From 3803b5b73a00dba2775da7e4e0137f6f677d9bec Mon Sep 17 00:00:00 2001 From: maliming Date: Tue, 7 Mar 2023 15:12:14 +0800 Subject: [PATCH] Add `AbpValidateAuthorizedParty`. Resolve #15888 --- ....cs => 20230307054116_Initial.Designer.cs} | 17 ++++++++- ...6_Initial.cs => 20230307054116_Initial.cs} | 5 +++ .../ServerDbContextModelSnapshot.cs | 15 ++++++++ .../AbpOpenIddictAspNetCoreModule.cs | 3 ++ .../AbpOpenIddictWildcardDomainBase.cs | 9 ++--- .../AbpValidateAuthorizedParty.cs | 37 +++++++++++++++++++ .../AbpValidateClientPostLogoutRedirectUri.cs | 2 +- .../AbpValidateClientRedirectUri.cs | 2 +- ...pValidatePostLogoutRedirectUriParameter.cs | 2 +- .../AbpValidateRedirectUriParameter.cs | 2 +- 10 files changed, 83 insertions(+), 11 deletions(-) rename modules/openiddict/app/OpenIddict.Demo.Server/Migrations/{20230106050616_Initial.Designer.cs => 20230307054116_Initial.Designer.cs} (99%) rename modules/openiddict/app/OpenIddict.Demo.Server/Migrations/{20230106050616_Initial.cs => 20230307054116_Initial.cs} (99%) create mode 100644 modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateAuthorizedParty.cs diff --git a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230106050616_Initial.Designer.cs b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230307054116_Initial.Designer.cs similarity index 99% rename from modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230106050616_Initial.Designer.cs rename to modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230307054116_Initial.Designer.cs index 64ad616624..bc14c07aec 100644 --- a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230106050616_Initial.Designer.cs +++ b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230307054116_Initial.Designer.cs @@ -13,7 +13,7 @@ using Volo.Abp.EntityFrameworkCore; namespace OpenIddict.Demo.Server.Migrations { [DbContext(typeof(ServerDbContext))] - [Migration("20230106050616_Initial")] + [Migration("20230307054116_Initial")] partial class Initial { /// @@ -235,6 +235,9 @@ namespace OpenIddict.Demo.Server.Migrations .HasColumnType("nvarchar(40)") .HasColumnName("ConcurrencyStamp"); + b.Property("EntityVersion") + .HasColumnType("int"); + b.Property("ExtraProperties") .HasColumnType("nvarchar(max)") .HasColumnName("ExtraProperties"); @@ -421,6 +424,9 @@ namespace OpenIddict.Demo.Server.Migrations .HasDefaultValue(false) .HasColumnName("EmailConfirmed"); + b.Property("EntityVersion") + .HasColumnType("int"); + b.Property("ExtraProperties") .HasColumnType("nvarchar(max)") .HasColumnName("ExtraProperties"); @@ -497,6 +503,9 @@ namespace OpenIddict.Demo.Server.Migrations .HasColumnType("nvarchar(256)") .HasColumnName("SecurityStamp"); + b.Property("ShouldChangePasswordOnNextLogin") + .HasColumnType("bit"); + b.Property("Surname") .HasMaxLength(64) .HasColumnType("nvarchar(64)") @@ -699,6 +708,9 @@ namespace OpenIddict.Demo.Server.Migrations .HasColumnType("nvarchar(128)") .HasColumnName("DisplayName"); + b.Property("EntityVersion") + .HasColumnType("int"); + b.Property("ExtraProperties") .HasColumnType("nvarchar(max)") .HasColumnName("ExtraProperties"); @@ -1277,6 +1289,9 @@ namespace OpenIddict.Demo.Server.Migrations .HasColumnType("datetime2") .HasColumnName("DeletionTime"); + b.Property("EntityVersion") + .HasColumnType("int"); + b.Property("ExtraProperties") .HasColumnType("nvarchar(max)") .HasColumnName("ExtraProperties"); diff --git a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230106050616_Initial.cs b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230307054116_Initial.cs similarity index 99% rename from modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230106050616_Initial.cs rename to modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230307054116_Initial.cs index 611a9ad2ca..ab3646a62c 100644 --- a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230106050616_Initial.cs +++ b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20230307054116_Initial.cs @@ -106,6 +106,7 @@ namespace OpenIddict.Demo.Server.Migrations ParentId = table.Column(type: "uniqueidentifier", nullable: true), Code = table.Column(type: "nvarchar(95)", maxLength: 95, nullable: false), DisplayName = table.Column(type: "nvarchar(128)", maxLength: 128, nullable: false), + EntityVersion = table.Column(type: "int", nullable: false), ExtraProperties = table.Column(type: "nvarchar(max)", nullable: true), ConcurrencyStamp = table.Column(type: "nvarchar(40)", maxLength: 40, nullable: true), CreationTime = table.Column(type: "datetime2", nullable: false), @@ -186,6 +187,7 @@ namespace OpenIddict.Demo.Server.Migrations IsDefault = table.Column(type: "bit", nullable: false), IsStatic = table.Column(type: "bit", nullable: false), IsPublic = table.Column(type: "bit", nullable: false), + EntityVersion = table.Column(type: "int", nullable: false), ExtraProperties = table.Column(type: "nvarchar(max)", nullable: true), ConcurrencyStamp = table.Column(type: "nvarchar(40)", maxLength: 40, nullable: true) }, @@ -240,6 +242,7 @@ namespace OpenIddict.Demo.Server.Migrations { Id = table.Column(type: "uniqueidentifier", nullable: false), Name = table.Column(type: "nvarchar(64)", maxLength: 64, nullable: false), + EntityVersion = table.Column(type: "int", nullable: false), ExtraProperties = table.Column(type: "nvarchar(max)", nullable: true), ConcurrencyStamp = table.Column(type: "nvarchar(40)", maxLength: 40, nullable: true), CreationTime = table.Column(type: "datetime2", nullable: false), @@ -278,6 +281,8 @@ namespace OpenIddict.Demo.Server.Migrations LockoutEnd = table.Column(type: "datetimeoffset", nullable: true), LockoutEnabled = table.Column(type: "bit", nullable: false, defaultValue: false), AccessFailedCount = table.Column(type: "int", nullable: false, defaultValue: 0), + ShouldChangePasswordOnNextLogin = table.Column(type: "bit", nullable: false), + EntityVersion = table.Column(type: "int", nullable: false), ExtraProperties = table.Column(type: "nvarchar(max)", nullable: true), ConcurrencyStamp = table.Column(type: "nvarchar(40)", maxLength: 40, nullable: true), CreationTime = table.Column(type: "datetime2", nullable: false), diff --git a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/ServerDbContextModelSnapshot.cs b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/ServerDbContextModelSnapshot.cs index c0599ebe15..f5e599fe73 100644 --- a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/ServerDbContextModelSnapshot.cs +++ b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/ServerDbContextModelSnapshot.cs @@ -232,6 +232,9 @@ namespace OpenIddict.Demo.Server.Migrations .HasColumnType("nvarchar(40)") .HasColumnName("ConcurrencyStamp"); + b.Property("EntityVersion") + .HasColumnType("int"); + b.Property("ExtraProperties") .HasColumnType("nvarchar(max)") .HasColumnName("ExtraProperties"); @@ -418,6 +421,9 @@ namespace OpenIddict.Demo.Server.Migrations .HasDefaultValue(false) .HasColumnName("EmailConfirmed"); + b.Property("EntityVersion") + .HasColumnType("int"); + b.Property("ExtraProperties") .HasColumnType("nvarchar(max)") .HasColumnName("ExtraProperties"); @@ -494,6 +500,9 @@ namespace OpenIddict.Demo.Server.Migrations .HasColumnType("nvarchar(256)") .HasColumnName("SecurityStamp"); + b.Property("ShouldChangePasswordOnNextLogin") + .HasColumnType("bit"); + b.Property("Surname") .HasMaxLength(64) .HasColumnType("nvarchar(64)") @@ -696,6 +705,9 @@ namespace OpenIddict.Demo.Server.Migrations .HasColumnType("nvarchar(128)") .HasColumnName("DisplayName"); + b.Property("EntityVersion") + .HasColumnType("int"); + b.Property("ExtraProperties") .HasColumnType("nvarchar(max)") .HasColumnName("ExtraProperties"); @@ -1274,6 +1286,9 @@ namespace OpenIddict.Demo.Server.Migrations .HasColumnType("datetime2") .HasColumnName("DeletionTime"); + b.Property("EntityVersion") + .HasColumnType("int"); + b.Property("ExtraProperties") .HasColumnType("nvarchar(max)") .HasColumnName("ExtraProperties"); diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs index d7eacfa498..8a664da5c1 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs @@ -127,6 +127,9 @@ public class AbpOpenIddictAspNetCoreModule : AbpModule builder.RemoveEventHandler(OpenIddictServerHandlers.Session.ValidatePostLogoutRedirectUriParameter.Descriptor); builder.AddEventHandler(AbpValidatePostLogoutRedirectUriParameter.Descriptor); + + builder.RemoveEventHandler(OpenIddictServerHandlers.Session.ValidateAuthorizedParty.Descriptor); + builder.AddEventHandler(AbpValidateAuthorizedParty.Descriptor); } builder.AddEventHandler(RemoveClaimsFromClientCredentialsGrantType.Descriptor); diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpOpenIddictWildcardDomainBase.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpOpenIddictWildcardDomainBase.cs index 2a603b8f44..8839871832 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpOpenIddictWildcardDomainBase.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpOpenIddictWildcardDomainBase.cs @@ -7,19 +7,16 @@ using Volo.Abp.Text.Formatting; namespace Volo.Abp.OpenIddict.WildcardDomains; public abstract class AbpOpenIddictWildcardDomainBase : IOpenIddictServerHandler - where THandler : class, new() + where THandler : class where TContext : OpenIddictServerEvents.BaseContext { protected THandler Handler { get; set; } protected AbpOpenIddictWildcardDomainOptions WildcardDomainOptions { get; } - protected AbpOpenIddictWildcardDomainBase(IOptions wildcardDomainOptions, bool initHandler = true) + protected AbpOpenIddictWildcardDomainBase(IOptions wildcardDomainOptions, THandler handler) { WildcardDomainOptions = wildcardDomainOptions.Value; - if (initHandler) - { - Handler = new THandler(); - } + Handler = handler; } public abstract ValueTask HandleAsync(TContext context); diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateAuthorizedParty.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateAuthorizedParty.cs new file mode 100644 index 0000000000..81c7d66788 --- /dev/null +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateAuthorizedParty.cs @@ -0,0 +1,37 @@ +using System.Threading.Tasks; +using Microsoft.Extensions.Options; +using OpenIddict.Abstractions; +using OpenIddict.Server; + +namespace Volo.Abp.OpenIddict.WildcardDomains; + +public class AbpValidateAuthorizedParty : AbpOpenIddictWildcardDomainBase +{ + public static OpenIddictServerHandlerDescriptor Descriptor { get; } + = OpenIddictServerHandlerDescriptor.CreateBuilder() + .UseScopedHandler() + .SetOrder(OpenIddictServerHandlers.Session.ValidateToken.Descriptor.Order + 1_000) + .SetType(OpenIddictServerHandlerType.BuiltIn) + .Build(); + + public AbpValidateAuthorizedParty( + IOptions wildcardDomainsOptions, + IOpenIddictApplicationManager applicationManager) + : base(wildcardDomainsOptions, new OpenIddictServerHandlers.Session.ValidateAuthorizedParty(applicationManager)) + { + Handler = new OpenIddictServerHandlers.Session.ValidateAuthorizedParty(applicationManager); + } + + public async override ValueTask HandleAsync(OpenIddictServerEvents.ValidateLogoutRequestContext context) + { + Check.NotNull(context, nameof(context)); + Check.NotNull(context.IdentityTokenHintPrincipal, nameof(context.IdentityTokenHintPrincipal)); + + if (await CheckWildcardDomainAsync(context.PostLogoutRedirectUri)) + { + return; + } + + await Handler.HandleAsync(context); + } +} diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientPostLogoutRedirectUri.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientPostLogoutRedirectUri.cs index 527eb05eb0..e1fe8b94f8 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientPostLogoutRedirectUri.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientPostLogoutRedirectUri.cs @@ -19,7 +19,7 @@ public class AbpValidateClientPostLogoutRedirectUri : AbpOpenIddictWildcardDomai public AbpValidateClientPostLogoutRedirectUri( IOptions wildcardDomainsOptions, IOpenIddictApplicationManager applicationManager) - : base(wildcardDomainsOptions, false) + : base(wildcardDomainsOptions, new OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri(applicationManager)) { Handler = new OpenIddictServerHandlers.Session.ValidateClientPostLogoutRedirectUri(applicationManager); } diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientRedirectUri.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientRedirectUri.cs index 85d82a95ab..d2871a57cc 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientRedirectUri.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateClientRedirectUri.cs @@ -18,7 +18,7 @@ public class AbpValidateClientRedirectUri : AbpOpenIddictWildcardDomainBase wildcardDomainsOptions, IOpenIddictApplicationManager applicationManager) - : base(wildcardDomainsOptions, false) + : base(wildcardDomainsOptions, new OpenIddictServerHandlers.Authentication.ValidateClientRedirectUri()) { Handler = new OpenIddictServerHandlers.Authentication.ValidateClientRedirectUri(applicationManager); } diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidatePostLogoutRedirectUriParameter.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidatePostLogoutRedirectUriParameter.cs index 83f33d015c..c6bfc155b5 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidatePostLogoutRedirectUriParameter.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidatePostLogoutRedirectUriParameter.cs @@ -14,7 +14,7 @@ public class AbpValidatePostLogoutRedirectUriParameter : AbpOpenIddictWildcardDo .Build(); public AbpValidatePostLogoutRedirectUriParameter(IOptions wildcardDomainsOptions) - : base(wildcardDomainsOptions) + : base(wildcardDomainsOptions, new OpenIddictServerHandlers.Session.ValidatePostLogoutRedirectUriParameter()) { } diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateRedirectUriParameter.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateRedirectUriParameter.cs index 5354646b56..3bac84e2c4 100644 --- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateRedirectUriParameter.cs +++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/WildcardDomains/AbpValidateRedirectUriParameter.cs @@ -14,7 +14,7 @@ public class AbpValidateRedirectUriParameter : AbpOpenIddictWildcardDomainBase wildcardDomainsOptions) - : base(wildcardDomainsOptions) + : base(wildcardDomainsOptions, new OpenIddictServerHandlers.Authentication.ValidateRedirectUriParameter()) { }