server: start of ids4 impl

author: ivarlovlie <git@ivarlovlie.no> 2020-08-06 23:28:30 +0200
committer: ivarlovlie <git@ivarlovlie.no> 2020-08-06 23:28:30 +0200
commit: d7b5f8b7775a7c623d4bcfa7015476f835aabfa2 (patch)
tree: 72c1daf1a0b66765c16217c416173310dd73c214 /src/server/Controllers
parent: 0cdb0b7ee3cd80ddb089344e80be2c4b46d75364 (diff)
download: dough-d7b5f8b7775a7c623d4bcfa7015476f835aabfa2.tar.xz
dough-d7b5f8b7775a7c623d4bcfa7015476f835aabfa2.zip
1 files changed, 24 insertions, 39 deletions
diff --git a/src/server/Controllers/AccountController.cs b/src/server/Controllers/AccountController.cs
index af1e9ac..fe7b7a2 100644
--- a/src/server/Controllers/AccountController.cs
+++ b/src/server/Controllers/AccountController.cs
@@ -1,69 +1,54 @@
 using System;
-using System.Collections.Generic;
-using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Dough.Models;
 using Dough.Models.Database;
-using Dough.Models.Payloads;
-using Dough.Models.Results;
 using Dough.Utilities;
+using IdentityServer4.Services;
 
 namespace Dough.Controllers
 {
+    [AllowAnonymous]
     public class AccountController : BaseController
     {
         private readonly MainDbContext _context;
+        private readonly IIdentityServerInteractionService _identityServerInteractionService;
 
-        public AccountController(MainDbContext context)
+        public AccountController(MainDbContext context,
+            IIdentityServerInteractionService identityServerInteractionService)
         {
             _context = context;
+            _identityServerInteractionService = identityServerInteractionService;
         }
 
+
+        // This is the default route for identityserver4 logins (https://identityserver4.readthedocs.io/en/latest/topics/signin.html#login-workflow)
         [HttpPost("login")]
-        public async Task<ActionResult> Login(LoginPayload payload)
+        public async Task<ActionResult> Login(string returnUrl)
         {
-            var user = _context.Users.SingleByNameOrDefault(payload.Username);
-            if (user == default)
-                return BadRequest(new ErrorResult("Ugyldig brukernavn eller passord",
-                    "Verifiser at passord og brukernavn er riktig og prøv igjen"));
-
-            if (!user.VerifyPassword(payload.Password))
-                return BadRequest(new ErrorResult("Ugyldig brukernavn eller passord",
-                    "Verifiser at passord og brukernavn er riktig"));
-
-            var claims = new List<Claim>
-            {
-                new Claim(ClaimTypes.Name, user.Username),
-                new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
-                new Claim(ClaimTypes.AuthenticationInstant, DateTime.UtcNow.ToString("O"))
-            };
+            if (returnUrl.IsMissing() || !_identityServerInteractionService.IsValidReturnUrl(returnUrl))
+                return BadRequest("route parameter returnUrl is invalid");
 
-            var claimsIdentity = new ClaimsIdentity(claims, Constants.AuthenticationScheme);
-            var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
 
-            var authenticationProperties = new AuthenticationProperties
+            Console.WriteLine("returnUrl: " + returnUrl);
+            var reqBody = await HttpContext.Request.ReadFormAsync();
+            foreach (var formEl in reqBody)
             {
-                IsPersistent = false,
-                IssuedUtc = DateTime.UtcNow,
-                AllowRefresh = true,
-                ExpiresUtc = DateTime.UtcNow.AddDays(7),
-            };
-
-            await HttpContext.SignInAsync(Constants.AuthenticationScheme,
-                claimsPrincipal,
-                authenticationProperties);
+                Console.WriteLine(formEl.Key);
+                foreach (var value in formEl.Value)
+                    Console.WriteLine(" - " + value);
+            }
 
             return Ok();
         }
 
-        [HttpGet("logout")]
-        public async Task<ActionResult> Logout(string continueTo = default)
+
+        [HttpGet("forgot")]
+        public async Task<ActionResult> ForgotPassword(string username)
         {
-            await HttpContext.SignOutAsync(Constants.AuthenticationScheme);
-            if (continueTo.IsPresent() && continueTo.IsValidUrl()) return Redirect(continueTo);
+            var user = _context.Users.SingleByNameOrDefault(username);
+            if (user == default) return Ok();
             return Ok();
         }
 
@@ -74,4 +59,4 @@ namespace Dough.Controllers
             return Ok(LoggedInUser);
         }
     }
-}
+}
+\ No newline at end of file
author	ivarlovlie <git@ivarlovlie.no>	2020-08-06 23:28:30 +0200
committer	ivarlovlie <git@ivarlovlie.no>	2020-08-06 23:28:30 +0200
commit	d7b5f8b7775a7c623d4bcfa7015476f835aabfa2 (patch)
tree	72c1daf1a0b66765c16217c416173310dd73c214 /src/server/Controllers
parent	0cdb0b7ee3cd80ddb089344e80be2c4b46d75364 (diff)
download	dough-d7b5f8b7775a7c623d4bcfa7015476f835aabfa2.tar.xz dough-d7b5f8b7775a7c623d4bcfa7015476f835aabfa2.zip