Skip to content

Commit 2ea652a

Browse files
malimingmaliming
authored
Merge pull request #23988 from abpframework/auto-merge/rel-10-0/4053
Merge branch dev with rel-10.0
2 parents a868b9f + f860930 commit 2ea652a

File tree

1 file changed

+248
-0
lines changed

1 file changed

+248
-0
lines changed

modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/OpenIddictDataSeedContributorBase.cs

Lines changed: 248 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,248 @@
1+
using System;
2+
using System.Collections.Generic;
3+
using System.Linq;
4+
using System.Text.Json;
5+
using System.Threading.Tasks;
6+
using JetBrains.Annotations;
7+
using Microsoft.Extensions.Configuration;
8+
using OpenIddict.Abstractions;
9+
using Volo.Abp.OpenIddict.Applications;
10+
using Volo.Abp.OpenIddict.Scopes;
11+
12+
namespace Volo.Abp.OpenIddict;
13+
14+
public abstract class OpenIddictDataSeedContributorBase
15+
{
16+
protected IConfiguration Configuration { get; }
17+
protected IOpenIddictApplicationRepository OpenIddictApplicationRepository { get; }
18+
protected IAbpApplicationManager ApplicationManager { get; }
19+
protected IOpenIddictScopeRepository OpenIddictScopeRepository { get; }
20+
protected IOpenIddictScopeManager ScopeManager { get; }
21+
22+
public OpenIddictDataSeedContributorBase(
23+
IConfiguration configuration,
24+
IOpenIddictApplicationRepository openIddictApplicationRepository,
25+
IAbpApplicationManager applicationManager,
26+
IOpenIddictScopeRepository openIddictScopeRepository,
27+
IOpenIddictScopeManager scopeManager)
28+
{
29+
Configuration = configuration;
30+
OpenIddictApplicationRepository = openIddictApplicationRepository;
31+
ApplicationManager = applicationManager;
32+
OpenIddictScopeRepository = openIddictScopeRepository;
33+
ScopeManager = scopeManager;
34+
}
35+
36+
protected virtual async Task CreateScopesAsync(OpenIddictScopeDescriptor scope)
37+
{
38+
if (await OpenIddictScopeRepository.FindByNameAsync(scope.Name) == null)
39+
{
40+
await ScopeManager.CreateAsync(scope);
41+
}
42+
}
43+
44+
protected virtual async Task CreateOrUpdateApplicationAsync(
45+
[NotNull] string applicationType,
46+
[NotNull] string name,
47+
[NotNull] string type,
48+
[NotNull] string consentType,
49+
string displayName,
50+
string secret,
51+
List<string> grantTypes,
52+
List<string> scopes,
53+
List<string> redirectUris = null,
54+
List<string> postLogoutRedirectUris = null,
55+
string clientUri = null,
56+
string logoUri = null)
57+
{
58+
if (!string.IsNullOrEmpty(secret) && string.Equals(type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
59+
{
60+
throw new AbpException("No client secret can be set for public applications.");
61+
}
62+
63+
if (string.IsNullOrEmpty(secret) && string.Equals(type, OpenIddictConstants.ClientTypes.Confidential, StringComparison.OrdinalIgnoreCase))
64+
{
65+
throw new AbpException("The client secret is required for confidential applications.");
66+
}
67+
68+
var application = new AbpApplicationDescriptor
69+
{
70+
ApplicationType = applicationType,
71+
ClientId = name,
72+
ClientType = type,
73+
ClientSecret = secret,
74+
ConsentType = consentType,
75+
DisplayName = displayName,
76+
ClientUri = clientUri,
77+
LogoUri = logoUri,
78+
};
79+
80+
Check.NotNullOrEmpty(grantTypes, nameof(grantTypes));
81+
Check.NotNullOrEmpty(scopes, nameof(scopes));
82+
83+
if (new[] { OpenIddictConstants.GrantTypes.AuthorizationCode, OpenIddictConstants.GrantTypes.Implicit }.All(grantTypes.Contains))
84+
{
85+
application.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken);
86+
87+
if (string.Equals(type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
88+
{
89+
application.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken);
90+
application.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.CodeToken);
91+
}
92+
}
93+
94+
if (!redirectUris.IsNullOrEmpty() || !postLogoutRedirectUris.IsNullOrEmpty())
95+
{
96+
application.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.EndSession);
97+
}
98+
99+
var buildInGrantTypes = new[]
100+
{
101+
OpenIddictConstants.GrantTypes.Implicit, OpenIddictConstants.GrantTypes.Password,
102+
OpenIddictConstants.GrantTypes.AuthorizationCode, OpenIddictConstants.GrantTypes.ClientCredentials,
103+
OpenIddictConstants.GrantTypes.DeviceCode, OpenIddictConstants.GrantTypes.RefreshToken
104+
};
105+
106+
foreach (var grantType in grantTypes)
107+
{
108+
if (grantType == OpenIddictConstants.GrantTypes.AuthorizationCode)
109+
{
110+
application.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
111+
application.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code);
112+
}
113+
114+
if (grantType == OpenIddictConstants.GrantTypes.AuthorizationCode ||
115+
grantType == OpenIddictConstants.GrantTypes.Implicit)
116+
{
117+
application.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
118+
}
119+
120+
if (grantType == OpenIddictConstants.GrantTypes.AuthorizationCode ||
121+
grantType == OpenIddictConstants.GrantTypes.ClientCredentials ||
122+
grantType == OpenIddictConstants.GrantTypes.Password ||
123+
grantType == OpenIddictConstants.GrantTypes.RefreshToken ||
124+
grantType == OpenIddictConstants.GrantTypes.DeviceCode)
125+
{
126+
application.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
127+
application.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Revocation);
128+
application.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Introspection);
129+
}
130+
131+
if (grantType == OpenIddictConstants.GrantTypes.ClientCredentials)
132+
{
133+
application.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
134+
}
135+
136+
if (grantType == OpenIddictConstants.GrantTypes.Implicit)
137+
{
138+
application.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Implicit);
139+
}
140+
141+
if (grantType == OpenIddictConstants.GrantTypes.Password)
142+
{
143+
application.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.Password);
144+
}
145+
146+
if (grantType == OpenIddictConstants.GrantTypes.RefreshToken)
147+
{
148+
application.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
149+
}
150+
151+
if (grantType == OpenIddictConstants.GrantTypes.DeviceCode)
152+
{
153+
application.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.DeviceCode);
154+
application.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization);
155+
}
156+
157+
if (grantType == OpenIddictConstants.GrantTypes.Implicit)
158+
{
159+
application.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdToken);
160+
if (string.Equals(type, OpenIddictConstants.ClientTypes.Public, StringComparison.OrdinalIgnoreCase))
161+
{
162+
application.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken);
163+
application.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Token);
164+
}
165+
}
166+
167+
if (!buildInGrantTypes.Contains(grantType))
168+
{
169+
application.Permissions.Add(OpenIddictConstants.Permissions.Prefixes.GrantType + grantType);
170+
}
171+
}
172+
173+
var buildInScopes = new[]
174+
{
175+
OpenIddictConstants.Permissions.Scopes.Address,
176+
OpenIddictConstants.Permissions.Scopes.Email,
177+
OpenIddictConstants.Permissions.Scopes.Phone,
178+
OpenIddictConstants.Permissions.Scopes.Profile,
179+
OpenIddictConstants.Permissions.Scopes.Roles
180+
};
181+
182+
foreach (var scope in scopes)
183+
{
184+
if (buildInScopes.Contains(scope))
185+
{
186+
application.Permissions.Add(scope);
187+
}
188+
else
189+
{
190+
application.Permissions.Add(OpenIddictConstants.Permissions.Prefixes.Scope + scope);
191+
}
192+
}
193+
194+
if (!redirectUris.IsNullOrEmpty())
195+
{
196+
foreach (var redirectUri in redirectUris!.Where(redirectUri => !redirectUri.IsNullOrWhiteSpace()))
197+
{
198+
if (!Uri.TryCreate(redirectUri, UriKind.Absolute, out var uri) || !uri.IsWellFormedOriginalString())
199+
{
200+
throw new AbpException("Invalid RedirectUri: " + redirectUri);
201+
}
202+
203+
if (application.RedirectUris.All(x => x != uri))
204+
{
205+
application.RedirectUris.Add(uri);
206+
}
207+
}
208+
}
209+
210+
if (!postLogoutRedirectUris.IsNullOrEmpty())
211+
{
212+
foreach (var postLogoutRedirectUri in postLogoutRedirectUris!.Where(postLogoutRedirectUri => !postLogoutRedirectUri.IsNullOrWhiteSpace()))
213+
{
214+
if (!Uri.TryCreate(postLogoutRedirectUri, UriKind.Absolute, out var uri) ||
215+
!uri.IsWellFormedOriginalString())
216+
{
217+
throw new AbpException("Invalid PostLogoutRedirectUri: " + postLogoutRedirectUri);
218+
}
219+
220+
if (application.PostLogoutRedirectUris.All(x => x != uri))
221+
{
222+
application.PostLogoutRedirectUris.Add(uri);
223+
}
224+
}
225+
}
226+
227+
var client = await OpenIddictApplicationRepository.FindByClientIdAsync(name);
228+
if (client == null)
229+
{
230+
await ApplicationManager.CreateAsync(application);
231+
232+
}
233+
else
234+
{
235+
await ApplicationManager.UpdateAsync(client.ToModel(), application);
236+
}
237+
}
238+
239+
protected virtual bool HasSameRedirectUris(OpenIddictApplication existingClient, AbpApplicationDescriptor application)
240+
{
241+
return existingClient.RedirectUris == JsonSerializer.Serialize(application.RedirectUris.Select(q => q.ToString().TrimEnd('/')));
242+
}
243+
244+
protected virtual bool HasSameScopes(OpenIddictApplication existingClient, AbpApplicationDescriptor application)
245+
{
246+
return existingClient.Permissions == JsonSerializer.Serialize(application.Permissions.Select(q => q.ToString().TrimEnd('/')));
247+
}
248+
}

0 commit comments

Comments
 (0)