kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve Principal handling for OIDC and resolve Logout issue (caused by AntiForgeryToken)

Browse Source
This commit is contained in:
Shaun Walker 2022-03-14 22:28:41 -04:00
parent 9b69e135d9
commit d51ba8f6dd
3 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Oqtane.Client/Themes/Controls/Theme/LoginBase.cs
View File

@ -1,4 +1,5 @@
using System; using System;
using System.Net;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNetCore.Components; using Microsoft.AspNetCore.Components;
using Microsoft.JSInterop; using Microsoft.JSInterop;
@ -34,24 +35,25 @@ namespace Oqtane.Themes.Controls
{ {
await UserService.LogoutUserAsync(PageState.User); await UserService.LogoutUserAsync(PageState.User);
await LoggingService.Log(PageState.Alias, PageState.Page.PageId, PageState.ModuleId, PageState.User.UserId, GetType().AssemblyQualifiedName, "Logout", LogFunction.Security, LogLevel.Information, null, "User Logout For Username {Username}", PageState.User.Username); await LoggingService.Log(PageState.Alias, PageState.Page.PageId, PageState.ModuleId, PageState.User.UserId, GetType().AssemblyQualifiedName, "Logout", LogFunction.Security, LogLevel.Information, null, "User Logout For Username {Username}", PageState.User.Username);
PageState.User = null; PageState.User = null;
bool authorizedtoviewpage = UserSecurity.IsAuthorized(PageState.User, PermissionNames.View, PageState.Page.Permissions);
var url = PageState.Alias.Path + "/" + PageState.Page.Path;
if (!UserSecurity.IsAuthorized(PageState.User, PermissionNames.View, PageState.Page.Permissions))
{
url = PageState.Alias.Path;
}
if (PageState.Runtime == Shared.Runtime.Server) if (PageState.Runtime == Shared.Runtime.Server)
{ {
// server-side Blazor needs to post to the Logout page // server-side Blazor needs to redirect to the Logout page
var fields = new { __RequestVerificationToken = SiteState.AntiForgeryToken, returnurl = !authorizedtoviewpage ? PageState.Alias.Path : PageState.Alias.Path + "/" + PageState.Page.Path }; NavigationManager.NavigateTo(Utilities.TenantUrl(PageState.Alias, "/pages/logout/") + "?returnurl=" + WebUtility.UrlEncode(url), true);
string url = Utilities.TenantUrl(PageState.Alias, "/pages/logout/");
var interop = new Interop(jsRuntime);
await interop.SubmitForm(url, fields);
} }
else else
{ {
// client-side Blazor // client-side Blazor
var authstateprovider = (IdentityAuthenticationStateProvider)ServiceProvider.GetService(typeof(IdentityAuthenticationStateProvider)); var authstateprovider = (IdentityAuthenticationStateProvider)ServiceProvider.GetService(typeof(IdentityAuthenticationStateProvider));
authstateprovider.NotifyAuthenticationChanged(); authstateprovider.NotifyAuthenticationChanged();
NavigationManager.NavigateTo(NavigateUrl(!authorizedtoviewpage ? PageState.Alias.Path : PageState.Page.Path, true)); NavigationManager.NavigateTo(NavigateUrl(url, true));
} }
} }
} }

22
Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
View File

@ -104,7 +104,7 @@ namespace Oqtane.Extensions
identityuser.UserName = email; identityuser.UserName = email;
identityuser.Email = email; identityuser.Email = email;
identityuser.EmailConfirmed = true; identityuser.EmailConfirmed = true;
var result = await _identityUserManager.CreateAsync(identityuser, Guid.NewGuid().ToString("N") + "-Xx!"); var result = await _identityUserManager.CreateAsync(identityuser, DateTime.UtcNow.ToString("yyyy-MMM-dd-HH-mm-ss"));
if (result.Succeeded) if (result.Succeeded)
{ {
user = new User(); user = new User();
@ -164,17 +164,19 @@ namespace Oqtane.Extensions
user = _users.GetUser(email); user = _users.GetUser(email);
if (user != null) if (user != null)
{ {
var principal = (ClaimsIdentity)context.Principal.Identity;
// remove the name claim if it exists in the principal
var nameclaim = principal.Claims.FirstOrDefault(item => item.Type == ClaimTypes.Name);
if (nameclaim != null)
{
principal.RemoveClaim(nameclaim);
}
// add Oqtane claims
List<UserRole> userroles = _userRoles.GetUserRoles(user.UserId, context.HttpContext.GetAlias().SiteId).ToList(); List<UserRole> userroles = _userRoles.GetUserRoles(user.UserId, context.HttpContext.GetAlias().SiteId).ToList();
var identity = UserSecurity.CreateClaimsIdentity(context.HttpContext.GetAlias(), user, userroles); var identity = UserSecurity.CreateClaimsIdentity(context.HttpContext.GetAlias(), user, userroles);
principal.AddClaims(identity.Claims);
var principalIdentity = (ClaimsIdentity)context.Principal.Identity;
foreach (var claim in identity.Claims)
{
if (!principalIdentity.Claims.Contains(claim))
{
principalIdentity.AddClaim(claim);
}
}
} }
} }
else else

2
Oqtane.Server/Pages/Logout.cshtml.cs
View File

@ -10,7 +10,7 @@ namespace Oqtane.Pages
[AllowAnonymous] [AllowAnonymous]
public class LogoutModel : PageModel public class LogoutModel : PageModel
{ {
public async Task<IActionResult> OnPostAsync(string returnurl) public async Task<IActionResult> OnGetAsync(string returnurl)
{ {
if (HttpContext.User.Identity.IsAuthenticated) if (HttpContext.User.Identity.IsAuthenticated)
{ {