mirror of
https://github.com/streetwriters/notesnook-sync-server.git
synced 2026-02-12 11:12:44 +00:00
118 lines
5.6 KiB
C#
118 lines
5.6 KiB
C#
/*
|
|
This file is part of the Notesnook Sync Server project (https://notesnook.com/)
|
|
|
|
Copyright (C) 2023 Streetwriters (Private) Limited
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the Affero GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Affero GNU General Public License for more details.
|
|
|
|
You should have received a copy of the Affero GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
using System.Linq;
|
|
using System.Security.Claims;
|
|
using System.Threading.Tasks;
|
|
using IdentityModel;
|
|
using IdentityServer4;
|
|
using IdentityServer4.Configuration;
|
|
using IdentityServer4.Models;
|
|
using IdentityServer4.Services;
|
|
using IdentityServer4.Stores;
|
|
using IdentityServer4.Validation;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Streetwriters.Common.Models;
|
|
using Streetwriters.Identity.Interfaces;
|
|
|
|
namespace Streetwriters.Identity.Helpers
|
|
{
|
|
public class TokenGenerationService : ITokenGenerationService
|
|
{
|
|
private IPersistedGrantStore PersistedGrantStore { get; set; }
|
|
private ITokenService TokenService { get; set; }
|
|
private IUserClaimsPrincipalFactory<User> PrincipalFactory { get; set; }
|
|
private IdentityServerOptions ISOptions { get; set; }
|
|
private IdentityServerTools Tools { get; set; }
|
|
private IResourceStore ResourceStore { get; set; }
|
|
public TokenGenerationService(ITokenService tokenService,
|
|
IUserClaimsPrincipalFactory<User> principalFactory,
|
|
IdentityServerOptions identityServerOptions,
|
|
IPersistedGrantStore persistedGrantStore,
|
|
IdentityServerTools tools,
|
|
IResourceStore resourceStore)
|
|
{
|
|
TokenService = tokenService;
|
|
PrincipalFactory = principalFactory;
|
|
ISOptions = identityServerOptions;
|
|
PersistedGrantStore = persistedGrantStore;
|
|
Tools = tools;
|
|
ResourceStore = resourceStore;
|
|
}
|
|
|
|
public async Task<string> CreateAccessTokenAsync(User user, string clientId)
|
|
{
|
|
var IdentityPricipal = await PrincipalFactory.CreateAsync(user);
|
|
var IdentityUser = new IdentityServerUser(user.Id.ToString());
|
|
IdentityUser.AdditionalClaims = IdentityPricipal.Claims.ToArray();
|
|
IdentityUser.DisplayName = user.UserName;
|
|
IdentityUser.AuthenticationTime = System.DateTime.UtcNow;
|
|
IdentityUser.IdentityProvider = IdentityServerConstants.LocalIdentityProvider;
|
|
var Request = new TokenCreationRequest
|
|
{
|
|
Subject = IdentityUser.CreatePrincipal(),
|
|
IncludeAllIdentityClaims = true,
|
|
ValidatedRequest = new ValidatedRequest()
|
|
};
|
|
Request.ValidatedRequest.Subject = Request.Subject;
|
|
Request.ValidatedRequest.SetClient(Config.Clients.FirstOrDefault((c) => c.ClientId == clientId));
|
|
Request.ValidatedRequest.AccessTokenType = AccessTokenType.Reference;
|
|
Request.ValidatedRequest.AccessTokenLifetime = 18000;
|
|
Request.ValidatedResources = new ResourceValidationResult(new Resources(Config.IdentityResources, Config.ApiResources, Config.ApiScopes));
|
|
Request.ValidatedRequest.Options = ISOptions;
|
|
Request.ValidatedRequest.ClientClaims = IdentityUser.AdditionalClaims;
|
|
var accessToken = await TokenService.CreateAccessTokenAsync(Request);
|
|
return await TokenService.CreateSecurityTokenAsync(accessToken);
|
|
}
|
|
|
|
public async Task<ClaimsPrincipal> TransformTokenRequestAsync(ValidatedTokenRequest request, User user, string grantType, string[] scopes, int lifetime = 20 * 60)
|
|
{
|
|
var principal = await PrincipalFactory.CreateAsync(user);
|
|
var identityUser = new IdentityServerUser(user.Id.ToString())
|
|
{
|
|
DisplayName = user.UserName,
|
|
AuthenticationTime = System.DateTime.UtcNow,
|
|
IdentityProvider = IdentityServerConstants.LocalIdentityProvider,
|
|
AdditionalClaims = principal.Claims.ToArray()
|
|
};
|
|
|
|
request.AccessTokenType = AccessTokenType.Jwt;
|
|
request.AccessTokenLifetime = lifetime;
|
|
request.GrantType = grantType;
|
|
request.ValidatedResources = await ResourceStore.CreateResourceValidationResult(new ParsedScopesResult()
|
|
{
|
|
ParsedScopes = scopes.Select((scope) => new ParsedScopeValue(scope)).ToArray()
|
|
});
|
|
return identityUser.CreatePrincipal();
|
|
}
|
|
|
|
public async Task<string> CreateAccessTokenFromValidatedRequestAsync(ValidatedTokenRequest validatedRequest, User user, string[] scopes, int lifetime = 20 * 60)
|
|
{
|
|
var request = new TokenCreationRequest
|
|
{
|
|
Subject = await this.TransformTokenRequestAsync(validatedRequest, user, validatedRequest.GrantType, scopes, lifetime),
|
|
IncludeAllIdentityClaims = true,
|
|
ValidatedRequest = validatedRequest,
|
|
ValidatedResources = validatedRequest.ValidatedResources
|
|
};
|
|
var accessToken = await TokenService.CreateAccessTokenAsync(request);
|
|
return await TokenService.CreateSecurityTokenAsync(accessToken);
|
|
}
|
|
}
|
|
} |