diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpClientConfigurationValidator.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpClientConfigurationValidator.cs new file mode 100644 index 0000000000..508cc03db4 --- /dev/null +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpClientConfigurationValidator.cs @@ -0,0 +1,25 @@ +using System; +using System.Linq; +using System.Threading.Tasks; +using IdentityServer4.Configuration; +using IdentityServer4.Validation; + +namespace Volo.Abp.IdentityServer +{ + public class AbpClientConfigurationValidator : DefaultClientConfigurationValidator + { + public AbpClientConfigurationValidator(IdentityServerOptions options) + : base(options) + { + } + + protected override Task ValidateAllowedCorsOriginsAsync(ClientConfigurationValidationContext context) + { + context.Client.AllowedCorsOrigins = context.Client + .AllowedCorsOrigins.Select(x => x.Replace("{0}.", string.Empty, StringComparison.OrdinalIgnoreCase)) + .ToHashSet(); + + return base.ValidateAllowedCorsOriginsAsync(context); + } + } +} diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpIdentityServerServiceCollectionExtensions.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpIdentityServerServiceCollectionExtensions.cs index ec45ee32b6..4bb5b2ca6a 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpIdentityServerServiceCollectionExtensions.cs +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpIdentityServerServiceCollectionExtensions.cs @@ -10,5 +10,10 @@ namespace Volo.Abp.IdentityServer { services.Replace(ServiceDescriptor.Transient()); } + + public static void AddAbpClientConfigurationValidator(this IServiceCollection services) + { + services.Replace(ServiceDescriptor.Transient()); + } } } diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator.cs index e67740f7f1..359babde7e 100644 --- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator.cs +++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator.cs @@ -1,9 +1,8 @@ -using System.Collections.Generic; -using System.Linq; +using System; +using System.Collections.Generic; using System.Threading.Tasks; using IdentityServer4.Models; using IdentityServer4.Validation; -using Microsoft.Extensions.Options; using Volo.Abp.Text.Formatting; namespace Volo.Abp.IdentityServer @@ -36,6 +35,11 @@ namespace Volo.Abp.IdentityServer { return Task.FromResult(true); } + + if (url.Replace("{0}.", "").Contains(requestedUri, StringComparison.OrdinalIgnoreCase)) + { + return Task.FromResult(true); + } } return Task.FromResult(false); diff --git a/modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpClientConfigurationValidator_Tests.cs b/modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpClientConfigurationValidator_Tests.cs new file mode 100644 index 0000000000..1c145b4f1e --- /dev/null +++ b/modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpClientConfigurationValidator_Tests.cs @@ -0,0 +1,52 @@ +using System.Collections.Generic; +using System.Threading.Tasks; +using IdentityServer4.Models; +using IdentityServer4.Validation; +using Microsoft.Extensions.DependencyInjection; +using Shouldly; +using Xunit; + +namespace Volo.Abp.IdentityServer +{ + public class AbpClientConfigurationValidator_Tests : AbpIdentityServerTestBase + { + private readonly IClientConfigurationValidator _abpClientConfigurationValidator; + + private readonly Client _testClient = new Client + { + AllowedGrantTypes = GrantTypes.Code, + + ClientSecrets = new List() + { + new IdentityServer4.Models.Secret("1q2w3e*") + }, + + RedirectUris = new List + { + "https://{0}.api.abp.io:8080", + "http://{0}.ng.abp.io", + "http://ng.abp.io" + } + }; + + public AbpClientConfigurationValidator_Tests() + { + _abpClientConfigurationValidator = GetRequiredService(); + } + + protected override void AfterAddApplication(IServiceCollection services) + { + services.AddAbpClientConfigurationValidator(); + } + + [Fact] + public async Task ValidateAsync() + { + var context = new ClientConfigurationValidationContext(_testClient); + + await _abpClientConfigurationValidator.ValidateAsync(context); + + context.IsValid.ShouldBeTrue(); + } + } +} diff --git a/modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator_Tests.cs b/modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator_Tests.cs index 447b0bd008..a455cd9811 100644 --- a/modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator_Tests.cs +++ b/modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator_Tests.cs @@ -46,10 +46,12 @@ namespace Volo.Abp.IdentityServer public async Task IsRedirectUriValidAsync() { (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://t1.api.abp.io:8080/signin-oidc", _testClient)).ShouldBeTrue(); + (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://api.abp.io:8080/signin-oidc", _testClient)).ShouldBeTrue(); (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://t2.ng.abp.io/index.html", _testClient)).ShouldBeTrue(); + (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.abp.io/index.html", _testClient)).ShouldBeTrue(); (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://api.abp:8080/", _testClient)).ShouldBeFalse(); - (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeFalse(); + (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeTrue(); (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://api.t1.abp:8080/", _testClient)).ShouldBeFalse(); (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.t1.abp.io", _testClient)).ShouldBeFalse(); } @@ -58,10 +60,12 @@ namespace Volo.Abp.IdentityServer public async Task IsPostLogoutRedirectUriValidAsync() { (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://t1.api.abp.io:8080/signin-oidc", _testClient)).ShouldBeTrue(); + (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://api.abp.io:8080/signin-oidc", _testClient)).ShouldBeTrue(); (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://t2.ng.abp.io/index.html", _testClient)).ShouldBeTrue(); + (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.abp.io/index.html", _testClient)).ShouldBeTrue(); (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://api.abp:8080/", _testClient)).ShouldBeFalse(); - (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeFalse(); + (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeTrue(); (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://api.t1.abp:8080/", _testClient)).ShouldBeFalse(); (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.t1.abp.io", _testClient)).ShouldBeFalse(); }