remove SiteSettings from Alias for better separation of concerns
This commit is contained in:
Shaun Walker
@ -1,3 +1,4 @@
|
||||
using System.Collections.Generic;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Oqtane.Models;
|
||||
using Oqtane.Shared;
|
||||
@ -14,5 +15,14 @@ namespace Oqtane.Extensions
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public static Dictionary<string, string> GetSiteSettings(this HttpContext context)
|
||||
{
|
||||
if (context != null && context.Items.ContainsKey(Constants.HttpContextSiteSettingsKey))
|
||||
{
|
||||
return context.Items[Constants.HttpContextSiteSettingsKey] as Dictionary<string, string>;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -26,9 +26,9 @@ namespace Oqtane.Extensions
|
||||
public static OqtaneSiteOptionsBuilder WithSiteAuthentication(this OqtaneSiteOptionsBuilder builder)
|
||||
{
|
||||
// site OpenIdConnect options
|
||||
builder.AddSiteOptions<OpenIdConnectOptions>((options, alias) =>
|
||||
builder.AddSiteOptions<OpenIdConnectOptions>((options, alias, sitesettings) =>
|
||||
{
|
||||
if (alias.SiteSettings.GetValue("ExternalLogin:ProviderType", "") == AuthenticationProviderTypes.OpenIDConnect)
|
||||
if (sitesettings.GetValue("ExternalLogin:ProviderType", "") == AuthenticationProviderTypes.OpenIDConnect)
|
||||
{
|
||||
// default options
|
||||
options.SignInScheme = Constants.AuthenticationScheme; // identity cookie
|
||||
@ -44,13 +44,13 @@ namespace Oqtane.Extensions
|
||||
options.CorrelationCookie.SameSite = SameSiteMode.Unspecified;
|
||||
|
||||
// site options
|
||||
options.Authority = alias.SiteSettings.GetValue("ExternalLogin:Authority", "");
|
||||
options.MetadataAddress = alias.SiteSettings.GetValue("ExternalLogin:MetadataUrl", "");
|
||||
options.ClientId = alias.SiteSettings.GetValue("ExternalLogin:ClientId", "");
|
||||
options.ClientSecret = alias.SiteSettings.GetValue("ExternalLogin:ClientSecret", "");
|
||||
options.UsePkce = bool.Parse(alias.SiteSettings.GetValue("ExternalLogin:PKCE", "false"));
|
||||
options.Authority = sitesettings.GetValue("ExternalLogin:Authority", "");
|
||||
options.MetadataAddress = sitesettings.GetValue("ExternalLogin:MetadataUrl", "");
|
||||
options.ClientId = sitesettings.GetValue("ExternalLogin:ClientId", "");
|
||||
options.ClientSecret = sitesettings.GetValue("ExternalLogin:ClientSecret", "");
|
||||
options.UsePkce = bool.Parse(sitesettings.GetValue("ExternalLogin:PKCE", "false"));
|
||||
options.Scope.Clear();
|
||||
foreach (var scope in alias.SiteSettings.GetValue("ExternalLogin:Scopes", "openid,profile,email").Split(',', StringSplitOptions.RemoveEmptyEntries))
|
||||
foreach (var scope in sitesettings.GetValue("ExternalLogin:Scopes", "openid,profile,email").Split(',', StringSplitOptions.RemoveEmptyEntries))
|
||||
{
|
||||
options.Scope.Add(scope);
|
||||
}
|
||||
@ -63,9 +63,9 @@ namespace Oqtane.Extensions
|
||||
});
|
||||
|
||||
// site OAuth2.0 options
|
||||
builder.AddSiteOptions<OAuthOptions>((options, alias) =>
|
||||
builder.AddSiteOptions<OAuthOptions>((options, alias, sitesettings) =>
|
||||
{
|
||||
if (alias.SiteSettings.GetValue("ExternalLogin:ProviderType", "") == AuthenticationProviderTypes.OAuth2)
|
||||
if (sitesettings.GetValue("ExternalLogin:ProviderType", "") == AuthenticationProviderTypes.OAuth2)
|
||||
{
|
||||
// default options
|
||||
options.SignInScheme = Constants.AuthenticationScheme; // identity cookie
|
||||
@ -73,14 +73,14 @@ namespace Oqtane.Extensions
|
||||
options.SaveTokens = true;
|
||||
|
||||
// site options
|
||||
options.AuthorizationEndpoint = alias.SiteSettings.GetValue("ExternalLogin:AuthorizationUrl", "");
|
||||
options.TokenEndpoint = alias.SiteSettings.GetValue("ExternalLogin:TokenUrl", "");
|
||||
options.UserInformationEndpoint = alias.SiteSettings.GetValue("ExternalLogin:UserInfoUrl", "");
|
||||
options.ClientId = alias.SiteSettings.GetValue("ExternalLogin:ClientId", "");
|
||||
options.ClientSecret = alias.SiteSettings.GetValue("ExternalLogin:ClientSecret", "");
|
||||
options.UsePkce = bool.Parse(alias.SiteSettings.GetValue("ExternalLogin:PKCE", "false"));
|
||||
options.AuthorizationEndpoint = sitesettings.GetValue("ExternalLogin:AuthorizationUrl", "");
|
||||
options.TokenEndpoint = sitesettings.GetValue("ExternalLogin:TokenUrl", "");
|
||||
options.UserInformationEndpoint = sitesettings.GetValue("ExternalLogin:UserInfoUrl", "");
|
||||
options.ClientId = sitesettings.GetValue("ExternalLogin:ClientId", "");
|
||||
options.ClientSecret = sitesettings.GetValue("ExternalLogin:ClientSecret", "");
|
||||
options.UsePkce = bool.Parse(sitesettings.GetValue("ExternalLogin:PKCE", "false"));
|
||||
options.Scope.Clear();
|
||||
foreach (var scope in alias.SiteSettings.GetValue("ExternalLogin:Scopes", "").Split(',', StringSplitOptions.RemoveEmptyEntries))
|
||||
foreach (var scope in sitesettings.GetValue("ExternalLogin:Scopes", "").Split(',', StringSplitOptions.RemoveEmptyEntries))
|
||||
{
|
||||
options.Scope.Add(scope);
|
||||
}
|
||||
@ -118,7 +118,7 @@ namespace Oqtane.Extensions
|
||||
var regex = new Regex(@"\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*", RegexOptions.IgnoreCase);
|
||||
foreach (Match match in regex.Matches(output))
|
||||
{
|
||||
if (EmailValid(match.Value, context.HttpContext.GetAlias().SiteSettings.GetValue("ExternalLogin:DomainFilter", "")))
|
||||
if (EmailValid(match.Value, context.HttpContext.GetSiteSettings().GetValue("ExternalLogin:DomainFilter", "")))
|
||||
{
|
||||
email = match.Value.ToLower();
|
||||
break;
|
||||
@ -139,7 +139,7 @@ namespace Oqtane.Extensions
|
||||
private static async Task OnTokenValidated(TokenValidatedContext context)
|
||||
{
|
||||
// OpenID Connect
|
||||
var emailClaimType = context.HttpContext.GetAlias().SiteSettings.GetValue("ExternalLogin:EmailClaimType", "");
|
||||
var emailClaimType = context.HttpContext.GetSiteSettings().GetValue("ExternalLogin:EmailClaimType", "");
|
||||
var email = context.Principal.FindFirstValue(emailClaimType);
|
||||
|
||||
// login user
|
||||
@ -171,14 +171,13 @@ namespace Oqtane.Extensions
|
||||
private static async Task LoginUser(string email, HttpContext httpContext, ClaimsPrincipal claimsPrincipal)
|
||||
{
|
||||
var _logger = httpContext.RequestServices.GetRequiredService<ILogManager>();
|
||||
var alias = httpContext.GetAlias();
|
||||
|
||||
if (EmailValid(email, alias.SiteSettings.GetValue("ExternalLogin:DomainFilter", "")))
|
||||
if (EmailValid(email, httpContext.GetSiteSettings().GetValue("ExternalLogin:DomainFilter", "")))
|
||||
{
|
||||
var _identityUserManager = httpContext.RequestServices.GetRequiredService<UserManager<IdentityUser>>();
|
||||
var _users = httpContext.RequestServices.GetRequiredService<IUserRepository>();
|
||||
var _userRoles = httpContext.RequestServices.GetRequiredService<IUserRoleRepository>();
|
||||
var providerType = httpContext.GetAlias().SiteSettings.GetValue("ExternalLogin:ProviderType", "");
|
||||
var providerType = httpContext.GetSiteSettings().GetValue("ExternalLogin:ProviderType", "");
|
||||
var providerKey = claimsPrincipal.FindFirstValue(ClaimTypes.NameIdentifier);
|
||||
if (providerKey == null)
|
||||
{
|
||||
@ -189,7 +188,7 @@ namespace Oqtane.Extensions
|
||||
var identityuser = await _identityUserManager.FindByEmailAsync(email);
|
||||
if (identityuser == null)
|
||||
{
|
||||
if (bool.Parse(alias.SiteSettings.GetValue("ExternalLogin:CreateUsers", "true")))
|
||||
if (bool.Parse(httpContext.GetSiteSettings().GetValue("ExternalLogin:CreateUsers", "true")))
|
||||
{
|
||||
identityuser = new IdentityUser();
|
||||
identityuser.UserName = email;
|
||||
@ -200,7 +199,7 @@ namespace Oqtane.Extensions
|
||||
{
|
||||
user = new User
|
||||
{
|
||||
SiteId = alias.SiteId,
|
||||
SiteId = httpContext.GetAlias().SiteId,
|
||||
Username = email,
|
||||
DisplayName = email,
|
||||
Email = email,
|
||||
@ -212,7 +211,7 @@ namespace Oqtane.Extensions
|
||||
if (user != null)
|
||||
{
|
||||
var _notifications = httpContext.RequestServices.GetRequiredService<INotificationRepository>();
|
||||
string url = httpContext.Request.Scheme + "://" + alias.Name;
|
||||
string url = httpContext.Request.Scheme + "://" + httpContext.GetAlias().Name;
|
||||
string body = "You Recently Used An External Account To Sign In To Our Site.\n\n" + url + "\n\nThank You!";
|
||||
var notification = new Notification(user.SiteId, user, "User Account Notification", body);
|
||||
_notifications.AddNotification(notification);
|
||||
@ -269,7 +268,7 @@ namespace Oqtane.Extensions
|
||||
var principal = (ClaimsIdentity)claimsPrincipal.Identity;
|
||||
UserSecurity.ResetClaimsIdentity(principal);
|
||||
List<UserRole> userroles = _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList();
|
||||
var identity = UserSecurity.CreateClaimsIdentity(alias, user, userroles);
|
||||
var identity = UserSecurity.CreateClaimsIdentity(httpContext.GetAlias(), user, userroles);
|
||||
principal.AddClaims(identity.Claims);
|
||||
|
||||
// update user
|
||||
|
||||
@ -10,19 +10,19 @@ namespace Oqtane.Extensions
|
||||
public static OqtaneSiteOptionsBuilder WithSiteIdentity(this OqtaneSiteOptionsBuilder builder)
|
||||
{
|
||||
// site identity options
|
||||
builder.AddSiteOptions<IdentityOptions>((options, alias) =>
|
||||
builder.AddSiteOptions<IdentityOptions>((options, alias, sitesettings) =>
|
||||
{
|
||||
// password options
|
||||
options.Password.RequiredLength = int.Parse(alias.SiteSettings.GetValue("IdentityOptions:Password:RequiredLength", options.Password.RequiredLength.ToString()));
|
||||
options.Password.RequiredUniqueChars = int.Parse(alias.SiteSettings.GetValue("IdentityOptions:Password:RequiredUniqueChars", options.Password.RequiredUniqueChars.ToString()));
|
||||
options.Password.RequireDigit = bool.Parse(alias.SiteSettings.GetValue("IdentityOptions:Password:RequireDigit", options.Password.RequireDigit.ToString()));
|
||||
options.Password.RequireUppercase = bool.Parse(alias.SiteSettings.GetValue("IdentityOptions:Password:RequireUppercase", options.Password.RequireUppercase.ToString()));
|
||||
options.Password.RequireLowercase = bool.Parse(alias.SiteSettings.GetValue("IdentityOptions:Password:RequireLowercase", options.Password.RequireLowercase.ToString()));
|
||||
options.Password.RequireNonAlphanumeric = bool.Parse(alias.SiteSettings.GetValue("IdentityOptions:Password:RequireNonAlphanumeric", options.Password.RequireNonAlphanumeric.ToString()));
|
||||
options.Password.RequiredLength = int.Parse(sitesettings.GetValue("IdentityOptions:Password:RequiredLength", options.Password.RequiredLength.ToString()));
|
||||
options.Password.RequiredUniqueChars = int.Parse(sitesettings.GetValue("IdentityOptions:Password:RequiredUniqueChars", options.Password.RequiredUniqueChars.ToString()));
|
||||
options.Password.RequireDigit = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireDigit", options.Password.RequireDigit.ToString()));
|
||||
options.Password.RequireUppercase = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireUppercase", options.Password.RequireUppercase.ToString()));
|
||||
options.Password.RequireLowercase = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireLowercase", options.Password.RequireLowercase.ToString()));
|
||||
options.Password.RequireNonAlphanumeric = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireNonAlphanumeric", options.Password.RequireNonAlphanumeric.ToString()));
|
||||
|
||||
// lockout options
|
||||
options.Lockout.MaxFailedAccessAttempts = int.Parse(alias.SiteSettings.GetValue("IdentityOptions:Password:MaxFailedAccessAttempts", options.Lockout.MaxFailedAccessAttempts.ToString()));
|
||||
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.Parse(alias.SiteSettings.GetValue("IdentityOptions:Password:DefaultLockoutTimeSpan", options.Lockout.DefaultLockoutTimeSpan.ToString()));
|
||||
options.Lockout.MaxFailedAccessAttempts = int.Parse(sitesettings.GetValue("IdentityOptions:Password:MaxFailedAccessAttempts", options.Lockout.MaxFailedAccessAttempts.ToString()));
|
||||
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.Parse(sitesettings.GetValue("IdentityOptions:Password:DefaultLockoutTimeSpan", options.Lockout.DefaultLockoutTimeSpan.ToString()));
|
||||
});
|
||||
|
||||
return builder;
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using Microsoft.Extensions.DependencyInjection.Extensions;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Oqtane.Infrastructure;
|
||||
@ -16,10 +17,10 @@ namespace Microsoft.Extensions.DependencyInjection
|
||||
}
|
||||
|
||||
public OqtaneSiteOptionsBuilder AddSiteOptions<TOptions>(
|
||||
Action<TOptions, Alias> alias) where TOptions : class, new()
|
||||
Action<TOptions, Alias, Dictionary<string, string>> action) where TOptions : class, new()
|
||||
{
|
||||
Services.TryAddSingleton<IOptionsMonitorCache<TOptions>, SiteOptionsCache<TOptions>>();
|
||||
Services.AddSingleton<ISiteOptions<TOptions>, SiteOptions<TOptions>> (sp => new SiteOptions<TOptions>(alias));
|
||||
Services.AddSingleton<ISiteOptions<TOptions>, SiteOptions<TOptions>> (sp => new SiteOptions<TOptions>(action));
|
||||
Services.TryAddTransient<IOptionsFactory<TOptions>, SiteOptionsFactory<TOptions>>();
|
||||
Services.TryAddScoped<IOptionsSnapshot<TOptions>>(sp => BuildOptionsManager<TOptions>(sp));
|
||||
Services.TryAddSingleton<IOptions<TOptions>>(sp => BuildOptionsManager<TOptions>(sp));
|
||||
|
||||
Reference in New Issue
Block a user