Improve Principal handling for OIDC and resolve Logout issue (caused by AntiForgeryToken)

2022-03-14 22:28:41 -04:00 · 2022-03-14 22:28:41 -04:00 · d51ba8f6dd
commit d51ba8f6dd
parent 9b69e135d9
3 changed files with 23 additions and 19 deletions
--- a/Oqtane.Client/Themes/Controls/Theme/LoginBase.cs
+++ b/Oqtane.Client/Themes/Controls/Theme/LoginBase.cs
@ -1,4 +1,5 @@
 using System;
+using System.Net;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Components;
 using Microsoft.JSInterop;
@ -34,24 +35,25 @@ namespace Oqtane.Themes.Controls
        {
            await UserService.LogoutUserAsync(PageState.User);
            await LoggingService.Log(PageState.Alias, PageState.Page.PageId, PageState.ModuleId, PageState.User.UserId, GetType().AssemblyQualifiedName, "Logout", LogFunction.Security, LogLevel.Information, null, "User Logout For Username {Username}", PageState.User.Username);
-
            PageState.User = null;
-            bool authorizedtoviewpage = UserSecurity.IsAuthorized(PageState.User, PermissionNames.View, PageState.Page.Permissions);
+
+            var url = PageState.Alias.Path + "/" + PageState.Page.Path;
+            if (!UserSecurity.IsAuthorized(PageState.User, PermissionNames.View, PageState.Page.Permissions))
+            {
+                url = PageState.Alias.Path;
+            }            

            if (PageState.Runtime == Shared.Runtime.Server)
            {
-                // server-side Blazor needs to post to the Logout page
-                var fields = new { __RequestVerificationToken = SiteState.AntiForgeryToken, returnurl = !authorizedtoviewpage ? PageState.Alias.Path : PageState.Alias.Path + "/" + PageState.Page.Path };
-                string url = Utilities.TenantUrl(PageState.Alias, "/pages/logout/");
-                var interop = new Interop(jsRuntime);
-                await interop.SubmitForm(url, fields);
+                // server-side Blazor needs to redirect to the Logout page
+                NavigationManager.NavigateTo(Utilities.TenantUrl(PageState.Alias, "/pages/logout/") + "?returnurl=" + WebUtility.UrlEncode(url), true);
            }
            else
            {
                // client-side Blazor
                var authstateprovider = (IdentityAuthenticationStateProvider)ServiceProvider.GetService(typeof(IdentityAuthenticationStateProvider));
                authstateprovider.NotifyAuthenticationChanged();
-                NavigationManager.NavigateTo(NavigateUrl(!authorizedtoviewpage ? PageState.Alias.Path : PageState.Page.Path, true));
+                NavigationManager.NavigateTo(NavigateUrl(url, true));
            }
        }
    }
--- a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
@ -104,7 +104,7 @@ namespace Oqtane.Extensions
                    identityuser.UserName = email;
                    identityuser.Email = email;
                    identityuser.EmailConfirmed = true;
-                    var result = await _identityUserManager.CreateAsync(identityuser, Guid.NewGuid().ToString("N") + "-Xx!");
+                    var result = await _identityUserManager.CreateAsync(identityuser, DateTime.UtcNow.ToString("yyyy-MMM-dd-HH-mm-ss"));
                    if (result.Succeeded)
                    {
                        user = new User();
@ -164,17 +164,19 @@ namespace Oqtane.Extensions
                user = _users.GetUser(email);
                if (user != null)
                {
+                    var principal = (ClaimsIdentity)context.Principal.Identity;
+
+                    // remove the name claim if it exists in the principal
+                    var nameclaim = principal.Claims.FirstOrDefault(item => item.Type == ClaimTypes.Name);
+                    if (nameclaim != null)
+                    {
+                        principal.RemoveClaim(nameclaim);
+                    }
+
+                    // add Oqtane claims
                    List<UserRole> userroles = _userRoles.GetUserRoles(user.UserId, context.HttpContext.GetAlias().SiteId).ToList();
                    var identity = UserSecurity.CreateClaimsIdentity(context.HttpContext.GetAlias(), user, userroles);
-
-                    var principalIdentity = (ClaimsIdentity)context.Principal.Identity;
-                    foreach (var claim in identity.Claims)
-                    {
-                        if (!principalIdentity.Claims.Contains(claim))
-                        {
-                            principalIdentity.AddClaim(claim);
-                        }
-                    }
+                    principal.AddClaims(identity.Claims);
                }
            }
            else
--- a/Oqtane.Server/Pages/Logout.cshtml.cs
+++ b/Oqtane.Server/Pages/Logout.cshtml.cs
@ -10,7 +10,7 @@ namespace Oqtane.Pages
    [AllowAnonymous]
    public class LogoutModel : PageModel
    {
-        public async Task<IActionResult> OnPostAsync(string returnurl)
+        public async Task<IActionResult> OnGetAsync(string returnurl)
        {
            if (HttpContext.User.Identity.IsAuthenticated)
            {