-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathAuthorizationDecisionController.cs
118 lines (98 loc) · 3.79 KB
/
AuthorizationDecisionController.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
//
// Copyright (C) 2018 Authlete, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
// either express or implied. See the License for the specific
// language governing permissions and limitations under the
// License.
//
using System.Net.Http;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Authlete.Api;
using Authlete.Handler;
using Authlete.Util;
using AuthorizationServer.Db;
using AuthorizationServer.Spi;
using AuthorizationServer.Util;
namespace AuthorizationServer.Controllers
{
/// <summary>
/// The endpoint that receives a request from the form in the
/// authorization page.
/// </summary>
[Route("api/authorization/decision")]
public class AuthorizationDecisionController : BaseController
{
public AuthorizationDecisionController(IAuthleteApi api)
: base(api)
{
}
[HttpPost]
[Consumes("application/x-www-form-urlencoded")]
public async Task<HttpResponseMessage> Post()
{
// Wrap TempData.
var data = new UserTData(TempData);
// Authenticate the user if necessary.
AuthenticateUserIfNecessary(data);
// Flag which indicates whether the user has given
// authorization to the client application or not.
bool authorized = IsClientAuthorized();
// Parameters contained in the authorization request.
string ticket = (string)data.Get("ticket");
string[] claimNames = data.GetObject<string[]>("claimNames");
string[] claimLocales = data.GetObject<string[]>("claimLocales");
// Process the authorization request according to the
// decision made by the user.
return await HandleDecision(
authorized, ticket, claimNames, claimLocales);
}
void AuthenticateUserIfNecessary(UserTData data)
{
// If user information is already stored in TempData.
if (data.HasUserEntity())
{
// Already logged in. No need to authenticate the
// user here again.
return;
}
// Values input to the form in the authorization page.
string loginId = Request.Form["loginId"];
string password = Request.Form["password"];
// Search the user database for the user.
UserEntity entity =
UserDao.GetByCredentials(loginId, password);
// If the user was found.
if (entity != null)
{
// The user was authenticated successfully.
data.SetUserEntity(entity);
data.SetUserAuthenticatedAt(
TimeUtility.CurrentTimeSeconds());
}
}
bool IsClientAuthorized()
{
// If the user pressed "Authorize" button, the request
// contains an "authorized" parameter.
return Request.Form.ContainsKey("authorized");
}
async Task<HttpResponseMessage> HandleDecision(
bool authorized, string ticket,
string[] claimNames, string[] claimLocales)
{
var spi = new AuthorizationRequestDecisionHandlerSpiImpl(this, authorized);
var handler = new AuthorizationRequestDecisionHandler(API, spi);
return await handler.Handle(ticket, claimNames, claimLocales);
}
}
}