -54,8 +58,6 @@ namespace Squidex
services.AddSquidexGraphQL();
services.AddSquidexHealthChecks(config);
services.AddSquidexHistory(config);
services.AddSquidexIdentity(config);
services.AddSquidexIdentityServer();
services.AddSquidexInfrastructure(config);
services.AddSquidexLocalization();
services.AddSquidexMigration(config);

2
backend/tests/Squidex.Domain.Apps.Core.Tests/TestHelpers/TestUtils.cs
View File

@ -53,7 +53,7 @@ namespace Squidex.Domain.Apps.Core.TestHelpers
new EnvelopeHeadersConverter(),
new JsonValueConverter(),
new StringEnumConverter(),
new SurrogateConverter<ClaimsPrincipal, ClaimsPrinicpalSurrogate>(),
new SurrogateConverter<ClaimsPrincipal, ClaimsPrincipalSurrogate>(),
new SurrogateConverter<FilterNode<IJsonValue>, JsonFilterSurrogate>(),
new SurrogateConverter<LanguageConfig, LanguageConfigSurrogate>(),
new SurrogateConverter<LanguagesConfig, LanguagesConfigSurrogate>(),

2
backend/tests/Squidex.Infrastructure.Tests/TestHelpers/TestUtils.cs
View File

@ -36,7 +36,7 @@ namespace Squidex.Infrastructure.TestHelpers
SerializationBinder = new TypeNameSerializationBinder(typeNameRegistry ?? new TypeNameRegistry()),
ContractResolver = new ConverterContractResolver(
new SurrogateConverter<ClaimsPrincipal, ClaimsPrinicpalSurrogate>(),
new SurrogateConverter<ClaimsPrincipal, ClaimsPrincipalSurrogate>(),
new EnvelopeHeadersConverter(),
new JsonValueConverter(),
new SurrogateConverter<FilterNode<IJsonValue>, JsonFilterSurrogate>(),

12
backend/tests/Squidex.Web.Tests/Pipeline/ApiPermissionUnifierTests.cs
View File

@ -22,11 +22,11 @@ namespace Squidex.Web.Pipeline
public async Task Should_add_admin_permission_if_user_is_in_role(string role)
{
var userIdentity = new ClaimsIdentity();
var userPrinicpal = new ClaimsPrincipal(userIdentity);
var userPrincipal = new ClaimsPrincipal(userIdentity);
userIdentity.AddClaim(new Claim(userIdentity.RoleClaimType, role));
var result = await sut.TransformAsync(userPrinicpal);
var result = await sut.TransformAsync(userPrincipal);
Assert.Equal(Permissions.Admin, result.Claims.FirstOrDefault(x => x.Type == SquidexClaimTypes.Permissions)?.Value);
Assert.Equal(role, result.Claims.FirstOrDefault(x => x.Type == userIdentity.RoleClaimType)?.Value);
@ -36,11 +36,11 @@ namespace Squidex.Web.Pipeline
public async Task Should_not_add_admin_persmission_if_user_has_other_role()
{
var userIdentity = new ClaimsIdentity();
var userPrinicpal = new ClaimsPrincipal(userIdentity);
var userPrincipal = new ClaimsPrincipal(userIdentity);
userIdentity.AddClaim(new Claim(userIdentity.RoleClaimType, "Developer"));
var result = await sut.TransformAsync(userPrinicpal);
var result = await sut.TransformAsync(userPrincipal);
Assert.Single(result.Claims);
}
@ -49,9 +49,9 @@ namespace Squidex.Web.Pipeline
public async Task Should_not_add_admin_persmission_if_user_has_no_role()
{
var userIdentity = new ClaimsIdentity();
var userPrinicpal = new ClaimsPrincipal(userIdentity);
var userPrincipal = new ClaimsPrincipal(userIdentity);
var result = await sut.TransformAsync(userPrinicpal);
var result = await sut.TransformAsync(userPrincipal);
Assert.Empty(result.Claims);
}

Write Preview
Loading…
Cancel
Save