kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3928 from sbwalker/dev

Browse Source 
improvements to IdentityRevalidatingAuthenticationStateProvider
This commit is contained in:
Shaun Walker 2024-03-01 12:16:39 -05:00 committed by GitHub
commit d723ef0a13
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 28 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Oqtane.Client/UI/SiteRouter.razor
View File

@ -157,24 +157,24 @@
editmode = true; // querystring can set edit mode editmode = true; // querystring can set edit mode
} }
// get user
if (PageState == null || PageState.Refresh || refresh || PageState.Alias.SiteId != SiteState.Alias.SiteId)
{
var authState = await AuthenticationStateProvider.GetAuthenticationStateAsync();
// verify user is authenticated for current site // verify user is authenticated for current site
var authState = await AuthenticationStateProvider.GetAuthenticationStateAsync();
if (authState.User.Identity.IsAuthenticated && authState.User.Claims.Any(item => item.Type == "sitekey" && item.Value == SiteState.Alias.SiteKey)) if (authState.User.Identity.IsAuthenticated && authState.User.Claims.Any(item => item.Type == "sitekey" && item.Value == SiteState.Alias.SiteKey))
{ {
if (PageState == null || PageState.Refresh || refresh || PageState.Alias.SiteId != SiteState.Alias.SiteId)
{
// get user
user = await UserService.GetUserAsync(authState.User.Identity.Name, SiteState.Alias.SiteId); user = await UserService.GetUserAsync(authState.User.Identity.Name, SiteState.Alias.SiteId);
if (user != null) if (user != null)
{ {
user.IsAuthenticated = authState.User.Identity.IsAuthenticated; user.IsAuthenticated = authState.User.Identity.IsAuthenticated;
} }
} }
}
else else
{ {
user = PageState.User; user = PageState.User;
} }
}
// process any sync events // process any sync events
var sync = await SyncService.GetSyncEventsAsync(lastsyncdate); var sync = await SyncService.GetSyncEventsAsync(lastsyncdate);

42
Oqtane.Server/Providers/IdentityRevalidatingAuthenticationStateProvider.cs
View File

@ -4,48 +4,42 @@ using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options; using Microsoft.Extensions.Options;
using System.Security.Claims;
using System.Threading.Tasks; using System.Threading.Tasks;
using System.Threading; using System.Threading;
using System; using System;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using Oqtane.Extensions; using Oqtane.Extensions;
using Oqtane.Managers;
namespace Oqtane.Providers namespace Oqtane.Providers
{ {
internal sealed class IdentityRevalidatingAuthenticationStateProvider( public class IdentityRevalidatingAuthenticationStateProvider(ILoggerFactory loggerFactory, IServiceScopeFactory scopeFactory, IOptions<IdentityOptions> options) : RevalidatingServerAuthenticationStateProvider(loggerFactory)
ILoggerFactory loggerFactory,
IServiceScopeFactory scopeFactory,
IOptions<IdentityOptions> options)
: RevalidatingServerAuthenticationStateProvider(loggerFactory)
{ {
protected override TimeSpan RevalidationInterval => TimeSpan.FromMinutes(30); // defines how often the authentication state should be asynchronously validated
// note that there is no property within IdentityOptions which allows this to be customized
protected override TimeSpan RevalidationInterval
{
get
{
// suppresses the unused compiler warning for options
var revalidationInterval = TimeSpan.FromMinutes(30); // default Identity value
return (options != null) ? revalidationInterval : revalidationInterval;
}
}
protected override async Task<bool> ValidateAuthenticationStateAsync(AuthenticationState authenticationState, CancellationToken cancellationToken) protected override async Task<bool> ValidateAuthenticationStateAsync(AuthenticationState authState, CancellationToken cancellationToken)
{ {
await using var scope = scopeFactory.CreateAsyncScope(); await using var scope = scopeFactory.CreateAsyncScope();
var tenantManager = scope.ServiceProvider.GetRequiredService<ITenantManager>(); var tenantManager = scope.ServiceProvider.GetRequiredService<ITenantManager>();
tenantManager.SetTenant(authenticationState.User.TenantId()); tenantManager.SetTenant(authState.User.TenantId());
var userManager = scope.ServiceProvider.GetRequiredService<UserManager<IdentityUser>>(); var userManager = scope.ServiceProvider.GetRequiredService<IUserManager>();
return await ValidateSecurityStampAsync(userManager, authenticationState.User); var user = userManager.GetUser(authState.User.Identity.Name, authState.User.SiteId());
} if (user == null || user.IsDeleted)
private async Task<bool> ValidateSecurityStampAsync(UserManager<IdentityUser> userManager, ClaimsPrincipal principal)
{
var user = await userManager.FindByNameAsync(principal.Identity.Name);
if (user is null)
{ {
return false; return false;
} }
else if (!userManager.SupportsUserSecurityStamp)
{
return true;
}
else else
{ {
var principalStamp = principal.FindFirstValue(options.Value.ClaimsIdentity.SecurityStampClaimType);
var userStamp = await userManager.GetSecurityStampAsync(user);
//return principalStamp == userStamp; // security stamps need to be persisted in principal - they are stored in AspNetUsers
return true; return true;
} }
} }