-
Notifications
You must be signed in to change notification settings - Fork 62
/
OpenLdapAppUser.cs
112 lines (98 loc) · 4.38 KB
/
OpenLdapAppUser.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
using System;
using System.Collections.Generic;
using System.Security.Claims;
using IdentityModel;
using IdentityServer.LdapExtension.Extensions;
using Novell.Directory.Ldap;
namespace IdentityServer.LdapExtension.UserModel
{
/// <summary>
/// Application User Details. Note that these details are mainly used for the claims.
/// </summary>
/// <seealso cref="IdentityServer.LdapExtension.UserModel.IAppUser" />
/// <remarks>In the future, this might become a base class instead of inherithing from an interface.</remarks>
public class OpenLdapAppUser : IAppUser
{
private string _subjectId = null;
public string SubjectId
{
get => _subjectId ?? Username;
set => _subjectId = value;
}
public string ProviderSubjectId { get; set; }
public string ProviderName { get; set; }
public string DisplayName { get; set; }
public string Username { get; set; }
public bool IsActive
{
get { return true; } // Always true for us, but we should look if the account have been locked out.
set { }
}
public ICollection<Claim> Claims { get; set; }
public string[] LdapAttributes => Enum<OpenLdapAttributes>.Descriptions;
/// <summary>
/// Fills the claims.
/// </summary>
/// <param name="user">The user.</param>
public void FillClaims(LdapEntry user)
{
// Example in LDAP we have display name as displayName (normal field)
this.Claims = new List<Claim>
{
GetClaimFromLdapAttributes(user, JwtClaimTypes.Name, OpenLdapAttributes.DisplayName),
GetClaimFromLdapAttributes(user, JwtClaimTypes.FamilyName, OpenLdapAttributes.LastName),
GetClaimFromLdapAttributes(user, JwtClaimTypes.GivenName, OpenLdapAttributes.FirstName),
GetClaimFromLdapAttributes(user, JwtClaimTypes.Email, OpenLdapAttributes.EMail),
GetClaimFromLdapAttributes(user, JwtClaimTypes.PhoneNumber, OpenLdapAttributes.TelephoneNumber)
};
// Add claims based on the user groups
// add the groups as claims -- be careful if the number of groups is too large
if (true)
{
try
{
var userRoles = user.getAttribute(OpenLdapAttributes.MemberOf.ToDescriptionString()).StringValues;
while (userRoles.MoveNext())
{
this.Claims.Add(new Claim(JwtClaimTypes.Role, userRoles.Current.ToString()));
}
//var roles = userRoles.Current (x => new Claim(JwtClaimTypes.Role, x.Value));
//id.AddClaims(roles);
//Claims = this.Claims.Concat(new List<Claim>()).ToList();
}
catch (Exception)
{
// No roles exists it seems.
}
}
}
public static string[] RequestedLdapAttributes()
{
throw new NotImplementedException();
}
internal Claim GetClaimFromLdapAttributes(LdapEntry user, string claim, OpenLdapAttributes ldapAttribute)
{
string value = string.Empty;
try
{
value = user.getAttribute(ldapAttribute.ToDescriptionString()).StringValue;
return new Claim(claim, value);
}
catch (Exception)
{
// Should do something... But basically the attribute is not found
// We swallow for now, since we might not care.
}
return new Claim(claim, value);
}
public void SetBaseDetails(LdapEntry ldapEntry, string providerName)
{
DisplayName = ldapEntry.getAttribute(OpenLdapAttributes.DisplayName.ToDescriptionString()).StringValue;
Username = ldapEntry.getAttribute(OpenLdapAttributes.UserName.ToDescriptionString()).StringValue;
ProviderName = providerName;
SubjectId = Username; // Extra: We could use the uidNumber instead in a sha algo.
ProviderSubjectId = Username;
FillClaims(ldapEntry);
}
}
}