Skip to content

Commit

Permalink
Use extension method to update OpenId application descriptor (#11721)
Browse files Browse the repository at this point in the history
  • Loading branch information
@MichaelPetrinolis
MichaelPetrinolis committed May 19, 2022
1 parent b8af006 commit 4b4a06e
Show file tree
Hide file tree
Showing 4 changed files with 278 additions and 359 deletions.
286 changes: 33 additions & 253 deletions src/OrchardCore.Modules/OrchardCore.OpenId/Controllers/ApplicationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,91 +157,27 @@ public async Task<IActionResult> Create(CreateOpenIdApplicationViewModel model,
return View(model);
}

var descriptor = new OpenIdApplicationDescriptor
{
var settings = new OpenIdApplicationSettings()
{
AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow,
AllowClientCredentialsFlow = model.AllowClientCredentialsFlow,
AllowHybridFlow = model.AllowHybridFlow,
AllowImplicitFlow = model.AllowImplicitFlow,
AllowLogoutEndpoint = model.AllowLogoutEndpoint,
AllowPasswordFlow = model.AllowPasswordFlow,
AllowRefreshTokenFlow = model.AllowRefreshTokenFlow,
ClientId = model.ClientId,
ClientSecret = model.ClientSecret,
ConsentType = model.ConsentType,
DisplayName = model.DisplayName,
PostLogoutRedirectUris = model.PostLogoutRedirectUris,
RedirectUris = model.RedirectUris,
Roles = model.RoleEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(),
Scopes = model.ScopeEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(),
Type = model.Type
};

if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
if (model.AllowClientCredentialsFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow ||
model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}

if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code);
}
if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken);

if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
}
if (model.AllowHybridFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);

if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
}

descriptor.PostLogoutRedirectUris.UnionWith(
from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty<string>()
select new Uri(uri, UriKind.Absolute));

descriptor.RedirectUris.UnionWith(
from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty<string>()
select new Uri(uri, UriKind.Absolute));

descriptor.Roles.UnionWith(model.RoleEntries
.Where(role => role.Selected)
.Select(role => role.Name));

descriptor.Permissions.UnionWith(model.ScopeEntries
.Where(scope => scope.Selected)
.Select(scope => OpenIddictConstants.Permissions.Prefixes.Scope + scope.Name));

await _applicationManager.CreateAsync(descriptor);
await _applicationManager.UpdateDescriptorFromSettings(settings);

if (string.IsNullOrEmpty(returnUrl))
{
Expand Down Expand Up @@ -364,183 +300,27 @@ await _applicationManager.GetIdAsync(application), StringComparison.Ordinal))
return View(model);
}

var descriptor = new OpenIdApplicationDescriptor();
await _applicationManager.PopulateAsync(descriptor, application);

descriptor.ClientId = model.ClientId;
descriptor.ConsentType = model.ConsentType;
descriptor.DisplayName = model.DisplayName;
descriptor.Type = model.Type;

if (!string.IsNullOrEmpty(model.ClientSecret))
{
descriptor.ClientSecret = model.ClientSecret;
}

if (string.Equals(descriptor.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.ClientSecret = null;
}

if (model.AllowLogoutEndpoint)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Logout);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Logout);
}

if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
}

if (model.AllowClientCredentialsFlow)
var settings = new OpenIdApplicationSettings()
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}

if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Implicit);
}

if (model.AllowPasswordFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.Password);
}

if (model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
}

if (model.AllowAuthorizationCodeFlow || model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Authorization);
}

if (model.AllowAuthorizationCodeFlow || model.AllowClientCredentialsFlow ||
model.AllowPasswordFlow || model.AllowRefreshTokenFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.Endpoints.Token);
}

if (model.AllowAuthorizationCodeFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Code);
}

if (model.AllowImplicitFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken);

if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.Token);
}
if (model.AllowHybridFlow)
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);

if (string.Equals(model.Type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}
}
else
{
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
descriptor.Permissions.Remove(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
}

descriptor.Roles.Clear();

foreach (var selectedRole in (model.RoleEntries
.Where(role => role.Selected)
.Select(role => role.Name)))
{
descriptor.Roles.Add(selectedRole);
}

descriptor.Permissions.RemoveWhere(permission => permission.StartsWith(OpenIddictConstants.Permissions.Prefixes.Scope));
foreach (var selectedScope in (model.ScopeEntries
.Where(scope => scope.Selected)
.Select(scope => scope.Name)))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Prefixes.Scope + selectedScope);
}

descriptor.PostLogoutRedirectUris.Clear();
foreach (Uri uri in
(from uri in model.PostLogoutRedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty<string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.PostLogoutRedirectUris.Add(uri);
}

descriptor.RedirectUris.Clear();
foreach (Uri uri in
(from uri in model.RedirectUris?.Split(new[] { " ", "," }, StringSplitOptions.RemoveEmptyEntries) ?? Array.Empty<string>()
select new Uri(uri, UriKind.Absolute)))
{
descriptor.RedirectUris.Add(uri);
}
AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow,
AllowClientCredentialsFlow = model.AllowClientCredentialsFlow,
AllowHybridFlow = model.AllowHybridFlow,
AllowImplicitFlow = model.AllowImplicitFlow,
AllowLogoutEndpoint = model.AllowLogoutEndpoint,
AllowPasswordFlow = model.AllowPasswordFlow,
AllowRefreshTokenFlow = model.AllowRefreshTokenFlow,
ClientId = model.ClientId,
ClientSecret = model.ClientSecret,
ConsentType = model.ConsentType,
DisplayName = model.DisplayName,
PostLogoutRedirectUris = model.PostLogoutRedirectUris,
RedirectUris = model.RedirectUris,
Roles = model.RoleEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(),
Scopes = model.ScopeEntries.Where(x => x.Selected).Select(x => x.Name).ToArray(),
Type = model.Type
};

await _applicationManager.UpdateAsync(application, descriptor);
await _applicationManager.UpdateDescriptorFromSettings(settings, application);

if (string.IsNullOrEmpty(returnUrl))
{
Expand Down

0 comments on commit 4b4a06e

Please sign in to comment.