mirror of https://github.com/abpframework/abp
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
219 lines
7.3 KiB
219 lines
7.3 KiB
using Microsoft.Extensions.Configuration;
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Threading.Tasks;
|
|
using Volo.Abp.Authorization.Permissions;
|
|
using Volo.Abp.Data;
|
|
using Volo.Abp.DependencyInjection;
|
|
using Volo.Abp.Guids;
|
|
using Volo.Abp.IdentityServer.ApiResources;
|
|
using Volo.Abp.IdentityServer.Clients;
|
|
using Volo.Abp.IdentityServer.IdentityResources;
|
|
using Volo.Abp.PermissionManagement;
|
|
using Volo.Abp.Uow;
|
|
|
|
namespace Volo.CmsKit.IdentityServer
|
|
{
|
|
public class IdentityServerDataSeedContributor : IDataSeedContributor, ITransientDependency
|
|
{
|
|
private readonly IApiResourceRepository _apiResourceRepository;
|
|
private readonly IClientRepository _clientRepository;
|
|
private readonly IIdentityResourceDataSeeder _identityResourceDataSeeder;
|
|
private readonly IGuidGenerator _guidGenerator;
|
|
private readonly IPermissionDataSeeder _permissionDataSeeder;
|
|
private readonly IConfiguration _configuration;
|
|
|
|
public IdentityServerDataSeedContributor(
|
|
IClientRepository clientRepository,
|
|
IApiResourceRepository apiResourceRepository,
|
|
IIdentityResourceDataSeeder identityResourceDataSeeder,
|
|
IGuidGenerator guidGenerator,
|
|
IPermissionDataSeeder permissionDataSeeder,
|
|
IConfiguration configuration)
|
|
{
|
|
_clientRepository = clientRepository;
|
|
_apiResourceRepository = apiResourceRepository;
|
|
_identityResourceDataSeeder = identityResourceDataSeeder;
|
|
_guidGenerator = guidGenerator;
|
|
_permissionDataSeeder = permissionDataSeeder;
|
|
_configuration = configuration;
|
|
}
|
|
|
|
[UnitOfWork]
|
|
public virtual async Task SeedAsync(DataSeedContext context)
|
|
{
|
|
await _identityResourceDataSeeder.CreateStandardResourcesAsync();
|
|
await CreateApiResourcesAsync();
|
|
await CreateClientsAsync();
|
|
}
|
|
|
|
private async Task CreateApiResourcesAsync()
|
|
{
|
|
var commonApiUserClaims = new[]
|
|
{
|
|
"email",
|
|
"email_verified",
|
|
"name",
|
|
"phone_number",
|
|
"phone_number_verified",
|
|
"role"
|
|
};
|
|
|
|
await CreateApiResourceAsync("CmsKit", commonApiUserClaims);
|
|
}
|
|
|
|
private async Task<ApiResource> CreateApiResourceAsync(string name, IEnumerable<string> claims)
|
|
{
|
|
var apiResource = await _apiResourceRepository.FindByNameAsync(name);
|
|
if (apiResource == null)
|
|
{
|
|
apiResource = await _apiResourceRepository.InsertAsync(
|
|
new ApiResource(
|
|
_guidGenerator.Create(),
|
|
name,
|
|
name + " API"
|
|
),
|
|
autoSave: true
|
|
);
|
|
}
|
|
|
|
foreach (var claim in claims)
|
|
{
|
|
if (apiResource.FindClaim(claim) == null)
|
|
{
|
|
apiResource.AddUserClaim(claim);
|
|
}
|
|
}
|
|
|
|
return await _apiResourceRepository.UpdateAsync(apiResource);
|
|
}
|
|
|
|
private async Task CreateClientsAsync()
|
|
{
|
|
const string commonSecret = "E5Xd4yMqjP5kjWFKrYgySBju6JVfCzMyFp7n2QmMrME=";
|
|
|
|
var commonScopes = new[]
|
|
{
|
|
"email",
|
|
"openid",
|
|
"profile",
|
|
"role",
|
|
"phone",
|
|
"address",
|
|
"CmsKit"
|
|
};
|
|
|
|
var configurationSection = _configuration.GetSection("IdentityServer:Clients");
|
|
|
|
//Web Client
|
|
var webClientId = configurationSection["CmsKit_Web:ClientId"];
|
|
if (!webClientId.IsNullOrWhiteSpace())
|
|
{
|
|
var webClientRootUrl = configurationSection["CmsKit_Web:RootUrl"].EnsureEndsWith('/');
|
|
await CreateClientAsync(
|
|
webClientId,
|
|
commonScopes,
|
|
new[] { "hybrid" },
|
|
commonSecret,
|
|
redirectUri: $"{webClientRootUrl}signin-oidc",
|
|
postLogoutRedirectUri: $"{webClientRootUrl}signout-callback-oidc"
|
|
);
|
|
}
|
|
|
|
//Console Test Client
|
|
var consoleClientId = configurationSection["CmsKit_ConsoleTestApp:ClientId"];
|
|
if (!consoleClientId.IsNullOrWhiteSpace())
|
|
{
|
|
await CreateClientAsync(
|
|
consoleClientId,
|
|
commonScopes,
|
|
new[] { "password", "client_credentials" },
|
|
commonSecret
|
|
);
|
|
}
|
|
}
|
|
|
|
private async Task<Client> CreateClientAsync(
|
|
string name,
|
|
IEnumerable<string> scopes,
|
|
IEnumerable<string> grantTypes,
|
|
string secret,
|
|
string redirectUri = null,
|
|
string postLogoutRedirectUri = null,
|
|
IEnumerable<string> permissions = null)
|
|
{
|
|
var client = await _clientRepository.FindByCliendIdAsync(name);
|
|
if (client == null)
|
|
{
|
|
client = await _clientRepository.InsertAsync(
|
|
new Client(
|
|
_guidGenerator.Create(),
|
|
name
|
|
)
|
|
{
|
|
ClientName = name,
|
|
ProtocolType = "oidc",
|
|
Description = name,
|
|
AlwaysIncludeUserClaimsInIdToken = true,
|
|
AllowOfflineAccess = true,
|
|
AbsoluteRefreshTokenLifetime = 31536000, //365 days
|
|
AccessTokenLifetime = 31536000, //365 days
|
|
AuthorizationCodeLifetime = 300,
|
|
IdentityTokenLifetime = 300,
|
|
RequireConsent = false
|
|
},
|
|
autoSave: true
|
|
);
|
|
}
|
|
|
|
foreach (var scope in scopes)
|
|
{
|
|
if (client.FindScope(scope) == null)
|
|
{
|
|
client.AddScope(scope);
|
|
}
|
|
}
|
|
|
|
foreach (var grantType in grantTypes)
|
|
{
|
|
if (client.FindGrantType(grantType) == null)
|
|
{
|
|
client.AddGrantType(grantType);
|
|
}
|
|
}
|
|
|
|
if (client.FindSecret(secret) == null)
|
|
{
|
|
client.AddSecret(secret);
|
|
}
|
|
|
|
if (redirectUri != null)
|
|
{
|
|
if (client.FindRedirectUri(redirectUri) == null)
|
|
{
|
|
client.AddRedirectUri(redirectUri);
|
|
}
|
|
}
|
|
|
|
if (postLogoutRedirectUri != null)
|
|
{
|
|
if (client.FindPostLogoutRedirectUri(postLogoutRedirectUri) == null)
|
|
{
|
|
client.AddPostLogoutRedirectUri(postLogoutRedirectUri);
|
|
}
|
|
}
|
|
|
|
if (permissions != null)
|
|
{
|
|
await _permissionDataSeeder.SeedAsync(
|
|
ClientPermissionValueProvider.ProviderName,
|
|
name,
|
|
permissions
|
|
);
|
|
}
|
|
|
|
return await _clientRepository.UpdateAsync(client);
|
|
}
|
|
}
|
|
}
|