httpsrichardy.federation/Applications/Backend/Source/HttpsRichardy.Federation.WebApi/Pages/Authorize.cshtml.cs at bf5ee3331e323cc72ecbdc8faa049dd3da3e9823 · https-richardy/httpsrichardy.federation · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
namespace HttpsRichardy.Federation.WebApi.Pages;

public sealed class AuthorizePage : PageModel
{
    private readonly IDispatcher _dispatcher;
    private readonly IUserCollection _userCollection;

    private readonly ITokenCollection _tokenCollection;
    private readonly IRealmCollection _realmCollection;
    private readonly IClientCollection _clientCollection;
    private readonly IRealmProvider _realmProvider;

    #region constructors
    public AuthorizePage(
        IDispatcher dispatcher,
        IUserCollection userCollection,
        IRealmProvider realmProvider,
        IRealmCollection realmCollection,
        ITokenCollection tokenCollection,
        IClientCollection clientCollection)
    {
        _dispatcher = dispatcher;
        _userCollection = userCollection;
        _realmCollection = realmCollection;
        _realmProvider = realmProvider;
        _tokenCollection = tokenCollection;
        _clientCollection = clientCollection;
    }
    #endregion

    [property: BindProperty(SupportsGet = true)]
    public AuthorizationParameters Parameters { get; set; } = new();

    [property: BindProperty]
    public AuthenticationCredentials Credentials { get; set; } = new();

    public async Task<IActionResult> OnGetAsync()
    {
        var filters = ClientFilters.WithSpecifications()
            .WithClientId(Parameters.ClientId)
            .Build();

        var clients = await _clientCollection.GetClientsAsync(filters);
        var client = clients.FirstOrDefault();

        if (client is null)
        {
            ModelState.AddModelError(
                key: ClientErrors.ClientDoesNotExist.Code,
                errorMessage: ClientErrors.ClientDoesNotExist.Description
            );

            return Page();
        }

        var realmFilters = RealmFilters.WithSpecifications()
            .WithIdentifier(client.RealmId)
            .Build();

        var realms = await _realmCollection.GetRealmsAsync(realmFilters);
        var realm = realms.First();

        if (realm is null)
        {
            ModelState.AddModelError(
                key: RealmErrors.RealmDoesNotExist.Code,
                errorMessage: RealmErrors.RealmDoesNotExist.Description
            );

            return Page();
        }

        _realmProvider.SetRealm(realm);

        var result = await _dispatcher.DispatchAsync(Parameters);
        if (result.IsFailure)
        {
            ModelState.AddModelError(
                key: result.Error.Code,
                errorMessage: result.Error.Description
            );

            return Page();
        }

        return Page();
    }

    public async Task<IActionResult> OnPostAsync()
    {
        var result = await _dispatcher.DispatchAsync(Credentials);
        if (result.IsFailure)
        {
            ModelState.AddModelError(
                key: result.Error.Code,
                errorMessage: result.Error.Description
            );

            return Page();
        }

        var realm = _realmProvider.GetCurrentRealm();
        var filters = UserFilters.WithSpecifications()
            .WithUsername(Credentials.Username)
            .WithRealmId(realm.Id)
            .Build();

        var users = await _userCollection.GetUsersAsync(filters);
        var user = users.FirstOrDefault();

        if (user is null)
        {
            ModelState.AddModelError(
                key: AuthenticationErrors.UserNotFound.Code,
                errorMessage: AuthenticationErrors.UserNotFound.Description
            );

            return Page();
        }

        var code = Guid.NewGuid().ToString("N").ToUpperInvariant();
        var metadata = new Dictionary<string, string>
        {
            { "client.id", Parameters.ClientId ?? string.Empty },
            { "code.challenge", Parameters.CodeChallenge ?? string.Empty },
            { "code.challenge.method", Parameters.CodeChallengeMethod ?? string.Empty }
        };

        var token = new Domain.Aggregates.SecurityToken
        {
            UserId = user.Id,
            RealmId = realm.Id,
            Metadata = metadata,
            Value = code,
            Type = TokenType.AuthorizationCode,
            ExpiresAt = DateTime.UtcNow.AddMinutes(5),
        };

        await _tokenCollection.InsertAsync(token);

        return Redirect($"{Parameters.RedirectUri}?code={code}&state={Parameters.State}");
    }
}