Diplomarbeit-Absolventenverein/oqtane.framework
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add passkey functionality

Browse Source
This commit is contained in:
sbwalker
2025-10-29 12:31:50 -04:00
parent e548c21c94
commit 7e69b5193f
18 changed files with 757 additions and 294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
Oqtane.Server/Controllers/UserController.cs
View File

@@ -1,19 +1,21 @@
using Microsoft.AspNetCore.Mvc;
using System.Buffers.Text;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Models;
using System.Threading.Tasks;
using System.Linq;
using System.Security.Claims;
using Oqtane.Shared;
using System.Net;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Oqtane.Enums;
using Oqtane.Extensions;
using Oqtane.Infrastructure;
using Oqtane.Managers;
using Oqtane.Models;
using Oqtane.Repository;
using Oqtane.Security;
using Oqtane.Extensions;
using Oqtane.Managers;
using System.Collections.Generic;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@@ -467,32 +469,15 @@ namespace Oqtane.Controllers
// GET: api/<controller>/passkey
[HttpGet("passkey")]
[Authorize]
public async Task<IEnumerable<Passkey>> GetPasskeys()
public async Task<IEnumerable<UserPasskey>> GetPasskeys()
{
return await _userManager.GetPasskeys(_userPermissions.GetUser(User).UserId);
}
// POST api/<controller>/passkey
[HttpPost("passkey")]
[Authorize]
public async Task AddPasskey([FromBody] Passkey passkey)
{
if (ModelState.IsValid)
{
passkey.UserId = _userPermissions.GetUser(User).UserId;
await _userManager.AddPasskey(passkey);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized User Passkey Post Attempt {PassKey}", passkey);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
// PUT api/<controller>/passkey
[HttpPut("passkey")]
[Authorize]
public async Task UpdatePasskey([FromBody] Passkey passkey)
public async Task UpdatePasskey([FromBody] UserPasskey passkey)
{
if (ModelState.IsValid)
{
@@ -509,9 +494,25 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/passkey?id=x
[HttpDelete("passkey")]
[Authorize]
public async Task DeletePasskey(byte[] id)
public async Task DeletePasskey(string id)
{
await _userManager.DeletePasskey(_userPermissions.GetUser(User).UserId, id);
await _userManager.DeletePasskey(_userPermissions.GetUser(User).UserId, Base64Url.DecodeFromChars(id));
}
// GET: api/<controller>/login
[HttpGet("login")]
[Authorize]
public async Task<IEnumerable<UserLogin>> GetLogins()
{
return await _userManager.GetLogins(_userPermissions.GetUser(User).UserId);
}
// DELETE api/<controller>/login?provider=x&key=y
[HttpDelete("login")]
[Authorize]
public async Task DeleteLogin(string provider, string key)
{
await _userManager.DeleteLogin(_userPermissions.GetUser(User).UserId, provider, key);
}
}
}

3
Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
View File

@@ -102,7 +102,8 @@ namespace Microsoft.Extensions.DependencyInjection
})
.AddCookie(Constants.AuthenticationScheme)
.AddOpenIdConnect(AuthenticationProviderTypes.OpenIDConnect, options => { })
.AddOAuth(AuthenticationProviderTypes.OAuth2, options => { });
.AddOAuth(AuthenticationProviderTypes.OAuth2, options => { })
.AddTwoFactorUserIdCookie();
services.ConfigureOqtaneCookieOptions();
services.ConfigureOqtaneAuthenticationOptions(configuration);

66
Oqtane.Server/Managers/UserManager.cs
View File

@@ -4,9 +4,9 @@ using System.Globalization;
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Policy;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Caching.Memory;
using Microsoft.Extensions.Localization;
using Oqtane.Enums;
@@ -36,10 +36,11 @@ namespace Oqtane.Managers
Task<UserValidateResult> ValidateUser(string username, string email, string password);
Task<bool> ValidatePassword(string password);
Task<Dictionary<string, string>> ImportUsers(int siteId, string filePath, bool notify);
Task<List<Passkey>> GetPasskeys(int userId);
Task AddPasskey(Passkey passkey);
Task UpdatePasskey(Passkey passkey);
Task<List<UserPasskey>> GetPasskeys(int userId);
Task UpdatePasskey(UserPasskey passkey);
Task DeletePasskey(int userId, byte[] credentialId);
Task<List<UserLogin>> GetLogins(int userId);
Task DeleteLogin(int userId, string provider, string key);
}
public class UserManager : IUserManager
@@ -824,9 +825,9 @@ namespace Oqtane.Managers
return result;
}
public async Task<List<Passkey>> GetPasskeys(int userId)
public async Task<List<UserPasskey>> GetPasskeys(int userId)
{
var passkeys = new List<Passkey>();
var passkeys = new List<UserPasskey>();
var user = _users.GetUser(userId);
if (user != null)
{
@@ -836,31 +837,14 @@ namespace Oqtane.Managers
var userpasskeys = await _identityUserManager.GetPasskeysAsync(identityuser);
foreach (var userpasskey in userpasskeys)
{
passkeys.Add(new Passkey { CredentialId = userpasskey.CredentialId, Name = userpasskey.Name, UserId = userId });
passkeys.Add(new UserPasskey { CredentialId = userpasskey.CredentialId, Name = userpasskey.Name, UserId = userId });
}
}
}
return passkeys;
}
public async Task AddPasskey(Passkey passkey)
{
var user = _users.GetUser(passkey.UserId);
if (user != null)
{
var identityuser = await _identityUserManager.FindByNameAsync(user.Username);
if (identityuser != null)
{
var attestationResult = await _identitySignInManager.PerformPasskeyAttestationAsync(passkey.CredentialJson);
if (attestationResult.Succeeded)
{
var addPasskeyResult = await _identityUserManager.AddOrUpdatePasskeyAsync(identityuser, attestationResult.Passkey);
}
}
}
}
public async Task UpdatePasskey(Passkey passkey)
public async Task UpdatePasskey(UserPasskey passkey)
{
var user = _users.GetUser(passkey.UserId);
if (user != null)
@@ -890,5 +874,37 @@ namespace Oqtane.Managers
}
}
}
public async Task<List<UserLogin>> GetLogins(int userId)
{
var logins = new List<UserLogin>();
var user = _users.GetUser(userId);
if (user != null)
{
var identityuser = await _identityUserManager.FindByNameAsync(user.Username);
if (identityuser != null)
{
var userlogins = await _identityUserManager.GetLoginsAsync(identityuser);
foreach (var userlogin in userlogins)
{
logins.Add(new UserLogin { Provider = userlogin.LoginProvider, Key = userlogin.ProviderKey, Name = userlogin.ProviderDisplayName });
}
}
}
return logins;
}
public async Task DeleteLogin(int userId, string provider, string key)
{
var user = _users.GetUser(userId);
if (user != null)
{
var identityuser = await _identityUserManager.FindByNameAsync(user.Username);
if (identityuser != null)
{
await _identityUserManager.RemoveLoginAsync(identityuser, provider, key);
}
}
}
}
}

3
Oqtane.Server/Pages/Passkey.cshtml Normal file
View File

@@ -0,0 +1,3 @@
@page "/pages/passkey"
@namespace Oqtane.Pages
@model Oqtane.Pages.PasskeyModel

144
Oqtane.Server/Pages/Passkey.cshtml.cs Normal file
View File

@@ -0,0 +1,144 @@
using System.Net;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using Oqtane.Enums;
using Oqtane.Extensions;
using Oqtane.Infrastructure;
using Oqtane.Managers;
using Oqtane.Security;
using Oqtane.Shared;
namespace Oqtane.Pages
{
[AllowAnonymous]
public class PasskeyModel : PageModel
{
private readonly UserManager<IdentityUser> _identityUserManager;
private readonly SignInManager<IdentityUser> _identitySignInManager;
private readonly IUserManager _userManager;
private readonly ILogManager _logger;
public PasskeyModel(UserManager<IdentityUser> identityUserManager, SignInManager<IdentityUser> identitySignInManager, IUserManager userManager, ILogManager logger)
{
_identityUserManager = identityUserManager;
_identitySignInManager = identitySignInManager;
_userManager = userManager;
_logger = logger;
}
public async Task<IActionResult> OnPostAsync(string operation, string credential, string returnurl)
{
if (HttpContext.GetSiteSettings().GetValue("LoginOptions:Passkeys", "false") == "true")
{
IdentityUser identityuser;
switch (operation.ToLower())
{
case "create":
if (User.Identity.IsAuthenticated)
{
identityuser = await _identityUserManager.FindByNameAsync(User.Identity.Name);
if (identityuser != null)
{
var creationOptionsJson = await _identitySignInManager.MakePasskeyCreationOptionsAsync(new()
{
Id = identityuser.Id,
Name = identityuser.UserName,
DisplayName = identityuser.UserName
});
returnurl += $"?options={WebUtility.UrlEncode(creationOptionsJson)}";
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Create Attempt - User {User} Does Not Exist", User.Identity.Name);
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Create Attempt - User Not Authenticated");
}
break;
case "validate":
if (User.Identity.IsAuthenticated && !string.IsNullOrEmpty(credential))
{
identityuser = await _identityUserManager.FindByNameAsync(User.Identity.Name);
if (identityuser != null)
{
var attestationResult = await _identitySignInManager.PerformPasskeyAttestationAsync(credential);
if (attestationResult.Succeeded)
{
attestationResult.Passkey.Name = identityuser.UserName + "'s Passkey";
var addPasskeyResult = await _identityUserManager.AddOrUpdatePasskeyAsync(identityuser, attestationResult.Passkey);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Passkey Validation Failed For User {Username} - {Message}", User.Identity.Name, attestationResult.Failure.Message);
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Validation Attempt - User {User} Does Not Exist", User.Identity.Name);
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Validation Attempt - User Not Authenticated Or Credential Not Provided");
}
break;
case "request":
if (!User.Identity.IsAuthenticated)
{
identityuser = null;
var requestOptionsJson = await _identitySignInManager.MakePasskeyRequestOptionsAsync(identityuser);
returnurl += $"?options={WebUtility.UrlEncode(requestOptionsJson)}";
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Request Attempt - User Is Already Authenticated");
}
break;
case "login":
if (!User.Identity.IsAuthenticated && !string.IsNullOrEmpty(credential))
{
var result = await _identitySignInManager.PasskeySignInAsync(credential);
if (result.Succeeded)
{
var user = _userManager.GetUser(User.Identity.Name, HttpContext.GetAlias().SiteId);
if (user != null && !user.IsDeleted && UserSecurity.ContainsRole(user.Roles, RoleNames.Registered))
{
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Passkey Login Successful For User {Username}", User.Identity.Name);
}
else
{
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Passkey Login Failed For User {Username}", User.Identity.Name);
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Passkey Login Failed - Invalid Credential");
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Login Attempt");
}
break;
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Passkey Request - Passkeys Are Not Enabled For Site");
}
if (!returnurl.StartsWith("/"))
{
returnurl = "/" + returnurl;
}
return LocalRedirect(Url.Content("~" + returnurl));
}
}
}

2
Oqtane.Server/wwwroot/Modules/Oqtane.Modules.Admin.Login/Module.css
View File

@@ -1,5 +1,5 @@
/* Login Module Custom Styles */
.Oqtane-Modules-Admin-Login {
width: 200px;
width: 220px;
}

12
Oqtane.Server/wwwroot/js/interop.js
View File

@@ -516,5 +516,17 @@ Oqtane.Interop = {
}
}
}
},
createCredential: async function (optionsResponse) {
const optionsJson = JSON.parse(optionsResponse);
const options = PublicKeyCredential.parseCreationOptionsFromJSON(optionsJson);
const credential = await navigator.credentials.create({ publicKey: options });
return JSON.stringify(credential);
},
requestCredential: async function (optionsResponse) {
const optionsJson = JSON.parse(optionsResponse);
const options = PublicKeyCredential.parseRequestOptionsFromJSON(optionsJson);
const credential = await navigator.credentials.get({ publicKey: options, undefined });
return JSON.stringify(credential);
}
};